Memory corruption attacks have been known for decades, but they are still a major vector of attack for compromising modern systems. Numerous defenses have been proposed against memory corruption attacks, but they all have their limitations and weaknesses. Stronger defenses such as complete memory safety incur a large overhead, while weaker ones such as practical control flow integrity have been shown to be ineffective. A recent technique called code pointer integrity (CPI) promises to provide the best of both security and performance worlds, preventing control hijacking attacks while maintaining low overhead. In this paper, we show that the assumptions made by CPI are fundamentally flawed and in fact CPI can be bypassed using existing, known types of vulnerabilities. We show that CPI’s safe region can be leaked and then maliciously modified by using data pointer overwrites. Although many other implementation bugs exist in CPI, for this work we assume the weakest assumptions for the attacker and the strongest implementation of CPI and show that just by controlling the stack, an attacker can easily bypass CPI. Our attack was implemented as a proof-of-concept against Nginx and could successfully bypass CPI in 6 seconds with 13 observed crashes. We also present an attack that generates no crashes and is able to bypass CPI in 98 hours.