An uninitialized pointer is freed by proving a malformed IOCA file with a size_Y of zero. What happens normally is that there is an initialization routine that iterates from size_Y to 0. Initializing the table_mys_rgb table. Then later during the cleanup routine, in delete_table_mys_rgb_ptr it’ll call the delete operator which leads to a free on an index into the table. When you provide a file with size_Y as 0, the initialization loop never assigns a pointer here. Leading to an arbitrary free.