From a742be370f8206e509f09337159d323e7b92bc42 Mon Sep 17 00:00:00 2001
From: Bart Wiegmans <bartwiegmans@gmail.com>
Date: Mon, 6 Aug 2018 19:45:14 +0200
Subject: [PATCH] [FSA] Fix use-after-free in cleanup

If we cleanup the main thread (with it's per-thread FSA free list) after
cleaning up the FSA itself, that corresponds to a use-after-free, and we
should not.
---
 src/moar.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/src/moar.c b/src/moar.c
index c56981071b..c48cb09547 100644
--- a/src/moar.c
+++ b/src/moar.c
@@ -588,8 +588,6 @@ void MVM_vm_destroy_instance(MVMInstance *instance) {
     uv_mutex_destroy(&instance->nfg->update_mutex);
     MVM_nfg_destroy(instance->main_thread);
 
-    /* Clean up fixed size allocator */
-    MVM_fixed_size_destroy(instance->fsa);
 
     /* Clean up integer constant and string cache. */
     uv_mutex_destroy(&instance->mutex_int_const_cache);
@@ -603,6 +601,9 @@ void MVM_vm_destroy_instance(MVMInstance *instance) {
     MVM_tc_destroy(instance->main_thread);
     uv_mutex_destroy(&instance->mutex_threads);
 
+    /* Clean up fixed size allocator */
+    MVM_fixed_size_destroy(instance->fsa);
+
     /* Clear up VM instance memory. */
     MVM_free(instance);
 }