From 2f39fe787af5d2a31da724cdb85b764e8d54c156 Mon Sep 17 00:00:00 2001
From: Adrian Siekierka <kontakt@asie.pl>
Date: Sat, 26 Sep 2020 11:31:18 +0200
Subject: [PATCH] Fix use-after-free between C3Di_RenderTargetDestroy and
 C3D_RenderTargetSetOutput

---
 source/renderqueue.c | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/source/renderqueue.c b/source/renderqueue.c
index 69e539d..74741bb 100644
--- a/source/renderqueue.c
+++ b/source/renderqueue.c
@@ -339,10 +339,17 @@ C3D_RenderTarget* C3D_RenderTargetCreateFromTex(C3D_Tex* tex, GPU_TEXFACE face,
 
 void C3Di_RenderTargetDestroy(C3D_RenderTarget* target)
 {
+	int i;
+
 	if (target->ownsColor)
 		vramFree(target->frameBuf.colorBuf);
 	if (target->ownsDepth)
 		vramFree(target->frameBuf.depthBuf);
+	for (i = 0; i < 3; i ++)
+	{
+		if (linkedTarget[i] == target)
+			linkedTarget[i] = NULL;
+	}
 
 	C3D_RenderTarget** prevNext = target->prev ? &target->prev->next : &firstTarget;
 	C3D_RenderTarget** nextPrev = target->next ? &target->next->prev : &lastTarget;