marko10_000
/
wine-wine
forked from Mirrors/wine-wine
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

server: Hold a reference to the device on behalf of the device manager. 

Otherwise, the only thing holding a reference to a device may be a
device_file. If this is released in delete_device(), the subsequent call to
unlink_named_object() will crash. This can occur if a device driver crashes
with pending IRPs outstanding.

Signed-off-by: Zebediah Figura <z.figura12@gmail.com>
Signed-off-by: Alexandre Julliard <julliard@winehq.org>
feature/deterministic
Zebediah Figura 2020-02-14 12:10:20 -06:00 committed by Alexandre Julliard
parent 2b9c7f8bfb
commit 0bd7da4290
1 changed files with 2 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
server/device.c
View File

@ -700,6 +700,7 @@ static struct device *create_device( struct object *root, const struct unicode_s
{
device->unix_path = NULL;
device->manager = manager;
grab_object( device );
list_add_tail( &manager->devices, &device->entry );
list_init( &device->kernel_object );
list_init( &device->files );
@ -748,6 +749,7 @@ static void delete_device( struct device *device )
unlink_named_object( &device->obj );
list_remove( &device->entry );
device->manager = NULL;
release_object( device );
}