2 files changed, 18 insertions, 2 deletions

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 308b119..0923cdc 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -7,6 +7,22 @@ and this project adheres to [Semantic Versioning](http://semver.org/).
 
 ## [Unreleased]
 
+### Fixed
+
+- MEMORY SAFETY. `interrupt::free` leaked the critical section making it
+  possible to access a `Mutex` when interrupts are enabled (see below). This has
+  been fixed by changing the signature of `interrupt::free`.
+
+``` rust
+static FOO: Mutex<bool> = Mutex::new(false);
+
+fn main() {
+    let cs = cortex_m::interrupt::free(|cs| cs);
+    // interrupts are enabled at this point
+    let foo = FOO.borrow(&cs);
+}
+```
+
 ## [v0.2.3] - 2017-04-11
 
 ### Fixed
diff --git a/src/interrupt.rs b/src/interrupt.rs
index a96b845..a4eac00 100644
--- a/src/interrupt.rs
+++ b/src/interrupt.rs
@@ -75,14 +75,14 @@ pub struct CriticalSection {
 /// This as also known as a "critical section".
 pub fn free<F, R>(f: F) -> R
 where
-    F: FnOnce(CriticalSection) -> R,
+    F: FnOnce(&CriticalSection) -> R,
 {
     let primask = ::register::primask::read();
 
     // disable interrupts
     disable();
 
-    let r = f(CriticalSection { _0: () });
+    let r = f(&CriticalSection { _0: () });
 
     // If the interrupts were active before our `disable` call, then re-enable
     // them. Otherwise, keep them disabled