#include <stdio.h>
#include <stdint.h>
#include "magicfunction.h"
-
#define MAX 4194304/sizeof(uint64_t)
-
uint64_t determine_start()
{
return 0x567856785678;
}
-
int main(void)
{
uint64_t filler = 0x123412341234;
/*Fill the stack with a filler value*/
for(p = &stack -1; p >= &stack - 1 - MAX; p--)
*p = filler;
-
/*Find the beginning of the function stack with the function*/
determine_start();
for(q = &stack -1; q>=&stack-1-MAX; q--)
if(*q == 0x567856785678)
break;
-
/*Run the function and find the last occurance of non stack filler */
magic_function();
for(p = &stack - 1 - MAX; p <= q; p++)
if(*p != filler)
break;
-
printf("%td byte stack size used\n", (char*)p-(char*)q);
return 0;
}
for(size_t i = 1 << 31; i >= 1; i /= 2, free(b))
d = (b = malloc(block += d * i)) == NULL ? -1 : 1;
printf("One malloc can allocate at most %zu bytes\n", block);
+ return 0;
}
--- /dev/null
+#include <stdlib.h>
+#include <stdio.h>
+#include <string.h>
+
+void heap_attack(void)
+{
+ char *b = malloc(1);
+ while(memcmp(--b, "s4109503", 8) != 0);
+ b += 8;
+ while(memcmp(b, "s4202015", 8) != 0)
+ *b++ = ' ';
+}
+
+int main(void)
+{
+ char *s1 = malloc(8);
+ if(s1 == NULL)
+ return -1;
+ char *s2 = malloc(8);
+ if(s2 == NULL)
+ return -1;
+ strcpy(s1, "s4109503");
+ strcpy(s2, "s4202015");
+ heap_attack();
+ printf("student 1: \"%s\"\n", s1);
+ printf("student 2: \"%s\"\n", s2);
+ return 0;
+}
--- /dev/null
+Strings are null terminated, therefore the 8th byte is \0
--- /dev/null
+It will deallocate the space and the next allocation could be not in the
+neighbourhood of the first(that is free'd). It might get overwritten too, and
+therefore you might not be able to find it anymore.
--- /dev/null
+#include <stdlib.h>
+#include <stdio.h>
+
+int main(void) /* https://www.kernel.org/doc/Documentation/CodingStyle */
+{
+ int i;
+ int j;
+ unsigned long long **m;
+ unsigned long long **mt;
+
+ while(1){
+ m = malloc(1000*sizeof(unsigned long long*));
+ if(m == NULL)
+ return -1;
+ for(i = 0; i<1000; i++){
+ m[i] = malloc(1000*sizeof(unsigned long long));
+ if(m[i] == NULL)
+ return -1;
+ }
+
+ mt = malloc(1000*sizeof(unsigned long long*));
+ if(mt == NULL)
+ return -1;
+ for(i = 0; i<1000; i++){
+ mt[i] = malloc(1000*sizeof(unsigned long long));
+ if(mt[i] == NULL)
+ return -1;
+ }
+
+ for(i = 0; i < 1000; i++)
+ for(j = 0; j < 1000; j++)
+ mt[i][j] = m[j][i];
+
+ for(i = 0; i<1000; i++){
+ free(m[i]);
+ free(mt[i]);
+ }
+ free(m);
+ free(mt);
+ }
+ return 0;
+}
--- /dev/null
+We run out of space. The matrices are deallocated but the content isn't. It
+leaks memory.
repositories / sws1-1415.git / commitdiff