From f95ec229f8478eedbb59700cbd223367ebd89a86 Mon Sep 17 00:00:00 2001
From: Robin Voetter <robin@voetter.nl>
Date: Tue, 26 Oct 2021 02:29:07 +0200
Subject: [PATCH] stage2: fix use-after-free in analyzeBlockBody

---
 src/Sema.zig | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/Sema.zig b/src/Sema.zig
index 924ff7b267..6d087fde7e 100644
--- a/src/Sema.zig
+++ b/src/Sema.zig
@@ -3035,10 +3035,11 @@ fn analyzeBlockBody(
     // to emit a jump instruction to after the block when it encounters the break.
     try parent_block.instructions.append(gpa, merges.block_inst);
     const resolved_ty = try sema.resolvePeerTypes(parent_block, src, merges.results.items, .none);
+    const ty_inst = try sema.addType(resolved_ty);
     try sema.air_extra.ensureUnusedCapacity(gpa, @typeInfo(Air.Block).Struct.fields.len +
         child_block.instructions.items.len);
     sema.air_instructions.items(.data)[merges.block_inst] = .{ .ty_pl = .{
-        .ty = try sema.addType(resolved_ty),
+        .ty = ty_inst,
         .payload = sema.addExtraAssumeCapacity(Air.Block{
             .body_len = @intCast(u32, child_block.instructions.items.len),
         }),