Root Cause


My name is Chris Rohlf. I've been a security researcher, developer, and engineer since 2003 at fine places such as Square, Yahoo, Leaf Security Research, Matasano Security, and US DoD.

Root Cause is a space to post articles about computation at scale, programming languages, security/cryptography, and esoteric memory safety vulnerabilities. My hope is that these posts will be preserved for future generations to study what primitive human beings once considered complex machines.


April 7th, 2017 - In this article I briefly cover the internals and some weaknesses of OilPan, Google's Garbage Collected heap for Chrome.

January 22, 2016 - In this article I dive into how PartitionAlloc works by first explaining its origins and how some of its basic allocation code paths work. I also introduce some basic hardening measures by randomizing the freelist and adding some basic double free protection.

September 9th, 2015 - In this brief article I explain how I ported the Chrome PDFium library to use the PartitionAlloc heap allocator. This brings the benefits of fine graned memory separation for objects allocated inside the PDFium code.

A quick look at the OpenSSL out of bounds read vulnerability from 2014. The internet went into panic mode and blamed the OpenSSL project for maintaining their own malloc. But this, like most things on the internet, was rooted in false assumptions.

Originally posted in 2010 on my first blog, this article explores how ptmalloc2 in glibc 2.11 attempted to stop the obscure House of Mind heap exploitation technique.

Originally posted in 2010 on my first blog, this article looks at an interesting type confusion vulnerability I discovered in WebKit. This was an extremely flexible vulnerability that allowed for an abitrary length read from an arbitrary address.