chain3
chain3 copied to clipboard
Published
20 hours ago •
raymontag
raymontag
Buffer overflow in spray_kalloc_64_with_port_pointers()
pointer_data_size = 3 * sizeof(uint64_t);
pointer_data = calloc(1, pointer_data_size);
pointer_data[1] = 0;
pointer_data[2] = 0;
pointer_data[3] = 0;
pointer_data[4] = 0;
callocing 24 bytes (3*8) but accessing index 3 and 4 of (uint64_t *) which is 8 and 16 bytes over allocated space
