From 6dfd49a3b96161c18c95cf29c6d03ae8f607a592 Mon Sep 17 00:00:00 2001
From: "X.organic" <dilithium.no3@protonmail.com>
Date: Sat, 3 Sep 2022 02:58:47 +0000
Subject: [PATCH] Fix use-after-frees around mobjs

# Conflicts:
#	src/p_enemy.c
#	src/p_mobj.c
#	src/p_saveg.c
#	src/p_tick.c
---
 src/k_kart.c  | 2 +-
 src/p_mobj.c  | 3 ++-
 src/p_saveg.c | 6 +++---
 3 files changed, 6 insertions(+), 5 deletions(-)

diff --git a/src/k_kart.c b/src/k_kart.c
index 269d45d06..5683baa6f 100644
--- a/src/k_kart.c
+++ b/src/k_kart.c
@@ -6701,7 +6701,7 @@ static void K_MoveHeldObjects(player_t *player)
 							targz += (player->mo->height/2 - 32*player->mo->scale)*6;
 					}
 
-					if (cur->tracer)
+					if (cur->tracer && !P_MobjWasRemoved(cur->tracer))
 					{
 						fixed_t diffx, diffy, diffz;
 
diff --git a/src/p_mobj.c b/src/p_mobj.c
index c4c9b7962..b541744b3 100644
--- a/src/p_mobj.c
+++ b/src/p_mobj.c
@@ -10345,7 +10345,7 @@ mobj_t *P_SpawnMobj(fixed_t x, fixed_t y, fixed_t z, mobjtype_t type)
 				mobj_t *side = P_SpawnMobj(mobj->x + FINECOSINE((ang>>ANGLETOFINESHIFT) & FINEMASK),
 					mobj->y + FINESINE((ang>>ANGLETOFINESHIFT) & FINEMASK), mobj->z, MT_DAYTONAPINETREE_SIDE);
 				P_InitAngle(side, ang);
-				side->target = mobj;
+				P_SetTarget(&side->target, mobj);
 				side->threshold = i;
 			}
 			break;
@@ -10762,6 +10762,7 @@ void P_RemoveSavegameMobj(mobj_t *mobj)
 
 	// free block
 	P_RemoveThinker((thinker_t *)mobj);
+	R_RemoveMobjInterpolator(mobj);
 }
 
 static CV_PossibleValue_t respawnitemtime_cons_t[] = {{1, "MIN"}, {300, "MAX"}, {0, NULL}};
diff --git a/src/p_saveg.c b/src/p_saveg.c
index 72101fc9c..e657da154 100644
--- a/src/p_saveg.c
+++ b/src/p_saveg.c
@@ -4193,21 +4193,21 @@ static void P_RelinkPointers(void)
 		{
 			temp = (UINT32)(size_t)mobj->hnext;
 			mobj->hnext = NULL;
-			if (!(mobj->hnext = P_FindNewPosition(temp)))
+			if (!P_SetTarget(&mobj->hnext, P_FindNewPosition(temp)))
 				CONS_Debug(DBG_GAMELOGIC, "hnext not found on %d\n", mobj->type);
 		}
 		if (mobj->hprev)
 		{
 			temp = (UINT32)(size_t)mobj->hprev;
 			mobj->hprev = NULL;
-			if (!(mobj->hprev = P_FindNewPosition(temp)))
+			if (!P_SetTarget(&mobj->hprev, P_FindNewPosition(temp)))
 				CONS_Debug(DBG_GAMELOGIC, "hprev not found on %d\n", mobj->type);
 		}
 		if (mobj->itnext)
 		{
 			temp = (UINT32)(size_t)mobj->itnext;
 			mobj->itnext = NULL;
-			if (!(mobj->itnext = P_FindNewPosition(temp)))
+			if (!P_SetTarget(&mobj->itnext, P_FindNewPosition(temp)))
 				CONS_Debug(DBG_GAMELOGIC, "itnext not found on %d\n", mobj->type);
 		}
 		if (mobj->terrain)