found with verus - pretty excited about using verus lol
> target/debug/tursodb -q :memory: "WITH t(x) AS (VALUES (1),(2)) SELECT median(x) OVER (ORDER BY x) FROM t;"
[1] 4358 segmentation fault target/debug/tursodb -q :memory:
llm info with asan:
after finalize frees the Vec state, the second Median_step treats stale memory as a live Vec and tries to push into a
garbage data pointer. That is classic UAF/wild pointer behavior. ASan did not label it neatly as heap-use-after-free; it saw the later wild-
pointer read/write crash. The LLDB call order proves the ownership violation.
found with verus - pretty excited about using verus lol
llm info with asan:
after finalize frees the Vec state, the second Median_step treats stale memory as a live Vec and tries to push into a
garbage data pointer. That is classic UAF/wild pointer behavior. ASan did not label it neatly as heap-use-after-free; it saw the later wild-
pointer read/write crash. The LLDB call order proves the ownership violation.