From a09ac5359b9947fce9b47d4d045dc6799d5f35dd Mon Sep 17 00:00:00 2001
From: Alain BKR <alain.baeckeroot@laposte.net>
Date: Fri, 5 May 2023 09:05:19 +0200
Subject: [PATCH] fix out of bounds on cargo iter   see :
 https://osdn.net/projects/freeciv/ticket/47982

---
 common/unit.c | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/common/unit.c b/common/unit.c
index 51ee0b1a6..0d5d2ca08 100644
--- a/common/unit.c
+++ b/common/unit.c
@@ -2460,11 +2460,11 @@ static void *cargo_iter_get(const struct iterator *it)
 static void cargo_iter_next(struct iterator *it)
 {
   struct cargo_iter *iter = CARGO_ITER(it);
-  const struct unit_list_link *piter = iter->links[iter->depth - 1];
+  const struct unit_list_link *piter;
   const struct unit_list_link *pnext;
 
   /* Variant 1: unit has cargo. */
-  pnext = unit_list_head(unit_transport_cargo(unit_list_link_data(piter)));
+  pnext = unit_list_head(unit_transport_cargo(cargo_iter_get(it)));
   if (NULL != pnext) {
     fc_assert(iter->depth < ARRAY_SIZE(iter->links));
     iter->links[iter->depth++] = pnext;
@@ -2472,6 +2472,8 @@ static void cargo_iter_next(struct iterator *it)
   }
 
   while (iter->depth > 0) {
+    piter = iter->links[iter->depth - 1];
+
     /* Variant 2: there are other cargo units at same level. */
     pnext = unit_list_link_next(piter);
     if (NULL != pnext) {
@@ -2480,7 +2482,7 @@ static void cargo_iter_next(struct iterator *it)
     }
 
     /* Variant 3: return to previous level, and do same tests. */
-    piter = iter->links[iter->depth-- - 2];
+    iter->depth--;
   }
 }
 
-- 
2.34.1