From 3cf291f72224715942beaf8553e42ba8891ab3c6 Mon Sep 17 00:00:00 2001
From: "Yukihiro \"Matz\" Matsumoto" <matz@ruby.or.jp>
Date: Mon, 4 Apr 2022 12:26:52 +0900
Subject: [PATCH] vm.c: create break object before clearing GC arena.

Otherwise it possibly cause use-after-free.
---
 src/vm.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/vm.c b/src/vm.c
index 3796f41738..6d61386b31 100644
--- a/src/vm.c
+++ b/src/vm.c
@@ -2268,9 +2268,9 @@ mrb_vm_exec(mrb_state *mrb, const struct RProc *proc, const mrb_code *pc)
           }
           if (ci->cci > CINFO_NONE) {
             ci = cipop(mrb);
+            mrb->exc = (struct RObject*)break_new(mrb, RBREAK_TAG_BREAK, proc, v);
             mrb_gc_arena_restore(mrb, ai);
             mrb->c->vmexec = FALSE;
-            mrb->exc = (struct RObject*)break_new(mrb, RBREAK_TAG_BREAK, proc, v);
             mrb->jmp = prev_jmp;
             MRB_THROW(prev_jmp);
           }