server: Delay destruction of file object in set_irp_result.
Sebastian Lackner
sebastian at fds-team.de
Thu Jun 18 21:36:21 CDT 2015
For https://bugs.winehq.org/show_bug.cgi?id=38764
Under specific situations calling set_irp_result can cause a wineserver crash
because the function assumes, that irp->file has a refcount greater than 1.
The call to 'release_object( file );' can destroy the associated file, but
later 'list_remove( &irp->dev_entry );' is executed which assumes that the
file still exists.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-server-Delay-destruction-of-file-object-in-set_irp_r.patch
Type: text/x-patch
Size: 1012 bytes
Desc: not available
URL: <http://www.winehq.org/pipermail/wine-patches/attachments/20150619/1f8e76f1/attachment.bin>
More information about the wine-patches
mailing list