Merge pull request #184 from gfelber/master

fixed sysmalloc_int_free.c MALLOC_ALIGN

glibc_2.23/sysmalloc_int_free.c

@@ -9,7 +9,6 @@
 #define SIZE_SZ sizeof(size_t)
 
 #define CHUNK_HDR_SZ (SIZE_SZ*2)
-// same for x86_64 and x86
 #define MALLOC_ALIGN (SIZE_SZ*2)
 #define MALLOC_MASK (-MALLOC_ALIGN)
 
@@ -28,10 +27,6 @@
 /**
  * Tested on:
  *  + GLIBC 2.23 (x86_64, x86 & aarch64)
- *  + GLIBC 2.39 (x86_64, x86 & aarch64)
- *  + GLIBC 2.34 (x86_64, x86 & aarch64)
- *  + GLIBC 2.31 (x86_64, x86 & aarch64)
- *  + GLIBC 2.27 (x86_64, x86 & aarch64)
  *
  * sysmalloc allows us to free() the top chunk of heap to create nearly arbitrary bins,
  * which can be used to corrupt heap without needing to call free() directly.

glibc_2.24/sysmalloc_int_free.c

@@ -9,7 +9,6 @@
 #define SIZE_SZ sizeof(size_t)
 
 #define CHUNK_HDR_SZ (SIZE_SZ*2)
-// same for x86_64 and x86
 #define MALLOC_ALIGN (SIZE_SZ*2)
 #define MALLOC_MASK (-MALLOC_ALIGN)
 
@@ -28,10 +27,6 @@
 /**
  * Tested on:
  *  + GLIBC 2.23 (x86_64, x86 & aarch64)
- *  + GLIBC 2.39 (x86_64, x86 & aarch64)
- *  + GLIBC 2.34 (x86_64, x86 & aarch64)
- *  + GLIBC 2.31 (x86_64, x86 & aarch64)
- *  + GLIBC 2.27 (x86_64, x86 & aarch64)
  *
  * sysmalloc allows us to free() the top chunk of heap to create nearly arbitrary bins,
  * which can be used to corrupt heap without needing to call free() directly.

glibc_2.27/sysmalloc_int_free.c

@@ -10,7 +10,7 @@
 
 #define CHUNK_HDR_SZ (SIZE_SZ*2)
 // same for x86_64 and x86
-#define MALLOC_ALIGN (SIZE_SZ*2)
+#define MALLOC_ALIGN 0x10
 #define MALLOC_MASK (-MALLOC_ALIGN)
 
 #define PAGESIZE sysconf(_SC_PAGESIZE)
@@ -27,7 +27,6 @@
 
 /**
  * Tested on:
- *  + GLIBC 2.23 (x86_64, x86 & aarch64)
  *  + GLIBC 2.39 (x86_64, x86 & aarch64)
  *  + GLIBC 2.34 (x86_64, x86 & aarch64)
  *  + GLIBC 2.31 (x86_64, x86 & aarch64)

glibc_2.31/sysmalloc_int_free.c

@@ -10,7 +10,7 @@
 
 #define CHUNK_HDR_SZ (SIZE_SZ*2)
 // same for x86_64 and x86
-#define MALLOC_ALIGN (SIZE_SZ*2)
+#define MALLOC_ALIGN 0x10
 #define MALLOC_MASK (-MALLOC_ALIGN)
 
 #define PAGESIZE sysconf(_SC_PAGESIZE)
@@ -27,7 +27,6 @@
 
 /**
  * Tested on:
- *  + GLIBC 2.23 (x86_64, x86 & aarch64)
  *  + GLIBC 2.39 (x86_64, x86 & aarch64)
  *  + GLIBC 2.34 (x86_64, x86 & aarch64)
  *  + GLIBC 2.31 (x86_64, x86 & aarch64)

glibc_2.32/sysmalloc_int_free.c

@@ -10,7 +10,7 @@
 
 #define CHUNK_HDR_SZ (SIZE_SZ*2)
 // same for x86_64 and x86
-#define MALLOC_ALIGN (SIZE_SZ*2)
+#define MALLOC_ALIGN 0x10
 #define MALLOC_MASK (-MALLOC_ALIGN)
 
 #define PAGESIZE sysconf(_SC_PAGESIZE)
@@ -27,7 +27,6 @@
 
 /**
  * Tested on:
- *  + GLIBC 2.23 (x86_64, x86 & aarch64)
  *  + GLIBC 2.39 (x86_64, x86 & aarch64)
  *  + GLIBC 2.34 (x86_64, x86 & aarch64)
  *  + GLIBC 2.31 (x86_64, x86 & aarch64)

glibc_2.33/sysmalloc_int_free.c

@@ -10,7 +10,7 @@
 
 #define CHUNK_HDR_SZ (SIZE_SZ*2)
 // same for x86_64 and x86
-#define MALLOC_ALIGN (SIZE_SZ*2)
+#define MALLOC_ALIGN 0x10
 #define MALLOC_MASK (-MALLOC_ALIGN)
 
