QuarkSocPkg/QNCSmmDispatcher: Fix use after free issue #2

As part of commit 5f82e02, ActiveRecordInDb was introduced as a copy
of RecordInDb as latter may be freed by the callback function. This
commit replaces an access of RecordInDb after the callback function
has been executed with an access to ActiveRecordInDb.

Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Kelly Steele <kelly.steele@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Marvin Haeuser <Marvin.Haeuser@outlook.com>
Reviewed-by: Michael D Kinney <michael.d.kinney@intel.com>

diff --git a/QuarkSocPkg/QuarkNorthCluster/Smm/DxeSmm/QncSmmDispatcher/QNCSmmCore.c b/QuarkSocPkg/QuarkNorthCluster/Smm/DxeSmm/QncSmmDispatcher/QNCSmmCore.c
index c2f75f86647ad4334ebfff2230dc68c559483132..a887bb86b6df5d2d528fda9aa99635b607fce75b 100644 (file)
--- a/QuarkSocPkg/QuarkNorthCluster/Smm/DxeSmm/QncSmmDispatcher/QNCSmmCore.c
+++ b/QuarkSocPkg/QuarkNorthCluster/Smm/DxeSmm/QncSmmDispatcher/QNCSmmCore.c
@@ -2,7 +2,7 @@
 This driver is responsible for the registration of child drivers\r
 and the abstraction of the QNC SMI sources.\r
 \r
-Copyright (c) 2013-2016 Intel Corporation.\r
+Copyright (c) 2013-2017 Intel Corporation.\r
 \r
 This program and the accompanying materials\r
 are licensed and made available under the terms and conditions of the BSD License\r
@@ -758,7 +758,7 @@ QNCSmmCoreDispatcher (
             }\r
           }\r
 \r
-          if (RecordInDb->ClearSource == NULL) {\r
+          if (ActiveRecordInDb.ClearSource == NULL) {\r
             //\r
             // Clear the SMI associated w/ the source using the default function\r
             //\r