"...ceder-1616-generations-topgit.git" did not exist on "4ba325ff5cc38e3cf5c205fb4da60c0fb1ba2dac"
-
Tobias S. Josefowitz authoredIf the needle supplied to array_search() was a destructed object, array_search() would convert it to (PIKE_T_INT,NUMBER_DESTRUCTED)-type 0 in-place. Since array_search() is sometimes called with the needle residing in another array - for example when ORing arrays - this would introduce PIKE_T_INT items into such arrays without reflecting this in said array's type_field. If the type_field would then later on (still) only have BIT_OBJECT set, we would call free_object() on the thus introduced PIKE_T_INT when freeing array items, leading straight to a segmentation fault.
Tobias S. Josefowitz authoredIf the needle supplied to array_search() was a destructed object, array_search() would convert it to (PIKE_T_INT,NUMBER_DESTRUCTED)-type 0 in-place. Since array_search() is sometimes called with the needle residing in another array - for example when ORing arrays - this would introduce PIKE_T_INT items into such arrays without reflecting this in said array's type_field. If the type_field would then later on (still) only have BIT_OBJECT set, we would call free_object() on the thus introduced PIKE_T_INT when freeing array items, leading straight to a segmentation fault.