malloc and buffer overflow attacks
forkit
forkit at gmail.com
Mon Jan 3 21:00:38 UTC 2022
On Monday, 3 January 2022 at 12:58:33 UTC, Paolo Invernizzi wrote:
>
> In the vulnerability described in the article, the 'len'
> parameter is the result of a sum overflowing in a previous for
> loop, so the problem actually is _outside_ of the allocator.
>
That is not entirely correct, and could mislead one into
implementing a less than optimal solution to the problem.
The overflow and the allocater 'together', provide the attack
surface.
More information about the Digitalmars-d
mailing list