Mini-Review: Nokia E71

A while ago I finally got tired of my old cellphone and bought a proper one, a Nokia E71. This is a short mini review of it.

→ Read more...

Hardware, Nokia, E71, Review, Cellphone, Symbian, Calendar

Mini-Review: Nokia E71 · 2008/11/18 22:55 · 0 Comments · 0 Linkbacks

Heap smashing thesis-code

Today I stumbled across a piece of C code I wrote to illustrate some properties of the glibc's dynamic memory allocator¹⁾ in my (german) bachelor thesis and figured that the code might actually turn out to be interesting for people seeking to understand or to toy with their heap. If you've never tried to understand your dynamic memory manager this code alone probably won't explain much; however, toying with something you don't understand might not be the worst starting point to change that ,)

The code was written to run on both x86 and x86-64 and to work with glibc versions between 2.3.3 and 2.7; however, other versions might work as well. To the C-coders reading this: sorry for the camelCase and the use of vowels in my identifiers, just couldn't help it after years of python&co ,)

heap_fastbin.c

#include <string.h>
#include <stdio.h>
#include <stdlib.h>
 
#define CHUNK_OFFSET  (2 * sizeof(size_t))
#define printFastbinList(addr)  printBinList(addr, NULL)
 
void* chunk2mem(void* ptr) {
	return ptr + CHUNK_OFFSET;
}
 
void* mem2chunk(void* ptr) {
	return ptr - CHUNK_OFFSET;
}
 
void printChunkAddress(void* ptr, char* name) {
	printf("%s:\tchunk 0x%08lx\n", name, mem2chunk(ptr));
}
 
void printBinList(long* ptr, long* abort) {
	int i = 10;
 
	ptr = mem2chunk(ptr);
 
	if(abort)
		abort = mem2chunk(abort);
 
	printf("bin list: ");
	printf("0x%08lx -> ", ptr);
 
	while(1) {
		if(i-- <= 0) {
			printf("...");
			break;
		}
		// get the address of the next chunk
		ptr = chunk2mem(ptr);
		ptr = (long*) *ptr;
 
		if(ptr == abort) {
			printf("0x%08lx", ptr);
			break;
		}
 
		printf("0x%08lx -> ", ptr);
		fflush(stdout);
	}
	puts("");
}
 
int main(void) {
	size_t size = 0xf;
 
	long* ptr;
	long* tmp;
	int i;
 
	// #1: allocating chunks
	long* x = malloc(size);
	printChunkAddress(x, "x");
 
	long* a = malloc(size);
	long* b = malloc(size);
	long* c = malloc(size);
	printChunkAddress(a, "a");
	printChunkAddress(b, "b");
	printChunkAddress(c, "c");
 
	// #2: freeing a, b, c
	free(a);
	free(b);
	free(c);
 
	puts("\n--8<-- the fastbin before the double-free");
	printFastbinList(c);
 
	// #3: freeing b again
	free(b);
 
	puts("\n--8<-- the fastbin after the double-free");
	printFastbinList(c);
 
	// #4: reallocating b
	b = malloc(size);
 
	// #5: inserting x into the list
	*b = (long) mem2chunk(x);
	*x = (long) mem2chunk(a);
 
	puts("\n--8<-- the manipulated fastbin");
	printFastbinList(c);
 
	// #6: allocating chunks from the manipulated fastbin
	puts("\n--8<-- chunks returned by malloc");
 
	for(i=0; i < 5; i++) {
		ptr = malloc(size);
		printChunkAddress(ptr, "ptr");
	}
 
	exit(0);
}

→ Read more...

¹⁾ which is basically a heavily fortified version of Wolfram Gloger's ptmalloc2

heap, security

Heap smashing thesis-code · 2008/10/15 16:31 · demod · 0 Comments · 0 Linkbacks

Google's Testing Blog

I just finished reading through the 20ish posts of Google's Testing Blog that accumulated in my RSS reader during the end of the last semester and just wanted to say that that blog is actually pretty awesome (assuming you care for software engineering ;-) ).

Now go read it.

software, engineering,, google,, blog

Google's Testing Blog · 2008/09/15 09:05 · demod · 0 Comments · 0 Linkbacks

Ever wanted to shutdown your workstation and...

Ever wanted to shutdown your workstation and confused some random $xterm with an ssh-session and one with a local shell? Still want to use your pretty shell color scheme on all your accounts anyway? Look no further. After managing to shutdown the wrong machine once or twice a year I finally took the time to build some visual safeguards into my ZSH.

However, since both ssh sessions and X terminal emulators allocate the same kind of pseudo terminal the best thing I came up with so far was iterating over the chain of parent processes until finding init or sshd. If anyone got a cleaner solution for this problem please tell me ;-)

.zshrc

function ppid_of() {
	grep ^PPid /proc/$1/status | awk '{print $2}'
}
 
function is_ssh_login() {
	pid=$$
 
	while [ $pid != 1 ]; do
		if `grep -q sshd /proc/$pid/cmdline` ; then
			return 0
		fi
		pid=`ppid_of $pid`
	done
 
	return -1
}

.zshrc

## see console_codes(4) for number<->color relations
# red foreground
root_color=31
# green foreground
user_color=32
# blue foreground
cwd_color=34
 
 
if [ `id -u` == 0 ]; then
	hostname_color=$root_color
else
	hostname_color=$user_color
fi
 
if is_ssh_login ; then
	# background color = foreground color
	hostname_color=`expr $hostname_color + 10`
fi
 
PROMPT=`echo "%{\033[01;${hostname_color}m%}%n@%m%{\033[00m%}:%b%{\033[01;${cwd_color}m%}%~%{\033[00m%} %# "`

sh, zsh, quick and dirty

Ever wanted to shutdown your workstation and... · 2008/07/25 18:54 · demod · 2 Comments · 0 Linkbacks

Staying Sane with RSI

I am not a doctor. Anything I post here is just based on my experiences and may help as well as harm you. Consult a doctor before following any of my advice.

Some time ago I suffered from a bad case of Repetitive Strain Injury (RSI) which german doctors usually diagnose as Sehnenscheidenentzündung or Tendovaginitis/Tenosynovitis. Not being able to normally use a computer or my hands for a prolonged period of time gave me plenty of opportunity to think about how to improve my situation (and how to stay sane). After going through this I figured I might as well share which tools I bought as a result of that thought process.

→ Read more...

Health, RSI

Staying Sane with RSI · 2008/07/18 11:55 · demod · 0 Comments · 0 Linkbacks