Understanding C Pointer Magic Arithmetic | Ep. 07
We debug the line that causes the heap overflow. And it's a great opportunity to understand pointers in C.
The full playlist: https://www.youtube.com/playlist?list=PLhixgUqwRTjy0gMuT4C3bmjeZjuNQyqdx
Grab the files: https://github.com/LiveOverflow/pwnedit
The original disclosure: https://blog.qualys.com/vulnerabilities-research/2021/01/26/cve-2021-3156-heap-based-buffer-overflow-in-sudo-baron-samedit
Episode 07:
00:00 - Intro & Motivation
00:46 - Create Debug Build
01:02 - The Crashing Location
01:43 - Scary Pointer Magic
02:10 - *to++ = *from
02:56 - Explaining: from++
04:03 - Explaining: *from
04:56 - Explaining: to++
05:23 - Explaining: *to = *from
05:54 - The Copy While Loop
06:26 - Explaining: from[0] vs *from
07:14 - The Bug!
08:35 - Wrong Allocation Size Calculated
09:30 - Unescape Logic
10:15 - Why though?
-=[ ❤️ Support ]=-
→ per Video: https://www.patreon.com/join/liveoverflow
→ per Month: https://www.youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join
-=[ 🐕 Social ]=-
→ Twitter: https://twitter.com/LiveOverflow/
→ Website: https://liveoverflow.com/
→ Subreddit: https://www.reddit.com/r/LiveOverflow/
→ Facebook: https://www.facebook.com/LiveOverflow/
Видео Understanding C Pointer Magic Arithmetic | Ep. 07 канала LiveOverflow
The full playlist: https://www.youtube.com/playlist?list=PLhixgUqwRTjy0gMuT4C3bmjeZjuNQyqdx
Grab the files: https://github.com/LiveOverflow/pwnedit
The original disclosure: https://blog.qualys.com/vulnerabilities-research/2021/01/26/cve-2021-3156-heap-based-buffer-overflow-in-sudo-baron-samedit
Episode 07:
00:00 - Intro & Motivation
00:46 - Create Debug Build
01:02 - The Crashing Location
01:43 - Scary Pointer Magic
02:10 - *to++ = *from
02:56 - Explaining: from++
04:03 - Explaining: *from
04:56 - Explaining: to++
05:23 - Explaining: *to = *from
05:54 - The Copy While Loop
06:26 - Explaining: from[0] vs *from
07:14 - The Bug!
08:35 - Wrong Allocation Size Calculated
09:30 - Unescape Logic
10:15 - Why though?
-=[ ❤️ Support ]=-
→ per Video: https://www.patreon.com/join/liveoverflow
→ per Month: https://www.youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join
-=[ 🐕 Social ]=-
→ Twitter: https://twitter.com/LiveOverflow/
→ Website: https://liveoverflow.com/
→ Subreddit: https://www.reddit.com/r/LiveOverflow/
→ Facebook: https://www.facebook.com/LiveOverflow/
Видео Understanding C Pointer Magic Arithmetic | Ep. 07 канала LiveOverflow
Показать
Комментарии отсутствуют
Информация о видео
Другие видео канала
What is a Browser Security Sandbox?! (Learn to Hack Firefox)
How SUDO on Linux was HACKED! // CVE-2021-3156
Hacker Culture Meritocracy?
Essentials: Pointer Power! - Computerphile
This is 100% The Easiest Way to Understand Pointer Math in C/C++
What is a File Format?
Pointers in C
Running Out Of Hacking Video Ideas
Hacking into Google's Network for $133,337
How To Protect Your Linux Server From Hackers!
Comparing C to machine language
Finding 0day in Apache APISIX During CTF (CVE-2022-24112)
What do Nintendo Switch and iOS 9.3 have in common? CVE-2016-4657 walk-through
MMO Hacking Game Design in Unity (IL2CPP) - Game Devlog #4
DO NOT USE alert(1) for XSS
I've been Hacking for 10 Years! (Stripe CTF Speedrun)
How CPUs Access Hardware - Another SerenityOS Exploit
Reading Kernel Source Code - Analysis of an Exploit