From 7cf4d4b01e8a4f8f3618b71ac3f8eb55b8a2ddfe Mon Sep 17 00:00:00 2001
From: wmayer <wmayer@users.sourceforge.net>
Date: Tue, 23 Feb 2021 14:30:00 +0100
Subject: [PATCH] App: [skip ci] AddressSanitizer: heap-use-after-free

In Document::removeObject() do not access object after it has been possibly deleted
---
 src/App/Document.cpp | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/src/App/Document.cpp b/src/App/Document.cpp
index 3c9cfc041b..bcbf6b3849 100644
--- a/src/App/Document.cpp
+++ b/src/App/Document.cpp
@@ -4157,6 +4157,11 @@ void Document::removeObject(const char* sName)
         TipName.setValue("");
     }
 
+    // remove the ID before possibly deleting the object
+    d->objectIdMap.erase(pos->second->_Id);
+    // Unset the bit to be on the safe side
+    pos->second->setStatus(ObjectStatus::Remove, false);
+
     // do no transactions if we do a rollback!
     std::unique_ptr<DocumentObject> tobedestroyed;
     if (!d->rollback) {
@@ -4180,8 +4185,6 @@ void Document::removeObject(const char* sName)
         }
     }
 
-    pos->second->setStatus(ObjectStatus::Remove, false); // Unset the bit to be on the safe side
-    d->objectIdMap.erase(pos->second->_Id);
     d->objectMap.erase(pos);
 }