Valerie (Yu-Ching) Peng
valerie.peng at oracle.com
Tue Jun 18 15:24:20 PDT 2013
I recall reviewing this use-after-free problem a while ago?
Isn't this the same one that's caught by parfait earlier?
The synopsis for 8007636 is "[parfait] False positive buffer overrun
error in jdk/src/solaris/transport/socket/socket_md.c".
Your changes do not seem to match the bug description. What is going on
On 06/18/13 04:26, Florian Weimer wrote:
> On 06/17/2013 04:29 PM, John Zavgren wrote:
>> I'm posting a fix for a memory leak. As you can see, the original code
>> deallocated a structure, thereby rendering it's memory invalid, then it
>> deallocated the memory that was allocated to one of its data members.
>> I merely reversed the order of the free() operations.
> The change looks okay to me. However, this addresses not a memory
> leak, but a user-after-free bug. (It might materialize as a leak if
> you have a malloc implementation that overwrites objects with zeros
> when they are freed, but that seems unlikely.)
More information about the security-dev