regcomp.c: Don't write to freed memory

This commit moves code in two places that may have freed memory just
before writing to it, so that the writing happens before the freeing.

It seems not worth the extra test if we are going to free this memory
before actually doing the write.

This bug was found by valgrind

diff --git a/regcomp.c b/regcomp.c
index 14c141d..496fb8f 100644 (file)
--- a/regcomp.c
+++ b/regcomp.c
@@ -7646,17 +7646,17 @@ Perl__invlist_union_maybe_complement_2nd(pTHX_ SV* const a, SV* const b, bool co
        }
     }
 
+    /* If we've changed b, restore it */
+    if (complement_b) {
+        array_b[0] = 1;
+    }
+
     /*  We may be removing a reference to one of the inputs */
     if (a == *output || b == *output) {
         assert(! invlist_is_iterating(*output));
        SvREFCNT_dec_NN(*output);
     }
 
-    /* If we've changed b, restore it */
-    if (complement_b) {
-        array_b[0] = 1;
-    }
-
     *output = u;
     return;
 }
@@ -7868,17 +7868,17 @@ Perl__invlist_intersection_maybe_complement_2nd(pTHX_ SV* const a, SV* const b,
        }
     }
 
+    /* If we've changed b, restore it */
+    if (complement_b) {
+        array_b[0] = 1;
+    }
+
     /*  We may be removing a reference to one of the inputs */
     if (a == *i || b == *i) {
         assert(! invlist_is_iterating(*i));
        SvREFCNT_dec_NN(*i);
     }
 
-    /* If we've changed b, restore it */
-    if (complement_b) {
-        array_b[0] = 1;
-    }
-
     *i = r;
     return;
 }