When a buffer size is not aligned page heap will add a suffix to the heap block. I can detect corruption in the suffix. Corruption of the suffix up to the address at which the AV took place is a very strong indication of a classic linear BOF.
-
-
Show this thread
-
Next step: allow "collateral bugs" to recognize sequential AVs and report them as continuations of the same BoF.
Show this thread
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.