Zlib in kaffe?

Jim Pick jim at kaffe.org
Mon Mar 18 07:59:28 PST 2002

I think kaffe can be built either dynamically, or statically.

It looks like the double free() is in the decompression code, so if somebody
constructed a malicious jar or zip file and used kaffe to run this untrusted
code, it could be a problem, depending on the operating system.

Of course, from what I understand, we do not have a complete bytecode
verifier yet, so running untrusted code is just a bad idea anyways.

I wonder if we should put out an advisory?

I think the PocketlLinux version actually overrides the system malloc() and
free() implementations, and uses gc to actually free memory for free()
calls.  It doesn't look like the kaffe.org version does that (not that I
think that makes better sense).


 - Jim

----- Original Message -----
From: "Dalibor Topic" <robilad at yahoo.com>
To: "Kaffe Mailing List" <kaffe at rufus.w3.org>
Sent: Monday, March 18, 2002 3:41 AM
Subject: Zlib in kaffe?

> Hi,
> I have come accross this page http://www.gzip.org/zlib/apps.html that
> kaffe uses zlib and thus might be vulnerable to the recently uncovered
> security bug: http://www.cert.org/advisories/CA-2002-07.html
> Is kaffe using a statically linked version (i.e. is the heavily hacked
> inflate.[ch] code it)? Or doues it just link to the DLL?
> cheers,
> dalibor topic
> _________________________________________________________
> Do You Yahoo!?
> Get your free @yahoo.com address at http://mail.yahoo.com

More information about the kaffe mailing list