From 149db9a0228a08760fb0b8d080b359e1c36fed67 Mon Sep 17 00:00:00 2001
From: ISSOtm <eldredhabert0@gmail.com>
Date: Thu, 30 Jul 2020 19:57:45 +0200
Subject: [PATCH] Fix incorrect freeing of expansions

Freeing an expansion should free its children, not its siblings...
Fixes a use-after-free reported by scan-build. Nice catch!
---
 src/asm/lexer.c | 15 +++++++++------
 1 file changed, 9 insertions(+), 6 deletions(-)

diff --git a/src/asm/lexer.c b/src/asm/lexer.c
index 8ae6300e..6fcccb6f 100644
--- a/src/asm/lexer.c
+++ b/src/asm/lexer.c
@@ -553,13 +553,16 @@ static void beginExpansion(size_t distance, uint8_t skip,
 
 static void freeExpansion(struct Expansion *expansion)
 {
-	do {
-		struct Expansion *next = expansion->next;
+	struct Expansion *child = expansion->firstChild;
 
-		free(expansion->name);
-		free(expansion);
-		expansion = next;
-	} while (expansion);
+	while (child) {
+		struct Expansion *next = child->next;
+
+		freeExpansion(child);
+		child = next;
+	}
+	free(expansion->name);
+	free(expansion);
 }
 
 /* If at any point we need more than 255 characters of lookahead, something went VERY wrong. */