I recall reviewing this use-after-free problem a while ago?
Isn't this the same one that's caught by parfait earlier?
The synopsis for 8007636 is "[parfait] False positive buffer overrun
error in jdk/src/solaris/transport/socket/socket_md.c".
Your changes do not seem to match the bug description. What is going on
here?
Valerie
On 06/18/13 04:26, Florian Weimer wrote:
On 06/17/2013 04:29 PM, John Zavgren wrote:
Greetings:
I'm posting a fix for a memory leak. As you can see, the original code
deallocated a structure, thereby rendering it's memory invalid, then it
deallocated the memory that was allocated to one of its data members.
I merely reversed the order of the free() operations.
The change looks okay to me. However, this addresses not a memory
leak, but a user-after-free bug. (It might materialize as a leak if
you have a malloc implementation that overwrites objects with zeros
when they are freed, but that seems unlikely.)
