From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mga11.intel.com (mga11.intel.com [192.55.52.93]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id BEE5321CFA5F3 for ; Wed, 16 Aug 2017 19:38:52 -0700 (PDT) Received: from fmsmga003.fm.intel.com ([10.253.24.29]) by fmsmga102.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 16 Aug 2017 19:41:18 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.41,385,1498546800"; d="scan'208";a="890880805" Received: from orsmsx104.amr.corp.intel.com ([10.22.225.131]) by FMSMGA003.fm.intel.com with ESMTP; 16 Aug 2017 19:41:18 -0700 Received: from orsmsx159.amr.corp.intel.com (10.22.240.24) by ORSMSX104.amr.corp.intel.com (10.22.225.131) with Microsoft SMTP Server (TLS) id 14.3.319.2; Wed, 16 Aug 2017 19:41:17 -0700 Received: from orsmsx113.amr.corp.intel.com ([169.254.9.211]) by ORSMSX159.amr.corp.intel.com ([169.254.11.123]) with mapi id 14.03.0319.002; Wed, 16 Aug 2017 19:41:17 -0700 From: "Kinney, Michael D" To: =?iso-8859-1?Q?Marvin_H=E4user?= , "edk2-devel@lists.01.org" , "Kinney, Michael D" Thread-Topic: [PATCH] QuarkSocPkg/QNCSmmDispatcher: Fix use after free issue #2 Thread-Index: AQHTAeg1Y1tBU15ZqkC99KszhPUwAKKIAHwA Date: Thu, 17 Aug 2017 02:41:17 +0000 Message-ID: References: In-Reply-To: Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: dlp-product: dlpe-windows dlp-version: 10.0.102.7 dlp-reaction: no-action x-originating-ip: [10.22.254.138] MIME-Version: 1.0 Subject: Re: [PATCH] QuarkSocPkg/QNCSmmDispatcher: Fix use after free issue #2 X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 17 Aug 2017 02:38:53 -0000 Content-Language: en-US Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Marvin, Thanks for the fix! Reviewed-by: Michael D Kinney I will push shortly. Mike > -----Original Message----- > From: Marvin H=E4user [mailto:Marvin.Haeuser@outlook.com] > Sent: Thursday, July 20, 2017 11:12 PM > To: edk2-devel@lists.01.org > Cc: Kinney, Michael D ; Steele, > Kelly > Subject: [PATCH] QuarkSocPkg/QNCSmmDispatcher: Fix use after > free issue #2 >=20 > As part of commit 5f82e02, ActiveRecordInDb was introduced as > a copy > of RecordInDb as latter may be freed by the callback function. > This > commit replaces an access of RecordInDb after the callback > function > has been executed with an access to ActiveRecordInDb. >=20 > Contributed-under: TianoCore Contribution Agreement 1.1 > Signed-off-by: Marvin Haeuser > --- >=20 > QuarkSocPkg/QuarkNorthCluster/Smm/DxeSmm/QncSmmDispatcher/QNCS > mmCore.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) >=20 > diff --git > a/QuarkSocPkg/QuarkNorthCluster/Smm/DxeSmm/QncSmmDispatcher/QN > CSmmCore.c > b/QuarkSocPkg/QuarkNorthCluster/Smm/DxeSmm/QncSmmDispatcher/QN > CSmmCore.c > index c2f75f86647a..29ad5f493466 100644 > --- > a/QuarkSocPkg/QuarkNorthCluster/Smm/DxeSmm/QncSmmDispatcher/QN > CSmmCore.c > +++ > b/QuarkSocPkg/QuarkNorthCluster/Smm/DxeSmm/QncSmmDispatcher/QN > CSmmCore.c > @@ -758,7 +758,7 @@ QNCSmmCoreDispatcher ( > } > } >=20 > - if (RecordInDb->ClearSource =3D=3D NULL) { > + if (ActiveRecordInDb.ClearSource =3D=3D NULL) { > // > // Clear the SMI associated w/ the source using > the default function > // > -- > 2.12.2.windows.2