From 566fc9f76a0ea323a93af275cdc29d8183c1e510 Mon Sep 17 00:00:00 2001
From: "Joseph C. Sible" <josephcsible@users.noreply.github.com>
Date: Thu, 25 Dec 2025 17:42:00 -0500
Subject: [PATCH] Fix two potential use-after-frees in monster's refcount code

---
 shmup.cpp | 18 +++++++++++-------
 1 file changed, 11 insertions(+), 7 deletions(-)

diff --git a/shmup.cpp b/shmup.cpp
index 1a4f1fff..ee0f8169 100644
--- a/shmup.cpp
+++ b/shmup.cpp
@@ -83,15 +83,10 @@ struct monster {
 
   void rebasePat(const shiftmatrix& new_pat, cell *tgt);
   
-  void remove_reference() {
-    refs--;
-    if(!refs) {
-      if(parent) parent->remove_reference();
-      delete this;
-      }
-    }
+  void remove_reference();
   
   void set_parent(monster *par) {
+    if(parent == par) return;
     if(parent) parent->remove_reference();
     parent = par;
     parent->refs++;
@@ -128,6 +123,15 @@ typedef multimap<cell*, monster*>::iterator mit;
 
 EX vector<monster*> active, nonvirtual, additional;
 
+void monster::remove_reference() {
+  refs--;
+  if(!refs) {
+    if(parent) parent->remove_reference();
+    nonvirtual.erase(std::remove(nonvirtual.begin(), nonvirtual.end(), this), nonvirtual.end());
+    delete this;
+    }
+  }
+
 cell *findbaseAround(shiftpoint p, cell *around, int maxsteps) {
 
   if(quotient || fake::split()) {