From: Marvin H?user <Marvin.Haeuser@outlook.com>
Date: Fri, 21 Jul 2017 06:11:37 +0000 (-0700)
Subject: QuarkSocPkg/QNCSmmDispatcher: Fix use after free issue #2
X-Git-Tag: edk2-stable201903~3617
X-Git-Url: https://git.proxmox.com/?a=commitdiff_plain;h=4e33ff75d9dccd3a59f70eeeaff9e3208426f63e;p=mirror_edk2.git

QuarkSocPkg/QNCSmmDispatcher: Fix use after free issue #2

As part of commit 5f82e02, ActiveRecordInDb was introduced as a copy
of RecordInDb as latter may be freed by the callback function. This
commit replaces an access of RecordInDb after the callback function
has been executed with an access to ActiveRecordInDb.

Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Kelly Steele <kelly.steele@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Marvin Haeuser <Marvin.Haeuser@outlook.com>
Reviewed-by: Michael D Kinney <michael.d.kinney@intel.com>
---

diff --git a/QuarkSocPkg/QuarkNorthCluster/Smm/DxeSmm/QncSmmDispatcher/QNCSmmCore.c b/QuarkSocPkg/QuarkNorthCluster/Smm/DxeSmm/QncSmmDispatcher/QNCSmmCore.c
index c2f75f8664..a887bb86b6 100644
--- a/QuarkSocPkg/QuarkNorthCluster/Smm/DxeSmm/QncSmmDispatcher/QNCSmmCore.c
+++ b/QuarkSocPkg/QuarkNorthCluster/Smm/DxeSmm/QncSmmDispatcher/QNCSmmCore.c
@@ -2,7 +2,7 @@
 This driver is responsible for the registration of child drivers
 and the abstraction of the QNC SMI sources.
 
-Copyright (c) 2013-2016 Intel Corporation.
+Copyright (c) 2013-2017 Intel Corporation.
 
 This program and the accompanying materials
 are licensed and made available under the terms and conditions of the BSD License
@@ -758,7 +758,7 @@ QNCSmmCoreDispatcher (
             }
           }
 
-          if (RecordInDb->ClearSource == NULL) {
+          if (ActiveRecordInDb.ClearSource == NULL) {
             //
             // Clear the SMI associated w/ the source using the default function
             //