Binpac double free in the generated code

Description

I'm trying to create a parser for a simple protocol, described by the following types:

but the code that binpac generates when compiling the .pac is wrong.
In fact if you try to run the parser you'll get an error during a call to the free() function (double free).

If you look to the code that was generated, you'll find the following:

So basically here the problem is in the deconstructor of Test_PDU.
When the deconstructor is called, the content of the bytestring (that is bytestring.data) field+elem, points to the content of the bytestring of the last element of the vector field_. In fact when field_elem is pushed into the vector in the for loop the object is copied (but of course there is not a deep copy, so bytestring.data points to the same buffer in both objects).
So when the deconstructor tries to free the last element of the vector, it gets the double free error since the buffer bytestring.data was already freed by field+elem.free().
The .pac file used is attached.

Environment

None

Assignee

Unassigned

Reporter

lorenzo simionato

Labels

None

External issue ID

252

Components

Affects versions

Priority

Normal
Configure