Re: [Vuln-Dev Challenge] - VulnDev1.c Summary

Jason,

this is actually incorrect. The IS_MMAPPED value is defined as 0x2. This means that 0x4, 0x5, and 0x8 all do not have the IS_MMAPPED flag set. (Neither would 0x9).

0x4 would have the NON_MAIN_ARENA flag set 0x5 would have the NON_MAIN_ARENA and PREV_INUSE flags set 0x8 would have no flags set.

• malloc.c --

/* size field is or'ed with PREV_INUSE when previous adjacent chunk in use */
#define PREV_INUSE 0x1

...

/* size field is or'ed with IS_MMAPPED if the chunk was obtained with mmap() */
#define IS_MMAPPED 0x2

...

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

/* size field is or'ed with NON_MAIN_ARENA if the chunk was obtained

   from a non-main arena. This is only set immediately before handing    the chunk to the user, if necessary. */ #define NON_MAIN_ARENA 0x4

--

Aaron Adams


On Tue, 20 May 2003, Jason_Royes wrote:

> This may be totally incorrect, but here's my armchair analysis.


>

> -- snip:malloc.c --


>

>   assert (chunk_is_mmapped(p));


>

>   n_mmaps--;


>

> /* unmap */


>

>   /* munmap returns non-zero on failure */


>

> --

>

> EOF

>
>

> On Tue, 2003-05-20 at 19:19, Aaron Adams wrote:


>
>