> That looks like a struct offset dereference from a nil pointer, for what it's worth.

The 42 is an explicit value in the example code. From what I understand the code repeatedly changes the value assigned to an interface variable from an object containing a pointer to an object containing an integer. Since interface variables store the type of the assigned value, but do not update both type and value atomically a different thread can interpret whatever integer you put into it as a valid pointer. Putting a large enough value into the integer should avoid the protected memory page around 0 and allow for some old fashioned memory corruption.

You’d be wrong. I recommend you reread the blog post and grok what’s happening in the example.

> When that happens, we will run the Ptr version of get, which will dereference the Int’s val field as a pointer – and hence the program accesses address 42, and crashes.

If you don’t see an exploit gadget there based on a violation of memory safety I don’t know how to have a productive conversation.