QuarkSocPkg/QNCSmmDispatcher: Fix use after free issue #2

As part of commit 5f82e02, ActiveRecordInDb was introduced as a copy
of RecordInDb as latter may be freed by the callback function. This
commit replaces an access of RecordInDb after the callback function
has been executed with an access to ActiveRecordInDb.

Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Kelly Steele <kelly.steele@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Marvin Haeuser <Marvin.Haeuser@outlook.com>
Reviewed-by: Michael D Kinney <michael.d.kinney@intel.com>

1 files changed, 2 insertions, 2 deletions

diff --git a/QuarkSocPkg/QuarkNorthCluster/Smm/DxeSmm/QncSmmDispatcher/QNCSmmCore.c b/QuarkSocPkg/QuarkNorthCluster/Smm/DxeSmm/QncSmmDispatcher/QNCSmmCore.c
index c2f75f8664..a887bb86b6 100644
--- a/QuarkSocPkg/QuarkNorthCluster/Smm/DxeSmm/QncSmmDispatcher/QNCSmmCore.c
+++ b/QuarkSocPkg/QuarkNorthCluster/Smm/DxeSmm/QncSmmDispatcher/QNCSmmCore.c
@@ -2,7 +2,7 @@
 This driver is responsible for the registration of child drivers

 and the abstraction of the QNC SMI sources.

 

-Copyright (c) 2013-2016 Intel Corporation.

+Copyright (c) 2013-2017 Intel Corporation.

 

 This program and the accompanying materials

 are licensed and made available under the terms and conditions of the BSD License

@@ -758,7 +758,7 @@ QNCSmmCoreDispatcher (
             }

           }

 

-          if (RecordInDb->ClearSource == NULL) {

+          if (ActiveRecordInDb.ClearSource == NULL) {

             //

             // Clear the SMI associated w/ the source using the default function

             //