Bug Classes/Heap overflow
Jump to navigation
Jump to search
The printable version is no longer supported and may have rendering errors. Please update your browser bookmarks and please use the default browser print function instead.
Details
Heap overflows tend to occur due to integer overflows or otherwise broken bounds checking. Exploits overwrite adjacent heap memory, or manipulate the heap metadata values.
Examples
Mitigations
- runtime validation of variable size vs copy_to_user/copy_from_user size (e.g. PAX_USERCOPY)
- guard pages
- metadata validation (e.g. glibc's heap protections)