From 4f0f2316ed7699e233b362b83c7fbd63c2adf97e Mon Sep 17 00:00:00 2001 From: Samer El-Haj-Mahmoud Date: Fri, 4 Mar 2016 15:18:49 +0800 Subject: [PATCH 1/1] MdeModulePkg: Fix IPv4 double free Fix a possible ASSERT after NBP finishes loading from a PXE boot. Ip4Dxe driver calls Ip4Config2SetPolicy which calls CloseEvent on the Dhcp4Event struct member. After NBP is downloaded, it then calls Ip4Config2CleanInstance which calls CloseEvent again on Dhcp4Event. This double free can cause an ASSERT. When the event is closed, set the event pointer to NULL so the Ip4 code won't call CloseEvent on it again. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Samer El-Haj-Mahmoud Reviewed-by: Ye Ting Reviewed-by: Fu Siyuan --- MdeModulePkg/Universal/Network/Ip4Dxe/Ip4Config2Impl.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/MdeModulePkg/Universal/Network/Ip4Dxe/Ip4Config2Impl.c b/MdeModulePkg/Universal/Network/Ip4Dxe/Ip4Config2Impl.c index 1f763b6bfe..17e0247832 100644 --- a/MdeModulePkg/Universal/Network/Ip4Dxe/Ip4Config2Impl.c +++ b/MdeModulePkg/Universal/Network/Ip4Dxe/Ip4Config2Impl.c @@ -2,7 +2,7 @@ The implementation of EFI IPv4 Configuration II Protocol. Copyright (c) 2015 - 2016, Intel Corporation. All rights reserved.
- (C) Copyright 2015 Hewlett Packard Enterprise Development LP
+ (C) Copyright 2015-2016 Hewlett Packard Enterprise Development LP
This program and the accompanying materials are licensed and made available under the terms and conditions of the BSD License @@ -1194,6 +1194,7 @@ Ip4Config2SetPolicy ( // if (Instance->Dhcp4Event != NULL) { gBS->CloseEvent (Instance->Dhcp4Event); + Instance->Dhcp4Event = NULL; } } } @@ -1997,6 +1998,7 @@ Ip4Config2CleanInstance ( // if (Instance->Dhcp4Event != NULL) { gBS->CloseEvent (Instance->Dhcp4Event); + Instance->Dhcp4Event = NULL; } for (Index = 0; Index < Ip4Config2DataTypeMaximum; Index++) { -- 2.39.2