From b2e6088bff209e8bbb838cc86233e7d3f24ed650 Mon Sep 17 00:00:00 2001
From: Tom <tomut@yahoo.com>
Date: Mon, 5 Jul 2021 09:58:09 -0600
Subject: LibThreading: Fix BackgroundAction result use-after-free

We need to move the result out of the BackgroundAction object before
posting the completion callback as there is a chance the
BackgroundAction instance gets freed before the event loop runs our
callback.

Fixes #7641
---
 Userland/Libraries/LibThreading/BackgroundAction.h | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/Userland/Libraries/LibThreading/BackgroundAction.h b/Userland/Libraries/LibThreading/BackgroundAction.h
index d169ae4aa3..18b346b154 100644
--- a/Userland/Libraries/LibThreading/BackgroundAction.h
+++ b/Userland/Libraries/LibThreading/BackgroundAction.h
@@ -66,8 +66,8 @@ private:
         enqueue_work([this] {
             m_result = m_action(*this);
             if (m_on_complete) {
-                Core::EventLoop::current().post_event(*this, make<Core::DeferredInvocationEvent>([this](auto&) {
-                    m_on_complete(m_result.release_value());
+                Core::EventLoop::current().post_event(*this, make<Core::DeferredInvocationEvent>([this, result = m_result.release_value()](auto&) {
+                    m_on_complete(result);
                     this->remove_from_parent();
                 }));
                 Core::EventLoop::wake();
-- 
cgit v1.2.3