From 972cbafea3e2af614574d8ffdc196419e65abbbd Mon Sep 17 00:00:00 2001
From: Mukund Sivaraman <muks@isc.org>
Date: Wed, 18 Mar 2015 06:42:54 +0530
Subject: [PATCH] Fix a crash due to use-after-free (#38495)

(cherry picked from commit ebeb4b3e094f36121e05d7cc8226047db96ba4f6)
(cherry picked from commit ac1ccdd323da6d6ecc7ff716a786ef48f3ec35cc)

Conflicts:
	CHANGES
---
 CHANGES        | 3 +++
 lib/dns/adb.c  | 1 +
 lib/dns/zone.c | 3 ---
 3 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/CHANGES b/CHANGES
index b225552307..1e7964df21 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,6 @@
+4087.	[bug]		Fix a crash due to use-after-free due to sequencing
+			of tasks actions. [RT #38495]
+
 4085.	[bug]		ISC_PLATFORM_HAVEXADDQ could be inconsistently set.
 			[RT #38828]
 
diff --git a/lib/dns/adb.c b/lib/dns/adb.c
index c1a1d750cc..b552d467ec 100644
--- a/lib/dns/adb.c
+++ b/lib/dns/adb.c
@@ -1479,6 +1479,7 @@ clean_finds_at_name(dns_adbname_t *name, isc_eventtype_t evtype,
 			   ev, task, find);
 
 			isc_task_sendanddetach(&task, (isc_event_t **)&ev);
+			find->flags |= FIND_EVENT_SENT;
 		} else {
 			DP(DEF_LEVEL, "cfan: skipping find %p", find);
 		}
diff --git a/lib/dns/zone.c b/lib/dns/zone.c
index c2859536fd..904d9a28e1 100644
--- a/lib/dns/zone.c
+++ b/lib/dns/zone.c
@@ -9744,9 +9744,6 @@ static void
 notify_destroy(dns_notify_t *notify, isc_boolean_t locked) {
 	isc_mem_t *mctx;
 
-	/*
-	 * Caller holds zone lock.
-	 */
 	REQUIRE(DNS_NOTIFY_VALID(notify));
 
 	if (notify->zone != NULL) {