VirtualBox

Changeset 15757 in vbox


Ignore:
Timestamp:
Dec 25, 2008 2:13:46 PM (16 years ago)
Author:
vboxsync
Message:

SrvIntNetR0: fix to not refer the freed memory

File:
1 edited

Legend:

Unmodified
Added
Removed

  • trunk/src/VBox/Devices/Network/SrvIntNetR0.cpp

    r15643 r15757  
    547547 * by handle lookup/freeing.
    548548 *
    549  * @returns VBox status code, can assume success in most situations.
     549 * @returns false in case the pIf was deleted as a result of this call, false otherwise
    550550 * @param   pIf                 The interface instance.
    551551 * @param   pSession            The current session.
    552552 */
    553 DECLINLINE(void) intnetR0IfRelease(PINTNETIF pIf, PSUPDRVSESSION pSession)
     553DECLINLINE(bool) intnetR0IfRelease(PINTNETIF pIf, PSUPDRVSESSION pSession)
    554554{
    555555    int rc = SUPR0ObjRelease(pIf->pvObj, pSession);
    556556    AssertRC(rc);
     557    if(!pIf->pvObj)
     558    {
     559        RTMemFree(pIf);
     560        return false;
     561    }
     562    return true;
    557563}
    558564
     
    30473053        if (!pIf->fDestroying)
    30483054        {
    3049             intnetR0IfRelease(pIf, pSession);
    3050             if (pIf->hIf != hIf)
     3055            if(!intnetR0IfRelease(pIf, pSession))
    30513056                rc = VERR_SEM_DESTROYED;
    30523057        }
     
    31083113    RTSemEventSignal(pIf->Event);
    31093114
    3110     void *pvObj = pIf->pvObj;
    31113115    intnetR0IfRelease(pIf, pSession); /* (RTHandleTableFreeWithCtx) */
    31123116
    3113     int rc = SUPR0ObjRelease(pvObj, pSession);
     3117    intnetR0IfRelease(pIf, pSession);
     3118
     3119    int rc = VINF_SUCCESS;
    31143120    LogFlow(("INTNETR0IfClose: returns %Rrc\n", rc));
    31153121    return rc;
     
    31663172    }
    31673173
    3168     /*
     3174     /*
    31693175     * If we've got a network deactivate and unlink ourselves from it.
    31703176     * Because of cleanup order we might be an orphan now.
     
    32593265     */
    32603266    pIf->pvObj = NULL;
    3261     RTMemFree(pIf);
     3267    /*
     3268     * we are freeing it in
     3269     * intnetR0IfRelease
     3270     * RTMemFree(pIf);
     3271     */
    32623272}
    32633273
     
    33863396                    }
    33873397
    3388                     SUPR0ObjRelease(pIf->pvObj, pSession);
     3398                    intnetR0IfRelease(pIf, pSession);
    33893399                    LogFlow(("intnetR0NetworkCreateIf: returns %Rrc\n", rc));
    33903400                    return rc;
Note: See TracChangeset for help on using the changeset viewer.

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy Automated Access Etiquette