The bug is caused by using already freed memory. If there is already an attempt and execute 'reconnect -r' command, all the AttemptConfig structure will be freed, but the mCallbackInfo->Current is not configured as null and this pointer will be used again in IScsiFormExtractConfig.
Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Zhang Lubo <lubo.zh...@intel.com> Cc: Fu Siyuan <siyuan...@intel.com> Cc: Ye Ting <ting...@intel.com> Cc: Wu Jiaxin <jiaxin...@intel.com> --- NetworkPkg/IScsiDxe/IScsiMisc.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/NetworkPkg/IScsiDxe/IScsiMisc.c b/NetworkPkg/IScsiDxe/IScsiMisc.c index deebf5d..a39c268 100644 --- a/NetworkPkg/IScsiDxe/IScsiMisc.c +++ b/NetworkPkg/IScsiDxe/IScsiMisc.c @@ -898,10 +898,12 @@ IScsiCleanDriverData ( EXIT: gBS->CloseEvent (Private->ExitBootServiceEvent); + mCallbackInfo->Current = NULL; + FreePool (Private); return Status; } /** -- 1.9.5.msysgit.1 _______________________________________________ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel
