diff options
| author | Andrea Fioraldi <andreafioraldi@gmail.com> | 2019-12-16 10:42:34 +0100 |
|---|---|---|
| committer | Andrea Fioraldi <andreafioraldi@gmail.com> | 2019-12-16 10:42:34 +0100 |
| commit | 17d364c8a0d7c685e21def7bd56465a930f64559 (patch) | |
| tree | 7929b005f52271944682b2626a008bada81d1521 | |
| parent | 624f0da6c0f7034cc56784d4b971b2c12ad5aa98 (diff) | |
| download | afl++-17d364c8a0d7c685e21def7bd56465a930f64559.tar.gz | |
fix alloc_canary should not be on TLS. thread #0 malloc=a -> thread #1 free(a) results in a wringly detected canary mistmatch
| -rw-r--r-- | libdislocator/libdislocator.so.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/libdislocator/libdislocator.so.c b/libdislocator/libdislocator.so.c index 10ea0a61..33985ce9 100644 --- a/libdislocator/libdislocator.so.c +++ b/libdislocator/libdislocator.so.c @@ -130,7 +130,7 @@ static u8 alloc_verbose, /* Additional debug messages */ static __thread size_t total_mem; /* Currently allocated mem */ static __thread u32 call_depth; /* To avoid recursion via fprintf() */ -static __thread u32 alloc_canary; +static u32 alloc_canary; /* This is the main alloc function. It allocates one page more than necessary, sets that tailing page to PROT_NONE, and then increments the return address |