Last active
March 15, 2018 02:02
-
-
Save Jinmo/fe0f865fab40fbd7480815bb070a2394 to your computer and use it in GitHub Desktop.
just another top chunk move
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <stdio.h> | |
| #include <stdlib.h> | |
| long buf[] = {0, 0, (long)buf, (long)buf}; | |
| int size = 200; // non-fastbin size | |
| int main() { | |
| setvbuf(stdin, 0, 2, 0); | |
| setvbuf(stdout, 0, 2, 0); | |
| setvbuf(stderr, 0, 2, 0); | |
| long *a = malloc(size); | |
| a[-1] &= ~1; | |
| a[-2] = (char *)(a - 2) - (char *)buf; | |
| free(a); | |
| printf("top is %p! and buf is %p.\n", malloc(1), buf); | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment