Educational

A small page designed to showcase how we can locate double free

Make sure you go to IOF - Integer Overflow to explore how integer overflows actually work in more complex scenarios. This will help you finish this section.

Locating Double Free

This one happens rarely and is a result of programmer sleepiness or laziness. Either way, its a huge problem as it will eventually cause the program to crash and fault. However, the fun thing about double free is that finding them is easy.

Methods

There is one primary method that can be done pretty easily. That is going to be listed in steps below.

Step 1 -> Find all occurrences of 'free' which includes mapping out the function 'free' if the compiler statically embeds the function without naming it and also includes mapping out the function base.
Step 2 -> When you find all occurrences, look for more than one free in the same subroutine close to one of the free calls. Many functions will use more than one block of memory on the heap- so its important to understand
Step 3 -> Analyze the data and check for two free() calls which are all appointed to the same block of memory.

PreviousVuln: Double Free NextAttack Plan

Last updated 1 year ago