SlideShare una empresa de Scribd logo

Master Thread and Worker Thread with Spin Locks and Realloc

Ruo Ando
Ruo Ando

This document discusses several topics related to threads, memory allocation, and software vulnerabilities: 1) It mentions master threads, worker threads, and synchronization primitives like spin locks and conditional variables that are used for communication between threads. 2) It discusses issues like user-after-free vulnerabilities that can occur if memory is freed and reallocated without proper synchronization between threads. 3) It provides an example of how reallocating memory could potentially cause problems if the memory address changes or if too many reallocations exhaust available memory. Precautions are needed to avoid security issues or denial of service attacks in multithreaded programs.

Ingeniería
1 de 4
Descargar para leer sin conexión
Master Thread Worker Thread Flex / Bison A enqueue write pointer *.c *.cpp *.h BC Spin lock and conditional variables dequeue read pointer SPINLOCK pthread_cond_wait / pthread_cond_signal
User-after-free (aka heap spray) : CVE-2013-4371 Xen hypervisor http://blog.tempest.com.br/breno-cunha/perspectives-on-exploit-development-and-cyber- attacks.html create() free() realloc() use() Jump to payload on heap ROP + Shellcode int *tmp = (int*)realloc(k,(N+1)*sizeof(int)); if( tmp!=NULL ){ k = tmp; puts("________realloc(k)_________"); for(i=0; i<N+1; i++){ printf("&k[%d]:%p , k[%d]=%d¥n",i,&k[i],i,k[i]); } } realloc() allocates new area if realloc() fails to expand the pointer of first argument. Consequently, the string is saved but the address is changed. If too many realloc() is invoked, DoS is enabled by adversary and an arbitrary malicious string can be executed. void* realloc (void* ptr, size_t size);
version search depth EMPTY (LEAF) EDGE version search depth EMPTY (LEAF) EDGE xen440 1 1 15xen433 1 1 7 xen440 2 6 62xen433 2 5 36 xen440 3 68 876xen433 3 74 998 xen412 1 0 8xen453 1 1 15 xen412 2 1 17xen453 2 6 65 xen412 3 10 119xen453 3 11 208 xen414 1 0 8xen432 1 1 7 xen414 2 1 17xen432 2 5 36 xen414 3 10 119xen432 3 88 1223 xen410 2 1 17xen450 1 1 15 xen410 3 10 122xen450 2 6 65 xen441 1 1 15xen450 3 11 203 xen441 2 6 62xen451 1 1 15 xen441 3 83 1068xen451 2 6 65 xen415 1 0 8xen451 3 10 201 xen415 2 1 17xen434 1 1 7 xen415 3 10 119xen434 2 5 36 xen422 1 0 8xen434 3 81 1043 xen422 2 3 36xen455 1 1 15 xen422 3 87 1525xen455 2 6 65 xen424 1 0 8xen455 3 12 217 xen424 2 3 36xen430 1 1 7 xen424 3 80 1476xen430 2 5 36 xen413 1 0 8xen430 3 62 761 xen413 2 1 17xen442 1 1 15 xen413 3 10 119xen442 2 6 62 xen425 1 0 8xen442 3 68 876 xen440 : libxl_list_cpupool : 3 : 68 : 876 psycopg2.Operational Error: FATAL: sorry, too many clients already FATAL: sorry, too many clients already xen440 : libxl_list_cpupool : 4 : 297 : 4811 xen414 : libxl_list_cpupool : 3 : 10 : 119 xen414 : libxl_list_cpupool : 4 : 10 : 123 xen414 : libxl_list_cpupool : 5 : 10 : 127 LIMITATION: Upper bound of PostgreSQL: search depth > 4 (path explotion)

Recomendados

Rop and it's friends
Rop and it's friendsRop and it's friends
Rop and it's friendsnuc13us
 
Sensu wrapper-sensu-summit
Sensu wrapper-sensu-summitSensu wrapper-sensu-summit
Sensu wrapper-sensu-summitLee Briggs
 
Debugging JavaScript with Chrome
Debugging JavaScript with ChromeDebugging JavaScript with Chrome
Debugging JavaScript with ChromeIgor Zalutsky
 
Backpressure? Resistance is not futile. RxJS Live 2019
Backpressure? Resistance is not futile. RxJS Live 2019Backpressure? Resistance is not futile. RxJS Live 2019
Backpressure? Resistance is not futile. RxJS Live 2019Jay Phelps
 
Sge
SgeSge
SgeChris Roeder
 
I love Automation
I love AutomationI love Automation
I love AutomationTakayuki Miyauchi
 
Ee
EeEe
EeSyeda Muskaan
 
Boulder Ruby Statsd
Boulder Ruby StatsdBoulder Ruby Statsd
Boulder Ruby StatsdMark Morris
 

Recomendados

Rop and it's friends
Rop and it's friendsRop and it's friends
Rop and it's friendsnuc13us
 
Sensu wrapper-sensu-summit
Sensu wrapper-sensu-summitSensu wrapper-sensu-summit
Sensu wrapper-sensu-summitLee Briggs
 
Debugging JavaScript with Chrome
Debugging JavaScript with ChromeDebugging JavaScript with Chrome
Debugging JavaScript with ChromeIgor Zalutsky
 
Backpressure? Resistance is not futile. RxJS Live 2019
Backpressure? Resistance is not futile. RxJS Live 2019Backpressure? Resistance is not futile. RxJS Live 2019
Backpressure? Resistance is not futile. RxJS Live 2019Jay Phelps
 
Sge
SgeSge
SgeChris Roeder
 
I love Automation
I love AutomationI love Automation
I love AutomationTakayuki Miyauchi
 
