From 6e9703b0116d5e1412f2ec80d81669acb49cb4c8 Mon Sep 17 00:00:00 2001
From: k0kubun <k0kubun@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>
Date: Fri, 2 Nov 2018 11:40:43 +0000
Subject: [PATCH] mjit_worker.c: do no access pointer after free

When we return there, `unit` is already freed.
This is detected by coverity scan.

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@65496 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
---
 mjit_worker.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/mjit_worker.c b/mjit_worker.c
index 0a6c8dc268..c8a7c212eb 100644
--- a/mjit_worker.c
+++ b/mjit_worker.c
@@ -1045,12 +1045,13 @@ convert_unit_to_func(struct rb_mjit_unit *unit, struct rb_call_cache *cc_entries
         if (!mjit_opts.save_temps)
             remove_file(c_file);
         free_unit(unit);
+        in_jit = FALSE; /* just being explicit for return */
     }
     else {
         in_jit = TRUE;
     }
     CRITICAL_SECTION_FINISH(3, "before mjit_compile to wait GC finish");
-    if (unit->iseq == NULL) {
+    if (!in_jit) {
         return (mjit_func_t)NOT_COMPILED_JIT_ISEQ_FUNC;
     }