From 52954ccce6a44931d7454846d8730468dfdcb46a Mon Sep 17 00:00:00 2001
From: Andreas Kling <kling@serenityos.org>
Date: Fri, 6 Mar 2020 10:52:36 +0100
Subject: [PATCH] LibC: Fix crash in free() now that mprotect() works correctly

After we mprotect(PROT_NONE) an allocation block, we can't expect to
read the m_size from that block right after. :^)
---
 Libraries/LibC/malloc.cpp | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/Libraries/LibC/malloc.cpp b/Libraries/LibC/malloc.cpp
index 533b3e8ffb..86f6e8bf7a 100644
--- a/Libraries/LibC/malloc.cpp
+++ b/Libraries/LibC/malloc.cpp
@@ -303,11 +303,12 @@ static void free_impl(void* ptr)
         if (auto* allocator = big_allocator_for_size(block->m_size)) {
             if (allocator->blocks.size() < number_of_big_blocks_to_keep_around_per_size_class) {
                 allocator->blocks.append(block);
-                if (mprotect(block, block->m_size, PROT_NONE) < 0) {
+                size_t this_block_size = block->m_size;
+                if (mprotect(block, this_block_size, PROT_NONE) < 0) {
                     perror("mprotect");
                     ASSERT_NOT_REACHED();
                 }
-                if (madvise(block, block->m_size, MADV_SET_VOLATILE) != 0) {
+                if (madvise(block, this_block_size, MADV_SET_VOLATILE) != 0) {
                     perror("madvise");
                     ASSERT_NOT_REACHED();
                 }