From b7ab3b39842a9cbe91776147359963feb92073bf Mon Sep 17 00:00:00 2001
From: Sylvain Becker <sylvain.becker@gmail.com>
Date: Wed, 23 Oct 2019 08:50:57 +0200
Subject: [PATCH] Fixed bug 4838 - Use after free in SDL_JoystickUpdate
 (Thanks!)

---
 src/joystick/SDL_joystick.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/src/joystick/SDL_joystick.c b/src/joystick/SDL_joystick.c
index 919d23d92..dfbdfeb5c 100644
--- a/src/joystick/SDL_joystick.c
+++ b/src/joystick/SDL_joystick.c
@@ -1018,7 +1018,7 @@ void
 SDL_JoystickUpdate(void)
 {
     int i;
-    SDL_Joystick *joystick;
+    SDL_Joystick *joystick, *next;
 
     if (!SDL_WasInit(SDL_INIT_JOYSTICK)) {
         return;
@@ -1074,7 +1074,8 @@ SDL_JoystickUpdate(void)
     SDL_updating_joystick = SDL_FALSE;
 
     /* If any joysticks were closed while updating, free them here */
-    for (joystick = SDL_joysticks; joystick; joystick = joystick->next) {
+    for (joystick = SDL_joysticks; joystick; joystick = next) {
+        next = joystick->next;
         if (joystick->ref_count <= 0) {
             SDL_JoystickClose(joystick);
         }