Heap Overflow
The heap is an area of memory allocated by the application during execution to store a variable.
- can be used to store larger amounts of data than the stack
- variables are globally accessible to the process
- heap overflow can overwrite those variables and possibly allow arbitrary code execution
- management of objects in the heap is dependent on the process that created the object
Heap overflow is a software vulnerability where input is allowed to overwrite memory locations within the area of a process’s memory allocation used to store dynamically sized variables.
Memory Layout
- Kernel
- not available to user mode processes
- Stack
- local function variables
- static allocation (managed by CPU)
- Unallocated memory
- stack allocation grows down into unallocated space
- heap allocation grows up into unallocated space
- Heap
- process variable/data objects
- dynamic allocation (managed by process)
- Basic service set (BSS) segment
- uninitialized global variables
- Data segment
- initialized global variables
- Text segment
- process images (program code)
