Two use-after-free bugs.
Jeremy Allison
jallison at ciq.com
Thu Mar 19 21:33:03 CET 2026
To give more context. I was tracking down a use-after free bug that
appeared to be in libgmp, and found these problems and incorrectly
identified them as the cause. I thought it important enough to report,
but then after your evaluation found the actual root cause, which was
not in libgmp. The discovery and your email crossed in the post as it
were.
On Thu, Mar 19, 2026 at 1:30 PM Jeremy Allison <jallison at ciq.com> wrote:
>
> I was incorrect about the use-after free. Please accept my apologies.
> Your evaluation downgraded
> the issue to a cleanliness issue.
>
> On Thu, Mar 19, 2026 at 1:26 PM Torbjörn Granlund <tg at gmplib.org> wrote:
> >
> > Jeremy Allison <jallison at ciq.com> writes:
> >
> > On Wed, Mar 18, 2026 at 5:15 PM <marco.bodrato at tutanota.com> wrote:
> > >
> > > Ciao,
> > >
> > > the subject is "use after free", can you show a piece of code that triggers this bug?
> >
> > No, this concerns code cleanliness. Defensiveness if you like.
> >
> > Let me get this straight.
> >
> > You shout about use-after-free bugs to get attention for a purported
> > cleanliness patch?
> >
> > I am unimpressed.
> >
> > --
> > Torbjörn
> > Please encrypt, key id 0xC8601622
More information about the gmp-bugs
mailing list