If there is a double free, this is still something that definitely needs to be addressed by the people who wrote the software that performs the double free; presumably BMC.
To quote http://www.owasp.org/index.php/Double_Free "Double free errors occur when free() is called more than once with the same memory address as an argument. Calling free() twice on the same value can lead to a buffer overflow. When a program calls free() twice with the same argument, the program's memory management data structures become corrupted. This corruption can cause the program to crash or, in some circumstances, cause two later calls to malloc() to return the same pointer. If malloc() returns the same value twice and the program later gives the attacker control over the data that is written into this doubly-allocated memory, the program becomes vulnerable to a buffer overflow attack." By ignoring the errors, you are in essence trading one demon for another. Axton Grams On 6/11/07, Dwayne Martin <[EMAIL PROTECTED]> wrote:
I reported this problem as '"Asynchronous even occured" and "glibc detected" when opening form' back in May 29. I thot I had solved it, and when I discovered that it wasn't fixed afterall, the title got so long that it was changed (I don't know who changed it) to "ARSList Question NOT SOLVED AFTERALL". The problem turned out to be a Red-Hat Linux issue. One of our Systems experts figured it out, and I'll simply pass on what he wrote to me: "There's a problem where double mallocs (double clearing of a memory allocation) causes a hard error in newer versions of RH Linux - the program crashes. The custom form in use here apparently does this somewhere in a function call. This is an issue we've dealt with (sort of) before and the systems guys just need to change a kernel paramater to cause a warning, versus error, to be generated when this occurs. This is the MALLOC parameter which, when set, causes a warning, versus hard error (crash) to be generated when a double clear occurs." Thanks to everyone who wrote in on this problem. Dwayne Martin Computing Support James Madison University _______________________________________________________________________________ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org ARSlist:"Where the Answers Are"
_______________________________________________________________________________ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org ARSlist:"Where the Answers Are"
