> And of course, some programs use replacements like dlmalloc and do all their own allocation management anyway.
Yeah. I wrote my own allocator in C++ a long time ago. I wouldn't be surprised if there weren't quite a few other bits of software out there doing the same thing.
Partly. They were using their own allocator (openssl_malloc()), but even then they would've been OK if it weren't for the OBO error elsewhere in the heartbeat implementation. If they were using an OS-supplied malloc() instead of openssl_malloc(), the bug would've still been exploitable on some operating systems, but not others.
Either way, "don't write your own allocator" is a good lesson to learn.
Unless, of course, you're doing it for fun. In which case, efficient heap management really is a neat exercise.
Yeah. I wrote my own allocator in C++ a long time ago. I wouldn't be surprised if there weren't quite a few other bits of software out there doing the same thing.