Daniel Lehman : ntoskrnl.exe: Fix use-after-free when freeing IRP. - wine-commits

8 Oct 2021

Module: wine
Branch: master
Commit: de0e9ad9654f7ba568e2b7f81727bdfcc7327d23
URL:    https://source.winehq.org/git/wine.git/?a=commit;h=de0e9ad9654f7ba568e2b7f81...
Author: Daniel Lehman dlehman@esri.com
Date:   Thu Oct  7 10:02:33 2021 -0700
ntoskrnl.exe: Fix use-after-free when freeing IRP.
Signed-off-by: Daniel Lehman dlehman@esri.com
Signed-off-by: Alexandre Julliard julliard@winehq.org
---
dlls/ntoskrnl.exe/ntoskrnl.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/dlls/ntoskrnl.exe/ntoskrnl.c b/dlls/ntoskrnl.exe/ntoskrnl.c
index f2fb0a6d66e..ec297e7d64a 100644
--- a/dlls/ntoskrnl.exe/ntoskrnl.c
+++ b/dlls/ntoskrnl.exe/ntoskrnl.c
@@ -1011,8 +1011,9 @@ NTSTATUS CDECL wine_ntoskrnl_main_loop( HANDLE stop_event )
         {
             if (context.irp_data->complete)
             {
-                IoCompleteRequest( context.irp_data->irp, IO_NO_INCREMENT );
+                IRP *irp = context.irp_data->irp;
                 free_dispatch_irp( context.irp_data );
+                IoCompleteRequest( irp, IO_NO_INCREMENT );
             }
             else
             {

    