From fe2d8faed97a8d5463c81038bfe3bc82d76a1e88 Mon Sep 17 00:00:00 2001
From: Alex Smith <ais523@nethack4.org>
Date: Sun, 3 Dec 2023 00:49:45 +0000
Subject: [PATCH] Fix for use-after-free in supply chest generation

---
 src/mklev.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/src/mklev.c b/src/mklev.c
index 6264cacf2..a5fea6c8a 100644
--- a/src/mklev.c
+++ b/src/mklev.c
@@ -938,6 +938,7 @@ fill_ordinary_room(struct mkroom *croom, boolean bonus_items)
             supply_chest->olocked = !!(rn2(6));
 
             int tryct = 0;
+            boolean cursed;
             do {
                 int otyp;
                 /* 50% this is a potion of healing */
@@ -960,6 +961,7 @@ fill_ordinary_room(struct mkroom *croom, boolean bonus_items)
                 otmp = mksobj(otyp, TRUE, FALSE);
                 if (otyp == POT_HEALING && rn2(2))
                     otmp->quan = 2;
+                cursed = otmp->cursed;
                 add_to_container(supply_chest, otmp);
 
                 ++tryct;
@@ -971,7 +973,7 @@ fill_ordinary_room(struct mkroom *croom, boolean bonus_items)
                    probability of more; if we generate a cursed item, it's
                    added to the supply chest but we reroll for a noncursed
                    item and add that too */
-            } while (otmp->cursed || !rn2(5));
+            } while (cursed || !rn2(5));
 
             /* maybe put a random item into the supply chest, biased
                slightly towards low-level spellbooks; avoid tools