_We have our boxednode on the stack, and we've extracted the element from it. If we were to return at this point, the Box would be dropped, and the node would be freed. Do you see it now..? self.back is still pointing at that freed node! Once we implement the rest of our collection and start using self.back for things, this could result in a use-after-free!
If the user just calls the API of this list, it is impossible to get to this situation.
in https://rust-unofficial.github.io/too-many-lists/sixth-panics.html, it says that the line
debug_assert!(self.len == 1);can cause problem.
How?
There is a paragraph below to explain the cause:
_We have our boxednode on the stack, and we've extracted the element from it. If we were to return at this point, the Box would be dropped, and the node would be freed. Do you see it now..? self.back is still pointing at that freed node! Once we implement the rest of our collection and start using self.back for things, this could result in a use-after-free!
If the user just calls the API of this list, it is impossible to get to this situation.