From 67e2373f06d77ee73e8ec9b5cb826c2478576063 Mon Sep 17 00:00:00 2001
From: k0kubun <k0kubun@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>
Date: Sat, 20 Oct 2018 11:21:07 +0000
Subject: mjit_worker.c: don't refer to freed value

remove_from_list() frees node, but after that node->next could be used

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@65231 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
---
 mjit_worker.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/mjit_worker.c b/mjit_worker.c
index 1865d3097c..dbf21cc104 100644
--- a/mjit_worker.c
+++ b/mjit_worker.c
@@ -499,13 +499,14 @@ mjit_valid_class_serial_p(rb_serial_t class_serial)
 static struct rb_mjit_unit_node *
 get_from_list(struct rb_mjit_unit_list *list)
 {
-    struct rb_mjit_unit_node *node, *best = NULL;
+    struct rb_mjit_unit_node *node, *next, *best = NULL;
 
     if (list->head == NULL)
         return NULL;
 
     /* Find iseq with max total_calls */
-    for (node = list->head; node != NULL; node = node ? node->next : NULL) {
+    for (node = list->head; node != NULL; node = next) {
+        next = node->next;
         if (node->unit->iseq == NULL) { /* ISeq is GCed. */
             free_unit(node->unit);
             remove_from_list(node, list);
-- 
cgit v1.2.3