- Reference/dereference the parent key in CmiObjectDelete.

  The call to CmiRemoveKeyFromList does dereference the parent and
  it is possible that the parent key is deleted before the
  subkey delete process is complete.

svn path=/trunk/; revision=5938

diff --git a/reactos/ntoskrnl/cm/regobj.c b/reactos/ntoskrnl/cm/regobj.c
index aba93f6..9c6d25c 100644 (file)
--- a/reactos/ntoskrnl/cm/regobj.c
+++ b/reactos/ntoskrnl/cm/regobj.c
@@ -271,6 +271,8 @@ CmiObjectDelete(PVOID DeletedObject)
   DPRINT("Delete key object (%p)\n", DeletedObject);
 
   KeyObject = (PKEY_OBJECT) DeletedObject;
+ 
+  ObReferenceObject(KeyObject->ParentKey);
 
   if (!NT_SUCCESS(CmiRemoveKeyFromList(KeyObject)))
     {
@@ -292,6 +294,7 @@ CmiObjectDelete(PVOID DeletedObject)
          CmiSyncHives();
        }
     }
+  ObDereferenceObject(KeyObject->ParentKey);
   if (KeyObject->NumberOfSubKeys)
     {
       KEBUGCHECK(0);