|
|
|
|
|
|
by hlandau
697 days ago
|
|
|
Indeed, double-free, not UAF; I should know better than to write comments while sleep-deprived... I suppose a cookie could be used in a "trust, but verify" approach if the free function takes both a pointer and a cookie. You would have the usual sidecar data next to the allocated region, but verify that the cookie matches. This would avoid the lookup issues you discuss. |
|
|