understanding heap memory structure

1

I'm currently learning heap exploitation and overflows. But currently i'm stuck with some issue. I'm using glibc v2.19 , when i try to examine the heap memory with gdb.

Here is the code that i'm using.

    char *p;
    p = malloc(20);
    strcpy(p,"AAAAAAAA");
    free(p);

This is the gdb output for the allocated chunck.

(gdb) x/4xw 0x0804b008-8
0x804b000:  0x00000000  0x00000019  0x41414141  0x41414141

This is the gdb output for the unallocated chunck.

(gdb) x/4xw 0x0804b008-8
0x804b000:  0x00000000  0x00000019  0x00000000  0x41414141

I can see that the size field do not change after deallocation, so how this could be and how the allocator know that is this a free chunck or not? because as i know the first 3 bits of the size is used as status flags.

Why the next pointer "0x0000000" is not pointering any where ?

And why the pointer to prevoius chunck "0x41414141" is not used?

And how in this situation the allocator looks for free chuncks?

i also have tried to free two continious chuncks and after i freed the second one the prevoius size field which should be used as the size of the prevoius free chunk is not also used it is just zerod.

malloc
asked on Stack Overflow Jul 6, 2014 by user3718463 • edited Jul 6, 2014 by user3718463

0 Answers

Nobody has answered this question yet.


User contributions licensed under CC BY-SA 3.0