-
Notifications
You must be signed in to change notification settings - Fork 1.1k
Open
Description
Hi, all.
I am currently evaluating my tool, ArcHeap: https://arxiv.org/pdf/1903.00503.pdf
I saw mimalloc has secure mode, so I am testing it with my tool.
And it seems it has the similar bug with DieHarder (https://github.com/emeryberger/DieHard).
#include <stdio.h>
#include <stdlib.h>
#include <stdint.h>
#include <malloc.h>
void* p[256];
uintptr_t buf[256];
int main() {
p[0] = malloc(622616);
p[1] = malloc(655362);
p[2] = malloc(786432);
free(p[2]);
// [VULN] Double free
free(p[2]);
p[3] = malloc(786456);
// [BUG] Found overlap
// p[3]=0x429b2ea2000 (size=917504), p[1]=0x429b2e42000 (size=786432)
fprintf(stderr, "p1: %p-%p, p2: %p-%p\n", p[3], p[3] + 917504, p[1], p[1] + 786432);
}
// The number of actions: 16
// [INFO] EVENT_OVERLAP is detected
This PoC always returns overlapping chunk in my Linux machine.
Does it based on https://github.com/emeryberger/DieHard, so it has the same bug?
Or is it just collision?
Reactions are currently unavailable
Metadata
Metadata
Assignees
Labels
No labels