Ee
EeEe
EeSyeda Muskaan
 
Boulder Ruby Statsd
Boulder Ruby StatsdBoulder Ruby Statsd
Boulder Ruby StatsdMark Morris
 
Spark Jobserver
Spark JobserverSpark Jobserver
Spark JobserverYegor Andreenko
 
Simpatía
SimpatíaSimpatía
Simpatíaeliacosta2010
 
Scheduling torque-maui-tutorial
Scheduling torque-maui-tutorialScheduling torque-maui-tutorial
Scheduling torque-maui-tutorialSantosh Kumar
 
RingoJS
RingoJSRingoJS
RingoJSOleg Podsechin
 
Data structure programs in c++
Data structure programs in c++Data structure programs in c++
Data structure programs in c++mmirfan
 
人間では判定できない101すくみじゃんけんをコンピュータに判定させたい for Keras.js
人間では判定できない101すくみじゃんけんをコンピュータに判定させたい for Keras.js人間では判定できない101すくみじゃんけんをコンピュータに判定させたい for Keras.js
人間では判定できない101すくみじゃんけんをコンピュータに判定させたい for Keras.jsKatsuyaENDOH
 
Understanding the nodejs event loop
Understanding the nodejs event loopUnderstanding the nodejs event loop
Understanding the nodejs event loopSaurabh Kumar
 
Linux works
Linux worksLinux works
Linux worksShivaraj RH
 
TestR: generating unit tests for R internals
TestR: generating unit tests for R internalsTestR: generating unit tests for R internals
TestR: generating unit tests for R internalsRoman Tsegelskyi
 
Coordination of Distributed Software with Redis
Coordination of Distributed Software with RedisCoordination of Distributed Software with Redis
Coordination of Distributed Software with RedisKonrad Bucheli
 
marko_go_in_badoo
marko_go_in_badoomarko_go_in_badoo
marko_go_in_badooMarko Kevac
 
Tips on how to improve the performance of your custom modules for high volume...
Tips on how to improve the performance of your custom modules for high volume...Tips on how to improve the performance of your custom modules for high volume...
Tips on how to improve the performance of your custom modules for high volume...Odoo
 
clara-rules
clara-rulesclara-rules
clara-rulesIkuru Kanuma
 
Parallel Computing with R
Parallel Computing with RParallel Computing with R
Parallel Computing with RPeter Solymos
 
Why Redux-Observable?
Why Redux-Observable?Why Redux-Observable?
Why Redux-Observable?Anna Su
 
Arp
ArpArp
ArpEbsil Sherly
 
Gearinfive
GearinfiveGearinfive
Gearinfivebpmedley
 
XPDS14 - osstest, Xen's Automatic Testing Facility - Ian Jackson, Citrix
XPDS14 - osstest, Xen's Automatic Testing Facility - Ian Jackson, CitrixXPDS14 - osstest, Xen's Automatic Testing Facility - Ian Jackson, Citrix
XPDS14 - osstest, Xen's Automatic Testing Facility - Ian Jackson, CitrixThe Linux Foundation
 
Async programming on NET
Async programming on NETAsync programming on NET
Async programming on NETyuyijq
 
Manageable data pipelines with airflow (and kubernetes) november 27, 11 45 ...
Manageable data pipelines with airflow (and kubernetes) november 27, 11 45 ...Manageable data pipelines with airflow (and kubernetes) november 27, 11 45 ...
Manageable data pipelines with airflow (and kubernetes) november 27, 11 45 ...Jarek Potiuk
 
Automated reduction of attack surface using call graph enumeration
Automated reduction of attack surface using call graph enumerationAutomated reduction of attack surface using call graph enumeration
Automated reduction of attack surface using call graph enumerationRuo Ando
 
Crash_Report_Mechanism_In_Tizen
Crash_Report_Mechanism_In_TizenCrash_Report_Mechanism_In_Tizen
Crash_Report_Mechanism_In_TizenLex Yu
 

Más contenido relacionado

La actualidad más candente

Scheduling torque-maui-tutorial
Scheduling torque-maui-tutorialScheduling torque-maui-tutorial
Scheduling torque-maui-tutorialSantosh Kumar
 
Data structure programs in c++
Data structure programs in c++Data structure programs in c++
Data structure programs in c++mmirfan
 
人間では判定できない101すくみじゃんけんをコンピュータに判定させたい for Keras.js
人間では判定できない101すくみじゃんけんをコンピュータに判定させたい for Keras.js人間では判定できない101すくみじゃんけんをコンピュータに判定させたい for Keras.js
人間では判定できない101すくみじゃんけんをコンピュータに判定させたい for Keras.jsKatsuyaENDOH
 
Understanding the nodejs event loop
Understanding the nodejs event loopUnderstanding the nodejs event loop
Understanding the nodejs event loopSaurabh Kumar
 
TestR: generating unit tests for R internals
TestR: generating unit tests for R internalsTestR: generating unit tests for R internals
TestR: generating unit tests for R internalsRoman Tsegelskyi
 
Coordination of Distributed Software with Redis
Coordination of Distributed Software with RedisCoordination of Distributed Software with Redis
Coordination of Distributed Software with RedisKonrad Bucheli
 
marko_go_in_badoo
marko_go_in_badoomarko_go_in_badoo
marko_go_in_badooMarko Kevac
 
Tips on how to improve the performance of your custom modules for high volume...
Tips on how to improve the performance of your custom modules for high volume...Tips on how to improve the performance of your custom modules for high volume...
Tips on how to improve the performance of your custom modules for high volume...Odoo
 
Parallel Computing with R
Parallel Computing with RParallel Computing with R
Parallel Computing with RPeter Solymos
 
Why Redux-Observable?
Why Redux-Observable?Why Redux-Observable?
Why Redux-Observable?Anna Su
 
