Overriding 'free' or 'delete' using LD_PRELOAD & dlsym()

Question

Overriding 'malloc' using the LD_PRELOAD mechanism

How can LD_PRELOAD be used to set ptr to NULL or to any other memory address in order to avoid dangling pointer exploits.

void free(void *ptr)
{
    real_free(ptr);

    ptr = NULL // will only set local ptr to NULL
}

Answer 1

It cannot.

With LD_PRELOAD you can override symbols, such as a function. To alter the pointer passed in to free() you would need access to the variable of the caller of free() in order to set it to NULL. But you only have access to a copy of the pointer passed in.

Note that a caller might even do something as:

 free(do_something()); 

In which case there is no variable to set to NULL