Welcome to Scribd, the world's digital library. Read, publish, and share books and documents. See more
Download
Standard view
Full view
of .
Look up keyword or section
Like this
1Activity

Table Of Contents

Agenda
Dynamic Memory Management
Memory Management Functions 1
Memory Management Functions 2
Memory Management Functions 3
Memory Managers
Boundary Tags
Dynamic Storage Allocation 1
Dynamic Storage Allocation 2
Memory Management Errors
Initialization Errors
Initialization Error
“Sun tarball” Vulnerability
Failing to Check Return Values
Checking malloc()Status
Recovery Plan
C++ Allocation Failure Recovery
newoperator Exception Handling
Incorrect use of newOperator
Referencing Freed Memory 1
Referencing Freed Memory 4
Freeing Memory Multiple Times
Dueling Data Structures 1
Dueling Data Structures 2
Leaking Containers in C++
Plugging Container Leaks
Dueling Containers in C++
Counted Pointer Elements
Smart Pointers in C++
Reference Counted Smart Pointers
Smart Pointer Elements
Counted Pointers as Elements
Improperly Paired Functions
Improperly Paired Functions Example
Constructor and Destructor Mismatch
Mismatch with Member New
Member newand delete
Re-Allocating Zero Bytes
Don’t Allocate Zero Bytes
Placement newin C++
Use of Placement new
Doug Lea’s Memory Allocator
dlmalloc Memory Management 1
Free Chunks
dlmalloc Free Lists
Bins
Buffer Overflows
Unlink Technique
Unlink Macro
Vulnerable Code
Exploit
Malicious Argument
Size of a Chunk 1
Size of a Chunk 2
Size of a Chunk 3
Size of 1st
Chunk
Call to free()
Tricking dlmalloc 1
Tricking dlmalloc 2
Constants
Execution of unlink()Macro
The unlink()Technique
Unlink Technique Summary
Double-Free Vulnerabilities
Double-Free Exploit
Empty Bin and Allocated Chunk
Double-Free Exploit 1
Bin with Single Free Chunk
Double-Free Exploit 2
Corrupted Data Structures After Second Call of free()
Double-Free Exploit 3
Double-Free Exploit 4
Double-Free Shellcode
Mitigation Strategies
Null Pointers
Adopt Consistent Conventions
Resource Acquisition Is Initialization
RAII Example
Exception-Safe Code in C++
Heap Integrity Detection
Phkmalloc 1
Phkmalloc 2
Phkmalloc 3
Phkmalloc 4
Randomization
Guard Pages
Runtime Analysis Tools
IBM Rational Purify/PurifyPlus
Memory Access Error Checking
Debug Memory Allocation Library
Electric Fence
Valgrind 1
Valgrind 2
Valgrind 3
Summary
Frontlink Technique 1
Frontlink Technique 2
The frontlink Code Segment
Frontlink Technique 3
Exploit 2
Insure++ 1
Insure++ 2
Insure++ 3
0 of .
Results for:
No results containing your search query
P. 1
04 Dynamic Memory C and C++

04 Dynamic Memory C and C++

Ratings: (0)|Views: 36|Likes:
Published by Mihai Bairac

More info:

Published by: Mihai Bairac on Sep 12, 2013
Copyright:Attribution Non-commercial

Availability:

Read on Scribd mobile: iPhone, iPad and Android.
download as PDF, TXT or read online from Scribd
See more
See less

09/16/2013

pdf

text

original

You're Reading a Free Preview
Pages 4 to 25 are not shown in this preview.
You're Reading a Free Preview
Pages 29 to 65 are not shown in this preview.
You're Reading a Free Preview
Pages 69 to 127 are not shown in this preview.
You're Reading a Free Preview
Pages 131 to 135 are not shown in this preview.

You're Reading a Free Preview

Download
scribd
/*********** DO NOT ALTER ANYTHING BELOW THIS LINE ! ************/ var s_code=s.t();if(s_code)document.write(s_code)//-->