473e1718cc
ptr = sodium_malloc(size) returns a pointer from which exactly "size" bytes can be accessed. ptr = sodium_allocarray(count, size) allocates enough storage space for "count" pointers or scalars of unit size "size". In both cases, the region is immediately followed by a guard page. As a result, any attempt to access a memory location after ptr[size - 1] will immediately trigger a segmentation fault. The allocated region is mlock()ed and filled with 0xd0 bytes. A read-only page with the size, a guard page, as well as a canary are placed before the returned pointer. The canary is checked by sodium_free(); as a result, altering data right before ptr is likely to cause sodium_free() to kill the process. sodium_free() munlock()s the region and fills it with zeros before actually calling free(). sodium_mprotect_noaccess(), sodium_mprotect_readonly() and sodium_mprotect_readwrite() can be used to change the protection on the set of allocated pages. Reverting the protection to read+write is not required before calling sodium_free().
3 lines
43 B
Plaintext
3 lines
43 B
Plaintext
Intentional segfault / bus error caught
|
|
OK
|