malloc and buffer overflow attacks

Paolo Invernizzi paolo.invernizzi at
Tue Jan 4 09:29:49 UTC 2022

On Monday, 3 January 2022 at 21:00:38 UTC, forkit wrote:
> On Monday, 3 January 2022 at 12:58:33 UTC, Paolo Invernizzi 
> wrote:
>> In the vulnerability described in the article, the 'len' 
>> parameter is the result of a sum overflowing in a previous for 
>> loop, so the problem actually is _outside_ of the allocator.
> That is not entirely correct, and could mislead one into 
> implementing a less than optimal solution to the problem.
> The overflow and the allocater 'together', provide the attack 
> surface.

I agree that the _surface_ is the couple, but the vulnerability 
to patch is how the needed amount is calculated, and that can be 
an arbitrary complex piece of code. A super-duper-safe allocator 
does not help here, if we are talking about a system language and 
write to memory via pointers arithmetic.

More information about the Digitalmars-d mailing list