fixed wrong target top size calculation, only relevant for Constants printed at top

2024-04-08 13:12:19 +02:00 · 2024-04-08 13:12:19 +02:00 · 1f2987a134
parent 21fbbb0366
commit 1f2987a134
9 changed files with 9 additions and 9 deletions
--- a/glibc_2.23/sysmalloc_int_free.c
+++ b/glibc_2.23/sysmalloc_int_free.c
@ -58,7 +58,7 @@ int main() {
  printf("fencepost size \t\t= 0x%lx\n", FENCEPOST);
  printf("freed size \t\t= 0x%lx\n", FREED_SIZE);

-  printf("target top chunk size \t= 0x%lx\n", CHUNK_FREED_SIZE + FENCEPOST);
+  printf("target top chunk size \t= 0x%lx\n", CHUNK_HDR_SZ + MALLOC_ALIGN + CHUNK_FREED_SIZE);

  // probe the current size of the top_chunk,
  // can be skipped if it is already known or predictable
--- a/glibc_2.27/house_of_tangerine.c
+++ b/glibc_2.27/house_of_tangerine.c
@ -66,7 +66,7 @@ int main() {
  printf("fencepost size = 0x%lx\n", FENCEPOST);
  printf("size_1 = 0x%lx\n", SIZE_1);

-  printf("target tcache top size = 0x%lx\n", CHUNK_SIZE_1 + FENCEPOST);
+  printf("target tcache top size = 0x%lx\n", CHUNK_HDR_SZ + MALLOC_ALIGN + CHUNK_SIZE_1);

  // target is malloc chunk aligned 0x10 for x86_64
  target = ((size_t) win + (MALLOC_ALIGN - 1)) & MALLOC_MASK;
--- a/glibc_2.27/sysmalloc_int_free.c
+++ b/glibc_2.27/sysmalloc_int_free.c
@ -58,7 +58,7 @@ int main() {
  printf("fencepost size \t\t= 0x%lx\n", FENCEPOST);
  printf("freed size \t\t= 0x%lx\n", FREED_SIZE);

-  printf("target top chunk size \t= 0x%lx\n", CHUNK_FREED_SIZE + FENCEPOST);
+  printf("target top chunk size \t= 0x%lx\n", CHUNK_HDR_SZ + MALLOC_ALIGN + CHUNK_FREED_SIZE);

  // probe the current size of the top_chunk,
  // can be skipped if it is already known or predictable
--- a/glibc_2.31/house_of_tangerine.c
+++ b/glibc_2.31/house_of_tangerine.c
@ -66,7 +66,7 @@ int main() {
  printf("fencepost size = 0x%lx\n", FENCEPOST);
  printf("size_1 = 0x%lx\n", SIZE_1);

-  printf("target tcache top size = 0x%lx\n", CHUNK_SIZE_1 + FENCEPOST);
+  printf("target tcache top size = 0x%lx\n", CHUNK_HDR_SZ + MALLOC_ALIGN + CHUNK_SIZE_1);

  // target is malloc chunk aligned 0x10 for x86_64
  target = ((size_t) win + (MALLOC_ALIGN - 1)) & MALLOC_MASK;
--- a/glibc_2.31/sysmalloc_int_free.c
+++ b/glibc_2.31/sysmalloc_int_free.c
@ -58,7 +58,7 @@ int main() {
  printf("fencepost size \t\t= 0x%lx\n", FENCEPOST);
  printf("freed size \t\t= 0x%lx\n", FREED_SIZE);

-  printf("target top chunk size \t= 0x%lx\n", CHUNK_FREED_SIZE + FENCEPOST);
+  printf("target top chunk size \t= 0x%lx\n", CHUNK_HDR_SZ + MALLOC_ALIGN + CHUNK_FREED_SIZE);

  // probe the current size of the top_chunk,
  // can be skipped if it is already known or predictable
--- a/glibc_2.34/house_of_tangerine.c
+++ b/glibc_2.34/house_of_tangerine.c
@ -66,7 +66,7 @@ int main() {
  printf("fencepost size = 0x%lx\n", FENCEPOST);
  printf("size_1 = 0x%lx\n", SIZE_1);

-  printf("target tcache top size = 0x%lx\n", CHUNK_SIZE_1 + FENCEPOST);
+  printf("target tcache top size = 0x%lx\n", CHUNK_HDR_SZ + MALLOC_ALIGN + CHUNK_SIZE_1);

  // target is malloc chunk aligned 0x10 for x86_64
  target = ((size_t) win + (MALLOC_ALIGN - 1)) & MALLOC_MASK;
--- a/glibc_2.34/sysmalloc_int_free.c
+++ b/glibc_2.34/sysmalloc_int_free.c
@ -58,7 +58,7 @@ int main() {
  printf("fencepost size \t\t= 0x%lx\n", FENCEPOST);
  printf("freed size \t\t= 0x%lx\n", FREED_SIZE);

-  printf("target top chunk size \t= 0x%lx\n", CHUNK_FREED_SIZE + FENCEPOST);
+  printf("target top chunk size \t= 0x%lx\n", CHUNK_HDR_SZ + MALLOC_ALIGN + CHUNK_FREED_SIZE);

  // probe the current size of the top_chunk,
  // can be skipped if it is already known or predictable
--- a/glibc_2.39/house_of_tangerine.c
+++ b/glibc_2.39/house_of_tangerine.c
@ -66,7 +66,7 @@ int main() {
  printf("fencepost size = 0x%lx\n", FENCEPOST);
  printf("size_1 = 0x%lx\n", SIZE_1);

-  printf("target tcache top size = 0x%lx\n", CHUNK_SIZE_1 + FENCEPOST);
+  printf("target tcache top size = 0x%lx\n", CHUNK_HDR_SZ + MALLOC_ALIGN + CHUNK_SIZE_1);

  // target is malloc chunk aligned 0x10 for x86_64
  target = ((size_t) win + (MALLOC_ALIGN - 1)) & MALLOC_MASK;
--- a/glibc_2.39/sysmalloc_int_free.c
+++ b/glibc_2.39/sysmalloc_int_free.c
@ -58,7 +58,7 @@ int main() {
  printf("fencepost size \t\t= 0x%lx\n", FENCEPOST);
  printf("freed size \t\t= 0x%lx\n", FREED_SIZE);

-  printf("target top chunk size \t= 0x%lx\n", CHUNK_FREED_SIZE + FENCEPOST);
+  printf("target top chunk size \t= 0x%lx\n", CHUNK_HDR_SZ + MALLOC_ALIGN + CHUNK_FREED_SIZE);

  // probe the current size of the top_chunk,
  // can be skipped if it is already known or predictable