Hi, there is a potential use-after-free bug, please check and confirm if it's real
In the file mysql/mysys/my_malloc.c and the _myrealloc function, the variable oldpoint free at line 100 and return it to the caller. The path conditions of these two branches can be satisfied simultaneously.
if (my_flags & MY_FREE_ON_ERROR) //line 109
my_free(oldpoint); // line 110
if (my_flags & MY_HOLD_ON_ERROR)//111
DBUG_RETURN(oldpoint);/112
The function _myfree is at line 130 in the same file.
Hi, there is a potential use-after-free bug, please check and confirm if it's real
In the file mysql/mysys/my_malloc.c and the _myrealloc function, the variable oldpoint free at line 100 and return it to the caller. The path conditions of these two branches can be satisfied simultaneously.
The function _myfree is at line 130 in the same file.
Thank you Ryan