From owner-freebsd-hackers  Fri Oct  9 23:57:45 1998
Return-Path: <owner-freebsd-hackers@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id XAA27619
          for freebsd-hackers-outgoing; Fri, 9 Oct 1998 23:57:45 -0700 (PDT)
          (envelope-from owner-freebsd-hackers@FreeBSD.ORG)
Received: from k6n1.znh.org (dialup4.gaffaneys.com [208.155.161.54])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id XAA27614
          for <FreeBSD-Hackers@FreeBSD.ORG>; Fri, 9 Oct 1998 23:57:43 -0700 (PDT)
          (envelope-from zach@gaffaneys.com)
Received: (from zach@localhost)
	by k6n1.znh.org (8.9.1/8.9.1) id GAA12787;
	Sat, 10 Oct 1998 06:57:29 GMT
	(envelope-from zach)
Message-ID: <19981010015729.C12383@znh.org>
Date: Sat, 10 Oct 1998 01:57:29 -0500
From: Zach Heilig <zach@gaffaneys.com>
To: Terry Lambert <tlambert@primenet.com>, Mike Smith <mike@smith.net.au>
Cc: Studded@dal.net, archie@whistle.com, FreeBSD-Hackers@FreeBSD.ORG
Subject: Re: mail in free(): warning: junk pointer, too high to make sense.
References: <199810082253.PAA01197@dingo.cdrom.com> <199810082314.QAA22401@usr06.primenet.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 8bit
X-Mailer: Mutt 0.93.2i
In-Reply-To: <199810082314.QAA22401@usr06.primenet.com>; from Terry Lambert on Thu, Oct 08, 1998 at 11:14:28PM +0000
Sender: owner-freebsd-hackers@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

On Thu, Oct 08, 1998 at 11:14:28PM +0000, Terry Lambert wrote:
> I'm open to other suggestions about why a.out works but ELF doesn't,

It is buffer overflow.  It's a 24 char array mixed with trying to 'strcpy' 37
characters+1 nul, then strcat'ing another 8 at the end (total of 46).
Strangly enough, in elf, these 24 char arrays are at the end of the BSS
segment (and they appear to be bumped to the nearest 32 byte boundary
sometimes):

08059a20 B tempMesg
08059a40 B tempResid
08059a60 B tempEdit
08059a78 B tmpdir
08059a80 B tempMail
08059aa0 B tempQuit
08059ab8 A _end
08059ab8 A end

-- 
Zach Heilig <zach@gaffaneys.com>
If it looks like a duck, and quacks like a duck, we have to at least consider
the possibility that we have a small aquatic bird of the family Anatidę on
our hands (Douglas Adams -- Dirk Gently's Holistic Detective Agency)

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message