c:153)
==16571== by 0x8048395: main (in valgrind_2)
==16571== by 0x398BBE: __libc_start_main (in /lib/libc-2.3.2.so)
==16571== by 0x80482EC: (within valgrind_2)
==16571==
Gray Hat Hacking: The Ethical Hacker??™s Handbook
346
==16571== ERROR SUMMARY: 2 errors from 2 contexts (suppressed: 0 from 0)
==16571== malloc/free: in use at exit: 0 bytes in 0 blocks.
==16571== malloc/free: 1 allocs, 1 frees, 40 bytes allocated.
==16571== For a detailed leak analysis, rerun with: --leak-check=yes
==16571== For counts of detected errors, rerun with: -v
The type of errors reported in this case might easily be caused by off-by-one errors or a
heap-based buffer overflow condition.
The last valgrind example demonstrates reporting of both a memory leak and a double
free problem. The example code is as follows:
/*
* valgrind_3.c ??“ memory leak/double free
*/
#include
int main() {
int *p;
p = (int*)malloc(10 * sizeof(int));
p = (int*)malloc(40 * sizeof(int)); //first block has now leaked
free(p);
free(p); //double free error
return 0;
}
NOTE A double free condition occurs when the free function is called a
second time for a pointer that has already been freed. The second call to
free corrupts heap management information that can result in an exploitable
condition.
Pages:
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625