From b03ef98753b041a302bd27f4bc8863495e95ddf7 Mon Sep 17 00:00:00 2001
From: "X.organic" <dilithium.no3@protonmail.com>
Date: Sat, 3 Sep 2022 02:58:47 +0000
Subject: [PATCH] Fix use-after-frees around mobjs

# Conflicts:
#	src/k_kart.c
#	src/p_enemy.c
#	src/p_mobj.c
#	src/p_saveg.c
#	src/p_tick.c
---
 src/p_mobj.c | 1 +
 src/r_fps.c  | 2 +-
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/p_mobj.c b/src/p_mobj.c
index 9bb68b1e8..f6519d436 100644
--- a/src/p_mobj.c
+++ b/src/p_mobj.c
@@ -11240,6 +11240,7 @@ void P_RemoveSavegameMobj(mobj_t *mobj)
 
 	// free block
 	P_RemoveThinker((thinker_t *)mobj);
+	R_RemoveMobjInterpolator(mobj);
 }
 
 static CV_PossibleValue_t respawnitemtime_cons_t[] = {{1, "MIN"}, {300, "MAX"}, {0, NULL}};
diff --git a/src/r_fps.c b/src/r_fps.c
index ae23b5d1b..2d30c9f01 100644
--- a/src/r_fps.c
+++ b/src/r_fps.c
@@ -725,7 +725,7 @@ void R_RemoveMobjInterpolator(mobj_t *mobj)
 
 	if (interpolated_mobjs_len == 0) return;
 
-	for (i = 0; i < interpolated_mobjs_len - 1; i++)
+	for (i = 0; i < interpolated_mobjs_len; i++)
 	{
 		if (interpolated_mobjs[i] == mobj)
 		{