Is there a link to the blog somewhere?

Excellent catch! Added validation for the new params

Thanks for the tip! Updated

By adding the return statement you pass the ownership of the string back to main. The unmodified function just took the ownership of the string and deallocated it after printing. Hope this helps

Conspiracy theory: the workgroup found an RCE vulnerability and assigned it identifier CLN-002 but never disclosed it to public and instead sold it to (CIA|DHL|MiB)