Closed Ch0pin closed 2 years ago
you are right. The pointers are not NULL
but the unsorted bin header address since the victim just got added into the unsorted bin.
it is impossible that an unsorted bin in heap that can have NULL fwd/bck pointers (under normal scenarios)
the description is updated in https://github.com/shellphish/how2heap/commit/43bd97f8cbd1cf9836fffcfc17576bd0523da4de thanks for the contribution!
Hi folks,
checking the corresponding poc for the latest version I got here (line 92):
How accurate is the above ?
it seems like bk and fwd are pointing to the top chunk:
where: