Bryan Paxton <[EMAIL PROTECTED]> writes:
> Ok, here's the dealio (don't know if internal knows, so apologies if
> this is known):
> zlib in cooker is patched to fix the double free() sec bug...
> However, this patch has not fixed (at least from my end) the problem...
> First of all, never count on WUIs for up-to-date info!
[...]
> Patch is there, has been for a while... (since Feb FYI).
> However, as stated above the patch does not fix (REPEAT: This is from my
> end, my system) the hole:
> $ rpm -q zlib1
> zlib1-1.1.3-19mdk
> $ cat 2free.c
> #include <stdio.h>
> #include <stdlib.h>
>
> int main(int argc, char* argv[]) {
> void* foo = malloc(16);
> free(foo);
> free(foo);
> printf("Program ran to completion.\n");
> }
> $ export MALLOC_CHECK=2 && gcc -o 2free 2free.c && ./2free
> Segmentation fault (core dumped)
I think you misunderstood the problem. The patch doesn't fix the
fact that doing a double free will segfault your program. The
patch removes a double-free in zlib, which could lead to segfault
and/or compromise in zlib and in programs using zlib.
The fact that MALLOC_CHECK may no be honoured by gcc is a very
different thing in fact!
--
Guillaume Cottenceau - http://www.frozen-bubble.org/