Gearinfive
GearinfiveGearinfive
Gearinfivebpmedley
 
XPDS14 - osstest, Xen's Automatic Testing Facility - Ian Jackson, Citrix
XPDS14 - osstest, Xen's Automatic Testing Facility - Ian Jackson, CitrixXPDS14 - osstest, Xen's Automatic Testing Facility - Ian Jackson, Citrix
XPDS14 - osstest, Xen's Automatic Testing Facility - Ian Jackson, CitrixThe Linux Foundation
 
Async programming on NET
Async programming on NETAsync programming on NET
Async programming on NETyuyijq
 
Manageable data pipelines with airflow (and kubernetes) november 27, 11 45 ...
Manageable data pipelines with airflow (and kubernetes) november 27, 11 45 ...Manageable data pipelines with airflow (and kubernetes) november 27, 11 45 ...
Manageable data pipelines with airflow (and kubernetes) november 27, 11 45 ...Jarek Potiuk
 

La actualidad más candente (20)

Spark Jobserver
Spark JobserverSpark Jobserver
Spark Jobserver
 
Simpatía
SimpatíaSimpatía
Simpatía
 
Scheduling torque-maui-tutorial
Scheduling torque-maui-tutorialScheduling torque-maui-tutorial
Scheduling torque-maui-tutorial
 
RingoJS
RingoJSRingoJS
RingoJS
 
Data structure programs in c++
Data structure programs in c++Data structure programs in c++
Data structure programs in c++
 
人間では判定できない101すくみじゃんけんをコンピュータに判定させたい for Keras.js
人間では判定できない101すくみじゃんけんをコンピュータに判定させたい for Keras.js人間では判定できない101すくみじゃんけんをコンピュータに判定させたい for Keras.js
人間では判定できない101すくみじゃんけんをコンピュータに判定させたい for Keras.js
 
Understanding the nodejs event loop
Understanding the nodejs event loopUnderstanding the nodejs event loop
Understanding the nodejs event loop
 
Linux works
Linux worksLinux works
Linux works
 
TestR: generating unit tests for R internals
TestR: generating unit tests for R internalsTestR: generating unit tests for R internals
TestR: generating unit tests for R internals
 
Coordination of Distributed Software with Redis
Coordination of Distributed Software with RedisCoordination of Distributed Software with Redis
Coordination of Distributed Software with Redis
 
marko_go_in_badoo
marko_go_in_badoomarko_go_in_badoo
marko_go_in_badoo
 
Tips on how to improve the performance of your custom modules for high volume...
Tips on how to improve the performance of your custom modules for high volume...Tips on how to improve the performance of your custom modules for high volume...
Tips on how to improve the performance of your custom modules for high volume...
 
clara-rules
clara-rulesclara-rules
clara-rules
 
Parallel Computing with R
Parallel Computing with RParallel Computing with R
Parallel Computing with R
 
Why Redux-Observable?
Why Redux-Observable?Why Redux-Observable?
Why Redux-Observable?
 
Arp
ArpArp
Arp
 
Gearinfive
GearinfiveGearinfive
Gearinfive
 
XPDS14 - osstest, Xen's Automatic Testing Facility - Ian Jackson, Citrix
XPDS14 - osstest, Xen's Automatic Testing Facility - Ian Jackson, CitrixXPDS14 - osstest, Xen's Automatic Testing Facility - Ian Jackson, Citrix
XPDS14 - osstest, Xen's Automatic Testing Facility - Ian Jackson, Citrix
 
Async programming on NET
Async programming on NETAsync programming on NET
Async programming on NET
 
Manageable data pipelines with airflow (and kubernetes) november 27, 11 45 ...
Manageable data pipelines with airflow (and kubernetes) november 27, 11 45 ...Manageable data pipelines with airflow (and kubernetes) november 27, 11 45 ...
Manageable data pipelines with airflow (and kubernetes) november 27, 11 45 ...
 

Similar a Master Thread and Worker Thread with Spin Locks and Realloc

Automated reduction of attack surface using call graph enumeration
Automated reduction of attack surface using call graph enumerationAutomated reduction of attack surface using call graph enumeration
Automated reduction of attack surface using call graph enumerationRuo Ando
 
Crash_Report_Mechanism_In_Tizen
Crash_Report_Mechanism_In_TizenCrash_Report_Mechanism_In_Tizen
Crash_Report_Mechanism_In_TizenLex Yu
 
Windbg랑 친해지기
Windbg랑 친해지기Windbg랑 친해지기
Windbg랑 친해지기Ji Hun Kim
 
Nodejs性能分析优化和分布式设计探讨
Nodejs性能分析优化和分布式设计探讨Nodejs性能分析优化和分布式设计探讨
Nodejs性能分析优化和分布式设计探讨flyinweb
 
Davide Berardi - Linux hardening and security measures against Memory corruption
Davide Berardi - Linux hardening and security measures against Memory corruptionDavide Berardi - Linux hardening and security measures against Memory corruption
Davide Berardi - Linux hardening and security measures against Memory corruptionlinuxlab_conf
 
FØCAL Boston AiR - Computer Vision Tracing and Hardware Simulation
FØCAL Boston AiR - Computer Vision Tracing and Hardware SimulationFØCAL Boston AiR - Computer Vision Tracing and Hardware Simulation
FØCAL Boston AiR - Computer Vision Tracing and Hardware SimulationFØCAL
 
OpenWorld 2018 - Common Application Developer Disasters
OpenWorld 2018 - Common Application Developer DisastersOpenWorld 2018 - Common Application Developer Disasters
OpenWorld 2018 - Common Application Developer DisastersConnor McDonald
 
04 - I love my OS, he protects me (sometimes, in specific circumstances)
04 - I love my OS, he protects me (sometimes, in specific circumstances)04 - I love my OS, he protects me (sometimes, in specific circumstances)
04 - I love my OS, he protects me (sometimes, in specific circumstances)Alexandre Moneger
 
