Date: Sat, 10 Oct 1998 01:57:29 -0500 From: Zach Heilig <zach@gaffaneys.com> To: Terry Lambert <tlambert@primenet.com>, Mike Smith <mike@smith.net.au> Cc: Studded@dal.net, archie@whistle.com, FreeBSD-Hackers@FreeBSD.ORG Subject: Re: mail in free(): warning: junk pointer, too high to make sense. Message-ID: <19981010015729.C12383@znh.org> In-Reply-To: <199810082314.QAA22401@usr06.primenet.com>; from Terry Lambert on Thu, Oct 08, 1998 at 11:14:28PM %2B0000 References: <199810082253.PAA01197@dingo.cdrom.com> <199810082314.QAA22401@usr06.primenet.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Oct 08, 1998 at 11:14:28PM +0000, Terry Lambert wrote: > I'm open to other suggestions about why a.out works but ELF doesn't, It is buffer overflow. It's a 24 char array mixed with trying to 'strcpy' 37 characters+1 nul, then strcat'ing another 8 at the end (total of 46). Strangly enough, in elf, these 24 char arrays are at the end of the BSS segment (and they appear to be bumped to the nearest 32 byte boundary sometimes): 08059a20 B tempMesg 08059a40 B tempResid 08059a60 B tempEdit 08059a78 B tmpdir 08059a80 B tempMail 08059aa0 B tempQuit 08059ab8 A _end 08059ab8 A end -- Zach Heilig <zach@gaffaneys.com> If it looks like a duck, and quacks like a duck, we have to at least consider the possibility that we have a small aquatic bird of the family Anatidę on our hands (Douglas Adams -- Dirk Gently's Holistic Detective Agency) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19981010015729.C12383>