From 64a82e284dddabaeb549228380103b57dead32a6 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Sergi=20=C3=80lvarez=20i=20Capilla?= <pancake@nowsecure.com>
Date: Fri, 8 Apr 2022 20:39:43 +0200
Subject: [PATCH] Fix UAF in `aaef` ##crash

* Reported by @hdthky
* Reproducer: uaf-aef
* BountyID: e98ad92c-3a64-48fb-84d4-d13afdbcbdd7
---
 libr/core/canal.c | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/libr/core/canal.c b/libr/core/canal.c
index fb53e75fc3cc2..610cd22f219dd 100644
--- a/libr/core/canal.c
+++ b/libr/core/canal.c
@@ -5295,10 +5295,6 @@ R_API void r_core_anal_esil(RCore *core, const char *str, const char *target) {
 		arch = R2_ARCH_MIPS;
 	}
 
-	const char *sn = r_reg_get_name (core->anal->reg, R_REG_NAME_SN);
-	if (!sn) {
-		eprintf ("Warning: No SN reg alias for current architecture.\n");
-	}
 	r_reg_arena_push (core->anal->reg);
 
 	IterCtx ictx = { start, end, fcn, NULL };
@@ -5409,6 +5405,10 @@ R_API void r_core_anal_esil(RCore *core, const char *str, const char *target) {
 				goto repeat;
 			}
 		}
+		const char *sn = r_reg_get_name (core->anal->reg, R_REG_NAME_SN);
+		if (!sn) {
+			eprintf ("Warning: No SN reg alias for current architecture.\n");
+		}
 		if (sn && op.type == R_ANAL_OP_TYPE_SWI) {
 			r_strf_buffer (64);
 			r_flag_space_set (core->flags, R_FLAGS_FS_SYSCALLS);