Writing Metasploit Plugins
Writing Metasploit PluginsWriting Metasploit Plugins
Writing Metasploit Pluginsamiable_indian
 
glance replicator
glance replicatorglance replicator
glance replicatoririx_jp
 
RSROC 2015 - AutoHotKey
RSROC 2015 - AutoHotKeyRSROC 2015 - AutoHotKey
RSROC 2015 - AutoHotKeyI-Ta Tsai
 
ISCA Final Presentaiton - Compilations
ISCA Final Presentaiton - CompilationsISCA Final Presentaiton - Compilations
ISCA Final Presentaiton - CompilationsHSA Foundation
 
re:Invent 2019 BPF Performance Analysis at Netflix
re:Invent 2019 BPF Performance Analysis at Netflixre:Invent 2019 BPF Performance Analysis at Netflix
re:Invent 2019 BPF Performance Analysis at NetflixBrendan Gregg
 
Jvm operation casual talks
Jvm operation casual talksJvm operation casual talks
Jvm operation casual talksYusaku Watanabe
 
Linux Tracing Superpowers by Eugene Pirogov
Linux Tracing Superpowers by Eugene PirogovLinux Tracing Superpowers by Eugene Pirogov
Linux Tracing Superpowers by Eugene PirogovPivorak MeetUp
 
OpenStack API's and WSGI
OpenStack API's and WSGIOpenStack API's and WSGI
OpenStack API's and WSGIMike Pittaro
 
Checking the Cross-Platform Framework Cocos2d-x
Checking the Cross-Platform Framework Cocos2d-xChecking the Cross-Platform Framework Cocos2d-x
Checking the Cross-Platform Framework Cocos2d-xAndrey Karpov
 
Adding replication protocol support for psycopg2
Adding replication protocol support for psycopg2Adding replication protocol support for psycopg2
Adding replication protocol support for psycopg2Alexander Shulgin
 
OSDC 2017 - Werner Fischer - Linux performance profiling and monitoring
OSDC 2017 - Werner Fischer - Linux performance profiling and monitoringOSDC 2017 - Werner Fischer - Linux performance profiling and monitoring
OSDC 2017 - Werner Fischer - Linux performance profiling and monitoringNETWAYS
 

Similar a Master Thread and Worker Thread with Spin Locks and Realloc (20)

Automated reduction of attack surface using call graph enumeration
Automated reduction of attack surface using call graph enumerationAutomated reduction of attack surface using call graph enumeration
Automated reduction of attack surface using call graph enumeration
 
Crash_Report_Mechanism_In_Tizen
Crash_Report_Mechanism_In_TizenCrash_Report_Mechanism_In_Tizen
Crash_Report_Mechanism_In_Tizen
 
Windbg랑 친해지기
Windbg랑 친해지기Windbg랑 친해지기
Windbg랑 친해지기
 
Nodejs性能分析优化和分布式设计探讨
Nodejs性能分析优化和分布式设计探讨Nodejs性能分析优化和分布式设计探讨
Nodejs性能分析优化和分布式设计探讨
 
Davide Berardi - Linux hardening and security measures against Memory corruption
Davide Berardi - Linux hardening and security measures against Memory corruptionDavide Berardi - Linux hardening and security measures against Memory corruption
Davide Berardi - Linux hardening and security measures against Memory corruption
 
FØCAL Boston AiR - Computer Vision Tracing and Hardware Simulation
FØCAL Boston AiR - Computer Vision Tracing and Hardware SimulationFØCAL Boston AiR - Computer Vision Tracing and Hardware Simulation
FØCAL Boston AiR - Computer Vision Tracing and Hardware Simulation
 
OpenWorld 2018 - Common Application Developer Disasters
OpenWorld 2018 - Common Application Developer DisastersOpenWorld 2018 - Common Application Developer Disasters
OpenWorld 2018 - Common Application Developer Disasters
 
04 - I love my OS, he protects me (sometimes, in specific circumstances)
04 - I love my OS, he protects me (sometimes, in specific circumstances)04 - I love my OS, he protects me (sometimes, in specific circumstances)
04 - I love my OS, he protects me (sometimes, in specific circumstances)
 
Writing Metasploit Plugins
Writing Metasploit PluginsWriting Metasploit Plugins
Writing Metasploit Plugins
 
glance replicator
glance replicatorglance replicator
glance replicator
 
RSROC 2015 - AutoHotKey
RSROC 2015 - AutoHotKeyRSROC 2015 - AutoHotKey
RSROC 2015 - AutoHotKey
 
ISCA Final Presentaiton - Compilations
ISCA Final Presentaiton - CompilationsISCA Final Presentaiton - Compilations
ISCA Final Presentaiton - Compilations
 
Osol Pgsql
Osol PgsqlOsol Pgsql
Osol Pgsql
 
re:Invent 2019 BPF Performance Analysis at Netflix
re:Invent 2019 BPF Performance Analysis at Netflixre:Invent 2019 BPF Performance Analysis at Netflix
re:Invent 2019 BPF Performance Analysis at Netflix
 
Jvm operation casual talks
Jvm operation casual talksJvm operation casual talks
Jvm operation casual talks
 
Linux Tracing Superpowers by Eugene Pirogov
Linux Tracing Superpowers by Eugene PirogovLinux Tracing Superpowers by Eugene Pirogov
Linux Tracing Superpowers by Eugene Pirogov
 
OpenStack API's and WSGI
OpenStack API's and WSGIOpenStack API's and WSGI
OpenStack API's and WSGI
 
Checking the Cross-Platform Framework Cocos2d-x
Checking the Cross-Platform Framework Cocos2d-xChecking the Cross-Platform Framework Cocos2d-x
Checking the Cross-Platform Framework Cocos2d-x
 
