You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I think it may cause a potential bug in list.c if bs_list_trim is called and list->n is 0. Because in such condition, when resize being called, p = realloc(list->ids, sizeof(int) * new_size); acts like free function but list->data still points to the freed memory. It may cause use-after-free.
Although bs_list_trim hasn't been called now, I think it is a potential issue and we could add some check to make the code safer. Thanks.
The text was updated successfully, but these errors were encountered:
I think it may cause a potential bug in list.c if
bs_list_trimis called andlist->nis 0. Because in such condition, whenresizebeing called,p = realloc(list->ids, sizeof(int) * new_size);acts like free function butlist->datastill points to the freed memory. It may cause use-after-free.Although
bs_list_trimhasn't been called now, I think it is a potential issue and we could add some check to make the code safer. Thanks.The text was updated successfully, but these errors were encountered: