This is an clever exploit but a disturbing threat to open source. Mitigations are provided by the authors in the form of new compiler checks. As of now I think most compilers (all?) are still vulnerable to this attack. research paper: https://arxiv.org/pdf/2111.00169.pdf author's website for general understanding https://trojansource.codes/