Re: Malloc and security
Ben Hutchings <firstname.lastname@example.org> writes:
> On Mon, Jun 18, 2012 at 09:25:51PM +0100, Jamie White wrote:
>> Just a quick question, which malloc, is there anyway that this
>> function (used in C) could allocate memory into already allocated
>> memory, such as the stack - or code space!
> Assuming that the program uses memory correctly, no. But if the
> program has a bug that causes it to write to unallocated memory, it
> could corrupt the memory allocator's state so that malloc later
> returns memory that has already been allocated.
Actually I believe this is undefined in C. Malloc may verry well oveflow
the heap region and run into the stack or code going by the C standard.
But eglibc malloc uses sbrk() and mmap() to get memory from the kernel
and those functions will not return space already allocated by the stack
or code. That is probably true for every libc on every modern Unix system.