From 22d26b76537f0f347e39a469f19746a43e83a086 Mon Sep 17 00:00:00 2001
From: janne-hmp <janne.gustafsson@hyvanmielenpelit.fi>
Date: Thu, 14 Dec 2023 20:01:26 +0200
Subject: [PATCH] Saving a bones file should not free memory; the function
 really_done will be using that information after the call to savebones,
 resulting in a heap-use-after-free error (and possibly later in a double-free
 in nh_terminate if things get that far).

---
 src/bones.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/bones.c b/src/bones.c
index 90a2c314b..21ba9fb38 100644
--- a/src/bones.c
+++ b/src/bones.c
@@ -576,7 +576,7 @@ savebones(int how, time_t when, struct obj *corpse)
     }
     c = (char) (strlen(bonesid) + 1);
 
-    nhfp->mode = WRITING | FREEING;
+    nhfp->mode = WRITING;
     store_version(nhfp);
     store_savefileinfo(nhfp);
     if (nhfp->structlevel) {