malloc and buffer overflow attacks

forkit forkit at
Mon Jan 3 21:00:38 UTC 2022

On Monday, 3 January 2022 at 12:58:33 UTC, Paolo Invernizzi wrote:
> In the vulnerability described in the article, the 'len' 
> parameter is the result of a sum overflowing in a previous for 
> loop, so the problem actually is _outside_ of the allocator.

That is not entirely correct, and could mislead one into 
implementing a less than optimal solution to the problem.

The overflow and the allocater 'together', provide the attack 

More information about the Digitalmars-d mailing list