From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <star.zeng@intel.com>
Received: from mga14.intel.com (mga14.intel.com [192.55.52.115])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (No client certificate requested)
 by ml01.01.org (Postfix) with ESMTPS id 5E12A21D490F1
 for <edk2-devel@lists.01.org>; Thu, 10 Aug 2017 20:32:17 -0700 (PDT)
Received: from orsmga001.jf.intel.com ([10.7.209.18])
 by fmsmga103.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384;
 10 Aug 2017 20:34:37 -0700
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.41,356,1498546800"; d="scan'208";a="1161532495"
Received: from shwdeopenpsi068.ccr.corp.intel.com ([10.239.9.12])
 by orsmga001.jf.intel.com with ESMTP; 10 Aug 2017 20:34:36 -0700
From: Star Zeng <star.zeng@intel.com>
To: edk2-devel@lists.01.org
Cc: Star Zeng <star.zeng@intel.com>, Liming Gao <liming.gao@intel.com>,
 Andrew Fish <afish@apple.com>
Date: Fri, 11 Aug 2017 11:34:32 +0800
Message-Id: <1502422473-94884-2-git-send-email-star.zeng@intel.com>
X-Mailer: git-send-email 2.7.0.windows.1
In-Reply-To: <1502422473-94884-1-git-send-email-star.zeng@intel.com>
References: <1502422473-94884-1-git-send-email-star.zeng@intel.com>
Subject: [PATCH 1/2] MdeModulePkg DxeCore: Fix double free pages on LoadImage failure path
X-BeenThere: edk2-devel@lists.01.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: EDK II Development  <edk2-devel.lists.01.org>
List-Unsubscribe: <https://lists.01.org/mailman/options/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=unsubscribe>
List-Archive: <http://lists.01.org/pipermail/edk2-devel/>
List-Post: <mailto:edk2-devel@lists.01.org>
List-Help: <mailto:edk2-devel-request@lists.01.org?subject=help>
List-Subscribe: <https://lists.01.org/mailman/listinfo/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=subscribe>
X-List-Received-Date: Fri, 11 Aug 2017 03:32:17 -0000

https://bugzilla.tianocore.org/show_bug.cgi?id=667
reported there is double free pages on LoadImage failure path.

CoreLoadPeImage()
...
  return EFI_SUCCESS;

Done:

  //
  // Free memory.
  //
  if (DstBufAlocated) {
    CoreFreePages (Image->ImageContext.ImageAddress, Image->NumberOfPages);
  }
...

CoreUnloadAndCloseImage()
...
  if ((Image->ImageBasePage != 0) && FreePage) {
    CoreFreePages (Image->ImageBasePage, Image->NumberOfPages);
  }
...

This patch is to follow the suggestion at
https://lists.01.org/pipermail/edk2-devel/2017-August/013112.html
to set Image->ImageContext.ImageAddress and Image->ImageBasePage to 0
after the free in CoreLoadPeImage().

Cc: Liming Gao <liming.gao@intel.com>
Cc: Andrew Fish <afish@apple.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Star Zeng <star.zeng@intel.com>
---
 MdeModulePkg/Core/Dxe/Image/Image.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/MdeModulePkg/Core/Dxe/Image/Image.c b/MdeModulePkg/Core/Dxe/Image/Image.c
index 03e979a60409..4e22aa6dc7e3 100644
--- a/MdeModulePkg/Core/Dxe/Image/Image.c
+++ b/MdeModulePkg/Core/Dxe/Image/Image.c
@@ -788,6 +788,8 @@ Done:
 
   if (DstBufAlocated) {
     CoreFreePages (Image->ImageContext.ImageAddress, Image->NumberOfPages);
+    Image->ImageContext.ImageAddress = 0;
+    Image->ImageBasePage = 0;
   }
 
   if (Image->ImageContext.FixupData != NULL) {
-- 
2.7.0.windows.1