[24697] in bugtraq
RE: ZLib double free bug: Windows NT potentially unaffected
daemon@ATHENA.MIT.EDU (Robert Collins)
Thu Mar 14 20:41:50 2002
content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain;
charset="US-ASCII"
Date: Fri, 15 Mar 2002 10:49:11 +1100
Message-ID: <FC169E059D1A0442A04C40F86D9BA760014BB9@itdomain003.itdomain.net.au>
From: "Robert Collins" <robert.collins@itdomain.com.au>
To: "KJK::Hyperion" <noog@libero.it>, <bugtraq@securityfocus.com>
Content-Transfer-Encoding: 8bit
> -----Original Message-----
> From: KJK::Hyperion [mailto:noog@libero.it]
> Sent: Friday, March 15, 2002 4:52 AM
> To: bugtraq@securityfocus.com
> Subject: ZLib double free bug: Windows NT potentially unaffected
> I allocate 4 kb of memory, then I free the block twice. Under
> debugging,
> this program will emit the following diagnostic message:
>
> HEAP[testheap.exe]: Invalid Address specified to RtlFreeHeap(
> 130000, 1357f0 )
>
> immediately after this, a breakpoint exception (code
> 0x80000003) is raised.
> So, apparently, the second free operation degrades
> gracefully, apparently
> without any corruption of in-memory structures, since the subsequent
> allocation/deallocation runs fine
Can I suggest you try it with a non-debug build. I've seen heap
corruption occur in winNT software, that in debug-builds was trapped,
but in non-debug builds was not.
Cheers,
Rob
