st/nine: Prevent use after free on dtor

Found with asan. This->device was accessed after This was destroyed. Signed-off-by: Axel Davy <davyaxel0@gmail.com> Acked-by: Timur Kristóf <timur.kristof@gmail.com> Part-of: <https://gitlab.freedesktop.org/mesa/mesa/-/merge_requests/10160>
2021-03-28 12:26:48 +02:00
parent 8df04b1b2d
commit 2146494d08
1 changed files with 7 additions and 4 deletions
@@ -134,12 +134,14 @@ NineUnknown_Release( struct NineUnknown *This )
    ULONG r = p_atomic_dec_return(&This->refs);

    if (r == 0) {
+        struct NineDevice9 *device = This->device;
        /* Containers (here with !forward) take care of item destruction */
+
        if (!This->container && This->bind == 0) {
            This->dtor(This);
        }
-        if (This->device) {
-            NineUnknown_Release(NineUnknown(This->device));
+        if (device) {
+            NineUnknown_Release(NineUnknown(device));
        }
    }
    return r;
@@ -156,14 +158,15 @@ NineUnknown_ReleaseWithDtorLock( struct NineUnknown *This )
    ULONG r = p_atomic_dec_return(&This->refs);

    if (r == 0) {
+        struct NineDevice9 *device = This->device;
        /* Containers (here with !forward) take care of item destruction */
        if (!This->container && This->bind == 0) {
            NineLockGlobalMutex();
            This->dtor(This);
            NineUnlockGlobalMutex();
        }
-        if (This->device) {
-            NineUnknown_ReleaseWithDtorLock(NineUnknown(This->device));
+        if (device) {
+            NineUnknown_ReleaseWithDtorLock(NineUnknown(device));
        }
    }
    return r;