From 14c386561afbfda4d34ff402df34f06d2f4358ed Mon Sep 17 00:00:00 2001
From: tkchia <tkchia@users.noreply.github.com>
Date: Mon, 1 Aug 2022 17:48:54 +0000
Subject: [PATCH] Fix use-after-free in Modula-2 middle-end's em_m2

Partly fixes https://github.com/davidgiven/ack/issues/262
---
 lang/m2/comp/scope.c | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/lang/m2/comp/scope.c b/lang/m2/comp/scope.c
index d80988d72..b2ef30626 100644
--- a/lang/m2/comp/scope.c
+++ b/lang/m2/comp/scope.c
@@ -112,10 +112,11 @@ static void chk_forw(struct def **pdf)
 	register struct def *df;
 
 	while ( (df = *pdf) ) {
-		if (df->df_kind == D_FORWTYPE) {
-			pdf = &df->df_nextinscope;
+		while (df->df_kind == D_FORWTYPE) {
+			register struct def *df2 = df->df_nextinscope;
+			pdf = NULL;
 			ForceForwardTypeDef(df);	/* removes df */
-			continue;
+			df = df2;
 		}
 		if (df->df_kind & (D_FORWARD|D_FORWMODULE)) {
 			/* These definitions must be found in
@@ -138,7 +139,8 @@ df->df_idf->id_text);
 						nextvisible(CurrVis);
 				register struct def *df1 = lookup(df->df_idf, ls->sc_scope, 0, 0);
 
-				*pdf = df->df_nextinscope;
+				if (pdf)
+					*pdf = df->df_nextinscope;
 	
 				if (! df1) {
 					if (df->df_kind == D_FORWMODULE) {