[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Possible bug in the memory chunk management.

From: Andreas Jaeger
Subject: Re: Possible bug in the memory chunk management.
Date: Sun, 17 Feb 2002 21:31:59 +0100
User-agent: Gnus/5.090006 (Oort Gnus v0.06) XEmacs/21.4 (Artificial Intelligence, i386-suse-linux)

Ehud Tenenbaum <address@hidden> writes:

> Hey,
> We would like to confirm a bug we in 2xs LTD came across.
> Problem: 
> When you allocate a multidimensional array for pointers dynamically 
> and point these dynamically allocated pointers to also dynamically 
> allocated variables, then allocation or subsequent variables will 
> overwrite parts of the first variables.
> We attached a Proof-Of-concept code in-order to show 
> exactly what we mean. After short auditing of the calloc/malloc code
> (malloc suffer from same the problem) we think its not bug in there, 
> we believe the problem is inside of the memory chunk management but
> yet we could be wrong.
> Work around:
> Well there is a work around you need to make the first buffer
> to a static one and by that it wont collide. 
> Should you have any more questions or comments dont hesitate to contact
> us:
> Ehud Tenenbaum <address@hidden> CTO, Project Manager.
> Izik Kotler <address@hidden> Senior Programmer.
> Mixter <address@hidden> Senior Programmer.

Your program is broken, you allocate:

>   buf_h = calloc(1, 6);

a buffer with 6 entries, from 0 to 5, and access buf_h[6] later on.

Accessing memory outside the allocated range is not allowed, you just
overwrote internal memory of glibc's malloc implementation.

 Andreas Jaeger
  SuSE Labs address@hidden
   private address@hidden

reply via email to

[Prev in Thread] Current Thread [Next in Thread]