National Institute of Standards and Technology
Package illustrating a test case

Test case 1508

Description

Double free exploit code. On line 40, the first chunk is free but it was already done on line 37. Allocating the fifth chunk on line 39 causes memory to being split off from the thirf chunk and this result in the first chunk being moved to a regular bin.
From "Secure Coding in C and C++" by Robert C. Seacord.
Page 119, Figure 4-21

Flaws

Have any comments on this test case? Please, send us an email.