You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I am trying to understand the behaviour of Slimguard during the memory allocations and freeing, but something seems strange. When I requested addresses with a malloc call, for instance 10 of them, and freed them juste after (whatever value I put inside, and having some values used before so that the memory page is not release with madvise), the 10 next addresses given by malloc seemed to be exactly the same.
In the sources, at this line, if I am not mistaken the if is true if there are at least 2 values in the free list (head and next of the head not null). Therefore when calling for memory, if the list is composed of 10 previously freed addresses (by this line) then 10 of them are returned in the inverted order of their freeing. I read your research-article of this library and it doesn't exactly suggests the same implementation of the free list, with in the implementation a bucket where we take random values from and a free list where the newly freed values are without randomization. Did I misunderstand the implementation/objective or is there really a problem of use-after-free possibilities ?
The text was updated successfully, but these errors were encountered:
I am trying to understand the behaviour of Slimguard during the memory allocations and freeing, but something seems strange. When I requested addresses with a malloc call, for instance 10 of them, and freed them juste after (whatever value I put inside, and having some values used before so that the memory page is not release with madvise), the 10 next addresses given by malloc seemed to be exactly the same.
In the sources, at this line, if I am not mistaken the if is true if there are at least 2 values in the free list (head and next of the head not null). Therefore when calling for memory, if the list is composed of 10 previously freed addresses (by this line) then 10 of them are returned in the inverted order of their freeing. I read your research-article of this library and it doesn't exactly suggests the same implementation of the free list, with in the implementation a bucket where we take random values from and a free list where the newly freed values are without randomization. Did I misunderstand the implementation/objective or is there really a problem of use-after-free possibilities ?
The text was updated successfully, but these errors were encountered: