https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70481
--- Comment #2 from Marcel Böhme <boehme.marcel at gmail dot com> --- These are two distinct bugs. During fuzzing the btypevec bug appears more often. But it seemed less critical since only NULL is written to the freed memory: work -> btypevec[ret] = NULL; On the other hand, the ktypevec bug allows to write arbitrary content to the freed memory: work -> ktypevec[work -> numk++] = tem; where tem is "cafebabe." I used a more efficient version of the AFL fuzzer. Interestingly, I submitted the same patch: https://gcc.gnu.org/ml/gcc-patches/2016-03/msg01687.html
