1 #include <stdio.h> 2 #include <stdlib.h> 3 #include <stdarg.h> 4 5 static void printf_log(const char *fmt, ...) 6 { 7 va_list lst; 8 va_start(lst, fmt); 9 vprintf(fmt, lst); 10 va_end(lst); 11 } 12 13 /* Override this for non-printf reporting */ 14 extern void (*malloc_log)(const char *fmt, ...); 15 static void ctor(void) __attribute__((constructor)); 16 static void ctor(void) 17 { 18 malloc_log = printf_log; 19 } 20 21 int main(void) 22 { 23 char *ptr[6]; 24 char *uaf; 25 char *cf, *cb; 26 27 ptr[0] = malloc(10); 28 ptr[1] = calloc(1,20); 29 ptr[2] = malloc(30); 30 ptr[3] = malloc(40); 31 ptr[4] = malloc(50); 32 ptr[5] = malloc(60); 33 34 free(ptr[1]); 35 free(ptr[1]); 36 free(ptr[2]); 37 ptr[2] = realloc(ptr[2], 300); 38 // free(ptr[2]); 39 // free(ptr[2]); 40 41 uaf = ptr[3]; 42 free(uaf); 43 uaf[5] = 'a'; 44 45 cf = ptr[4]; 46 cf[-1] = 'a'; 47 48 cb = ptr[5]; 49 cb[60] = 'a'; 50 51 sleep(10); 52 53 return 0; 54 } 55
