> that's funny, the above code still can be bypassed because of
> incorrect check order.
>
> and example code
> calloc(0x10000001, 0x10);
>
> it will return NULL in winxp or gligc 2.5
> it will return 0x10 sizes heap in glibc <2.5(maybe prior) or
> win2000 sp...
> that's funny, the above code still can be bypassed because of
> incorrect check order.
>
> and example code
> calloc(0x10000001, 0x10);
>
> it will return NULL in winxp or gligc 2.5
> it will return 0x10 sizes heap in glibc <2.5(maybe prior) or
> win2000 sp...
[ more ]