RubyGems - heapinfo - Versions diffs - 0.0.5 → 0.1.0 - Mend

heapinfo 0.0.5 → 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (35) hide show

checksums.yaml +4 -4
data/README.md +1 -0
data/lib/heapinfo.rb +8 -8
data/lib/heapinfo/arena.rb +47 -45
data/lib/heapinfo/cache.rb +12 -13
data/lib/heapinfo/chunk.rb +23 -23
data/lib/heapinfo/chunks.rb +16 -5
data/lib/heapinfo/dumper.rb +55 -44
data/lib/heapinfo/ext/string.rb +2 -2
data/lib/heapinfo/glibc/error.rb +2 -1
data/lib/heapinfo/glibc/free.rb +29 -16
data/lib/heapinfo/glibc/glibc.rb +5 -1
data/lib/heapinfo/glibc/helper.rb +9 -6
data/lib/heapinfo/helper.rb +22 -26
data/lib/heapinfo/libc.rb +18 -17
data/lib/heapinfo/nil.rb +14 -8
data/lib/heapinfo/process.rb +34 -25
data/lib/heapinfo/process_info.rb +15 -14
data/lib/heapinfo/segment.rb +10 -9
data/lib/heapinfo/tools/get_arena.c +0 -1
data/lib/heapinfo/version.rb +1 -1
metadata +75 -31
data/spec/cache_spec.rb +0 -46
data/spec/chunk_spec.rb +0 -40
data/spec/chunks_spec.rb +0 -25
data/spec/dumper_spec.rb +0 -105
data/spec/files/32bit_maps +0 -23
data/spec/files/64bit_maps +0 -29
data/spec/files/victim.cpp +0 -33
data/spec/helper_spec.rb +0 -73
data/spec/libc_spec.rb +0 -75
data/spec/nil_spec.rb +0 -15
data/spec/process_spec.rb +0 -201
data/spec/spec_helper.rb +0 -98
data/spec/string_spec.rb +0 -18

data/spec/cache_spec.rb DELETED Viewed

@@ -1,46 +0,0 @@
-# encoding: ascii-8bit
-require 'heapinfo'
-describe HeapInfo::Cache do
-  before(:all) do
-    @prefix = 'testcx1dd/'
-  end
-  after(:each) do
-    FileUtils.rm_rf File.join(HeapInfo::Cache::CACHE_DIR, @prefix)
-  end
-  it 'handle unwritable' do
-    org = HeapInfo::Cache::CACHE_DIR
-    HeapInfo::Cache.send :remove_const, :CACHE_DIR
-    no = '/tmp/no_permission'
-    FileUtils.mkdir_p no
-    File.chmod 0444, no # no write permission
-    HeapInfo::Cache.const_set :CACHE_DIR, no + '/.cache'
-    HeapInfo::Cache.send :load
-    expect(HeapInfo::Cache::CACHE_DIR).to eq HeapInfo::TMP_DIR + '/.cache/heapinfo'
-    HeapInfo::Cache.send :remove_const, :CACHE_DIR
-    HeapInfo::Cache.const_set :CACHE_DIR, org
-    FileUtils.rm_rf no
-  end
-  it 'write' do
-    expect(HeapInfo::Cache::write @prefix + '123', {a: 1}).to be true
-  end
-  it 'read' do
-    expect(HeapInfo::Cache::read @prefix + 'z/zzz').to be nil
-  end
-  it 'write and read' do
-    key = @prefix + 'fefw/z/zz/xdddd'
-    object = {a: {b: 'string', array: [3, '1', 2]}, 'd' => 3}
-    expect(HeapInfo::Cache::read key).to be nil
-    expect(HeapInfo::Cache::write key, object).to be true
-    expect(HeapInfo::Cache::read key).to eq object
-  end
-  it 'file corrupted' do
-    key = @prefix + 'corrupted'
-    HeapInfo::Cache::write key, 'ok'
-    IO.binwrite(File.join(HeapInfo::Cache::CACHE_DIR, key), 'not ok')
-    expect(HeapInfo::Cache::read key).to be nil
-  end
-end

