Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

The values in the free list seem to be predictable #9

Open
Skyrano opened this issue Feb 1, 2021 · 0 comments
Open

The values in the free list seem to be predictable #9

Skyrano opened this issue Feb 1, 2021 · 0 comments

Comments

@Skyrano
Copy link

Skyrano commented Feb 1, 2021

I am trying to understand the behaviour of Slimguard during the memory allocations and freeing, but something seems strange. When I requested addresses with a malloc call, for instance 10 of them, and freed them juste after (whatever value I put inside, and having some values used before so that the memory page is not release with madvise), the 10 next addresses given by malloc seemed to be exactly the same.

In the sources, at this line, if I am not mistaken the if is true if there are at least 2 values in the free list (head and next of the head not null). Therefore when calling for memory, if the list is composed of 10 previously freed addresses (by this line) then 10 of them are returned in the inverted order of their freeing. I read your research-article of this library and it doesn't exactly suggests the same implementation of the free list, with in the implementation a bucket where we take random values from and a free list where the newly freed values are without randomization. Did I misunderstand the implementation/objective or is there really a problem of use-after-free possibilities ?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant