office-gobmx/external/mdds/use-after-free.patch

--- include/mdds/flat_segment_tree_def.inl
+++ include/mdds/flat_segment_tree_def.inl
@@ -84,8 +84,8 @@
         // Move on to the next destination node, and have the next node point
         // back to the previous node.
         node_ptr old_node = dest_node;
+        dest_node->next->prev = old_node;
         dest_node = dest_node->next;
-        dest_node->prev = old_node;
 
         if (src_node == r.m_right_leaf.get())
         {