Adding replication protocol support for psycopg2
Adding replication protocol support for psycopg2Adding replication protocol support for psycopg2
Adding replication protocol support for psycopg2
 
OSDC 2017 - Werner Fischer - Linux performance profiling and monitoring
OSDC 2017 - Werner Fischer - Linux performance profiling and monitoringOSDC 2017 - Werner Fischer - Linux performance profiling and monitoring
OSDC 2017 - Werner Fischer - Linux performance profiling and monitoring
 

Más de Ruo Ando

KISTI-NII Joint Security Workshop 2023.pdf
KISTI-NII Joint Security Workshop 2023.pdfKISTI-NII Joint Security Workshop 2023.pdf
KISTI-NII Joint Security Workshop 2023.pdfRuo Ando
 
Gartner 「セキュリティ&リスクマネジメントサミット 2019」- 安藤
Gartner 「セキュリティ&リスクマネジメントサミット 2019」- 安藤Gartner 「セキュリティ&リスクマネジメントサミット 2019」- 安藤
Gartner 「セキュリティ&リスクマネジメントサミット 2019」- 安藤Ruo Ando
 
解説#86 決定木 - ss.pdf
解説#86 決定木 - ss.pdf解説#86 決定木 - ss.pdf
解説#86 決定木 - ss.pdfRuo Ando
 
SaaSアカデミー for バックオフィス アイドルと学ぶDX講座 ~アイドル戦略に見るDXを専門家が徹底解説~
SaaSアカデミー for バックオフィス アイドルと学ぶDX講座 ~アイドル戦略に見るDXを専門家が徹底解説~SaaSアカデミー for バックオフィス アイドルと学ぶDX講座 ~アイドル戦略に見るDXを専門家が徹底解説~
SaaSアカデミー for バックオフィス アイドルと学ぶDX講座 ~アイドル戦略に見るDXを専門家が徹底解説~Ruo Ando
 
解説#83 情報エントロピー
解説#83 情報エントロピー解説#83 情報エントロピー
解説#83 情報エントロピーRuo Ando
 
解説#82 記号論理学
解説#82 記号論理学解説#82 記号論理学
解説#82 記号論理学Ruo Ando
 
解説#81 ロジスティック回帰
解説#81 ロジスティック回帰解説#81 ロジスティック回帰
解説#81 ロジスティック回帰Ruo Ando
 
解説#74 連結リスト
解説#74 連結リスト解説#74 連結リスト
解説#74 連結リストRuo Ando
 
解説#76 福岡正信
解説#76 福岡正信解説#76 福岡正信
解説#76 福岡正信Ruo Ando
 
解説#77 非加算無限
解説#77 非加算無限解説#77 非加算無限
解説#77 非加算無限Ruo Ando
 
解説#1 C言語ポインタとアドレス
解説#1 C言語ポインタとアドレス解説#1 C言語ポインタとアドレス
解説#1 C言語ポインタとアドレスRuo Ando
 
解説#78 誤差逆伝播
解説#78 誤差逆伝播解説#78 誤差逆伝播
解説#78 誤差逆伝播Ruo Ando
 
解説#73 ハフマン符号
解説#73 ハフマン符号解説#73 ハフマン符号
解説#73 ハフマン符号Ruo Ando
 
【技術解説20】 ミニバッチ確率的勾配降下法
【技術解説20】 ミニバッチ確率的勾配降下法【技術解説20】 ミニバッチ確率的勾配降下法
【技術解説20】 ミニバッチ確率的勾配降下法Ruo Ando
 
【技術解説4】assertion failureとuse after-free
【技術解説4】assertion failureとuse after-free【技術解説4】assertion failureとuse after-free
【技術解説4】assertion failureとuse after-freeRuo Ando
 
ITmedia Security Week 2021 講演資料
ITmedia Security Week 2021 講演資料 ITmedia Security Week 2021 講演資料
ITmedia Security Week 2021 講演資料 Ruo Ando
 
ファジングの解説
ファジングの解説ファジングの解説
ファジングの解説Ruo Ando
 
AI(機械学習・深層学習)との協働スキルとOperational AIの事例紹介 @ ビジネス+ITセミナー 2020年11月
AI(機械学習・深層学習)との協働スキルとOperational AIの事例紹介 @ ビジネス+ITセミナー 2020年11月AI(機械学習・深層学習)との協働スキルとOperational AIの事例紹介 @ ビジネス+ITセミナー 2020年11月
AI(機械学習・深層学習)との協働スキルとOperational AIの事例紹介 @ ビジネス+ITセミナー 2020年11月Ruo Ando
 
【AI実装4】TensorFlowのプログラムを読む2 非線形回帰
【AI実装4】TensorFlowのプログラムを読む2 非線形回帰【AI実装4】TensorFlowのプログラムを読む2 非線形回帰
【AI実装4】TensorFlowのプログラムを読む2 非線形回帰Ruo Ando
 
Intel Trusted Computing Group 1st Workshop
Intel Trusted Computing Group 1st WorkshopIntel Trusted Computing Group 1st Workshop
Intel Trusted Computing Group 1st WorkshopRuo Ando
 

Más de Ruo Ando (20)

KISTI-NII Joint Security Workshop 2023.pdf
KISTI-NII Joint Security Workshop 2023.pdfKISTI-NII Joint Security Workshop 2023.pdf
KISTI-NII Joint Security Workshop 2023.pdf
 
Gartner 「セキュリティ&リスクマネジメントサミット 2019」- 安藤
Gartner 「セキュリティ&リスクマネジメントサミット 2019」- 安藤Gartner 「セキュリティ&リスクマネジメントサミット 2019」- 安藤
Gartner 「セキュリティ&リスクマネジメントサミット 2019」- 安藤
 
