Correct have_fastchunks arena adjustment (#704)

This check (though uncommented) appears to have been introduced to compensate for the have_fastchunks flag being moved from an arena's flags into its own field in GLIBC 2.27. The only thing that needs changing is the version number, it should be >= 2.27 rather that 2.26. In its current state, if you try to debug a program linked to a GLIBC 2.26 build without debug symbols, the arena layout is misinterpreted and heap commands will hang or give incorrect information.
hugsy · Sep 8, 2021 · 620ca60 · 620ca60
1 parent f1ffad0
commit 620ca60
Showing 1 changed file with 6 additions and 1 deletion.
diff --git a/gef.py b/gef.py
@@ -648,7 +648,12 @@ def __init__(self, addr):
             ptr_type = "unsigned long" if current_arch.ptrsize == 8 else "unsigned int"
             self.size_t = cached_lookup_type(ptr_type)
 
-        if get_libc_version() >= (2, 26):
+        # Account for separation of have_fastchunks flag into its own field
+        # within the malloc_state struct in GLIBC >= 2.27
+        # https://sourceware.org/git/?p=glibc.git;a=commit;h=e956075a5a2044d05ce48b905b10270ed4a63e87
+        # Be aware you could see this change backported into GLIBC release
+        # branches.
+        if get_libc_version() >= (2, 27):
             self.fastbin_offset = align_address_to_size(self.int_size * 3, 8)
         else:
             self.fastbin_offset = self.int_size * 2