X-Git-Url: https://git.saurik.com/apple/security.git/blobdiff_plain/fa7225c82381bac4432a6edf16f53b5370238d85..dd5fb164cf5b32c462296bc65e289e100f74b59a:/OSX/libsecurity_apple_cspdl/lib/SSCSPDLSession.cpp?ds=sidebyside

diff --git a/OSX/libsecurity_apple_cspdl/lib/SSCSPDLSession.cpp b/OSX/libsecurity_apple_cspdl/lib/SSCSPDLSession.cpp
index 25755028..e4cbb899 100644
--- a/OSX/libsecurity_apple_cspdl/lib/SSCSPDLSession.cpp
+++ b/OSX/libsecurity_apple_cspdl/lib/SSCSPDLSession.cpp
@@ -79,11 +79,14 @@ SSCSPDLSession::makeReferenceKey(SSCSPSession &session, KeyHandle inKeyHandle,
 								 CssmKey &outKey, SSDatabase &inSSDatabase,
 								 uint32 inKeyAttr, const CssmData *inKeyLabel)
 {
+// The analyzer doesn't know what to do with the naked creation of an item
+#ifndef __clang_analyzer__
 	SSKey* sskey = new SSKey(session, inKeyHandle, outKey, inSSDatabase, inKeyAttr,
 			  inKeyLabel);
     (void) sskey; // Compiler thinks this variable isn't used, but we want the side effects of creation. Tell the compiler it's okay.
 
     secinfo("SecAccessReference", "made a new reference sskey with handle %d [%ld]", sskey->keyHandle(), sskey->keyReference());
+#endif
 }
 
 SSKey &
@@ -122,6 +125,8 @@ void
 SSCSPDLSession::didChangeKeyAcl(SecurityServer::ClientSession &clientSession,
 	KeyHandle keyHandle, CSSM_ACL_AUTHORIZATION_TAG tag)
 {
+    StLock<Mutex> __(mKeyDeletionMutex);  // The key can't be deleted while we're poking at it, on pain of crashing
+
 	SSKey *theKey = NULL;
 
 	{