From 74026cd277295013dd6876ee7874b2dc6fab0140 Mon Sep 17 00:00:00 2001 From: ISSOtm Date: Tue, 12 Mar 2024 23:59:05 +0100 Subject: [PATCH] Fix a reference being used after being invalidated Your classic use-after-free bug. --- src/link/assign.cpp | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/src/link/assign.cpp b/src/link/assign.cpp index 2006c502e1..7571e8054d 100644 --- a/src/link/assign.cpp +++ b/src/link/assign.cpp @@ -250,8 +250,11 @@ static void placeSection(Section §ion) { .size = (uint16_t)(freeSpace.address + freeSpace.size - section.org - section.size)} ); + // **`freeSpace` cannot be reused from this point on**, because `bankMem.insert` + // invalidates all references to itself! + // Resize the original space (address is unmodified) - freeSpace.size = section.org - freeSpace.address; + bankMem[spaceIdx].size = section.org - bankMem[spaceIdx].address; } else { // The amount of free spaces doesn't change: resize! freeSpace.size -= section.size;