mount_image.c: don't read freed memory in release_extra_refcnts()

diff --git a/src/mount_image.c b/src/mount_image.c
index a7dc82a17effae690f2da278dd51dc71f3d3198d..ac993e17b2f7f54cc366780832c84b30ee5a865a 100644 (file)
--- a/src/mount_image.c
+++ b/src/mount_image.c
@@ -1193,9 +1193,11 @@ release_extra_refcnts(struct wimfs_context *ctx)
        struct wim_lookup_table *lookup_table = ctx->wim->lookup_table;
        struct wim_lookup_table_entry *lte, *tmp;
 
-       list_for_each_entry_safe(lte, tmp, list, orig_stream_list)
-               while (lte->out_refcnt--)
+       list_for_each_entry_safe(lte, tmp, list, orig_stream_list) {
+               u32 n = lte->out_refcnt;
+               while (n--)
                        lte_decrement_refcnt(lte, lookup_table);
+       }
 }
 
 /* Moves the currently selected image, which may have been modified, to a new