safecode/test/mem_safety/use_after_free/use_after_free-002.c - llvm-archive - Git at Google

 /* Use after free of pointer a1 which is passed into p which frees
    the pointer only if it dereferences into a nonzero value. */

 #include <stdlib.h>

 char *p(char *ptr)
 {
   if (*ptr)
     free(ptr);
   return ptr;
 }

 int main()
 {
   char *a1, *a2;
   a1 = malloc(100);
   a2 = malloc(100);
   *a1 = 'c';
   *a2 = 0;
   a1 = p(a1);
   a2 = p(a2);
   *a1 = 'a';
   *a2 = 'b';
   free(a2);
   return 0;
 }
	/* Use after free of pointer a1 which is passed into p which frees
	the pointer only if it dereferences into a nonzero value. */

	#include <stdlib.h>

	char p(char ptr)
	{
	if (*ptr)
	free(ptr);
	return ptr;
	}

	int main()
	{
	char a1, a2;
	a1 = malloc(100);
	a2 = malloc(100);
	*a1 = 'c';
	*a2 = 0;
	a1 = p(a1);
	a2 = p(a2);
	*a1 = 'a';
	*a2 = 'b';
	free(a2);
	return 0;
	}