Daniel Micay thestinger
thestinger
/ double_free.c
Last active
February 11, 2016 23:45
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // This double-free is detected with 100% reliability in CopperheadOS via the | |
| // malloc quarantine. The malloc quarantine uses a ring buffer to provide a | |
| // guaranteed baseline delay and a hash table for detecting double frees. A | |
| // double free can also be detected after allocations are flushed from the | |
| // quarantine, but only if the slot is still free. | |
| // | |
| // /data/data/test/test(688) in free(): error: double free 0x8e503300 | |
| // Aborted | |
| #include <stdlib.h> |
thestinger
/ oom.c
Last active
February 11, 2016 23:46
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // Clang is clever enough to optimize out these malloc and free calls. | |
| #include <stdio.h> | |
| #include <stdlib.h> | |
| int main(void) { | |
| void *ptr = malloc(16); | |
| if (!ptr) { | |
| puts("side effect"); | |
| return 1; |