Index: usr.sbin/makefs/mtree.c
===================================================================
--- usr.sbin/makefs/mtree.c
+++ usr.sbin/makefs/mtree.c
@@ -783,12 +783,14 @@
 			free(node->inode);
 			node->inode = curino;
 			node->inode->nlink++;
+			/* Reset st to avoid UAF when updating size below. */
+			st = &node->inode->st;
 		}
 	}
 
 	free(node->contents);
 	node->contents = name;
-	st->st_size = sb.st_size;
+	st->st_size = sb.st_size; /* XXX: or node->inode->st to avoid UAF */
 	return (0);
 }