H09 Practice Soln

0 2 problem 3 heap allocator a return nbytes 3

Info iconThis preview shows page 1. Sign up to view the full content.

View Full Document Right Arrow Icon
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: while ((ebp = (void **)*ebp) != 0); –2– Problem 3: Heap allocator a) return !(nBytes + 3) >> 2; addl $0x3, %eax shr $0x2, %eax b) It increments the header pointer using ++, when it should instead advance by size of the current block. The symptom of the error is that the loop will read through the payload data, interpreting every word as a block header. The payload data can easily appear to be a valid block that would then mistakenly be given out to client, causing heap corruption. The fix is to change hdr++ into hdr += (*hdr & SIZE_MASK) c) The header for an in-use block has the most significant bit set, which makes...
View Full Document

This note was uploaded on 02/06/2014 for the course CS 106X taught by Professor Cain,g during the Winter '08 term at Stanford.

Ask a homework question - tutors are online