[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Possible bug in the memory chunk management.
|
From: |
Andreas Jaeger |
|
Subject: |
Re: Possible bug in the memory chunk management. |
|
Date: |
Sun, 17 Feb 2002 21:31:59 +0100 |
|
User-agent: |
Gnus/5.090006 (Oort Gnus v0.06) XEmacs/21.4 (Artificial Intelligence, i386-suse-linux) |
Ehud Tenenbaum <address@hidden> writes:
> Hey,
>
> We would like to confirm a bug we in 2xs LTD came across.
>
> Problem:
>
> When you allocate a multidimensional array for pointers dynamically
> and point these dynamically allocated pointers to also dynamically
> allocated variables, then allocation or subsequent variables will
> overwrite parts of the first variables.
> We attached a Proof-Of-concept code in-order to show
> exactly what we mean. After short auditing of the calloc/malloc code
> (malloc suffer from same the problem) we think its not bug in there,
> we believe the problem is inside of the memory chunk management but
> yet we could be wrong.
>
> Work around:
>
> Well there is a work around you need to make the first buffer
> to a static one and by that it wont collide.
>
> Should you have any more questions or comments dont hesitate to contact
> us:
>
> Ehud Tenenbaum <address@hidden> CTO, Project Manager.
> Izik Kotler <address@hidden> Senior Programmer.
> Mixter <address@hidden> Senior Programmer.
Your program is broken, you allocate:
> buf_h = calloc(1, 6);
a buffer with 6 entries, from 0 to 5, and access buf_h[6] later on.
Accessing memory outside the allocated range is not allowed, you just
overwrote internal memory of glibc's malloc implementation.
Andreas
--
Andreas Jaeger
SuSE Labs address@hidden
private address@hidden
http://www.suse.de/~aj