Hats off to you for explaining everything with such simplicity! At 6:40 you say that they are right next to each other - the difference between P2 and P1's address is 16 bytes - password1 occupies 7 bytes (with null char) so the next 9 bytes between the end of password1 and password 2 have some other random data, right?
Exactly how realloc/malloc/etc allocate space is up to the OS, but we know for sure those are non-printable characters because there is no output, and it's almost certainly 0s.
This probably changed in newer versions of the compiler(s) aka clang, gcc, etc and/or C standards (I don't really know which one is in charge of patching these vulnerabilities). I tried it in CLion's memory view and the memory of the old pointer was indeed free'd after reallocating into a new address.
I have a question good sir, when i used strcpy in one of your previous videos i remember that it will basically overwrite the current string completly also changing its length to the length of the new string. As i am a bit of a rookie i dont't grasp c completly just now but wouldn't that result in a memory leak for us if the password is smaller than the actuall length we allocated? I dont know exactly how free(password1) would work if we use it then. Thank you very much for the great videos none the less i am learning a lot with them about working closer with the hardware! :)
It worked for me until 13.34 or so, i mean before "other ptr string" - there are gibberish stored there. Maybe this vulnerability was closed on Windows. I also tried for cycle and encountered the fact that password 1 was overwritten with gibberish, and password 2 is shown.
the result in my terminal is different (exactly the same code) --> other_ptr string has different value than password1. When I googled it says realloc will automatically free memory if it cannot resize in place. In order to get similar result with the video i need to set malloc to other_ptr and then do a strcpy(other_ptr, password1). But since I set malloc to other_ptr, it points to an entirely different memory address. Can you please explain why it's a bit different? Has there been a change / update in C version that made this difference?
Thanks about your great videos. but something that boggle me when i print "other_ptr" it gave me random values not "abc123" as password1 especially they have the same memory address.
If realloc() moves the block of allocated memory to a new location (pointer) in memory, then the old location will be free to use again. So I guess we could see realloc() does free the old location in memory for use in that situation. :-)
Hats off to you for explaining everything with such simplicity! At 6:40 you say that they are right next to each other - the difference between P2 and P1's address is 16 bytes - password1 occupies 7 bytes (with null char) so the next 9 bytes between the end of password1 and password 2 have some other random data, right?
Exactly how realloc/malloc/etc allocate space is up to the OS, but we know for sure those are non-printable characters because there is no output, and it's almost certainly 0s.
@@PortfolioCourses Thanks!
This probably changed in newer versions of the compiler(s) aka clang, gcc, etc and/or C standards (I don't really know which one is in charge of patching these vulnerabilities).
I tried it in CLion's memory view and the memory of the old pointer was indeed free'd after reallocating into a new address.
I have a question good sir, when i used strcpy in one of your previous videos i remember that it will basically overwrite the current string completly also changing its length to the length of the new string. As i am a bit of a rookie i dont't grasp c completly just now but wouldn't that result in a memory leak for us if the password is smaller than the actuall length we allocated? I dont know exactly how free(password1) would work if we use it then. Thank you very much for the great videos none the less i am learning a lot with them about working closer with the hardware! :)
It worked for me until 13.34 or so, i mean before "other ptr string" - there are gibberish stored there. Maybe this vulnerability was closed on Windows. I also tried for cycle and encountered the fact that password 1 was overwritten with gibberish, and password 2 is shown.
16:41 weird, you reserve 7 memory spaces for pasword1 & 2, but yet they are printed consecutive, 3 x 6.
the result in my terminal is different (exactly the same code) --> other_ptr string has different value than password1. When I googled it says realloc will automatically free memory if it cannot resize in place.
In order to get similar result with the video i need to set malloc to other_ptr and then do a strcpy(other_ptr, password1). But since I set malloc to other_ptr, it points to an entirely different memory address.
Can you please explain why it's a bit different? Has there been a change / update in C version that made this difference?
Thanks about your great videos. but something that boggle me when i print "other_ptr" it gave me random values not "abc123" as password1 especially they have the same memory address.
So, is it a good idea to clear out the values in the original space by say looping and setting to 0, or use encryption?
Yes, those are the sorts of things we could do to improve security. 🙂
Since realloc doesn’t clear out the old password1 data, does this mean that it doesn’t free that pointer?
If realloc() moves the block of allocated memory to a new location (pointer) in memory, then the old location will be free to use again. So I guess we could see realloc() does free the old location in memory for use in that situation. :-)
@@PortfolioCourses Thank you for the answer!
@@bofa-zi4fj You're welcome! 😀
👍
Thank you Hasan! :-)