From 7681c19e4a6f2b5a82abf6268e96eb9140f08bb7 Mon Sep 17 00:00:00 2001
From: Mukul Sabharwal <mjsabby@gmail.com>
Date: Mon, 6 May 2019 08:21:19 -0700
Subject: [PATCH] Fixes AV when accessing LoaderModule for some objects
 (#24406)

---
 src/vm/object.cpp | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/src/vm/object.cpp b/src/vm/object.cpp
index a145343..f0de65b 100644
--- a/src/vm/object.cpp
+++ b/src/vm/object.cpp
@@ -173,6 +173,11 @@ TypeHandle Object::GetGCSafeTypeHandleIfPossible() const
     MethodTable * pMT = GetGCSafeMethodTable();
     _ASSERTE(pMT != NULL);
 
+    if (pMT == g_pFreeObjectMethodTable)
+    {
+        return NULL;
+    }
+
     // Don't look at types that belong to an unloading AppDomain, or else
     // pObj->GetGCSafeTypeHandle() can AV. For example, we encountered this AV when pObj
     // was an array like this:
@@ -223,8 +228,6 @@ TypeHandle Object::GetGCSafeTypeHandleIfPossible() const
 
     Module * pLoaderModule = pMTToCheck->GetLoaderModule();
 
-    BaseDomain * pBaseDomain = pLoaderModule->GetDomain();
-
     // Don't look up types that are unloading due to Collectible Assemblies. Haven't been
     // able to find a case where we actually encounter objects like this that can cause
     // problems; however, it seems prudent to add this protection just in case.
-- 
2.7.4