[24635] in bugtraq
zlib & java
daemon@ATHENA.MIT.EDU (Darren Reed)
Tue Mar 12 14:31:33 2002
From: Darren Reed <avalon@coombs.anu.edu.au>
Message-Id: <200203121529.CAA21773@caligula.anu.edu.au>
To: bugtraq@securityfocus.com
Date: Wed, 13 Mar 2002 02:29:25 +1100 (Australia/ACT)
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Back in Java 1.1, zlibc was visibly part of the source tree for java.
More recent versions of Java seem to make the java.util.zip from .java
files but use a JNI (Java Native Interface) for the actual implementation.
e.g. there's a class called:
java.util.zip.GZIPIntupStream
Does anyone know what the implications of this are? The real issue here
appears to be what sort of memory management (malloc/free) java uses for
the JNI code. (I've neither had the time to test or look more deeply
into this.) If a native malloc/free is being used (as opposed to the
standard java object management), is the sandbox at risk here?
Well, aside from meaning we need a new jar for java.util.zip if the zlib
code there is buggy :)
Darren
