From 2a87474e3c7b93fa03e6a2f44dcd8e8b9934310c Mon Sep 17 00:00:00 2001
From: baldurk <baldurk@baldurk.org>
Date: Wed, 3 Sep 2025 09:39:38 +0100
Subject: [PATCH] Fix use-after-modify when adding new key as subset of old key

---
 renderdoc/core/rdcbytetrie.h | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/renderdoc/core/rdcbytetrie.h b/renderdoc/core/rdcbytetrie.h
index 3f037a521..57e631c45 100644
--- a/renderdoc/core/rdcbytetrie.h
+++ b/renderdoc/core/rdcbytetrie.h
@@ -457,16 +457,19 @@ private:
       Key prefixAfter = prefix.ExclusiveSuffixAfter(search.size);
       Key prefixBefore = prefix.ExclusivePrefixBefore(search.size);
 
-      // the current node will be appended on after, so truncate its key
+      // the current node will be appended on as a child, it will truncate its key to prefixAfter
       NodeOrLeaf *oldRoot = root;
-      oldRoot->SetPrefix(prefixAfter);
 
       // create a new node with the prefix before
       // this can be a small2 node as we only need one child so far
       SmallNode<2> *newRoot = MakeNode<SmallNode<2>>();
-      newRoot->SetPrefix(prefixBefore);
       root = newRoot;
 
+      // set new root prefix first as this copies into the node, both prefixBefore and prefixAfter
+      // reference subsets of the old prefix (which is stored in oldRoot)
+      newRoot->SetPrefix(prefixBefore);
+      oldRoot->SetPrefix(prefixAfter);
+
       // the old root is appended on after the right child
       newRoot->childBytes[0] = firstExtraKeyByte;
       newRoot->children[0] = oldRoot;