|
|
|
|
|
|
by moring
1133 days ago
|
|
|
What happens if the code gets pre-empted between free_foo(whatever) and the if-statement, memory allocation gets changed, and subsequently dereferencing the pointer to read whatever->did_something causes a page fault? I am making assumptions here: That pre-emption is possible (at least some interrupts are enabled), that "whatever" points to virtual memory (some architectures have non-mappable physical memory pointers), and that a page fault at this point is actually harmful. However I do want to point out that the reasoning why your example is not exploitable isn't as easy as it first seems. |
|
|