Double free in final code when creating split on the first element of the list

rust-unofficial / too-many-lists

Learn Rust by writing Entirely Too Many linked lists

https://rust-unofficial.github.io/too-many-lists/

MIT License

3.12k stars 276 forks source link

Double free in final code when creating split on the first element of the list #300

Open irbull opened 1 month ago

irbull commented 1 month ago

I am getting a double free when splitting on the first element in the list:

    #[test]
    fn test_double_free() {
        let mut list = LinkedList::new();
        list.push_back(7);
        list.push_back(8);
        list.push_back(9);

        let mut cur = list.cursor_mut();
        cur.move_next();
        cur.split_before();
    }

(╯°□°)╯︵ ┻━┻

irbull commented 1 month ago

The bug is when you are pointing at the first node and you call split_before

        // We have this:
        //
        //     list.front -> A <-> B <-> C <-> D <- list.back
        //                   ^
        //                  cur
        //
        //
        // And we want to produce this:
        //
        //     list.front -> A -> C <-> D <- list.back
        //                   ^
        //                  cur
        //
        //
        //    return.front -> None <- return.back

We don't set front and back to None in this case. The length is right (it's 0), but front and back point to a node.