You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I already reported unsorted_bin_into_stack, and this repo contains other techniques (all tested in libc 2.23 from Ubuntu 16.04, but I think it will work until 2.25 before tcache).
We determine the uniqueness of the techniques in two aspects: a root cause and a capability.
New
Old
Root causes
New capability
House of unsorted bin
House of Einherjar
Unsorted vs. Free
Does not require a heap address
Unaligned Double Free
Fast bin dup
Small vs. Fast
Can abuse a small bin
Overlapping chunk with small bin
Overlapping chunk
Small vs. Unsorted
Does not need a controllable size allocation
Fast bin into other bin
Fast bin dup into stack
Consolidation vs. Fast
Can allocate a non-fast chunk
Let me know if you have a technique to add to this repo. Then I will make a pull request. Thank you.
The text was updated successfully, but these errors were encountered:
Hi, all.
I would like to introduce my recent work, ArcHeap: https://arxiv.org/pdf/1903.00503.pdf
and also found techniques by this one.
I already reported unsorted_bin_into_stack, and this repo contains other techniques (all tested in libc 2.23 from Ubuntu 16.04, but I think it will work until 2.25 before tcache).
We determine the uniqueness of the techniques in two aspects: a root cause and a capability.
Let me know if you have a technique to add to this repo. Then I will make a pull request. Thank you.
The text was updated successfully, but these errors were encountered: