[justinsaccount]

Also because the 'safe' version only checks

  dict->pos == dict->limit

and not

  dict->pos >= dict->limit

if you can get one call of dict_put somewhere to pass the limit, all later calls of dict_put_safe will happily overwrite memory and not actually be safe.

[Calzifer]

No, because dict_put will update the limit value if the new pos exceed it.

[justinsaccount]

I don't see anything like what you are describing. What line exactly are you talking about?

[ahartmetz]

Wow, that is 1000% obviously malicious