When assigning priority for a bug, we had an internal discussion whether in C++ deleting an object more than once can result in code execution if the pointer to object can be corrupted. For the objects having virtual destructor the answer seem to be obvious here.
However what is not obvious whether this could be exploited for code execution when a deleted object is either a standard type (i.e. long
), an array, or an instance of a class which does not have virtual table.
Can this situation result in code execution on any existing popular implementations?