解説#86 決定木 - ss.pdf
解説#86 決定木 - ss.pdf解説#86 決定木 - ss.pdf
解説#86 決定木 - ss.pdf
 
SaaSアカデミー for バックオフィス アイドルと学ぶDX講座 ~アイドル戦略に見るDXを専門家が徹底解説~
SaaSアカデミー for バックオフィス アイドルと学ぶDX講座 ~アイドル戦略に見るDXを専門家が徹底解説~SaaSアカデミー for バックオフィス アイドルと学ぶDX講座 ~アイドル戦略に見るDXを専門家が徹底解説~
SaaSアカデミー for バックオフィス アイドルと学ぶDX講座 ~アイドル戦略に見るDXを専門家が徹底解説~
 
解説#83 情報エントロピー
解説#83 情報エントロピー解説#83 情報エントロピー
解説#83 情報エントロピー
 
解説#82 記号論理学
解説#82 記号論理学解説#82 記号論理学
解説#82 記号論理学
 
解説#81 ロジスティック回帰
解説#81 ロジスティック回帰解説#81 ロジスティック回帰
解説#81 ロジスティック回帰
 
解説#74 連結リスト
解説#74 連結リスト解説#74 連結リスト
解説#74 連結リスト
 
解説#76 福岡正信
解説#76 福岡正信解説#76 福岡正信
解説#76 福岡正信
 
解説#77 非加算無限
解説#77 非加算無限解説#77 非加算無限
解説#77 非加算無限
 
解説#1 C言語ポインタとアドレス
解説#1 C言語ポインタとアドレス解説#1 C言語ポインタとアドレス
解説#1 C言語ポインタとアドレス
 
解説#78 誤差逆伝播
解説#78 誤差逆伝播解説#78 誤差逆伝播
解説#78 誤差逆伝播
 
解説#73 ハフマン符号
解説#73 ハフマン符号解説#73 ハフマン符号
解説#73 ハフマン符号
 
【技術解説20】 ミニバッチ確率的勾配降下法
【技術解説20】 ミニバッチ確率的勾配降下法【技術解説20】 ミニバッチ確率的勾配降下法
【技術解説20】 ミニバッチ確率的勾配降下法
 
【技術解説4】assertion failureとuse after-free
【技術解説4】assertion failureとuse after-free【技術解説4】assertion failureとuse after-free
【技術解説4】assertion failureとuse after-free
 
ITmedia Security Week 2021 講演資料
ITmedia Security Week 2021 講演資料 ITmedia Security Week 2021 講演資料
ITmedia Security Week 2021 講演資料
 
ファジングの解説
ファジングの解説ファジングの解説
ファジングの解説
 
AI(機械学習・深層学習)との協働スキルとOperational AIの事例紹介 @ ビジネス+ITセミナー 2020年11月
AI(機械学習・深層学習)との協働スキルとOperational AIの事例紹介 @ ビジネス+ITセミナー 2020年11月AI(機械学習・深層学習)との協働スキルとOperational AIの事例紹介 @ ビジネス+ITセミナー 2020年11月
AI(機械学習・深層学習)との協働スキルとOperational AIの事例紹介 @ ビジネス+ITセミナー 2020年11月
 
【AI実装4】TensorFlowのプログラムを読む2 非線形回帰
【AI実装4】TensorFlowのプログラムを読む2 非線形回帰【AI実装4】TensorFlowのプログラムを読む2 非線形回帰
【AI実装4】TensorFlowのプログラムを読む2 非線形回帰
 
Intel Trusted Computing Group 1st Workshop
Intel Trusted Computing Group 1st WorkshopIntel Trusted Computing Group 1st Workshop
Intel Trusted Computing Group 1st Workshop
 

Último

Electronically Controlled suspensions system .pdf
Electronically Controlled suspensions system .pdfElectronically Controlled suspensions system .pdf
Electronically Controlled suspensions system .pdfme23b1001
 
Call Girls Delhi {Jodhpur} 9711199012 high profile service
Call Girls Delhi {Jodhpur} 9711199012 high profile serviceCall Girls Delhi {Jodhpur} 9711199012 high profile service
Call Girls Delhi {Jodhpur} 9711199012 high profile servicerehmti665
 
Instrumentation, measurement and control of bio process parameters ( Temperat...
Instrumentation, measurement and control of bio process parameters ( Temperat...Instrumentation, measurement and control of bio process parameters ( Temperat...
Instrumentation, measurement and control of bio process parameters ( Temperat...121011101441
 
TechTAC® CFD Report Summary: A Comparison of Two Types of Tubing Anchor Catchers
TechTAC® CFD Report Summary: A Comparison of Two Types of Tubing Anchor CatchersTechTAC® CFD Report Summary: A Comparison of Two Types of Tubing Anchor Catchers
TechTAC® CFD Report Summary: A Comparison of Two Types of Tubing Anchor Catcherssdickerson1
 
Artificial-Intelligence-in-Electronics (K).pptx
Artificial-Intelligence-in-Electronics (K).pptxArtificial-Intelligence-in-Electronics (K).pptx
Artificial-Intelligence-in-Electronics (K).pptxbritheesh05
 
INFLUENCE OF NANOSILICA ON THE PROPERTIES OF CONCRETE
INFLUENCE OF NANOSILICA ON THE PROPERTIES OF CONCRETEINFLUENCE OF NANOSILICA ON THE PROPERTIES OF CONCRETE
INFLUENCE OF NANOSILICA ON THE PROPERTIES OF CONCRETEroselinkalist12
 
main PPT.pptx of girls hostel security using rfid
main PPT.pptx of girls hostel security using rfidmain PPT.pptx of girls hostel security using rfid
main PPT.pptx of girls hostel security using rfidNikhilNagaraju
 
