Good morning! Sorry to bother you. I notice that CVE-2022-42915 is a double free vulnerability. So the introduce commit should include two free operation. But the commit 51c0ebcff2140c3 [1] in the website [2] only has one free operation in lib/http_proxy.c. And I found the 14a2ca85ec [3] has two free operation because it's latter than 51c0ebcff2140c3. So I want to know the reason why 51c0ebcff2140c3 is the vulnerability introduce commit?
Thanks for your time! [1] https://github.com/curl/curl/commit/51c0ebcff2140c3 [2] https://curl.se/docs/CVE-2022-42915.html [3] https://github.com/curl/curl/commit/14a2ca85ec -- Unsubscribe: https://lists.haxx.se/mailman/listinfo/curl-library Etiquette: https://curl.se/mail/etiquette.html
