From a1c17ade3a9915cd3e2ea3f44f2112ed830563cd Mon Sep 17 00:00:00 2001
From: Sebastian Ullrich <sebasti@nullri.ch>
Date: Fri, 4 Sep 2020 17:37:14 +0200
Subject: [PATCH] fix: use-after-free in keep-alive tasks

---
 src/runtime/object.cpp | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/runtime/object.cpp b/src/runtime/object.cpp
index 30653b042e..a77ab46a36 100644
--- a/src/runtime/object.cpp
+++ b/src/runtime/object.cpp
@@ -744,7 +744,8 @@ class task_manager {
                             lock.lock();
                         }
                         lean_assert(t->m_imp);
-                        if (t->m_imp->m_keep_alive && !lean_nonzero_rc((lean_object *)t)) {
+                        // deactivate keep-alive tasks without live references only after their final execution (`v != nulltpr`)
+                        if (v != nullptr && t->m_imp->m_keep_alive && !lean_nonzero_rc((lean_object *)t)) {
                             deactivate_task_core(lock, t);
                         }
                         if (t->m_imp->m_deleted) {