n_entries = *(_DWORD *)(shmem_ptr + 0x14);
...
void* resource = NULL;
size_t total_resources = 0;
input = (struct input*)shmem_ptr;
struct sub_desc* desc = &input->descs[0];
for (i = 0; i < n_entries; i++) {
for (int j = 0; j < desc->n_sub_entries; j+) {
int err = IOAccelShared2::lookupResource(ioaccel_shared,
desc->resource_ids[j],
&resource);
if (err) {
goto fail;
}
unsigned short flags = desc->flags[j];
if (flags_invalid(flags)) {
goto fail;
}
resources_buf[total_resources++] = resource;
}
...
}
I saw this in Ian Beer's recent write-up about the exploit-chains, and got stuck reading this when I saw that j was created in the for statement ( for (int j = 0; j < desc->n_sub_entries; j+) ) , but just not sure what it's used for. Apologies if this is really simple.
This is the link to the write-up im reading (where the code is from) : https://googleprojectzero.blogspot.com/ ... ain-1.html