Merge pull request #206 from dmur1/fix-fastbin-dup-into-stack-print-errors

Kyle-Kyle · web-flow · commit f1d95d27166b · 2025-04-25T13:53:33.000-07:00
fix incorrect address being printed in fastbin_dup_into_stack
diff --git a/glibc_2.33/fastbin_dup_into_stack.c b/glibc_2.33/fastbin_dup_into_stack.c
@@ -20,9 +20,9 @@ int main()
 	}
 
 
-	unsigned long stack_var[2] __attribute__ ((aligned (0x10)));
+	unsigned long stack_var[4] __attribute__ ((aligned (0x10)));
 
-	fprintf(stderr, "The address we want calloc() to return is %p.\n", stack_var);
+	fprintf(stderr, "The address we want calloc() to return is %p.\n", stack_var + 2);
 
 	fprintf(stderr, "Allocating 3 buffers.\n");
 	int *a = calloc(1,8);
diff --git a/glibc_2.34/fastbin_dup_into_stack.c b/glibc_2.34/fastbin_dup_into_stack.c
@@ -20,9 +20,9 @@ int main()
 	}
 
 
-	unsigned long stack_var[2] __attribute__ ((aligned (0x10)));
+	unsigned long stack_var[4] __attribute__ ((aligned (0x10)));
 
-	fprintf(stderr, "The address we want calloc() to return is %p.\n", stack_var);
+	fprintf(stderr, "The address we want calloc() to return is %p.\n", stack_var + 2);
 
 	fprintf(stderr, "Allocating 3 buffers.\n");
 	int *a = calloc(1,8);
diff --git a/glibc_2.36/fastbin_dup_into_stack.c b/glibc_2.36/fastbin_dup_into_stack.c
@@ -20,9 +20,9 @@ int main()
 	}
 
 
-	unsigned long stack_var[2] __attribute__ ((aligned (0x10)));
+	unsigned long stack_var[4] __attribute__ ((aligned (0x10)));
 
-	fprintf(stderr, "The address we want calloc() to return is %p.\n", stack_var);
+	fprintf(stderr, "The address we want calloc() to return is %p.\n", stack_var + 2);
 
 	fprintf(stderr, "Allocating 3 buffers.\n");
 	int *a = calloc(1,8);
diff --git a/glibc_2.37/fastbin_dup_into_stack.c b/glibc_2.37/fastbin_dup_into_stack.c
@@ -20,9 +20,9 @@ int main()
 	}
 
 
-	unsigned long stack_var[2] __attribute__ ((aligned (0x10)));
+	unsigned long stack_var[4] __attribute__ ((aligned (0x10)));
 
-	fprintf(stderr, "The address we want calloc() to return is %p.\n", stack_var);
+	fprintf(stderr, "The address we want calloc() to return is %p.\n", stack_var + 2);
 
 	fprintf(stderr, "Allocating 3 buffers.\n");
 	int *a = calloc(1,8);
diff --git a/glibc_2.38/fastbin_dup_into_stack.c b/glibc_2.38/fastbin_dup_into_stack.c
@@ -20,9 +20,9 @@ int main()
 	}
 
 
-	unsigned long stack_var[2] __attribute__ ((aligned (0x10)));
+	unsigned long stack_var[4] __attribute__ ((aligned (0x10)));
 
-	fprintf(stderr, "The address we want calloc() to return is %p.\n", stack_var);
+	fprintf(stderr, "The address we want calloc() to return is %p.\n", stack_var + 2);
 
 	fprintf(stderr, "Allocating 3 buffers.\n");
 	int *a = calloc(1,8);
diff --git a/glibc_2.39/fastbin_dup_into_stack.c b/glibc_2.39/fastbin_dup_into_stack.c
@@ -20,9 +20,9 @@ int main()
 	}
 
 
-	unsigned long stack_var[2] __attribute__ ((aligned (0x10)));
+	unsigned long stack_var[4] __attribute__ ((aligned (0x10)));
 
-	fprintf(stderr, "The address we want calloc() to return is %p.\n", stack_var);
+	fprintf(stderr, "The address we want calloc() to return is %p.\n", stack_var + 2);
 
 	fprintf(stderr, "Allocating 3 buffers.\n");
 	int *a = calloc(1,8);

Original file line number	Diff line number	Diff line change
`@@ -20,9 +20,9 @@ int main()`
`20`	`20`	`}`
`21`	`21`
`22`	`22`
`23`		`- unsigned long stack_var[2] __attribute__ ((aligned (0x10)));`
	`23`	`+ unsigned long stack_var[4] __attribute__ ((aligned (0x10)));`
`24`	`24`
`25`		`- fprintf(stderr, "The address we want calloc() to return is %p.\n", stack_var);`
	`25`	`+ fprintf(stderr, "The address we want calloc() to return is %p.\n", stack_var + 2);`
`26`	`26`
`27`	`27`	`fprintf(stderr, "Allocating 3 buffers.\n");`
`28`	`28`	`int *a = calloc(1,8);`