From 77a90f1dd0de6915c1daf0e2eedd756daf96e686 Mon Sep 17 00:00:00 2001
From: Sebastian Lackner <sebastian@fds-team.de>
Date: Fri, 28 Jul 2017 02:42:42 +0200
Subject: [PATCH] Added patch to avoid crash when async_terminate destroys
 async object in free_async_queue.

---
 patches/patchinstall.sh                       | 16 ++++++++++
 ...sh-when-async_terminate-destroys-asy.patch | 30 +++++++++++++++++++
 patches/server-free_async_queue/definition    |  1 +
 3 files changed, 47 insertions(+)
 create mode 100644 patches/server-free_async_queue/0001-server-Avoid-crash-when-async_terminate-destroys-asy.patch
 create mode 100644 patches/server-free_async_queue/definition

diff --git a/patches/patchinstall.sh b/patches/patchinstall.sh
index 224f265e..0f7c3f7d 100755
--- a/patches/patchinstall.sh
+++ b/patches/patchinstall.sh
@@ -339,6 +339,7 @@ patch_enable_all ()
 	enable_server_Stored_ACLs="$1"
 	enable_server_Timestamp_Compat="$1"
 	enable_server_device_manager_destroy="$1"
+	enable_server_free_async_queue="$1"
 	enable_server_send_hardware_message="$1"
 	enable_setupapi_DelReg="$1"
 	enable_setupapi_DiskSpaceList="$1"
@@ -1282,6 +1283,9 @@ patch_enable ()
 		server-device_manager_destroy)
 			enable_server_device_manager_destroy="$2"
 			;;
+		server-free_async_queue)
+			enable_server_free_async_queue="$2"
+			;;
 		server-send_hardware_message)
 			enable_server_send_hardware_message="$2"
 			;;
@@ -7563,6 +7567,18 @@ if test "$enable_server_device_manager_destroy" -eq 1; then
 	) >> "$patchlist"
 fi
 
+# Patchset server-free_async_queue
+# |
+# | Modified files:
+# |   *	server/async.c
+# |
+if test "$enable_server_free_async_queue" -eq 1; then
+	patch_apply server-free_async_queue/0001-server-Avoid-crash-when-async_terminate-destroys-asy.patch
+	(
+		printf '%s\n' '+    { "Sebastian Lackner", "server: Avoid crash when async_terminate destroys async object in free_async_queue.", 1 },';
+	) >> "$patchlist"
+fi
+
 # Patchset server-send_hardware_message
 # |
 # | This patchset fixes the following Wine bugs:
diff --git a/patches/server-free_async_queue/0001-server-Avoid-crash-when-async_terminate-destroys-asy.patch b/patches/server-free_async_queue/0001-server-Avoid-crash-when-async_terminate-destroys-asy.patch
new file mode 100644
index 00000000..5f6a677c
--- /dev/null
+++ b/patches/server-free_async_queue/0001-server-Avoid-crash-when-async_terminate-destroys-asy.patch
@@ -0,0 +1,30 @@
+From 6844c121a7cd8a7f90afc0c033cf1c3519fd8d9a Mon Sep 17 00:00:00 2001
+From: Sebastian Lackner <sebastian@fds-team.de>
+Date: Fri, 28 Jul 2017 02:41:27 +0200
+Subject: server: Avoid crash when async_terminate destroys async object in
+ free_async_queue.
+
+---
+ server/async.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/server/async.c b/server/async.c
+index 926c121f6f9..9e91f9eadf3 100644
+--- a/server/async.c
++++ b/server/async.c
+@@ -194,10 +194,12 @@ void free_async_queue( struct async_queue *queue )
+ 
+     LIST_FOR_EACH_ENTRY_SAFE( async, next, &queue->queue, struct async, queue_entry )
+     {
++        grab_object( &async->obj );
+         if (!async->completion) async->completion = fd_get_completion( async->fd, &async->comp_key );
+         async->fd = NULL;
+         async_terminate( async, STATUS_HANDLES_CLOSED );
+         async->queue = NULL;
++        release_object( &async->obj );
+     }
+ }
+ 
+-- 
+2.13.1
+
diff --git a/patches/server-free_async_queue/definition b/patches/server-free_async_queue/definition
new file mode 100644
index 00000000..ee94c3ac
--- /dev/null
+++ b/patches/server-free_async_queue/definition
@@ -0,0 +1 @@
+Fixes: Avoid crash when async_terminate destroys async object in free_async_queue