circle icon indicating copy to clipboard operation
circle copied to clipboard
verified publisher icon seanbaxter

Use after free, double free possible in safe function

Open fuhsnn opened this issue 1 year ago • 0 comments

I didn't find how to express allocation ownership without std2 on the documentation site, so I just played around blindly on godbolt. It seems that raw pointer checks can just be cast away without some kind of unsafe block.

#feature on safety

void fn(void) safe {
    int* p = new int(35);
    delete p;
    *(int^)p = 5315313; 
    delete p;
}

fuhsnn avatar Jul 13 '24 08:07 fuhsnn