Hi. Similar to #1, we found that markus still allows reclamation.
#include <assert.h>
#include <stdio.h>
#include <stdlib.h>
#include <stdint.h>
#include <malloc.h>
void* p[256];
uintptr_t buf[256];
int main() {
p[0] = malloc(-1);
p[1] = malloc(926756);
free(p[1]);
p[2] = malloc(350500);
assert(p[1] <= p[2] && p[2] < p[1] + 926756);
fprintf(stderr, "reclaimed!\n");
// cause segmentation fault
memset(p[2], 0x42, 926756);
}$ ./poc
GC Warning: Failed to expand heap by -4096 bytes
GC Warning: Out of Memory! Heap size: 0 MiB. Returning NULL!
reclaimed!
[2] 4809 segmentation fault LD_PRELOAD= ./markus-reclaim
Moreover, the reclaimed memory is not fully accessible,
which violates the convention of an allocator, I believe.
Hi. Similar to #1, we found that markus still allows reclamation.
Moreover, the reclaimed memory is not fully accessible,
which violates the convention of an allocator, I believe.