I got a bug on Windows where userland code is freeing (heap block pointer + static offset). Never seen that before! How exploitable is this?
-
-
is this a double free? If you can reallocate in between, could be exploitable
-
No. AFAICT it is simply this: RtlFreeHeap(hHeapHandle, 0, pHeapBase+sizeof(VOID*));
-
That is some strange code...looks like somebody tried to implement his own mem management on top of normal heap?
-
I think the same
-
or maybe just a list of pointers stored on the heap and a missing deref..garbage collector?
-
looks like it's freeing a str that is part of a struct { PVOID* pUnknown WCHAR[] szString } free(szString);
-
are struct values before that str controllable?
-
it's just that one pointer, I don't think it's controlable.
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.