From c2f7fb7d841eb170dbdd0c3bd37e85472aea26d6 Mon Sep 17 00:00:00 2001
From: Pasi Kallinen <paxed@alt.org>
Date: Mon, 11 Nov 2019 18:46:14 +0200
Subject: [PATCH] Fix heap-use-after-free

bcsign was used on a freed obj
---
 src/muse.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/muse.c b/src/muse.c
index ffaf63ab6..772a01777 100644
--- a/src/muse.c
+++ b/src/muse.c
@@ -2497,8 +2497,8 @@ boolean by_you; /* true: if mon kills itself, hero gets credit/blame */
             vis = FALSE;       /* skip makeknown() below */
             res = FALSE;       /* failed to cure sliming */
         } else {
-            m_useup(mon, obj); /* before explode() */
             dmg = (2 * (rn1(3, 3) + 2 * bcsign(obj)) + 1) / 3;
+            m_useup(mon, obj); /* before explode() */
             /* -11 => monster's fireball */
             explode(mon->mx, mon->my, -11, dmg, SCROLL_CLASS,
                     /* by_you: override -11 for mon but not others */