Module Name: src
Committed By: mrg
Date: Tue Nov 22 06:11:12 UTC 2011
Modified Files:
src/sys/dev [jmcneill-audiomp3]: midictl.c
Log Message:
avoid one use-after-free error. midi_store->lock is unlocked after
we cv_broadcast() to get the midi_store freed. keep a local copy
of the lock pointer to avoid this.
To generate a diff of this commit:
cvs rdiff -u -r1.6.32.1 -r1.6.32.2 src/sys/dev/midictl.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/dev/midictl.c
diff -u src/sys/dev/midictl.c:1.6.32.1 src/sys/dev/midictl.c:1.6.32.2
--- src/sys/dev/midictl.c:1.6.32.1 Sat Nov 19 21:49:35 2011
+++ src/sys/dev/midictl.c Tue Nov 22 06:11:12 2011
@@ -1,4 +1,4 @@
-/* $NetBSD: midictl.c,v 1.6.32.1 2011/11/19 21:49:35 jmcneill Exp $ */
+/* $NetBSD: midictl.c,v 1.6.32.2 2011/11/22 06:11:12 mrg Exp $ */
/*-
* Copyright (c) 2006, 2008 The NetBSD Foundation, Inc.
@@ -29,7 +29,7 @@
* POSSIBILITY OF SUCH DAMAGE.
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: midictl.c,v 1.6.32.1 2011/11/19 21:49:35 jmcneill Exp $");
+__KERNEL_RCSID(0, "$NetBSD: midictl.c,v 1.6.32.2 2011/11/22 06:11:12 mrg Exp $");
/*
* See midictl.h for an overview of the purpose and use of this module.
@@ -206,13 +206,15 @@ void
midictl_close(midictl *mc)
{
midictl_store *s;
+ kmutex_t *lock;
s = mc->store;
+ lock = s->lock;
- mutex_enter(s->lock);
+ mutex_enter(lock);
s->destroy = true;
cv_broadcast(&s->cv);
- mutex_exit(s->lock);
+ mutex_exit(lock);
}
void
