From 3d793fd12906864b8399b593db3329ac84840354 Mon Sep 17 00:00:00 2001
From: Ben Toews <mastahyeti@gmail.com>
Date: Tue, 25 Jul 2017 08:30:28 -0600
Subject: [PATCH] move device->release call in SoftU2FUserClient::start

we could have wound up calling device->release and/or device->detach after the device was already freed.
---
 SoftU2FDriver/SoftU2FUserClient.cpp | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/SoftU2FDriver/SoftU2FUserClient.cpp b/SoftU2FDriver/SoftU2FUserClient.cpp
index f1c6464..1fe6196 100644
--- a/SoftU2FDriver/SoftU2FUserClient.cpp
+++ b/SoftU2FDriver/SoftU2FUserClient.cpp
@@ -94,8 +94,6 @@ bool SoftU2FUserClient::start(IOService *provider) {
   if (!device->start(this))
     goto fail_device_start;
 
-  device->release();
-
   workLoop = getWorkLoop();
   if (!workLoop)
     goto fail_no_workloop;
@@ -107,6 +105,10 @@ bool SoftU2FUserClient::start(IOService *provider) {
   if (workLoop->addEventSource(_commandGate) != kIOReturnSuccess)
     goto fail_add_event_source;
 
+  // Our call to device->attach took a retain on the device when it was added to the registry.
+  // That will be released when the device is detached from the registry.
+  device->release();
+
   return true;
 
 fail_add_event_source: