Accessing memory once it is freed corrupts may corrupt the data structures used to manage a program's pool of dynamic memory, known as the heap. When a chuck memory is freed using free, the underlying structures that manage the block of memory to be freed manipulate that chunk to place back in to the pool of memory available for allocation. Changing the contents of a freed block of memory can corrupt the underlying data structures in a way that References to memory that has been deallocated are typically referred to as dangling pointers. Accessing a dangling pointer can lead to security vulnerabilities, for instance VU#390044.
...
| Code Block |
|---|
struct int_list {
struct int_list *next;
int payload;
};
void main() { /* build_list(const struct int_list *list) { */
int i;
struct int_list *list = malloc(sizeof(struct int_list));
struct int_list *c_ptr = NULL;
struct int_list *temp = NULL;
list->payload = 42;
c_ptr = list;
for (i=0; i < 10; i++) {
temp = malloc(sizeof(struct int_list));
temp->payload = c_ptr->payload+1;
c_ptr->next = temp;
c_ptr = c_ptr->next;
}
temp = NULL;
c_ptr->next = NULL;
print_list(list);
}
|
References
References
VU#390044, http://www.kb.cert.org/vuls/id/390044