Merge pull request #32 from ossf/edit-memory-safety-definition-2

adds second kind of use after free

docs/definitions.md

@@ -13,7 +13,7 @@ A memory safe by default language prevents (by default) common memory safety vul
 * Buffer overflow
 * Buffer over-read
 * Invalid page fault
-* Use after free
+* Use after free[^1]
 
 **Uninitialized variables (variable that has not been assigned a value is used)**
 
@@ -45,3 +45,5 @@ Some memory safe by default languages prevent data races (such as Rust), but oth
 "In computer programming, undefined behavior (informally "UB") refers to computer code whose behavior is not specified by the programming language standard under certain conditions.
 
 The standards for some languages, most notably C and C++, leave certain aspects undefined, meaning the standard imposes no requirements whatsoever on the outcome. Implementations may regard such actions as erroneous, diagnosing them or not as they see fit, or may specify that they behave in some possibly-useful fashion without regard for whether the Standard requires them to do so."
+
+[^1]: This definition refers to a use after free error with regard to memory allocation and pointers. However, in this SIG's discusssions, we also realized there is a different kind of use after free error that can occur due to the improper sharing of heap objects where objects may be accessed on the heap level after they are freed on the object level. These errors are also relevant to memory safety. Please see [ossf/Memory-Safety #29)](https://github.com/ossf/Memory-Safety/issues/29) for more discussion.