Close

Use-after-free

A project log for A stack.

It started as a software data stack. Because I need it. It has become a hardware control stack.

yann-guidon-ygdesYann Guidon / YGDES 03/05/2025 at 00:320 Comments

I just dropped stack_alloc.tgz

This addresses a big concern, the hard way : you can clear a pointer after the corresponding block has been freed by RELEASE. So if you use this pointer after, you SEGFAULT.

Of course, this pointer should not have been copied elsewhere because there is no reference count but at least you have an "early safety blanket" in case of bug : fail early and find out why before it's too intricate.

From example_clearptr.c:

  // How it should ideally be done:
  DS_MARK
    puts("1st version: should work smoothly.");
    char *ch1=new(32);
    memcpy(ch1, alphabet, 27);
    puts(ch1);
  DS_RELEASE
  // ch1 is out of declaration scope here and
  // can't be used after DS_RELEASE freed it.

  // Less ideal version where the pointer gets
  // NULLed by the destructor to prevent use-after-free
  char *ch2;
  DS_MARK
    puts("2nd version: must SEGFAULT:");
    new_clear(32, ch2);
    memcpy(ch2, alphabet+3, 27-3);
    // puts must work here
  DS_RELEASE
  // puts shouldn't work here because the pointer has been freed.
  puts(ch2);

It's quite brutal but it works without being overkill !
Previous log

First archive

03/03/2025 at 17:40 0 comments
Next log

anti-break do()

04/12/2025 at 00:27 0 comments

Discussions

Yes, delete it Cancel

Going up?

About Us Contact Hackaday.io Give Feedback Terms of Use Privacy Policy Hackaday API

© 2026 Hackaday