Descripción del código de ptmalloc

Este es tu lugar para hablar de programación, compartir, crear y desarrollar nuevos proyectos

Moderador: Moderadores

Descripción del código de ptmalloc

Notapor NewLog » Vie Jul 13, 2012 1:46 pm

Hola gente,

Al ser una pregunta un tanto específica, primero la escribí en stackoverflow que ahí hay miles de personas pululando. Así que si no os parece mal, la voy a copiar aquí aunque esté en inglés (ya que es un poco larga).

Si sabéis de alguien que pueda saber la respuesta, guiadlo hacia aquí, plz! Me haríais un buen favor :roll:

----------------------
I'm looking forward to understanding how dynamic memory management works at low level in GNU/Linux systems (aka, how ptmalloc works).

Of course, I've read the code but I have a lot of doubts. I, more or less, understand the data structures but I have many information leaks!

My question is if someone knows about any resource explaining in detail the implementation. For example, I've read papers such as 'Understanding the heap by breaking it' or the 'Malloc Malleficarum' series and post-series. They do a great job, but, of course, they are more focused in exploitation than in explaining many implementation details.

If you don't know about any resource, here are some of my questions.
  • What really is an arena? In the code for the variable ar_ptr from heap_info struct there is a comment saying 'arena for this heap', so an arena can not be a heap (as it is said everywhere).
  • Why in the heap_info struct there is not a next pointer and there is a prev pointer? Is it because of main_arena? And what is main_arena?
  • Every heap_info struct can have more than one arena (pointing to different malloc_state structures)?
  • When are created news arenas and what code handles it? I've read that new arenas are created when an arena requested for storing data is locked (because the process or a process thread is working with it) and I've also read that each process thread have a different arena. The important thing here is if you know what code handle these situations.
  • I also don't understand when people says that all memory operations born from the top chunk or wilderest chunk. Do you know where can I found this code?
BTW, I don't want to go deep with mutex details.

I'm reviewing ptmalloc implementation in glibc 2.12.1. I would like to make some diagrams about the overall structure of everything so I need to understand these things!

Thank you.
----------------------

Lo dicho, sé que es bastante específica... Pero quizá suena la flauta ;)

Si hay problemas en que la deje en inglés, decídmelo y ya la traduciré.

Saludos y gracias.
Imagen
http://www.overflowedminds.net - Quieres introducirte al exploiting?
Avatar de Usuario
NewLog
<|:-D
<|:-D
 
Mensajes: 1130
Registrado: Sab Ene 14, 2006 1:03 am

Volver a Programación

¿Quién está conectado?

Usuarios navegando por este Foro: No hay usuarios registrados visitando el Foro y 4 invitados

cron