data/spec/chunk_spec.rb DELETED Viewed

@@ -1,40 +0,0 @@
-# encoding: ascii-8bit
-require 'heapinfo'
-describe HeapInfo::Chunk do
-  describe '32bit' do
-    before(:all) do
-      @fast = [0, 0x47, 0x1337].pack("L*").to_chunk(bits: 32)
-      @small = [0, 0x48, 0xabcdef].pack("L*").to_chunk(bits: 32)
-    end
-    it 'basic' do
-      expect(@fast.size_t).to be 4
-      expect(@fast.size).to be 0x40
-      expect(@fast.flags).to eq [:non_main_arena, :mmapped, :prev_inuse]
-      expect(@fast.bintype).to eq :fast
-      expect(@fast.data).to eq [0x1337].pack("L*")
-      expect(@small.bintype).to eq :small
-    end
-    it 'to_s' do
-      expect(@small.to_s).to eq "\e[38;5;155m#<HeapInfo::Chunk:0>\n\e[0mflags = []\nsize = \e[38;5;12m0x48\e[0m (small)\nprev_size = \e[38;5;12m0\e[0m\ndata = \e[38;5;1m\"\\xEF\\xCD\\xAB\\x00\"\e[0m...\n"
-    end
-  end
-  describe '64bit' do
-    before(:all) do
-      @fast = [0, 0x87, 0x1337].pack("Q*").to_chunk # default 64bits
-      @small = [0, 0x90, 0xdead].pack("Q*").to_chunk
-    end
-    it 'basic' do
-      expect(@fast.size_t).to be 8
-      expect(@fast.size).to be 0x80
-      expect(@fast.flags).to eq [:non_main_arena, :mmapped, :prev_inuse]
-      expect(@fast.bintype).to eq :fast
-      expect(@fast.data).to eq [0x1337].pack("Q*")
-      expect(@small.bintype).to eq :small
-    end
-    it 'to_s' do
-      expect(@small.to_s).to eq "\e[38;5;155m#<HeapInfo::Chunk:0>\n\e[0mflags = []\nsize = \e[38;5;12m0x90\e[0m (small)\nprev_size = \e[38;5;12m0\e[0m\ndata = \e[38;5;1m\"\\xAD\\xDE\\x00\\x00\\x00\\x00\\x00\\x00\"\e[0m...\n"
-    end
-  end
-end

data/spec/chunks_spec.rb DELETED Viewed

@@ -1,25 +0,0 @@
-# encoding: ascii-8bit
-require 'heapinfo'
-describe HeapInfo::Chunks do
-  before(:each) do
-    @chunks = HeapInfo::Chunks.new
-    @chunks << 0; @chunks << 1; @chunks << 2
-  end
-  it '<<' do
-    expect(@chunks.size).to be 3
-    @chunks << ("\x00"*16).to_chunk
-    expect(@chunks.size).to be 4
-  end
-  it 'each' do
-    @chunks.each_with_index{|c, idx|
-      expect(c).to be idx
-    }
-  end
-  it 'to_s' do
-    expect(@chunks.to_s).to eq @chunks.instance_variable_get(:@chunks).map(&:to_s).join("\n")
-  end
-  it 'size' do
-    expect(@chunks.size).to eq @chunks.instance_variable_get(:@chunks).size
-    expect(@chunks.length).to eq @chunks.instance_variable_get(:@chunks).length
-  end
-end

data/spec/dumper_spec.rb DELETED Viewed

@@ -1,105 +0,0 @@
-# encoding: ascii-8bit
-require 'heapinfo'
-describe HeapInfo::Dumper do
-  before(:all) do
-    @self_maps = IO.binread('/proc/self/maps').lines.map do |seg|
-      s = seg.split(/\s/)
-      s[0] = s[0].split('-').map { |addr| addr.to_i(16) }
-      [s[0][0], s[0][1], s[1], s[-1]] # start, end, perm, name
-    end
-    @get_elf_base = ->() do
-      exe = File.readlink('/proc/self/exe')
-      @self_maps.find { |arr| arr[3] == exe }[0]
-    end
-  end
-  describe 'dump' do
-    before(:each) do
-      @mem_filename = '/proc/self/mem'
-      @elf_base = @get_elf_base.call
-    end
-    it 'simple' do
-      dumper = HeapInfo::Dumper.new(nil, @mem_filename)
-      expect(dumper.dump(@elf_base, 4)).to eq "\x7fELF"
-    end
-    it 'segment' do
-      class S;def initialize(base);@base = base;end; def elf; HeapInfo::Segment.new(@base, 'elf'); end; end
-      dumper = HeapInfo::Dumper.new(S.new(@elf_base), @mem_filename)
-      expect(dumper.dump(:elf, 4)).to eq "\x7fELF"
-    end
-    it 'invalid' do
-      dumper = HeapInfo::Dumper.new(HeapInfo::Nil.new, @mem_filename)
-      expect {dumper.dump(:zzz, 1)}.to raise_error ArgumentError
-      expect(dumper.dump(0x12345, 1)).to be nil
-    end
-  end
-  it 'dumpable?' do
-    dumper = HeapInfo::Dumper.new(HeapInfo::Nil.new, '/proc/self/mem')
-    expect(dumper.send(:dumpable?)).to be true
-    # a little hack
-    dumper.instance_variable_set(:@filename, '/proc/1/mem')
-    expect(dumper.send(:dumpable?)).to be false
-    expect(dumper.dump).to be nil # show need permission
-    dumper.instance_variable_set(:@filename, '/proc/-1/mem')
-    expect {dumper.send(:dumpable?)}.to raise_error ArgumentError
-  end
-  describe 'find' do
-    before(:all) do
-      @elf_base = @get_elf_base.call
-      class S; def bits; 64; end; end
-      @dumper = HeapInfo::Dumper.new(S.new(@elf_base), '/proc/self/mem')
-      @end_of_maps = ->() do
-        @self_maps.find.with_index do |seg, i|
-          seg[2].include?('r') and seg[1] != @self_maps[i][0] # incontinuously segment
-        end[1]
-      end
-    end
-    it 'simple' do
-      expect(@dumper.find("ELF", :elf, 4)).to eq @elf_base + 1
-      expect(@dumper.find("ELF", :elf, 3)).to be nil
-    end
-    it 'regexp' do
-      addr = @dumper.find(/lin.x/, :elf, 0x1000)
-      expect(@dumper.dump(addr, 5) =~ /lin.x/).to eq 0
-    end
-    it 'invalid' do
-      expect(@dumper.find(nil, :elf, 1)).to be nil
-    end
-    it 'parser' do
-      expect(@dumper.find("ELF", ':elf + 1', 3)).to eq @elf_base + 1
-    end
-    it 'reach end' do
-      mem = @end_of_maps.call
-      # check dumper won't return nil when remain readable memory less than one page
-      expect(@dumper.find("\x00", mem - 0xff0, 0x1000).nil?).to be false
-    end
-  end
-  describe 'parse_cmd' do
-    it 'normal' do
-      expect(HeapInfo::Dumper.parse_cmd [0x30]).to eq [0x30, 0, 8]
-      expect(HeapInfo::Dumper.parse_cmd [0x30, 3]).to eq [0x30, 0, 3]
-      expect(HeapInfo::Dumper.parse_cmd [0x30, 2, 3]).to eq [0x30, 2, 3]
-    end
-    it 'symbol' do
-      expect(HeapInfo::Dumper.parse_cmd [:heap]).to eq [:heap,0 , 8]
-      expect(HeapInfo::Dumper.parse_cmd [:heap, 10]).to eq [:heap,0 , 10]
-      expect(HeapInfo::Dumper.parse_cmd [:heap, 3, 10]).to eq [:heap,3 , 10]
-    end
-    it 'string' do
-      expect(HeapInfo::Dumper.parse_cmd ['heap']).to eq [:heap, 0, 8]
-      expect(HeapInfo::Dumper.parse_cmd ['heap, 10']).to eq [:heap, 0, 10]
-      expect(HeapInfo::Dumper.parse_cmd ['heap, 0x33, 10']).to eq [:heap, 51, 10]
-      expect(HeapInfo::Dumper.parse_cmd ['heap+0x15, 10']).to eq [:heap, 0x15, 10]
-      expect(HeapInfo::Dumper.parse_cmd ['heap + 0x15, 10']).to eq [:heap, 0x15, 10]
-      expect(HeapInfo::Dumper.parse_cmd ['heap +  0x15']).to eq [:heap, 0x15, 8]
-    end
-    it 'mixed' do
-      expect(HeapInfo::Dumper.parse_cmd ['heap+ 0x10', 10]).to eq [:heap, 0x10, 10]
-      expect(HeapInfo::Dumper.parse_cmd ['heap', 10]).to eq [:heap, 0, 10]
-    end
-  end
-end

data/spec/files/32bit_maps DELETED Viewed

@@ -1,23 +0,0 @@
-08048000-08049000 r-xp 00000000 ca:01 464143                             /home/heapinfo/examples/uaf/uaf
-08049000-0804a000 r--p 00000000 ca:01 464143                             /home/heapinfo/examples/uaf/uaf
-0804a000-0804b000 rw-p 00001000 ca:01 464143                             /home/heapinfo/examples/uaf/uaf
-f73d4000-f73d7000 rw-p 00000000 00:00 0
-f73d7000-f73f3000 r-xp 00000000 ca:01 160460                             /usr/lib32/libgcc_s.so.1
-f73f3000-f73f4000 rw-p 0001b000 ca:01 160460                             /usr/lib32/libgcc_s.so.1
-f73f4000-f7438000 r-xp 00000000 ca:01 402366                             /lib32/libm-2.19.so
-f7438000-f7439000 r--p 00043000 ca:01 402366                             /lib32/libm-2.19.so
-f7439000-f743a000 rw-p 00044000 ca:01 402366                             /lib32/libm-2.19.so
-f743a000-f75df000 r-xp 00000000 ca:01 463662                             /lib32/libc-2.19.so
-f75df000-f75e1000 r--p 001a5000 ca:01 463662                             /lib32/libc-2.19.so
-f75e1000-f75e2000 rw-p 001a7000 ca:01 463662                             /lib32/libc-2.19.so
-f75e2000-f75e5000 rw-p 00000000 00:00 0
-f75e5000-f76c1000 r-xp 00000000 ca:01 137147                             /usr/lib32/libstdc++.so.6.0.19
-f76c1000-f76c5000 r--p 000dc000 ca:01 137147                             /usr/lib32/libstdc++.so.6.0.19
-f76c5000-f76c6000 rw-p 000e0000 ca:01 137147                             /usr/lib32/libstdc++.so.6.0.19
-f76c6000-f76ce000 rw-p 00000000 00:00 0
-f76db000-f76dd000 rw-p 00000000 00:00 0
-f76dd000-f76de000 r-xp 00000000 00:00 0                                  [vdso]
-f76de000-f76fe000 r-xp 00000000 ca:01 463655                             /lib32/ld-2.19.so
-f76fe000-f76ff000 r--p 0001f000 ca:01 463655                             /lib32/ld-2.19.so
-f76ff000-f7700000 rw-p 00020000 ca:01 463655                             /lib32/ld-2.19.so
-ffdd7000-ffdf8000 rw-p 00000000 00:00 0                                  [stack]

data/spec/files/64bit_maps DELETED Viewed

@@ -1,29 +0,0 @@
-00400000-00401000 r-xp 00000000 ca:01 464143                             /home/heapinfo/examples/uaf/uaf
-00600000-00601000 r--p 00000000 ca:01 464143                             /home/heapinfo/examples/uaf/uaf
-00601000-00602000 rw-p 00001000 ca:01 464143                             /home/heapinfo/examples/uaf/uaf
-7f65ac7b8000-7f65ac7ce000 r-xp 00000000 ca:01 402137                     /lib/x86_64-linux-gnu/libgcc_s.so.1
-7f65ac7ce000-7f65ac9cd000 ---p 00016000 ca:01 402137                     /lib/x86_64-linux-gnu/libgcc_s.so.1
-7f65ac9cd000-7f65ac9ce000 rw-p 00015000 ca:01 402137                     /lib/x86_64-linux-gnu/libgcc_s.so.1
-7f65ac9ce000-7f65acad3000 r-xp 00000000 ca:01 401788                     /lib/x86_64-linux-gnu/libm-2.19.so
-7f65acad3000-7f65accd2000 ---p 00105000 ca:01 401788                     /lib/x86_64-linux-gnu/libm-2.19.so
-7f65accd2000-7f65accd3000 r--p 00104000 ca:01 401788                     /lib/x86_64-linux-gnu/libm-2.19.so
-7f65accd3000-7f65accd4000 rw-p 00105000 ca:01 401788                     /lib/x86_64-linux-gnu/libm-2.19.so
-7f65accd4000-7f65ace8f000 r-xp 00000000 ca:01 402326                     /lib/x86_64-linux-gnu/libc-2.19.so
-7f65ace8f000-7f65ad08e000 ---p 001bb000 ca:01 402326                     /lib/x86_64-linux-gnu/libc-2.19.so
-7f65ad08e000-7f65ad092000 r--p 001ba000 ca:01 402326                     /lib/x86_64-linux-gnu/libc-2.19.so
-7f65ad092000-7f65ad094000 rw-p 001be000 ca:01 402326                     /lib/x86_64-linux-gnu/libc-2.19.so
-7f65ad094000-7f65ad099000 rw-p 00000000 00:00 0
-7f65ad099000-7f65ad17f000 r-xp 00000000 ca:01 13857                      /usr/lib/x86_64-linux-gnu/libstdc++.so.6.0.19
-7f65ad17f000-7f65ad37e000 ---p 000e6000 ca:01 13857                      /usr/lib/x86_64-linux-gnu/libstdc++.so.6.0.19
-7f65ad37e000-7f65ad386000 r--p 000e5000 ca:01 13857                      /usr/lib/x86_64-linux-gnu/libstdc++.so.6.0.19
-7f65ad386000-7f65ad388000 rw-p 000ed000 ca:01 13857                      /usr/lib/x86_64-linux-gnu/libstdc++.so.6.0.19
-7f65ad388000-7f65ad39d000 rw-p 00000000 00:00 0
-7f65ad39d000-7f65ad3c0000 r-xp 00000000 ca:01 402319                     /lib/x86_64-linux-gnu/ld-2.19.so
-7f65ad5aa000-7f65ad5af000 rw-p 00000000 00:00 0
-7f65ad5bc000-7f65ad5bf000 rw-p 00000000 00:00 0
-7f65ad5bf000-7f65ad5c0000 r--p 00022000 ca:01 402319                     /lib/x86_64-linux-gnu/ld-2.19.so
-7f65ad5c0000-7f65ad5c1000 rw-p 00023000 ca:01 402319                     /lib/x86_64-linux-gnu/ld-2.19.so
-7f65ad5c1000-7f65ad5c2000 rw-p 00000000 00:00 0
-7fff3d1e8000-7fff3d209000 rw-p 00000000 00:00 0                          [stack]
-7fff3d309000-7fff3d30b000 r-xp 00000000 00:00 0                          [vdso]
-ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0                  [vsyscall]

data/spec/files/victim.cpp DELETED Viewed

@@ -1,33 +0,0 @@
-#include <cstdlib>
-#include <cstdio>
-#include <unistd.h>
-int main(int argc, char **argv) {
-  if(argc <= 1) alarm(10);
-  void *v, *u;
-  int *i, *j;
-  void *mmap = malloc(0x20000);
-  // normal
-  v = malloc(24); u = malloc(24);
-  free(v); free(u);
-  // invalid fd
-  i = (int*)malloc(40);
-  free(i);
-  *i = 0xdeadbeef;
-  // loop
-  v = malloc(56); u = malloc(56);
-  free(v); free(u); free(v);
-  v = malloc(136);
-  void** others = (void**)malloc(72); // also prevent small bin merge with top_chunk
-  *others = mmap; // hack for test can get address of mmap
-  free(v);
-  v = malloc(152); // let 136 put into smallbin
-  malloc(200); // to prevent merge with top_chunk
-  free(v); // put into unsorted bin
-  char dummy;
-  read(0, &dummy, 1); // function which not use heap
-}

data/spec/helper_spec.rb DELETED Viewed

@@ -1,73 +0,0 @@
-# encoding: ascii-8bit
-require 'heapinfo'
-describe HeapInfo::Helper do
-  describe 'unpack' do
-    it '32bit' do
-      expect(HeapInfo::Helper.unpack(4, "\x15\xCD\x5b\x07")).to eq 123456789
-    end
-    it '64bit' do
-      expect(HeapInfo::Helper.unpack(8, "\xEF\xCD\xAB\xEF\xBE\xAD\xDE\x00")).to eq 0xdeadbeefabcdef
-    end
-  end
-  it 'proc' do
-    expect { HeapInfo::Helper.exe_of 0 }.to raise_error ArgumentError
-  end
-  describe 'parse_maps' do
-    before(:all) do
-      @files_dir = File.expand_path('../files', __FILE__)
-    end
-    it '32bit' do
-      maps = IO.binread(@files_dir + '/32bit_maps')
-      expect(HeapInfo::Helper.parse_maps maps).to eq [
-        [0x8048000, 0x8049000, 'r-xp', '/home/heapinfo/examples/uaf/uaf'],
-        [0x8049000, 0x804a000, 'r--p', '/home/heapinfo/examples/uaf/uaf'],
-        [0x804a000, 0x804b000, 'rw-p', '/home/heapinfo/examples/uaf/uaf'],
-        [0xf73d7000, 0xf73f3000, 'r-xp', '/usr/lib32/libgcc_s.so.1'],
-        [0xf73f3000, 0xf73f4000, 'rw-p', '/usr/lib32/libgcc_s.so.1'],
-        [0xf73f4000, 0xf7438000, 'r-xp', '/lib32/libm-2.19.so'],
-        [0xf7438000, 0xf7439000, 'r--p', '/lib32/libm-2.19.so'],
-        [0xf7439000, 0xf743a000, 'rw-p', '/lib32/libm-2.19.so'],
-        [0xf743a000, 0xf75df000, 'r-xp', '/lib32/libc-2.19.so'],
-        [0xf75df000, 0xf75e1000, 'r--p', '/lib32/libc-2.19.so'],
-        [0xf75e1000, 0xf75e2000, 'rw-p', '/lib32/libc-2.19.so'],
-        [0xf75e5000, 0xf76c1000, 'r-xp', '/usr/lib32/libstdc++.so.6.0.19'],
-        [0xf76c1000, 0xf76c5000, 'r--p', '/usr/lib32/libstdc++.so.6.0.19'],
-        [0xf76c5000, 0xf76c6000, 'rw-p', '/usr/lib32/libstdc++.so.6.0.19'],
-        [0xf76dd000, 0xf76de000, 'r-xp', '[vdso]'],
-        [0xf76de000, 0xf76fe000, 'r-xp', '/lib32/ld-2.19.so'],
-        [0xf76fe000, 0xf76ff000, 'r--p', '/lib32/ld-2.19.so'],
-        [0xf76ff000, 0xf7700000, 'rw-p', '/lib32/ld-2.19.so'],
-        [0xffdd7000, 0xffdf8000, 'rw-p', '[stack]']]
-    end
-    it '64bit' do
-      maps = IO.binread(@files_dir + '/64bit_maps')
-      expect(HeapInfo::Helper.parse_maps maps).to eq [
-        [0x400000, 0x401000, 'r-xp', '/home/heapinfo/examples/uaf/uaf'],
-        [0x600000, 0x601000, 'r--p', '/home/heapinfo/examples/uaf/uaf'],
-        [0x601000, 0x602000, 'rw-p', '/home/heapinfo/examples/uaf/uaf'],
-        [0x7f65ac7b8000, 0x7f65ac7ce000, 'r-xp', '/lib/x86_64-linux-gnu/libgcc_s.so.1'],
-        [0x7f65ac7ce000, 0x7f65ac9cd000, '---p', '/lib/x86_64-linux-gnu/libgcc_s.so.1'],
-        [0x7f65ac9cd000, 0x7f65ac9ce000, 'rw-p', '/lib/x86_64-linux-gnu/libgcc_s.so.1'],
-        [0x7f65ac9ce000, 0x7f65acad3000, 'r-xp', '/lib/x86_64-linux-gnu/libm-2.19.so'],
-        [0x7f65acad3000, 0x7f65accd2000, '---p', '/lib/x86_64-linux-gnu/libm-2.19.so'],
-        [0x7f65accd2000, 0x7f65accd3000, 'r--p', '/lib/x86_64-linux-gnu/libm-2.19.so'],
-        [0x7f65accd3000, 0x7f65accd4000, 'rw-p', '/lib/x86_64-linux-gnu/libm-2.19.so'],
-        [0x7f65accd4000, 0x7f65ace8f000, 'r-xp', '/lib/x86_64-linux-gnu/libc-2.19.so'],
-        [0x7f65ace8f000, 0x7f65ad08e000, '---p', '/lib/x86_64-linux-gnu/libc-2.19.so'],
-        [0x7f65ad08e000, 0x7f65ad092000, 'r--p', '/lib/x86_64-linux-gnu/libc-2.19.so'],
-        [0x7f65ad092000, 0x7f65ad094000, 'rw-p', '/lib/x86_64-linux-gnu/libc-2.19.so'],
-        [0x7f65ad099000, 0x7f65ad17f000, 'r-xp', '/usr/lib/x86_64-linux-gnu/libstdc++.so.6.0.19'],
-        [0x7f65ad17f000, 0x7f65ad37e000, '---p', '/usr/lib/x86_64-linux-gnu/libstdc++.so.6.0.19'],
-        [0x7f65ad37e000, 0x7f65ad386000, 'r--p', '/usr/lib/x86_64-linux-gnu/libstdc++.so.6.0.19'],
-        [0x7f65ad386000, 0x7f65ad388000, 'rw-p', '/usr/lib/x86_64-linux-gnu/libstdc++.so.6.0.19'],
-        [0x7f65ad39d000, 0x7f65ad3c0000, 'r-xp', '/lib/x86_64-linux-gnu/ld-2.19.so'],
-        [0x7f65ad5bf000, 0x7f65ad5c0000, 'r--p', '/lib/x86_64-linux-gnu/ld-2.19.so'],
-        [0x7f65ad5c0000, 0x7f65ad5c1000, 'rw-p', '/lib/x86_64-linux-gnu/ld-2.19.so'],
-        [0x7fff3d1e8000, 0x7fff3d209000, 'rw-p', '[stack]'],
-        [0x7fff3d309000, 0x7fff3d30b000, 'r-xp', '[vdso]'],
-        [0xffffffffff600000, 0xffffffffff601000, 'r-xp', '[vsyscall]']]
-    end
-  end
-end

data/spec/libc_spec.rb DELETED Viewed

@@ -1,75 +0,0 @@
-# encoding: ascii-8bit
-require 'heapinfo'
-describe HeapInfo::Libc do
-  describe 'free' do
-    before(:all) do
-      HeapInfo::Cache.send :clear_all # force cache miss, to make sure coverage
-      @victim = HeapInfo::TMP_DIR + '/victim'
-      %x(g++ #{File.expand_path('../files/victim.cpp', __FILE__)} -o #{@victim} 2>&1 > /dev/null)
-      pid = fork
-      # run without ASLR
-      exec "setarch `uname -m` -R /bin/sh -c #{@victim}" if pid.nil?
-      loop until `pidof #{@victim}` != ''
-      @h = HeapInfo::Process.new(@victim, ld: '/ld')
-      @fake_mem = 0x13371000
-      @set_memory = ->(str) do
-        @h.libc.send(:dumper=, ->(ptr, len){
-          if ptr.between?(@fake_mem, @fake_mem + 0x1000)
-            str[ptr - @fake_mem, len]
-          else
-            @h.dump(ptr, len)
-          end
-        })
-      end
-    end
-    after(:all) do
-      `killall #{@victim}`
-      FileUtils.rm(@victim)
-    end
-    describe 'invalid' do
-      it 'invalid pointer' do
-        @set_memory.call [0, 0x21, 0x21, 0x0, 0x0].pack("Q*")
-        expect {@h.libc.free(@fake_mem + 24)}.to raise_error "free(): invalid pointer\nptr(#{HeapInfo::Helper.hex(@fake_mem + 8)}) % 16 != 0"
-        expect {@h.libc.free(@fake_mem + 32)}.to raise_error "free(): invalid pointer\nptr(#{HeapInfo::Helper.hex(@fake_mem + 16)}) > -size(0x0)"
-      end
-      it 'invalid size' do
-        @set_memory.call [0, 0x11].pack("Q*")
-        expect {@h.libc.free(@fake_mem + 16)}.to raise_error "free(): invalid size\nsize(0x10) < min_chunk_size(0x20)"
-        @set_memory.call [0, 0x38].pack("Q*")
-        expect {@h.libc.free(@fake_mem + 16)}.to raise_error "free(): invalid size\nalignment error: size(0x38) % 0x10 != 0"
-      end
-    end
-    describe 'fast' do
-      it 'invalid next size' do
-        @set_memory.call [0, 0x21, 0, 0, 0, 0xf].pack("Q*")
-        expect {@h.libc.free(@fake_mem + 16)}.to raise_error "free(): invalid next size (fast)\nnext chunk(#{HeapInfo::Helper.hex(@fake_mem + 32)}) has size(8) <=  2 * 8"
-        @set_memory.call [0, 0x21, 0, 0, 0, 0x21000].pack("Q*")
-        expect {@h.libc.free(@fake_mem + 16)}.to raise_error "free(): invalid next size (fast)\nnext chunk(#{HeapInfo::Helper.hex(@fake_mem + 32)}) has size(0x21000) >= av.system_mem(0x21000)"
-      end
-      it 'double free (fastop)' do
-        expect { @h.libc.free(@h.heap.base + 0x30) }.to raise_error "double free or corruption (fasttop)\ntop of fastbin[0x20]: 0x602020=0x602020"
-      end
-      it 'success' do
-        expect(@h.libc.free(@h.heap.base + 0x10)).to be true
-      end
-    end
-    describe 'munmap' do
-      it 'success' do
-        mmap_addr = HeapInfo::Helper.unpack(8, @h.dump(:heap, 0x190, 8)) # backdoor of victim.cpp
-        expect(@h.libc.free(mmap_addr)).to be true
-      end
-    end
-    describe 'small' do
-      it 'success' do
-        expect(@h.libc.free(@h.heap.base + 0x280)).to be true
-      end
-    end
-  end
-end