stack overflow
The House of Spirit
The House of Spirit
2017.08.15The House of Spiritstack overflow로 stack에 있는 포인터 변수 hptr을 `` fake_chunk`` addr로 overwrite.이후 ``c free(hptr)``하면 fastbin에는 ``c fake_chunk`` addr이 추가되므로, 그 다음 반환 chunk는 `` fake_chunk`` ```c/* set fake_chunk */fake_chunk[1] = arbitrary_size;/* set next chunk size */... void *hptr = malloc(SIZE);char buf[4];strcpy(buf, argv[1]); // stack overflow free(hptr) // fake chunk is added in fastbinfake = ma..