Fix heap free in __pntw_1dict

    * src/map.c(__pntw_1dict): when array is allocated in the heap, the primary
      address is kept in keys, but later vals is freed. This is clearly a bug,
      which can corrupt the heap in weird ways that are untraceable.

Signed-off-by: Nelson Ferreira <nelson.ferreira@ieee.org>

diff --git a/src/map.c b/src/map.c
index 2656975..ce2e749 100644 (file)
--- a/src/map.c
+++ b/src/map.c
@@ -2513,7 +2513,7 @@ __pntw_1dict(Lisp_Object dict, Lisp_Object fun,
 
        result = __dress_result(result_type, vals, len);
        if (UNLIKELY(leni == 0)) {
-               xfree(vals);
+               xfree(keys);
        }
        return result;
 }