You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
See my comments in the code below. Very surprising that this hasn't caused widespread crashes (and hasn't been caught before this).
static inline void clear_chunk_list(msgpack_zone_chunk_list* cl, size_t chunk_size)
{
msgpack_zone_chunk* c = cl->head; <============ first value of c is the incoming cl->head
while(true) {
msgpack_zone_chunk* n = c->next;
if(n != NULL) {
free(c); // <===== original cl->head gets free'd here
c = n;
} else {
break;
}
}
cl->head->next = NULL; // <===== same cl->head pointer is being deref'd here.
cl->free = chunk_size;
cl->ptr = ((char*)cl->head) + sizeof(msgpack_zone_chunk);
}
The text was updated successfully, but these errors were encountered:
See my comments in the code below. Very surprising that this hasn't caused widespread crashes (and hasn't been caught before this).
The text was updated successfully, but these errors were encountered: