Connect and corrupt: C++ coroutines prone to code-reuse attack despite control flow integrity
Connect and corrupt: C++ coroutines prone to code-reuse attack despite control flow integrity
cispa.de
Connect and corrupt: C++ coroutines prone to code-reuse attack despite CFI
If I understand aright, the concern here is that if one finds some form of way to corrupt memory, then one could use that to corrupt memory in the program to cause the program to jump to some other code used in a coroutine in much the same way that a buffer overflow in code modifying a variable stored on the stack could permit an attacker one to overwrite a return address on a stack to jump to arbitrary code.
It seems like the more interesting thing is bypassing CFI protections by abusing coroutines to jump around instead of inserting jumps to other functions.