 #define PAGESIZE sysconf(_SC_PAGESIZE)
@@ -27,7 +27,6 @@
 
 /**
  * Tested on:
- *  + GLIBC 2.23 (x86_64, x86 & aarch64)
  *  + GLIBC 2.39 (x86_64, x86 & aarch64)
  *  + GLIBC 2.34 (x86_64, x86 & aarch64)
  *  + GLIBC 2.31 (x86_64, x86 & aarch64)

glibc_2.34/sysmalloc_int_free.c

@@ -10,7 +10,7 @@
 
 #define CHUNK_HDR_SZ (SIZE_SZ*2)
 // same for x86_64 and x86
-#define MALLOC_ALIGN (SIZE_SZ*2)
+#define MALLOC_ALIGN 0x10
 #define MALLOC_MASK (-MALLOC_ALIGN)
 
 #define PAGESIZE sysconf(_SC_PAGESIZE)
@@ -27,7 +27,6 @@
 
 /**
  * Tested on:
- *  + GLIBC 2.23 (x86_64, x86 & aarch64)
  *  + GLIBC 2.39 (x86_64, x86 & aarch64)
  *  + GLIBC 2.34 (x86_64, x86 & aarch64)
  *  + GLIBC 2.31 (x86_64, x86 & aarch64)

glibc_2.35/sysmalloc_int_free.c

@@ -10,7 +10,7 @@
 
 #define CHUNK_HDR_SZ (SIZE_SZ*2)
 // same for x86_64 and x86
-#define MALLOC_ALIGN (SIZE_SZ*2)
+#define MALLOC_ALIGN 0x10
 #define MALLOC_MASK (-MALLOC_ALIGN)
 
 #define PAGESIZE sysconf(_SC_PAGESIZE)
@@ -27,7 +27,6 @@
 
 /**
  * Tested on:
- *  + GLIBC 2.23 (x86_64, x86 & aarch64)
  *  + GLIBC 2.39 (x86_64, x86 & aarch64)
  *  + GLIBC 2.34 (x86_64, x86 & aarch64)
  *  + GLIBC 2.31 (x86_64, x86 & aarch64)

glibc_2.36/sysmalloc_int_free.c

@@ -10,7 +10,7 @@
 
 #define CHUNK_HDR_SZ (SIZE_SZ*2)
 // same for x86_64 and x86
-#define MALLOC_ALIGN (SIZE_SZ*2)
+#define MALLOC_ALIGN 0x10
 #define MALLOC_MASK (-MALLOC_ALIGN)
 
 #define PAGESIZE sysconf(_SC_PAGESIZE)
@@ -27,7 +27,6 @@
 
 /**
  * Tested on:
- *  + GLIBC 2.23 (x86_64, x86 & aarch64)
  *  + GLIBC 2.39 (x86_64, x86 & aarch64)
  *  + GLIBC 2.34 (x86_64, x86 & aarch64)
  *  + GLIBC 2.31 (x86_64, x86 & aarch64)

glibc_2.37/sysmalloc_int_free.c

@@ -10,7 +10,7 @@
 
 #define CHUNK_HDR_SZ (SIZE_SZ*2)
 // same for x86_64 and x86
-#define MALLOC_ALIGN (SIZE_SZ*2)
+#define MALLOC_ALIGN 0x10
 #define MALLOC_MASK (-MALLOC_ALIGN)
 
 #define PAGESIZE sysconf(_SC_PAGESIZE)
@@ -27,7 +27,6 @@
 
 /**
  * Tested on:
- *  + GLIBC 2.23 (x86_64, x86 & aarch64)
  *  + GLIBC 2.39 (x86_64, x86 & aarch64)
  *  + GLIBC 2.34 (x86_64, x86 & aarch64)
  *  + GLIBC 2.31 (x86_64, x86 & aarch64)

glibc_2.38/sysmalloc_int_free.c

@@ -10,7 +10,7 @@
 
 #define CHUNK_HDR_SZ (SIZE_SZ*2)
 // same for x86_64 and x86
-#define MALLOC_ALIGN (SIZE_SZ*2)
+#define MALLOC_ALIGN 0x10
 #define MALLOC_MASK (-MALLOC_ALIGN)
 
 #define PAGESIZE sysconf(_SC_PAGESIZE)
@@ -27,7 +27,6 @@
 
 /**
  * Tested on:
- *  + GLIBC 2.23 (x86_64, x86 & aarch64)
  *  + GLIBC 2.39 (x86_64, x86 & aarch64)
  *  + GLIBC 2.34 (x86_64, x86 & aarch64)
  *  + GLIBC 2.31 (x86_64, x86 & aarch64)

glibc_2.39/sysmalloc_int_free.c

@@ -10,7 +10,7 @@
 
 #define CHUNK_HDR_SZ (SIZE_SZ*2)
 // same for x86_64 and x86
-#define MALLOC_ALIGN (SIZE_SZ*2)
+#define MALLOC_ALIGN 0x10
 #define MALLOC_MASK (-MALLOC_ALIGN)
 
 #define PAGESIZE sysconf(_SC_PAGESIZE)
@@ -27,7 +27,6 @@
 
 /**
  * Tested on:
- *  + GLIBC 2.23 (x86_64, x86 & aarch64)
  *  + GLIBC 2.39 (x86_64, x86 & aarch64)
  *  + GLIBC 2.34 (x86_64, x86 & aarch64)
  *  + GLIBC 2.31 (x86_64, x86 & aarch64)