From 5e4ae41113e63004bd131010853e5265b31302d3 Mon Sep 17 00:00:00 2001 From: Squibid Date: Sun, 7 Sep 2025 00:29:05 -0400 Subject: [PATCH] fix(ll): prevent use after free when removing items from any type of ll --- ds.c | 74 ++++++++++++++++++++++++++---------------------------------- 1 file changed, 32 insertions(+), 42 deletions(-) diff --git a/ds.c b/ds.c index a491144..53ef37b 100644 --- a/ds.c +++ b/ds.c @@ -92,27 +92,22 @@ void return NULL; } - for (i = -1, cur = *ll; cur; i++, cur = cur->next) { - if (i + 1 == idx) { - if (idx == 0) { - rm = cur; - if (!rm) { - return NULL; - } - *ll = cur->next; - } else { + if (idx == 0) { + rm = *ll; + *ll = rm->next; + } else { + for (i = -1, cur = *ll; cur; i++, cur = cur->next) { + if (idx == i + 1) { rm = cur->next; - if (!rm) { - return NULL; - } - cur->next = cur->next->next; + break; } - break; } - } - if (!rm) { - return NULL; + if (!rm) { + return NULL; + } + + cur->next = rm->next; } data = rm->data; @@ -132,33 +127,28 @@ void return NULL; } - for (i = -1, cur = *ll; cur; i++, cur = cur->next) { - if (i + 1 == idx) { - if (idx == 0) { - rm = cur; - if (!rm) { - return NULL; - } - if (cur->next) { - cur->next->prev = NULL; - *ll = cur->next; - } - } else { - rm = cur->next; - if (!rm) { - return NULL; - } - cur->next = cur->next->next; - if (cur->next) { - cur->next->prev = cur; - } - } - break; + if (idx == 0) { + rm = *ll; + *ll = rm->next; + if (rm->next) { + rm->next->prev = NULL; + } + } else { + for (i = 0, cur = *ll; cur; i++, cur = cur->next) { + if (i == idx) { + rm = cur; + break; + } } - } - if (!rm) { - return NULL; + if (!rm) { + return NULL; + } + + rm->prev->next = rm->next; + if (rm->next) { + rm->next->prev = rm->prev; + } } data = rm->data;