I know this thread is old, but Google brought me here. I have been cutting code for decades and wrote far more C than I care to admit, yet I still don’t understand the dangers of double-free. I have read that it is undefined, that the program may or may not crash, that the world could end, etc. Is the problem in the free() implementation in that it cannot handle being called with a pointer to free memory? If so, that would seem like a simple fix in the library. But here we are, decades later, and it is still a problem, so I clearly misunderstand.

Yes, I know that double free is bad form. I know that dereferencing freed memory is a problem, as is out-of-bounds access, but what specifically about the call to free() with a previously freed pointer causes so much chaos?