Re: static char overflow

[SpaceWalker <spacewalker () altern org>]

The malloc algorithms are vulnerable to buffer overflow in most conditions, which I don't think I realised here :
after the overflow, you need a free or a malloc, which will try to optimise the heap, and will overwrite some location 
of the memory.

your static char [] is located in the bss; this mean it's into the heap, but before malloc informations;
if you don't have any malloc() before and no any free() or malloc behind, things you overwrite will never cause crash, 
unless you don't go through the brk() zone.

There are a lot of articles in the net explaining buffer overflow in the heap, and two really good ones are in phrack 
the-one-before-last, you can find it at www.phrack.com

please correct me if I'm wrong
SpaceWalker
On Wed, 01 May 2002 22:14:10 +0200
melsa <3melsa3 () mail ru> wrote:
> but what about the heap ?
>
> ----------------------------------------------------------
> main(int argc,char **argv)
> {
>   static    char buf [1024];
> strcpy(buf,argv[1]);
> printf("%s",buf);
> }