Bobby R. Bruce has uploaded this change for review. (
https://gem5-review.googlesource.com/c/public/gem5/+/47239 )
Change subject: mem: Fix use-after-free bug
......................................................................
mem: Fix use-after-free bug
mem_pkt was deleted (via `delete respQueue.front()`) then used in the
following if statement (at `mem_pkt->isDram()`). This patch fixes this
issue.
Issue-on: https://gem5.atlassian.net/browse/GEM5-1009
Change-Id: Iac3b9078ce5acbdd87a0737a2c98ad887459661f
---
M src/mem/mem_ctrl.cc
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/src/mem/mem_ctrl.cc b/src/mem/mem_ctrl.cc
index 8eec9c8..58ccd17 100644
--- a/src/mem/mem_ctrl.cc
+++ b/src/mem/mem_ctrl.cc
@@ -520,7 +520,6 @@
accessAndRespond(mem_pkt->pkt, frontendLatency + backendLatency);
}
- delete respQueue.front();
respQueue.pop_front();
if (!respQueue.empty()) {
@@ -543,6 +542,8 @@
}
}
+ delete mem_pkt;
+
// We have made a location in the queue available at this point,
// so if there is a read that was forced to wait, retry now
if (retryRdReq) {
--
To view, visit https://gem5-review.googlesource.com/c/public/gem5/+/47239
To unsubscribe, or for help writing mail filters, visit
https://gem5-review.googlesource.com/settings
Gerrit-Project: public/gem5
Gerrit-Branch: develop
Gerrit-Change-Id: Iac3b9078ce5acbdd87a0737a2c98ad887459661f
Gerrit-Change-Number: 47239
Gerrit-PatchSet: 1
Gerrit-Owner: Bobby R. Bruce <[email protected]>
Gerrit-MessageType: newchange
_______________________________________________
gem5-dev mailing list -- [email protected]
To unsubscribe send an email to [email protected]
%(web_page_url)slistinfo%(cgiext)s/%(_internal_name)s
