sandyx
/
libobjc2
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Make the canary check look at the address where the canary was stored, not the word before where the canary was stored.

Browse Source
main
theraven 15 years ago
parent 1c847cedd1
commit 61a2ae0f54
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File

3
gc_boehm.c
Unescape Escape View File

@ -592,9 +592,10 @@ int objc_gc_retain_count(id object)
static void nuke_buffer(void *addr, void *s) static void nuke_buffer(void *addr, void *s)
{ {
return;
dump_stack("Freeing allocation: ", addr); dump_stack("Freeing allocation: ", addr);
uintptr_t size = (uintptr_t)s; uintptr_t size = (uintptr_t)s;
if (canary != *(uint32_t*)((char*)addr + size - 4)) if (canary != *(uint32_t*)((char*)addr + size))
{ {
fprintf(stderr, fprintf(stderr,
"Something wrote past the end of memory allocation %p\n", "Something wrote past the end of memory allocation %p\n",

Write Preview
Loading…
Cancel
Save