On 21/08/2019 14:25, Markus Armbruster wrote:
> Andrey Shinkevich writes:
>
>> In the struct OptsVisitor, the 'repeated_opts' member points to a list
>> in the 'unprocessed_opts' hash table after the list has been destroyed.
>> A subsequent call to visit_type_int() references the deleted list.
Andrey Shinkevich writes:
> In the struct OptsVisitor, the 'repeated_opts' member points to a list
> in the 'unprocessed_opts' hash table after the list has been destroyed.
> A subsequent call to visit_type_int() references the deleted list.
> It results in use-after-free issue reproduced by runn
PINGING...
On 05/08/2019 20:03, Andrey Shinkevich wrote:
> In the struct OptsVisitor, the 'repeated_opts' member points to a list
> in the 'unprocessed_opts' hash table after the list has been destroyed.
> A subsequent call to visit_type_int() references the deleted list.
> It results in use-after
In the struct OptsVisitor, the 'repeated_opts' member points to a list
in the 'unprocessed_opts' hash table after the list has been destroyed.
A subsequent call to visit_type_int() references the deleted list.
It results in use-after-free issue reproduced by running the test case
under the Valgrind
