From 57f6eb6cc35249e29b477270d4a2f1621de38614 Mon Sep 17 00:00:00 2001
From: jmolloy <jmolloy@google.com>
Date: Fri, 10 Jan 2025 16:42:57 +0000
Subject: [PATCH] [liberty] Fix use-before-free bug

Before this change, findTableTemplate captured `name` always. This caused a segfault
when LibertyReader::beginTable calls it with `template_name`:

  const char *template_name = group->firstName();
  if (library_ && template_name) {
    tbl_template_ = library_->findTableTemplate(template_name, type);

This pointer is owned by the group and is freed when we hit sta::libertyGroupEnd.

Ensure that findTableTemplate does not capture `name` by using findKey.
---
 liberty/Liberty.cc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/liberty/Liberty.cc b/liberty/Liberty.cc
index d03e4a5b..a1bf89bf 100644
--- a/liberty/Liberty.cc
+++ b/liberty/Liberty.cc
@@ -219,7 +219,7 @@ TableTemplate *
 LibertyLibrary::findTableTemplate(const char *name,
 				  TableTemplateType type)
 {
-  return template_maps_[int(type)][name];
+  return template_maps_[int(type)].findKey(name);
 }
 
 TableTemplateSeq