Commit 0bd7da42 authored by Zebediah Figura's avatar Zebediah Figura Committed by Alexandre Julliard

server: Hold a reference to the device on behalf of the device manager.

Otherwise, the only thing holding a reference to a device may be a device_file. If this is released in delete_device(), the subsequent call to unlink_named_object() will crash. This can occur if a device driver crashes with pending IRPs outstanding. Signed-off-by: 's avatarZebediah Figura <z.figura12@gmail.com> Signed-off-by: 's avatarAlexandre Julliard <julliard@winehq.org>
parent 2b9c7f8b
...@@ -700,6 +700,7 @@ static struct device *create_device( struct object *root, const struct unicode_s ...@@ -700,6 +700,7 @@ static struct device *create_device( struct object *root, const struct unicode_s
{ {
device->unix_path = NULL; device->unix_path = NULL;
device->manager = manager; device->manager = manager;
grab_object( device );
list_add_tail( &manager->devices, &device->entry ); list_add_tail( &manager->devices, &device->entry );
list_init( &device->kernel_object ); list_init( &device->kernel_object );
list_init( &device->files ); list_init( &device->files );
...@@ -748,6 +749,7 @@ static void delete_device( struct device *device ) ...@@ -748,6 +749,7 @@ static void delete_device( struct device *device )
unlink_named_object( &device->obj ); unlink_named_object( &device->obj );
list_remove( &device->entry ); list_remove( &device->entry );
device->manager = NULL; device->manager = NULL;
release_object( device );
} }
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment