[2/7] services: Hold scmdatabase lock while checking marked_for_delete.

Tue Mar 15 22:30:39 CDT 2016

Signed-off-by: Sebastian Lackner <sebastian at fds-team.de>
---

A different thread could increment the refcount before the object has
been removed from the db, leading to a crash.

 programs/services/services.c |    8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/programs/services/services.c b/programs/services/services.c
index 78baaf2..9f7e889 100644
--- a/programs/services/services.c
+++ b/programs/services/services.c
@@ -456,13 +456,15 @@ struct service_entry *scmdatabase_find_service_by_displayname(struct scmdatabase
 
 void release_service(struct service_entry *service)
 {
+    struct scmdatabase *db = service->db;
+
+    scmdatabase_lock(db);
     if (InterlockedDecrement(&service->ref_count) == 0 && is_marked_for_delete(service))
     {
-        scmdatabase_lock(service->db);
-        scmdatabase_remove_service(service->db, service);
-        scmdatabase_unlock(service->db);
+        scmdatabase_remove_service(db, service);
         free_service_entry(service);
     }
+    scmdatabase_unlock(db);
 }
 
 static DWORD scmdatabase_create(struct scmdatabase **db)
-- 
2.7.1

