I've tried to search the archives/bug reports/faq's and didn't find any
definitive answers on the zlib Double Free Bug CERT's Advisory CA-2002-07
issue.  Even though I didn't compile php with the --with-zlib option when I
run strings against the php library I still see zlib information.  For

> strings libphp4.a | grep -i zlib
Request error: class file/memory mismatch

So Zlib is still in the libphp4.a library.  So does this mean that I could
possibly still be vulnerable to the zlib Double Free Bug?

Also, if I DO need to compile php with the --with-zlib option I assume
I will also need to give it the --with-zlib-dir option.  I assume if
that zlib install directory does NOT have the bug, then I would be safe
from it.  I'm asking since I know there's the ext/zlib directory under
the php source directory (well at least php v4.0.6) and I'm not sure if
the bug exists somewhere in those files.

Thanks for any help you can give me on those 2 questions.

Please mail me directly since I'm not on this list.

Thanks for your time and help,
  Lenny Miceli

PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to