From 4e2d9699d87459cc0aeff80cb135af2db5f3bd84 Mon Sep 17 00:00:00 2001
From: Jens Axboe <axboe@fb.com>
Date: Thu, 5 May 2016 08:48:09 -0600
Subject: [PATCH] iolog: fix use-after-free of iolog_flush_data

If we run with compressed logs, drop_data_unlock() will free 'data'
before killing the condvar and mutex.

Signed-off-by: Jens Axboe <axboe@fb.com>
---
 iolog.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/iolog.c b/iolog.c
index feda9ed6..7fd125fb 100644
--- a/iolog.c
+++ b/iolog.c
@@ -1017,9 +1017,9 @@ static void drop_data_unlock(struct iolog_flush_data *data)
 	pthread_mutex_unlock(&data->lock);
 
 	if (!refs) {
-		free(data);
 		pthread_mutex_destroy(&data->lock);
 		pthread_cond_destroy(&data->cv);
+		free(data);
 	}
 }
 
-- 
2.25.1