From a0273d67d044dc9fe25313e0854a33374b990e8a Mon Sep 17 00:00:00 2001
From: Jeremy Evans <code@jeremyevans.net>
Date: Fri, 21 Aug 2020 12:52:02 -0700
Subject: Avoid a use after free in VM assertion

If the thread for the current EC has been killed, don't check
the VM ptr for the EC (which gets it via the thread), as that will
have already been freed.

Fixes [Bug #16907]
---
 vm_core.h | 1 +
 1 file changed, 1 insertion(+)

diff --git a/vm_core.h b/vm_core.h
index 8f4a0209b3..bf04288f56 100644
--- a/vm_core.h
+++ b/vm_core.h
@@ -1754,6 +1754,7 @@ rb_current_vm(void)
     VM_ASSERT(ruby_current_vm_ptr == NULL ||
 	      ruby_current_execution_context_ptr == NULL ||
 	      rb_ec_thread_ptr(GET_EC()) == NULL ||
+              rb_ec_thread_ptr(GET_EC())->status == THREAD_KILLED ||
 	      rb_ec_vm_ptr(GET_EC()) == ruby_current_vm_ptr);
     return ruby_current_vm_ptr;
 }
-- 
cgit v1.2.3