Fix typos

assets/files/shrinking_free_chunks.c

@@ -45,7 +45,7 @@ int main() {
   printf("%p\n", b1);
 
   // Allocate another chunk
-  // This will come directy after b1
+  // This will come directly after b1
   b2 = malloc(0x80);
   printf("%p\n", b2);
 
@@ -68,4 +68,4 @@ int main() {
   printf("%s\n", (char *)b2);       // Prints AAAAAAAAAAA... !
 
   return 0;
-}
+}

attacks/shrinking_free_chunks.md

@@ -45,7 +45,7 @@ free(b);
 b1 = malloc(0x80);                           // at 0xfee120
 
 // Allocate another chunk
-// This will come directy after b1
+// This will come directly after b1
 b2 = malloc(0x80);                           // at 0xfee1b0
 strcpy(b2, "victim's data");
 
@@ -67,4 +67,4 @@ printf("%s\n", (char *)b2);       // Prints AAAAAAAAAAA... !
 
 `big` now points to the initial `b` chunk and overlaps with `b2`. Updating contents of `big` updates contents of `b2`, even when both these chunks are never passed to `free`.
 
-Note that instead of shrinking `b`, the attacker could also have increased the size of `b`. This will result in a similar case of overlap. When 'malloc' requests another chunk of the increased size, `b` will be used to service this request. Now `c`'s memory will also be part of this new chunk returned.
+Note that instead of shrinking `b`, the attacker could also have increased the size of `b`. This will result in a similar case of overlap. When 'malloc' requests another chunk of the increased size, `b` will be used to service this request. Now `c`'s memory will also be part of this new chunk returned.

attacks/unlink_exploit.md

@@ -57,7 +57,7 @@ A new fake chunk is created in the 'data' part of `chunk1`. The `fd` and `bk` po
 
 ![Unlink before call to free](../assets/images/unlink_before_free.png)
 
-Carefully, try to understand how `P->fd->bk == P` and `P->bk->fd == P` checks are passed. This shall give an intution regarding how to adjust the `fd` and `bk` pointers of the fake chunk.
+Carefully, try to understand how `P->fd->bk == P` and `P->bk->fd == P` checks are passed. This shall give an intuition regarding how to adjust the `fd` and `bk` pointers of the fake chunk.
 
 As soon as `chunk2` is freed, it is handled as a small bin. Recall that previous and next chunks(by memory) are checked whether they are 'free' or not. If any chunk is detected as 'free', it is `unlinked` for the purpose of merging consecutive free chunks. The `unlink` MACRO executes the following two instructions that modify pointers:
 
@@ -70,4 +70,4 @@ In this case, both `P->fd->bk` and `P->bk->fd` point to the same location so onl
 
 Now, we have `chunk1` pointing to 3 addresses(16-bit) behind itself(`&chunk1 - 3`). Hence, `chunk1[3]` is in fact the `chunk1`. Changing `chunk1[3]` is like changing `chunk1`. Notice that an attacker has a greater chance of getting an opportunity to update data at location `chunk1`(`chunk1[3] here`) instead of `chunk1` itself. This completes the attack. In this example, `chunk1` was made to point to a 'data' variable and changes through `chunk1` were reflected on that variable.
 
-Earlier, with the absence of security checks in `unlink`, the two write instructions in the `unlink` MACRO were used to achieve arbitrary writes. By overwriting `.got` sections, this led to arbitrary code execution.
+Earlier, with the absence of security checks in `unlink`, the two write instructions in the `unlink` MACRO were used to achieve arbitrary writes. By overwriting `.got` sections, this led to arbitrary code execution.

diving_into_glibc_heap/internal_functions.md

@@ -49,7 +49,7 @@ This is a defined macro which removes a chunk from a bin.
 
 1. Check if chunk size is equal to the previous size set in the next chunk. Else, an error("corrupted size vs. prev\_size") is thrown.
 2. Check if `P->fd->bk == P` and `P->bk->fd == P`. Else, an error("corrupted double-linked list") is thrown.
-3. Adjust forward and backward pointers of neighoring chunks(in list) to facilitate removal:
+3. Adjust forward and backward pointers of neighboring chunks(in list) to facilitate removal:
    1. Set `P->fd->bk` = `P->bk`.
    2. Set `P->bk->fd` = `P->fd`.
 

diving_into_glibc_heap/security_checks.md

@@ -12,7 +12,7 @@ This presents a summary of the security checks introduced in glibc's implementat
 | \_int\_malloc | While inserting last remainder chunk into unsorted bin(after splitting a large chunk), check whether `unsorted_chunks(av)->fd->bk == unsorted_chunks(av)` | malloc(): corrupted unsorted chunks |
 | \_int\_malloc | While inserting last remainder chunk into unsorted bin(after splitting a fast or a small chunk), check whether `unsorted_chunks(av)->fd->bk == unsorted_chunks(av)` | malloc(): corrupted unsorted chunks 2 |
 | \_int\_free | Check whether `p`\*\* is before `p + chunksize(p)` in the memory(to avoid wrapping) | free(): invalid pointer |
-| \_int\_free | Check whether the chunk is atleast of size `MINSIZE` or a multiple of `MALLOC_ALIGNMENT` | free(): invalid size |
+| \_int\_free | Check whether the chunk is at least of size `MINSIZE` or a multiple of `MALLOC_ALIGNMENT` | free(): invalid size |
 | \_int\_free | For a chunk with size in fastbin range, check if next chunk's size is between minimum and maximum size(`av->system_mem`) | free(): invalid next size (fast) |
 | \_int\_free | While inserting fast chunk into fastbin(at `HEAD`), check whether the chunk already at `HEAD` is not the same | double free or corruption (fasttop) |
 | \_int\_free | While inserting fast chunk into fastbin(at `HEAD`), check whether size of the chunk at `HEAD` is same as the chunk to be inserted | invalid fastbin entry (free) |
@@ -24,4 +24,4 @@ This presents a summary of the security checks introduced in glibc's implementat
 
 _\*: 'P' refers to the chunk being unlinked_
 
-_\*\*: 'p' refers to the chunk being freed_
+_\*\*: 'p' refers to the chunk being freed_

heap_memory.md

@@ -30,7 +30,7 @@ The documentation about 'malloc' and 'free' says:
     bytes, or null if no space is available. Additionally, on 
     failure, errno is set to ENOMEM on ANSI C systems.
 
-    If n is zero, malloc returns a minumum-sized chunk. (The
+    If n is zero, malloc returns a minimum-sized chunk. (The
     minimum size is 16 bytes on most 32bit systems, and 24 or 32
     bytes on 64bit systems.)  On most systems, size_t is an unsigned
     type, so calls with negative arguments are interpreted as