From 30a56b0bf2937c2d34677d17c449f6402137fc12 Mon Sep 17 00:00:00 2001
From: GAMMACASE <31375974+GAMMACASE@users.noreply.github.com>
Date: Fri, 15 Aug 2025 17:24:38 +0300
Subject: [PATCH] Fix use after free in
 CKeyValues3Context::PurgeClusterNodeChain

---
 public/tier1/keyvalues3.h | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/public/tier1/keyvalues3.h b/public/tier1/keyvalues3.h
index 7d9f7bcf..d45ac4d2 100644
--- a/public/tier1/keyvalues3.h
+++ b/public/tier1/keyvalues3.h
@@ -1612,8 +1612,11 @@ inline void CKeyValues3ContextBase::NodeList<NODE>::Purge()
 template<typename CLUSTER>
 inline void CKeyValues3Context::PurgeClusterNodeChain( ClusterNodeChain<CLUSTER> &cluster_node )
 {
-	for(auto node = cluster_node.m_pTail; node; node = node->GetPrev())
+	CLUSTER *prev = nullptr;
+	for(auto node = cluster_node.m_pTail; node; node = prev)
 	{
+		prev = node->GetPrev();
+
 		if(node->IsAllocatedOnHeap())
 		{
 			node->Purge();