Wouter van Heyst wrote:
> I only understand the basics of heap-based overflows, I do not yet see
> how to use this one. Someone explaining it would be very welcome.
The two most common ways to exploit integer problems are
a) Integers, which control a memory allocation: By letting this integer
wrap-around you create an empty or generally smaller than excepted
buffer, which the following write to memory overflows
b) Integers which are accidentially signed and for which the programmer
didn't implement sanity checks for negative values, which can lead
to a whole range of other problems.
Blender's problem is an instance of b).
Cheers,
Moritz
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
