From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <lubo.zhang@intel.com>
Received: from mga11.intel.com (mga11.intel.com [192.55.52.93])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (No client certificate requested)
 by ml01.01.org (Postfix) with ESMTPS id 00D4981F19
 for <edk2-devel@lists.01.org>; Wed, 30 Nov 2016 22:58:39 -0800 (PST)
Received: from orsmga001.jf.intel.com ([10.7.209.18])
 by fmsmga102.fm.intel.com with ESMTP; 30 Nov 2016 22:58:39 -0800
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.33,723,1477983600"; d="scan'208";a="1066512503"
Received: from shwdeopenpsi116.ccr.corp.intel.com ([10.239.9.20])
 by orsmga001.jf.intel.com with ESMTP; 30 Nov 2016 22:58:37 -0800
From: Zhang Lubo <lubo.zhang@intel.com>
To: edk2-devel@lists.01.org
Cc: Ye Ting <ting.ye@intel.com>, Fu Siyuan <siyuan.fu@intel.com>,
 Wu Jiaxin <jiaxin.wu@intel.com>
Date: Thu,  1 Dec 2016 14:58:36 +0800
Message-Id: <1480575516-20548-1-git-send-email-lubo.zhang@intel.com>
X-Mailer: git-send-email 1.9.5.msysgit.1
Subject: [patch] MdeModulePkg: Fix assert in iSCSI.
X-BeenThere: edk2-devel@lists.01.org
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: EDK II Development  <edk2-devel.lists.01.org>
List-Unsubscribe: <https://lists.01.org/mailman/options/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=unsubscribe>
List-Archive: <http://lists.01.org/pipermail/edk2-devel/>
List-Post: <mailto:edk2-devel@lists.01.org>
List-Help: <mailto:edk2-devel-request@lists.01.org?subject=help>
List-Subscribe: <https://lists.01.org/mailman/listinfo/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=subscribe>
X-List-Received-Date: Thu, 01 Dec 2016 06:58:40 -0000

The bug is caused by using already freed memory.
If there is already an attempt and execute
'reconnect -r' command, all the ConfigFormEntry structure
will be freed in IScsiDriverBindingStop, but the
mCallbackInfo->Current is not configured as null and
this pointer will be used again in IScsiFormExtractConfig.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Zhang Lubo <lubo.zhang@intel.com>
Cc: Ye Ting <ting.ye@intel.com>
Cc: Fu Siyuan <siyuan.fu@intel.com>
Cc: Wu Jiaxin <jiaxin.wu@intel.com>
---
 MdeModulePkg/Universal/Network/IScsiDxe/IScsiConfig.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/MdeModulePkg/Universal/Network/IScsiDxe/IScsiConfig.c b/MdeModulePkg/Universal/Network/IScsiDxe/IScsiConfig.c
index 77ccd67..ea727af 100644
--- a/MdeModulePkg/Universal/Network/IScsiDxe/IScsiConfig.c
+++ b/MdeModulePkg/Universal/Network/IScsiDxe/IScsiConfig.c
@@ -1074,10 +1074,11 @@ IScsiConfigUpdateForm (
     ASSERT (EntryExisted);
 
     mNumberOfIScsiDevices--;
     RemoveEntryList (&ConfigFormEntry->Link);
     FreePool (ConfigFormEntry);
+    mCallbackInfo->Current = NULL;
   }
   //
   // Allocate space for creation of Buffer
   //
 
-- 
1.9.5.msysgit.1