Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Hunk_Alloc accepts negative size to allocate #56

Open
wtfbbqhax opened this issue Aug 4, 2022 · 1 comment
Open

Hunk_Alloc accepts negative size to allocate #56

wtfbbqhax opened this issue Aug 4, 2022 · 1 comment

Comments

@wtfbbqhax
Copy link
Owner

wtfbbqhax commented Aug 4, 2022
edited
Loading 

note: candidate function not viable: no known conversion from 'int' to 'ha_pref' for 2nd argument
p Hunk_AllocDebug(-1, (ha_pref)0, "ABC", "XYZ", 100)
(void *) $0 = 0x0000000109000028

p Hunk_AllocDebug(-100, (ha_pref)0, "ABC", "XYZ", 100)
error: Execution was interrupted, reason: EXC_BAD_ACCESS (code=2, address=0x119001000).
The process has been returned to the state before expression evaluation.
@wtfbbqhax
Copy link
Owner Author

wtfbbqhax commented Aug 4, 2022
edited
Loading

Perfect inputs with HUNK_DEBUG enabled

-1 will give you a pointer to zero 0 sized allocation

p (-1+31)&~31
(int) $23 = 0

-72, will gift you a -32 allocation attempt and an EXEC_BAD_ACCESS

p ((int)(-72 + sizeof(hunkblock_t))+31)&~3

wtfbbqhax pushed a commit that referenced this issue Aug 8, 2022
Hunk Alloc: Disallow zero sized allocations.
2b3b52e 
Disallow zero and negative sized allocations from the Hunk memory
allcator. Fixes issue #56.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@wtfbbqhax