From 6116f19f7baa3c1f7ed4659aa3b9b5ec5ff8ac3e Mon Sep 17 00:00:00 2001
From: Ralf Jung <post@ralfj.de>
Date: Thu, 23 May 2019 17:58:25 +0200
Subject: [PATCH 1/2] Box::into_unique: do the reborrow-to-raw *after*
 destroying the Box

---
 src/liballoc/boxed.rs | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/src/liballoc/boxed.rs b/src/liballoc/boxed.rs
index 024594517d988..0e40e4f371abf 100644
--- a/src/liballoc/boxed.rs
+++ b/src/liballoc/boxed.rs
@@ -253,15 +253,15 @@ impl<T: ?Sized> Box<T> {
     #[unstable(feature = "ptr_internals", issue = "0", reason = "use into_raw_non_null instead")]
     #[inline]
     #[doc(hidden)]
-    pub fn into_unique(mut b: Box<T>) -> Unique<T> {
+    pub fn into_unique(b: Box<T>) -> Unique<T> {
+        let mut unique = b.0;
+        mem::forget(b);
         // Box is kind-of a library type, but recognized as a "unique pointer" by
         // Stacked Borrows.  This function here corresponds to "reborrowing to
         // a raw pointer", but there is no actual reborrow here -- so
         // without some care, the pointer we are returning here still carries
         // the `Uniq` tag.  We round-trip through a mutable reference to avoid that.
-        let unique = unsafe { b.0.as_mut() as *mut T };
-        mem::forget(b);
-        unsafe { Unique::new_unchecked(unique) }
+        unsafe { Unique::new_unchecked(unique.as_mut() as *mut T) }
     }
 
     /// Consumes and leaks the `Box`, returning a mutable reference,

From 8d4e7fde479e018d3caf37d1d12f47710183252e Mon Sep 17 00:00:00 2001
From: Ralf Jung <post@ralfj.de>
Date: Thu, 23 May 2019 18:13:02 +0200
Subject: [PATCH 2/2] adjust comment

---
 src/liballoc/boxed.rs | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/liballoc/boxed.rs b/src/liballoc/boxed.rs
index 0e40e4f371abf..97c2d8e7a8e79 100644
--- a/src/liballoc/boxed.rs
+++ b/src/liballoc/boxed.rs
@@ -260,7 +260,8 @@ impl<T: ?Sized> Box<T> {
         // Stacked Borrows.  This function here corresponds to "reborrowing to
         // a raw pointer", but there is no actual reborrow here -- so
         // without some care, the pointer we are returning here still carries
-        // the `Uniq` tag.  We round-trip through a mutable reference to avoid that.
+        // the tag of `b`, with `Unique` permission.
+        // We round-trip through a mutable reference to avoid that.
         unsafe { Unique::new_unchecked(unique.as_mut() as *mut T) }
     }