7 Mar
2006
7 Mar
'06
3:05 a.m.
In polyfill.c::image_polyfill line 817 polyfill_add is called and if that fails polyfill_free is done. However, polyfill_add also calls polyfill_free internally on the same argument.
At a glance it looks like both could happen on the same pointer in sequence.