Closed k4lizen closed 4 months ago
The description in the README.md is:
Tricking malloc into returning an already-allocated heap pointer by putting a pointer on both fastbin freelist and unsorted bin freelist.
The chunk never reaches the unsorted bin as it is consolidated with top. Nothing ever reaches the unsorted bin in the entire exploit.
thank you for pointing it out, it is now fixed by https://github.com/shellphish/how2heap/commit/754c5546fa407570d9aa621e0b3b29efec4f3952
The description in the README.md is:
The chunk never reaches the unsorted bin as it is consolidated with top. Nothing ever reaches the unsorted bin in the entire exploit.