RFR JDK8007636

Valerie (Yu-Ching) Peng valerie.peng at oracle.com
Tue Jun 18 15:24:20 PDT 2013


I recall reviewing this use-after-free problem a while ago?
Isn't this the same one that's caught by parfait earlier?

The synopsis for 8007636 is "[parfait] False positive buffer overrun 
error in jdk/src/solaris/transport/socket/socket_md.c".
Your changes do not seem to match the bug description. What is going on 
here?
Valerie

On 06/18/13 04:26, Florian Weimer wrote:
> On 06/17/2013 04:29 PM, John Zavgren wrote:
>> Greetings:
>>
>> I'm posting a fix for a memory leak. As you can see, the original code
>> deallocated a structure, thereby rendering it's memory invalid, then it
>> deallocated the memory that was allocated to one of its data members.
>>
>> I merely reversed the order of the free() operations.
>
> The change looks okay to me.  However, this addresses not a memory 
> leak, but a user-after-free bug.  (It might materialize as a leak if 
> you have a malloc implementation that overwrites objects with zeros 
> when they are freed, but that seems unlikely.)
>



More information about the security-dev mailing list