|
|
|
|
|
|
by kelnos
819 days ago
|
|
|
Well, we're not talking about "pseudo-UAF", we're talking about actual-UAF and actual-memory-safety. You use scare quotes around "freed" for a reason: the data has not actually been freed. The bug you're talking about is a logic error. It could be a bad bug, depending on circumstances, but there's no memory safety issue here. |
|
|
Who said it hasn't? I would assume such a node to have been given to `std::ptr::drop_in_place`. Not doing that would be a leak until the list as a whole was dropped.