On Friday, April 5, 2002, at 03:13 AM, Andrew van der Stock wrote:
> Apple's statement is: "Mac OS X and Mac OS X Server do not contain this
> vulnerability." Does MacOS X and MacOS X Server even have a
> copy of zlib
> (ie libz.so) by default? Or is down to the FreeBSD malloc / free
> behavior of MacOS X? Hard to say - not a lot of information to go on.
I'm pretty sure it's the FreeBSD behavior that protects it because:
Mac OS X includes libz:
/System/Library/Frameworks/JavaVM.framework/Versions/1.3.1/Libraries/libzip.
jnilib
/usr/lib/libz.1.1.3.dylib
/usr/lib/libz.1.dylib
/usr/lib/libz.dylib
The following program does not crash, and indeed produces
the warning messages that FreeBSD describes it should:
#include <stdlib.h>
int main() {
void *ptr;
int x;
for (x = 0; x < 10000; ++x) {
ptr = malloc(123456);
free(ptr);
free(ptr);
}
return 0;
}
It produces these warnings:
*** malloc[27202]: Deallocation of a pointer not malloced:
0x84000; This could be a double free(), or free() called with
the middle of an allocated block; Try setting environment
variable MallocHelp to see tools to help debug
(many, many times)
