projects / yosys.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: f4298b0)
modtools: fix use-after-free of cell pointers in ModWalker
authorXiretza <xiretza@xiretza.xyz>
Mon, 15 Mar 2021 14:55:18 +0000 (15:55 +0100)
committerMarcelina Koƛcielnicka <mwk@0x04.net>
Thu, 18 Mar 2021 12:50:13 +0000 (13:50 +0100)
cell_inputs and cell_outputs retain cell pointers as their keys across
invocations of setup(), which may however be invalidated in the meantime
(as happens in e.g. passes/opt/share.cc:1432). A later rehash of the
dicts (caused by inserting in ModWalker::add_wire()) will cause them to
be dereferenced.

kernel/modtools.h patch | blob | history

diff --git a/kernel/modtools.h b/kernel/modtools.h
index 29c510059ffc4f5e0220ffdeb6e9bea8eacffe0d..3af5367b177a38feecf792200a73c99a4a1991a8 100644 (file)
--- a/kernel/modtools.h
+++ b/kernel/modtools.h
@@ -395,6 +395,8 @@ struct ModWalker
                signal_consumers.clear();
                signal_inputs.clear();
                signal_outputs.clear();
+               cell_inputs.clear();
+               cell_outputs.clear();
 
                for (auto &it : module->wires_)
                        add_wire(it.second);