Understanding C Pointer Magic Arithmetic | Ep. 07
We debug the line that causes the heap overflow. And it's a great opportunity to understand pointers in C.
The full playlist: https://www.youtube.com/playlist?list=PLhixgUqwRTjy0gMuT4C3bmjeZjuNQyqdx
Grab the files: https://github.com/LiveOverflow/pwnedit
The original disclosure: https://blog.qualys.com/vulnerabilities-research/2021/01/26/cve-2021-3156-heap-based-buffer-overflow-in-sudo-baron-samedit
Episode 07:
00:00 - Intro & Motivation
00:46 - Create Debug Build
01:02 - The Crashing Location
01:43 - Scary Pointer Magic
02:10 - *to++ = *from
02:56 - Explaining: from++
04:03 - Explaining: *from
04:56 - Explaining: to++
05:23 - Explaining: *to = *from
05:54 - The Copy While Loop
06:26 - Explaining: from[0] vs *from
07:14 - The Bug!
08:35 - Wrong Allocation Size Calculated
09:30 - Unescape Logic
10:15 - Why though?
-=[ ❤️ Support ]=-
→ per Video: https://www.patreon.com/join/liveoverflow
→ per Month: https://www.youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join
-=[ 🐕 Social ]=-
→ Twitter: https://twitter.com/LiveOverflow/
→ Website: https://liveoverflow.com/
→ Subreddit: https://www.reddit.com/r/LiveOverflow/
→ Facebook: https://www.facebook.com/LiveOverflow/
Видео Understanding C Pointer Magic Arithmetic | Ep. 07 канала LiveOverflow
The full playlist: https://www.youtube.com/playlist?list=PLhixgUqwRTjy0gMuT4C3bmjeZjuNQyqdx
Grab the files: https://github.com/LiveOverflow/pwnedit
The original disclosure: https://blog.qualys.com/vulnerabilities-research/2021/01/26/cve-2021-3156-heap-based-buffer-overflow-in-sudo-baron-samedit
Episode 07:
00:00 - Intro & Motivation
00:46 - Create Debug Build
01:02 - The Crashing Location
01:43 - Scary Pointer Magic
02:10 - *to++ = *from
02:56 - Explaining: from++
04:03 - Explaining: *from
04:56 - Explaining: to++
05:23 - Explaining: *to = *from
05:54 - The Copy While Loop
06:26 - Explaining: from[0] vs *from
07:14 - The Bug!
08:35 - Wrong Allocation Size Calculated
09:30 - Unescape Logic
10:15 - Why though?
-=[ ❤️ Support ]=-
→ per Video: https://www.patreon.com/join/liveoverflow
→ per Month: https://www.youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join
-=[ 🐕 Social ]=-
→ Twitter: https://twitter.com/LiveOverflow/
→ Website: https://liveoverflow.com/
→ Subreddit: https://www.reddit.com/r/LiveOverflow/
→ Facebook: https://www.facebook.com/LiveOverflow/
Видео Understanding C Pointer Magic Arithmetic | Ep. 07 канала LiveOverflow
Показать
Комментарии отсутствуют
Информация о видео
Другие видео канала
What is a Browser Security Sandbox?! (Learn to Hack Firefox)How SUDO on Linux was HACKED! // CVE-2021-3156Hacker Culture Meritocracy?Essentials: Pointer Power! - ComputerphileThis is 100% The Easiest Way to Understand Pointer Math in C/C++What is a File Format?Pointers in CRunning Out Of Hacking Video IdeasHacking into Google's Network for $133,337How To Protect Your Linux Server From Hackers!Comparing C to machine languageFinding 0day in Apache APISIX During CTF (CVE-2022-24112)What do Nintendo Switch and iOS 9.3 have in common? CVE-2016-4657 walk-throughMMO Hacking Game Design in Unity (IL2CPP) - Game Devlog #4DO NOT USE alert(1) for XSSI've been Hacking for 10 Years! (Stripe CTF Speedrun)How CPUs Access Hardware - Another SerenityOS ExploitReading Kernel Source Code - Analysis of an Exploit