From 3aa10e90ba1d57e4d01c199396a52fbd1a66fa7e Mon Sep 17 00:00:00 2001 From: Xiretza Date: Mon, 15 Mar 2021 15:55:18 +0100 Subject: modtools: fix use-after-free of cell pointers in ModWalker cell_inputs and cell_outputs retain cell pointers as their keys across invocations of setup(), which may however be invalidated in the meantime (as happens in e.g. passes/opt/share.cc:1432). A later rehash of the dicts (caused by inserting in ModWalker::add_wire()) will cause them to be dereferenced. --- kernel/modtools.h | 2 ++ 1 file changed, 2 insertions(+) diff --git a/kernel/modtools.h b/kernel/modtools.h index 29c510059..3af5367b1 100644 --- a/kernel/modtools.h +++ b/kernel/modtools.h @@ -395,6 +395,8 @@ struct ModWalker signal_consumers.clear(); signal_inputs.clear(); signal_outputs.clear(); + cell_inputs.clear(); + cell_outputs.clear(); for (auto &it : module->wires_) add_wire(it.second); -- cgit v1.2.3