On Sat, Apr 21, 2018 at 12:37 PM, Elijah Newren <new...@gmail.com> wrote: > Currently, all callers of unpack_trees() set o->src_index == o->dst_index. > Since we create a temporary index in o->result, then discard o->dst_index > and overwrite it with o->result, when o->src_index == o->dst_index it is > safe to just reuse o->src_index's split_index for o->result. However, > o->src_index and o->dst_index are specified separately in order to allow > callers to have these be different. In such a case, reusing > o->src_index's split_index for o->result will cause the split_index to be > shared. If either index then has entries replaced or removed, it will > result in the other index referring to free()'d memory. > > Signed-off-by: Elijah Newren <new...@gmail.com> > ---
Also, I probably shouldn't have made this look like part of my series (by marking it as "RFC PATCH v10 32.5/36"). It doesn't depend on my series and is an independently valuable bugfix, though to avoid breaking SZEDER and other split_index users, this patch should probably go in before my series does.
