This preview shows page 1. Sign up to view the full content.
Unformatted text preview: while ((ebp = (void **)*ebp) != 0); –2–
Problem 3: Heap allocator
return !(nBytes + 3) >> 2; addl $0x3, %eax
shr $0x2, %eax b) It increments the header pointer using ++, when it should instead advance by size of
the current block.
The symptom of the error is that the loop will read through the payload data, interpreting
every word as a block header. The payload data can easily appear to be a valid block that
would then mistakenly be given out to client, causing heap corruption.
The fix is to change hdr++ into hdr += (*hdr & SIZE_MASK)
c) The header for an in-use block has the most significant bit set, which makes...
View Full Document
This note was uploaded on 02/06/2014 for the course CS 106X taught by Professor Cain,g during the Winter '08 term at Stanford.
- Winter '08