Otto Moerbeek wrote:
>
> This reduces the size of the canary to 32 bytes max and also prints
> the size of the chunk and the offset corruption was spotted.
>
> a.out(22658) in free(): error: chunk canary corrupted: 0x00c800e7
>
> I allocated 200 (0xc8) bytes and overwrote a byte at offset 231
On Mon, Oct 03, 2016 at 07:57:13AM +0200, Otto Moerbeek wrote:
> Hi,
>
> I have been working on a diff to do canaries in a better way.
>
> Canaries (enabled by the C malloc option) are values stored after the
> requested size that are checked for being overwritten on calling
> free(3). At the mo
Hi,
I have been working on a diff to do canaries in a better way.
Canaries (enabled by the C malloc option) are values stored after the
requested size that are checked for being overwritten on calling
free(3). At the moment we only do this for chunks (sub-page sized
allocations).
To be able to
