luke
/
OpenSTA
mirror of https://github.com/The-OpenROAD-Project/OpenSTA.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

[liberty] Fix use-before-free bug (#170) 

Before this change, findTableTemplate captured `name` always. This caused a segfault
when LibertyReader::beginTable calls it with `template_name`:

  const char *template_name = group->firstName();
  if (library_ && template_name) {
    tbl_template_ = library_->findTableTemplate(template_name, type);

This pointer is owned by the group and is freed when we hit sta::libertyGroupEnd.

Ensure that findTableTemplate does not capture `name` by using findKey.

Co-authored-by: jmolloy <jmolloy@google.com>
This commit is contained in:
James Molloy 2025-01-11 17:03:53 +00:00 committed by GitHub
parent c8e8661050
commit 7fbe386d35
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
liberty/Liberty.cc
View File

@ -219,7 +219,7 @@ TableTemplate *
LibertyLibrary::findTableTemplate(const char *name,
TableTemplateType type)
{
return template_maps_[int(type)][name];
return template_maps_[int(type)].findKey(name);
}
TableTemplateSeq