[Gc] heap overflow

Boehm, Hans hans.boehm at hp.com
Wed Nov 10 10:52:50 PST 2004


> -----Original Message-----
> From: gc-bounces at napali.hpl.hp.com
> 
> So it's possible to override the link pointer with a function pointer 
> and in that way to run you own code??
Overwrite, yes.  Run your own code, maybe.  Just writing a function pointer
there will usually result in a crash in the memory allocator.

> Where are the page headers placed in memory. Are they laying 
> before the 
> actual heap or behind??
It depends on the architecture, and other stuff.  It doesn't matter,
since you'll get to chance to overwrite lots of user objects before you
get there, and you're much more likely to be able to run your own
code by overwriting a function pointer in a user object.
> 
> I only ask all this for my thesis. I have to study the GC and what it 
> prevents (dangling pointers, memory leaks) and what the 
> vulnerabilities are.
> 
The real point here is that either garbage collection or some
pointer-validation mechanism is necessary to prevent overwriting of
function pointers in other objects.  But it's certainly not sufficient.
You still need to prevent out-of-bounds array accesses, etc.

Hans


More information about the Gc mailing list