WarpAttack

Posted on 2023-04-08: https://nebelwelt.net/files/23Oakland3.pdf

From https://twitter.com/gannimo/status/1644603044623949824 :

As it turns out, compilers happily spill the index for indirect jumps through a jump table after bounds checking, creating a TOCTTOU race for arbitrary control-flow hijacking.

neat stuff