From the patches it seems that the write operation to the array is also protecte... | Hacker News

Hacker News new | past | comments | ask | show | jobs | submit

login

_0w8t on Jan 9, 2018 | parent | context | favorite | on: What Spectre and Meltdown Mean for WebKit

From the patches it seems that the write operation to the array is also protected with masking. What is the reason for it? If due to a bug unrelated to Spectre a JS code could trigger a write beyond the allocated memory, restricting writes to the next power of two just slightly complicates the attacks. This is very different from the reading situation.

olliej on Jan 9, 2018 [–]

The masking is done in addition to bounds checks, not instead of, so no it isn’t adding a mechanism to write out of bounds - the masking is purely to limit the upper bounds of speculative load distance.

As far as the attack: writing to memory pulls the effected page into the cache just as a read does

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact