Even when a C++ program appears to run correctly, writing beyond allocated memory can corrupt heap metadata, causing a delayed crash at free(); this article explains the underlying malloc/free mechanisms, demonstrates the issue with code examples, and offers debugging tools and defensive programming practices to prevent such errors.
This article explains the common causes of SIGSEGV crashes in Android native code, demonstrates classic memory‑corruption patterns such as Use‑After‑Free, Double‑Free and heap buffer overflow, and presents a practical memory‑debugging solution inspired by Gwp‑ASan with custom guard pages, hook strategies, and stack capture techniques.
A newly disclosed Linux kernel vulnerability called "indler"—a 0‑day memory‑corruption bug hidden since 2012—was uncovered by security researcher Zhang Yinkui, who detailed its discovery via a random kernel oops, KASAN detection, and its potential for massive remote code execution across billions of devices.
This article details a Kafka consumer issue where the offset unexpectedly becomes a large timestamp due to a native C++ method altering JVM memory, explains the debugging steps, reproduces the bug with Java code, and highlights the risks of unsafe native interactions.
A recent VS Code bug in the C++ extension 1.9.4 causes the editor to generate numerous empty files with invalid names, corrupt user data, and even erase system files, stemming from memory‑dump artifacts and pointer issues that disappear when the extension is downgraded or disabled.
The MemCorruption tool, developed by ByteDance's AppHealth team, provides an online, low‑overhead solution for detecting Use‑After‑Free, Double‑Free, and Heap‑Buffer‑Overflow problems in Android applications by hooking memory allocation functions, sampling allocations, and performing invisible SIGSEGV‑based detection.
This article explains the fundamentals of glibc malloc’s unlink mechanism, demonstrates how a heap overflow can be leveraged to overwrite chunk headers and execute arbitrary code, walks through the exploitation steps with code examples, and discusses modern mitigations that render the classic unlink technique ineffective.
