Bugtraq mailing list archives

RE: ZLib double free bug: Windows NT potentially unaffected

From: "Robert Collins" <robert.collins () itdomain com au>
Date: Fri, 15 Mar 2002 10:49:11 +1100

-----Original Message-----
From: KJK::Hyperion [mailto:noog () libero it] 
Sent: Friday, March 15, 2002 4:52 AM
To: bugtraq () securityfocus com
Subject: ZLib double free bug: Windows NT potentially unaffected

I allocate 4 kb of memory, then I free the block twice. Under 
debugging, 
this program will emit the following diagnostic message:

HEAP[testheap.exe]: Invalid Address specified to RtlFreeHeap( 
130000, 1357f0 )

immediately after this, a breakpoint exception (code 
0x80000003) is raised. 
So, apparently, the second free operation degrades 
gracefully, apparently 
without any corruption of in-memory structures, since the subsequent 
allocation/deallocation runs fine


Can I suggest you try it with a non-debug build. I've seen heap
corruption occur in winNT software, that in debug-builds was trapped,
but in non-debug builds was not.

Cheers,
Rob

Current thread:

ZLib double free bug: Windows NT potentially unaffected KJK::Hyperion (Mar 14)
- Re: ZLib double free bug: Windows NT potentially unaffected Casper Dik (Mar 14)
- Re: ZLib double free bug: Windows NT potentially unaffected Dragos Ruiu (Mar 15)
  - Re: ZLib double free bug: Windows NT potentially unaffected Dragos Ruiu (Mar 14)
- <Possible follow-ups>
- RE: ZLib double free bug: Windows NT potentially unaffected Robert Collins (Mar 14)
  - Re: ZLib double free bug: Windows NT potentially unaffected Martijn Lievaart (Mar 15)