Scribd
Upload
46 views21 pages

Heap Overflow

The document provides an overview of heap memory in programming, highlighting its role in dynamic memory allocation and comparing it to stack memory. It explains functions like malloc(), calloc(), free(), and realloc(), along with best practices for memory management. Additionally, it touches on memory mapping functions mmap() and brk(), and includes examples of heap allocation and potential pitfalls such as memory leaks.

Uploaded by

aado5488
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
46 views21 pages

Heap Overflow

The document provides an overview of heap memory in programming, highlighting its role in dynamic memory allocation and comparing it to stack memory. It explains functions like malloc(), calloc(), free(), and realloc(), along with best practices for memory management. Additionally, it touches on memory mapping functions mmap() and brk(), and includes examples of heap allocation and potential pitfalls such as memory leaks.

Uploaded by

aado5488
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 21

IE3042

Introduction to Heap
&
Heap - Overflow

Module Code | Module Name | Lecture Title | Lecturer


What is a Heap ???
• The heap is a memory used by programming languages to store global variables. By default, all
global variable are stored in heap memory space.

• It supports Dynamic memory allocation.

• The heap is not managed automatically for you and is not as tightly managed by the CPU. It is more
like a free-floating region of memory.

2
Module Code | Module Name | Lecture Title | Lecturer
Stack vs Heap
In a stack, the allocation and deallocation are automatically done by whereas, in heap, it
needs to be done by the programmer manually.

Stack accesses local variables only while Heap allows you to access variables globally.

Stack variables can’t be resized whereas Heap variables can be resized.

Stack memory is allocated in a contiguous block whereas Heap memory is allocated in any
random order.

Stack doesn’t require to de-allocate variables whereas in Heap de-allocation is needed.

2
Module Code | Module Name | Lecture Title | Lecturer
Dynamic Memory Allocation in C
malloc() - The name "malloc" stands for memory allocation.

The malloc() function reserves a block of memory of the specified number of bytes. And it returns
a pointer of void which can be casted into pointers of any form.

Syntax of malloc()
ptr = (castType*) malloc(size);

Ex:
ptr = (int*) malloc(100 * sizeof(int));
Since the size of int is 4 bytes, this statement will allocate 400 bytes of memory. And the pointer ptr
holds the address of the first byte in the allocated memory.

2
Module Code | Module Name | Lecture Title | Lecturer
Calloc()

The name "calloc" stands for contiguous allocation.

The malloc() function allocates memory and leaves the memory uninitialized, whereas the calloc()
function allocates memory and initializes all bits to zero.

Syntax of calloc()
ptr = (castType*) calloc(n, size);

Ex:
ptr = (float*) calloc(25, sizeof(float));

This statement allocates contiguous space in memory for 25 elements each with the size of the float.

2
Module Code | Module Name | Lecture Title | Lecturer
free()
“free” method in C is used to dynamically de-allocate the memory.

Syntax
free(ptr);

This statement frees the space allocated in the memory pointed by ptr.

realloc()
If the dynamically allocated memory is insufficient or more than required, you can change the
size of previously allocated memory using the realloc() function.

Syntax
ptr = realloc(ptr, newSize);
where ptr is reallocated with new size 'newSize'.

2
Module Code | Module Name | Lecture Title | Lecturer
Heap Allocation
Any heap allocation and reallocation requires raw byte counter and returns a pointer the
beginning of the piece of memory requested.

Failed Allocation !!!!!!


When dynamic memory allocation fails, routines return a NULL pointer.

Three Golden Rules of Dynamic Memory Allocation :

• every block of memory that you malloc() must subsequently be free()d.


• only memory that you malloc() should be free()d.
• do not free() a block of memory more than once.

2
Module Code | Module Name | Lecture Title | Lecturer
mmap() and brk()

❑ mmap - Mmap() creates a new mapping in the virtual address space of the calling process.

❑ brk - The brk() and sbrk() functions are used to change dynamically the amount of space
allocated for the calling process's data segment. The change is made by resetting the
process's break value and allocating the appropriate amount of space.

2
Module Code | Module Name | Lecture Title | Lecturer
mmap() and brk()

2
Module Code | Module Name | Lecture Title | Lecturer
Heap and Stack
In gdb, the "info proc map" command shows how memory is used

2
Module Code | Module Name | Lecture Title | Lecturer
In gdb, “Info files” command list all the sections and their
addresses.

After run the program


Again, execute the same command and see the
differences

2
Module Code | Module Name | Lecture Title | Lecturer
A Simple Example

First object on heap : name [64]

Second object on heap : fp


(contains a pointer)

malloc() allocate storage on heap

fp point to nowinner()

argv[1] copied into 64 bytes array on the


heap, without checking its length. 2
Module Code | Module Name | Lecture Title | Lecturer
2
Module Code | Module Name | Lecture Title | Lecturer
2
Module Code | Module Name | Lecture Title | Lecturer
2
Module Code | Module Name | Lecture Title | Lecturer
2
Module Code | Module Name | Lecture Title | Lecturer
2
Module Code | Module Name | Lecture Title | Lecturer
Changing EIP
nano h2

2
Module Code | Module Name | Lecture Title | Lecturer
2
Module Code | Module Name | Lecture Title | Lecturer
2
Module Code | Module Name | Lecture Title | Lecturer
Targeted Exploit

2
Module Code | Module Name | Lecture Title | Lecturer

You might also like