Understanding C Pointer Magic Arithmetic

2021-07-24

[public] 24.0K views, 2.69K likes, 10.0 dislikes audio only

We debug the line that causes the heap overflow. And it's a great opportunity to understand pointers in C.

The full playlist: https://www.youtube.com/playlist?list=PLhixgUqwRTjy0gMuT4C3bmjeZjuNQyqdx

Grab the files: https://github.com/LiveOverflow/pwnedit

The original disclosure: https://blog.qualys.com/vulnerabilities-research/2021/01/26/cve-2021-3156-heap-based-buffer-overflow-in-sudo-baron-samedit

Episode 07:

00:00 - Intro & Motivation

00:46 - Create Debug Build

01:02 - The Crashing Location

01:43 - Scary Pointer Magic

02:10 - *to++ = *from

02:56 - Explaining: from++

04:03 - Explaining: *from

04:56 - Explaining: to++

05:23 - Explaining: *to = *from

05:54 - The Copy While Loop

06:26 - Explaining: from[0] vs *from

07:14 - The Bug!

08:35 - Wrong Allocation Size Calculated

09:30 - Unescape Logic

10:15 - Why though?

-=[ ❤️ Support ]=-

→ per Video: https://www.patreon.com/join/liveoverflow

→ per Month: https://www.youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join

-=[ 🐕 Social ]=-

→ Twitter: https://twitter.com/LiveOverflow/

→ Website: https://liveoverflow.com/

→ Subreddit: https://www.reddit.com/r/LiveOverflow/

→ Facebook: https://www.facebook.com/LiveOverflow/