Work Experience-Dalton Park.pptxfvvvvvvv
Work Experience-Dalton Park.pptxfvvvvvvvWork Experience-Dalton Park.pptxfvvvvvvv
Work Experience-Dalton Park.pptxfvvvvvvvLewisJB
 
Decoding Kotlin - Your guide to solving the mysterious in Kotlin.pptx
Decoding Kotlin - Your guide to solving the mysterious in Kotlin.pptxDecoding Kotlin - Your guide to solving the mysterious in Kotlin.pptx
Decoding Kotlin - Your guide to solving the mysterious in Kotlin.pptxJoão Esperancinha
 
Correctly Loading Incremental Data at Scale
Correctly Loading Incremental Data at ScaleCorrectly Loading Incremental Data at Scale
Correctly Loading Incremental Data at ScaleAlluxio, Inc.
 
Oxy acetylene welding presentation note.
Oxy acetylene welding presentation note.Oxy acetylene welding presentation note.
Oxy acetylene welding presentation note.eptoze12
 
CCS355 Neural Network & Deep Learning Unit II Notes with Question bank .pdf
CCS355 Neural Network & Deep Learning Unit II Notes with Question bank .pdfCCS355 Neural Network & Deep Learning Unit II Notes with Question bank .pdf
CCS355 Neural Network & Deep Learning Unit II Notes with Question bank .pdfAsst.prof M.Gokilavani
 
Study on Air-Water & Water-Water Heat Exchange in a Finned Tube Exchanger
Study on Air-Water & Water-Water Heat Exchange in a Finned Tube ExchangerStudy on Air-Water & Water-Water Heat Exchange in a Finned Tube Exchanger
Study on Air-Water & Water-Water Heat Exchange in a Finned Tube ExchangerAnamika Sarkar
 
What are the advantages and disadvantages of membrane structures.pptx
What are the advantages and disadvantages of membrane structures.pptxWhat are the advantages and disadvantages of membrane structures.pptx
What are the advantages and disadvantages of membrane structures.pptxwendy cai
 
Gurgaon ✡️9711147426✨Call In girls Gurgaon Sector 51 escort service
Gurgaon ✡️9711147426✨Call In girls Gurgaon Sector 51 escort serviceGurgaon ✡️9711147426✨Call In girls Gurgaon Sector 51 escort service
Gurgaon ✡️9711147426✨Call In girls Gurgaon Sector 51 escort servicejennyeacort
 
An introduction to Semiconductor and its types.pptx
An introduction to Semiconductor and its types.pptxAn introduction to Semiconductor and its types.pptx
An introduction to Semiconductor and its types.pptxPurva Nikam
 
Past, Present and Future of Generative AI
Past, Present and Future of Generative AIPast, Present and Future of Generative AI
Past, Present and Future of Generative AIabhishek36461
 
An experimental study in using natural admixture as an alternative for chemic...
An experimental study in using natural admixture as an alternative for chemic...An experimental study in using natural admixture as an alternative for chemic...
An experimental study in using natural admixture as an alternative for chemic...Chandu841456
 

Último (20)

Electronically Controlled suspensions system .pdf
Electronically Controlled suspensions system .pdfElectronically Controlled suspensions system .pdf
Electronically Controlled suspensions system .pdf
 
Call Girls Delhi {Jodhpur} 9711199012 high profile service
Call Girls Delhi {Jodhpur} 9711199012 high profile serviceCall Girls Delhi {Jodhpur} 9711199012 high profile service
Call Girls Delhi {Jodhpur} 9711199012 high profile service
 
Instrumentation, measurement and control of bio process parameters ( Temperat...
Instrumentation, measurement and control of bio process parameters ( Temperat...Instrumentation, measurement and control of bio process parameters ( Temperat...
Instrumentation, measurement and control of bio process parameters ( Temperat...
 
TechTAC® CFD Report Summary: A Comparison of Two Types of Tubing Anchor Catchers
TechTAC® CFD Report Summary: A Comparison of Two Types of Tubing Anchor CatchersTechTAC® CFD Report Summary: A Comparison of Two Types of Tubing Anchor Catchers
TechTAC® CFD Report Summary: A Comparison of Two Types of Tubing Anchor Catchers
 
Artificial-Intelligence-in-Electronics (K).pptx
Artificial-Intelligence-in-Electronics (K).pptxArtificial-Intelligence-in-Electronics (K).pptx
Artificial-Intelligence-in-Electronics (K).pptx
 
INFLUENCE OF NANOSILICA ON THE PROPERTIES OF CONCRETE
INFLUENCE OF NANOSILICA ON THE PROPERTIES OF CONCRETEINFLUENCE OF NANOSILICA ON THE PROPERTIES OF CONCRETE
INFLUENCE OF NANOSILICA ON THE PROPERTIES OF CONCRETE
 
main PPT.pptx of girls hostel security using rfid
main PPT.pptx of girls hostel security using rfidmain PPT.pptx of girls hostel security using rfid
main PPT.pptx of girls hostel security using rfid
 
Work Experience-Dalton Park.pptxfvvvvvvv
Work Experience-Dalton Park.pptxfvvvvvvvWork Experience-Dalton Park.pptxfvvvvvvv
Work Experience-Dalton Park.pptxfvvvvvvv
 
Call Us -/9953056974- Call Girls In Vikaspuri-/- Delhi NCR
Call Us -/9953056974- Call Girls In Vikaspuri-/- Delhi NCRCall Us -/9953056974- Call Girls In Vikaspuri-/- Delhi NCR
Call Us -/9953056974- Call Girls In Vikaspuri-/- Delhi NCR
 
Decoding Kotlin - Your guide to solving the mysterious in Kotlin.pptx
Decoding Kotlin - Your guide to solving the mysterious in Kotlin.pptxDecoding Kotlin - Your guide to solving the mysterious in Kotlin.pptx
Decoding Kotlin - Your guide to solving the mysterious in Kotlin.pptx
 
Correctly Loading Incremental Data at Scale
Correctly Loading Incremental Data at ScaleCorrectly Loading Incremental Data at Scale
Correctly Loading Incremental Data at Scale
 
Oxy acetylene welding presentation note.
Oxy acetylene welding presentation note.Oxy acetylene welding presentation note.
Oxy acetylene welding presentation note.
 
