[En-Nut-Discussion] heap.c: Double free never detected - Followup2
Moritz Struebe
morty at gmx.net
Mon Apr 21 12:07:41 CEST 2008
Stupid me!
Sorry for the Spam!
Morty
Moritz Struebe schrieb:
> Hi there,
>
> I'm still morking on the heap.c. I think I found a bug:
>
> The double free
>
> (u_short)node + node->hn_size) > (u_short)fnode #
>
> is never detected because
>
> (u_short)node > (u_short)fnode
>
> breaks the loop before reaching the double free check.
>
> Or did I get something wrong once again?
>
> Cheers
> Morty
>
More information about the En-Nut-Discussion
mailing list