fastbin_dup_consolidate wrong technique description

shellphish / how2heap

A repository for learning various heap exploitation techniques.

MIT License

7.12k stars 1.13k forks source link

Closed k4lizen closed 4 months ago

k4lizen commented 4 months ago

The description in the README.md is:

Tricking malloc into returning an already-allocated heap pointer by putting a pointer on both fastbin freelist and unsorted bin freelist.

The chunk never reaches the unsorted bin as it is consolidated with top. Nothing ever reaches the unsorted bin in the entire exploit.

Kyle-Kyle commented 4 months ago