Changeset 57683 in vbox for trunk/src/VBox/VMM/VMMR3

Timestamp:

Sep 10, 2015 10:06:33 AM (9 years ago)

Author:

vboxsync

svn:sync-xref-src-repo-rev:

102586

Message:

VMM/PDM: clear driver instance data after destruction, to catch use after free (the audio code used to be buggy, which is fixed for a while now)

File:

• trunk/src/VBox/VMM/VMMR3/PDM.cpp (modified) (1 diff)

trunk/src/VBox/VMM/VMMR3/PDM.cpp ¶

@@ -611 +611 @@
             pDrvIns->Internal.s.pDrv->cInstances--;
 
+            /* Order of resource freeing like in pdmR3DrvDestroyChain, but
+             * not all need to be done as they are done globally later. */
+            //PDMR3QueueDestroyDriver(pVM, pDrvIns);
             TMR3TimerDestroyDriver(pVM, pDrvIns);
-            //PDMR3QueueDestroyDriver(pVM, pDrvIns);
+            SSMR3DeregisterDriver(pVM, pDrvIns, NULL, 0);
             //pdmR3ThreadDestroyDriver(pVM, pDrvIns);
-            SSMR3DeregisterDriver(pVM, pDrvIns, NULL, 0);
+            //DBGFR3InfoDeregisterDriver(pVM, pDrvIns, NULL);
+            //pdmR3CritSectBothDeleteDriver(pVM, pDrvIns);
+            //PDMR3BlkCacheReleaseDriver(pVM, pDrvIns);
+#ifdef VBOX_WITH_PDM_ASYNC_COMPLETION
+            //pdmR3AsyncCompletionTemplateDestroyDriver(pVM, pDrvIns);
+#endif
+
+            /* Clear the driver struture to catch sloppy code. */
+            ASMMemFill32(pDrvIns, RT_OFFSETOF(PDMDRVINS, achInstanceData[pDrvIns->pReg->cbInstance]), 0xdeadd0d0);
 
             pDrvIns = pDrvNext;