Closed matrix1001 closed 5 years ago
This bug is due to a strange alignment strategy in newer version of 32 bit glibc.
In a nutshell, the first 16 bytes of heap is 0 in glibc-2.26 (32bit), glibc-2.27 (32bit).
As a result, while parsing heap, the first chunk has size 0 and trigger stop.
Fix is really easy, just ignore the first chunk if size is 0.
This problem was initially found when I was finishing my project HeapInspect.
Then I find that pwndbg has this problem. So does your amazing angelheap.
pwndbg
angelheap
Fixed. Thank you.
scwuaptx
commented
5 years ago scwuaptx
commented
5 years ago
Problem
This bug is due to a strange alignment strategy in newer version of 32 bit glibc.
In a nutshell, the first 16 bytes of heap is 0 in glibc-2.26 (32bit), glibc-2.27 (32bit).
As a result, while parsing heap, the first chunk has size 0 and trigger stop.
Fix
Fix is really easy, just ignore the first chunk if size is 0.
More
This problem was initially found when I was finishing my project HeapInspect.
Then I find that
pwndbghas this problem. So does your amazingangelheap.