From 885e25120a4fb10bed854b8aa36825b02759b2fb Mon Sep 17 00:00:00 2001
From: Martin Whitaker <icarus@martin-whitaker.me.uk>
Date: Sun, 17 Sep 2017 19:48:54 +0100
Subject: [PATCH] Fix use after free bug in vvp when a task or function is
 disabled.

Use test_joinable() and do_join() to ensure everything gets cleaned
up before the thread is reaped. This should fix br1016, br1017, and
br1018.

(cherry picked from commit 0bed890bc61542cac8b0785136a7620e33206aa0)
(and subsequent fixup)
---
 vvp/vthread.cc | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/vvp/vthread.cc b/vvp/vthread.cc
index 49fa73b94..07269b295 100644
--- a/vvp/vthread.cc
+++ b/vvp/vthread.cc
@@ -2200,7 +2200,7 @@ static bool do_disable(vthread_t thr, vthread_t match)
       }
 
       vthread_t parent = thr->parent;
-      if (parent && parent->i_am_joining) {
+      if (parent && parent->i_am_joining && test_joinable(parent, thr)) {
 	      // If a parent is waiting in a %join, wake it up. Note
 	      // that it is possible to be waiting in a %join yet
 	      // already scheduled if multiple child threads are
@@ -2210,7 +2210,7 @@ static bool do_disable(vthread_t thr, vthread_t match)
 	    if (! parent->i_have_ended)
 		  schedule_vthread(parent, 0, true);
 
-	      // Let the parent do the reaping.
+//	    do_join(parent, thr);
 	    vthread_reap(thr);
 
       } else if (parent) {