untaman

## gist:cb58123fe89fc65e3984165db5d40933
 Here is the writeup for CVE-2021-40647.

A specific string being read in from a file will overwrite the size parameter in the top chunk of the heap. This at least causes the program to segmentation abort:

The user craft a file containing the string containing  the bytes "\x27" * 1 ; '\x53'*2 ; '\x42'*19984' ; '\xff'*16. This will cause a segmentation abort because the user would have overwritten the size parameter of the top chunk but misaligned the value causing glibc to output "corrupted size vs. prev_size". Example of the top_chunk is below.

Top chunk | IS_MMAPED
Addr: 0x555555779680
prev_size: 0x4242424242424242    <== User Data
size: 0xffffffffffffff42         <== User Data
	Here is the writeup for CVE-2021-40647.

	A specific string being read in from a file will overwrite the size parameter in the top chunk of the heap. This at least causes the program to segmentation abort:

	The user craft a file containing the string containing the bytes "\x27" * 1 ; '\x53'2 ; '\x42'19984' ; '\xff'*16. This will cause a segmentation abort because the user would have overwritten the size parameter of the top chunk but misaligned the value causing glibc to output "corrupted size vs. prev_size". Example of the top_chunk is below.

	Top chunk \| IS_MMAPED
	Addr: 0x555555779680
	prev_size: 0x4242424242424242 <== User Data
	size: 0xffffffffffffff42 <== User Data