We debug the line that causes the heap overflow. And it's a great opportunity to understand pointers in C.
The full playlist: https://www.youtube.com/playlist?list=PLhixgUqwRTjy0gMuT4C3bmjeZjuNQyqdx
Grab the files: https://github.com/LiveOverflow/pwnedit
The original disclosure: https://blog.qualys.com/vulnerabilities-research/2021/01/26/cve-2021-3156-heap-based-buffer-overflow-in-sudo-baron-samedit
Episode 07:
00:00 - Intro & Motivation
00:46 - Create Debug Build
01:02 - The Crashing Location
01:43 - Scary Pointer Magic
02:10 - *to++ = *from
02:56 - Explaining: from++
04:03 - Explaining: *from
04:56 - Explaining: to++
05:23 - Explaining: *to = *from
05:54 - The Copy While Loop
06:26 - Explaining: from[0] vs *from
07:14 - The Bug!
08:35 - Wrong Allocation Size Calculated
09:30 - Unescape Logic
10:15 - Why though?
-=[ ❤️ Support ]=-
→ per Video: https://www.patreon.com/join/liveoverflow
→ per Month: https://www.youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join
-=[ 🐕 Social ]=-
→ Twitter: https://twitter.com/LiveOverflow/
→ Website: https://liveoverflow.com/
→ Subreddit: https://www.reddit.com/r/LiveOverflow/
→ Facebook: https://www.facebook.com/LiveOverflow/
