The bug is caused by using already freed memory. If there is already an attempt and execute 'reconnect -r' command, all the AttemptConfig structure will be freed, but the mCallbackInfo->Current is not configured as null and this pointer will be used again in IScsiFormExtractConfig.
Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Zhang Lubo <[email protected]> Cc: Fu Siyuan <[email protected]> Cc: Ye Ting <[email protected]> Cc: Wu Jiaxin <[email protected]> --- NetworkPkg/IScsiDxe/IScsiMisc.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/NetworkPkg/IScsiDxe/IScsiMisc.c b/NetworkPkg/IScsiDxe/IScsiMisc.c index deebf5d..a39c268 100644 --- a/NetworkPkg/IScsiDxe/IScsiMisc.c +++ b/NetworkPkg/IScsiDxe/IScsiMisc.c @@ -898,10 +898,12 @@ IScsiCleanDriverData ( EXIT: gBS->CloseEvent (Private->ExitBootServiceEvent); + mCallbackInfo->Current = NULL; + FreePool (Private); return Status; } /** -- 1.9.5.msysgit.1 _______________________________________________ edk2-devel mailing list [email protected] https://lists.01.org/mailman/listinfo/edk2-devel