Design and analysis of solar grass cutter.pdf
Design and analysis of solar grass cutter.pdfDesign and analysis of solar grass cutter.pdf
Design and analysis of solar grass cutter.pdf
 
CCS355 Neural Network & Deep Learning Unit II Notes with Question bank .pdf
CCS355 Neural Network & Deep Learning Unit II Notes with Question bank .pdfCCS355 Neural Network & Deep Learning Unit II Notes with Question bank .pdf
CCS355 Neural Network & Deep Learning Unit II Notes with Question bank .pdf
 
Study on Air-Water & Water-Water Heat Exchange in a Finned Tube Exchanger
Study on Air-Water & Water-Water Heat Exchange in a Finned Tube ExchangerStudy on Air-Water & Water-Water Heat Exchange in a Finned Tube Exchanger
Study on Air-Water & Water-Water Heat Exchange in a Finned Tube Exchanger
 
What are the advantages and disadvantages of membrane structures.pptx
What are the advantages and disadvantages of membrane structures.pptxWhat are the advantages and disadvantages of membrane structures.pptx
What are the advantages and disadvantages of membrane structures.pptx
 
Gurgaon ✡️9711147426✨Call In girls Gurgaon Sector 51 escort service
Gurgaon ✡️9711147426✨Call In girls Gurgaon Sector 51 escort serviceGurgaon ✡️9711147426✨Call In girls Gurgaon Sector 51 escort service
Gurgaon ✡️9711147426✨Call In girls Gurgaon Sector 51 escort service
 
An introduction to Semiconductor and its types.pptx
An introduction to Semiconductor and its types.pptxAn introduction to Semiconductor and its types.pptx
An introduction to Semiconductor and its types.pptx
 
Past, Present and Future of Generative AI
Past, Present and Future of Generative AIPast, Present and Future of Generative AI
Past, Present and Future of Generative AI
 
An experimental study in using natural admixture as an alternative for chemic...
An experimental study in using natural admixture as an alternative for chemic...An experimental study in using natural admixture as an alternative for chemic...
An experimental study in using natural admixture as an alternative for chemic...
 

Master Thread and Worker Thread with Spin Locks and Realloc

  • 1. Master Thread Worker Thread Flex / Bison A enqueue write pointer *.c *.cpp *.h BC Spin lock and conditional variables dequeue read pointer SPINLOCK pthread_cond_wait / pthread_cond_signal
  • 2.
  • 3. User-after-free (aka heap spray) : CVE-2013-4371 Xen hypervisor http://blog.tempest.com.br/breno-cunha/perspectives-on-exploit-development-and-cyber- attacks.html create() free() realloc() use() Jump to payload on heap ROP + Shellcode int *tmp = (int*)realloc(k,(N+1)*sizeof(int)); if( tmp!=NULL ){ k = tmp; puts("________realloc(k)_________"); for(i=0; i<N+1; i++){ printf("&k[%d]:%p , k[%d]=%d¥n",i,&k[i],i,k[i]); } } realloc() allocates new area if realloc() fails to expand the pointer of first argument. Consequently, the string is saved but the address is changed. If too many realloc() is invoked, DoS is enabled by adversary and an arbitrary malicious string can be executed. void* realloc (void* ptr, size_t size);
  • 4. version search depth EMPTY (LEAF) EDGE version search depth EMPTY (LEAF) EDGE xen440 1 1 15xen433 1 1 7 xen440 2 6 62xen433 2 5 36 xen440 3 68 876xen433 3 74 998 xen412 1 0 8xen453 1 1 15 xen412 2 1 17xen453 2 6 65 xen412 3 10 119xen453 3 11 208 xen414 1 0 8xen432 1 1 7 xen414 2 1 17xen432 2 5 36 xen414 3 10 119xen432 3 88 1223 xen410 2 1 17xen450 1 1 15 xen410 3 10 122xen450 2 6 65 xen441 1 1 15xen450 3 11 203 xen441 2 6 62xen451 1 1 15 xen441 3 83 1068xen451 2 6 65 xen415 1 0 8xen451 3 10 201 xen415 2 1 17xen434 1 1 7 xen415 3 10 119xen434 2 5 36 xen422 1 0 8xen434 3 81 1043 xen422 2 3 36xen455 1 1 15 xen422 3 87 1525xen455 2 6 65 xen424 1 0 8xen455 3 12 217 xen424 2 3 36xen430 1 1 7 xen424 3 80 1476xen430 2 5 36 xen413 1 0 8xen430 3 62 761 xen413 2 1 17xen442 1 1 15 xen413 3 10 119xen442 2 6 62 xen425 1 0 8xen442 3 68 876 xen440 : libxl_list_cpupool : 3 : 68 : 876 psycopg2.Operational Error: FATAL: sorry, too many clients already FATAL: sorry, too many clients already xen440 : libxl_list_cpupool : 4 : 297 : 4811 xen414 : libxl_list_cpupool : 3 : 10 : 119 xen414 : libxl_list_cpupool : 4 : 10 : 123 xen414 : libxl_list_cpupool : 5 : 10 : 127 LIMITATION: Upper bound of PostgreSQL: search depth > 4 (path explotion)