From 776b1f561cf2525018f17d03b26dcb31f6003d7a Mon Sep 17 00:00:00 2001
From: SChernykh <sergey.v.chernykh@gmail.com>
Date: Fri, 27 Aug 2021 10:13:33 +0200
Subject: [PATCH] Fixed use after free on p2pool shutdown

---
 src/console_commands.cpp |  1 +
 src/p2pool.cpp           | 13 +++++++++----
 src/p2pool.h             |  2 +-
 3 files changed, 11 insertions(+), 5 deletions(-)

diff --git a/src/console_commands.cpp b/src/console_commands.cpp
index 45c648d..f594deb 100644
--- a/src/console_commands.cpp
+++ b/src/console_commands.cpp
@@ -131,6 +131,7 @@ static int do_droppeers(p2pool *m_pool, const char * /* args */)
 
 static int do_exit(p2pool *m_pool, const char * /* args */)
 {
+	bkg_jobs_tracker.wait();
 	m_pool->stop();
 
 	return 1;
diff --git a/src/p2pool.cpp b/src/p2pool.cpp
index a362a84..74fe141 100644
--- a/src/p2pool.cpp
+++ b/src/p2pool.cpp
@@ -95,9 +95,6 @@ p2pool::p2pool(int argc, char* argv[])
 
 p2pool::~p2pool()
 {
-	uv_close(reinterpret_cast<uv_handle_t*>(&m_submitBlockAsync), nullptr);
-	uv_close(reinterpret_cast<uv_handle_t*>(&m_blockTemplateAsync), nullptr);
-	uv_close(reinterpret_cast<uv_handle_t*>(&m_stopAsync), nullptr);
 	uv_rwlock_destroy(&m_mainchainLock);
 	uv_mutex_destroy(&m_submitBlockDataLock);
 
@@ -290,6 +287,15 @@ void p2pool::submit_block_async(const std::vector<uint8_t>& blob)
 	}
 }
 
+void p2pool::on_stop(uv_async_t* async)
+{
+	p2pool* pool = reinterpret_cast<p2pool*>(async->data);
+	uv_close(reinterpret_cast<uv_handle_t*>(&pool->m_submitBlockAsync), nullptr);
+	uv_close(reinterpret_cast<uv_handle_t*>(&pool->m_blockTemplateAsync), nullptr);
+	uv_close(reinterpret_cast<uv_handle_t*>(&pool->m_stopAsync), nullptr);
+	uv_stop(uv_default_loop());
+}
+
 void p2pool::submit_block() const
 {
 	SubmitBlockData submit_data;
@@ -733,7 +739,6 @@ static bool init_signals(p2pool* pool)
 
 void p2pool::stop()
 {
-	uv_stop(uv_default_loop());
 	uv_async_send(&m_stopAsync);
 }
 
diff --git a/src/p2pool.h b/src/p2pool.h
index 9a0e96f..a4ab765 100644
--- a/src/p2pool.h
+++ b/src/p2pool.h
@@ -77,7 +77,7 @@ private:
 
 	static void on_submit_block(uv_async_t* async) { reinterpret_cast<p2pool*>(async->data)->submit_block(); }
 	static void on_update_block_template(uv_async_t* async) { reinterpret_cast<p2pool*>(async->data)->update_block_template(); }
-	static void on_stop(uv_async_t*) {}
+	static void on_stop(uv_async_t*);
 
 	void submit_block() const;