Revisiting JavaScriptCore Internals: boxed vs. unboxed

Part 6: There are still many things I haven’t explained yet. So in this video we go over the boxed vs. unboxed values, how to convert Integer addresses to Doubles and why our bug is a memory corruption. blog: : The Exploit: Playlist: