From 08066d46927a470396d874a52537f8b652f76998 Mon Sep 17 00:00:00 2001 From: Eldred Habert Date: Wed, 13 Mar 2024 03:19:01 +0100 Subject: [PATCH] Fix a reference being used after being invalidated (#1352) Your classic use-after-free bug. --- src/link/assign.cpp | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/src/link/assign.cpp b/src/link/assign.cpp index 2006c502..7571e805 100644 --- a/src/link/assign.cpp +++ b/src/link/assign.cpp @@ -250,8 +250,11 @@ static void placeSection(Section §ion) { .size = (uint16_t)(freeSpace.address + freeSpace.size - section.org - section.size)} ); + // **`freeSpace` cannot be reused from this point on**, because `bankMem.insert` + // invalidates all references to itself! + // Resize the original space (address is unmodified) - freeSpace.size = section.org - freeSpace.address; + bankMem[spaceIdx].size = section.org - bankMem[spaceIdx].address; } else { // The amount of free spaces doesn't change: resize! freeSpace.size -= section.size;