Fix use-after-free in LUT opt pass

RTLIL::Module::remove(Cell* cell) calls `delete cell`.

Any subsequent accesses of `cell` then causes undefined behavior.

diff --git a/passes/opt/opt_lut.cc b/passes/opt/opt_lut.cc
index 07a91af8a1114831c00dc46741e93b1b08d30c3c..62310101645edb288682e6b9456b2eae6afe194b 100644 (file)
--- a/passes/opt/opt_lut.cc
+++ b/passes/opt/opt_lut.cc
@@ -277,12 +277,13 @@ struct OptLutWorker
                                        module->connect(lut_output, value);
                                        sigmap.add(lut_output, value);
 
-                                       module->remove(lut);
                                        luts.erase(lut);
                                        luts_arity.erase(lut);
                                        luts_dlogics.erase(lut);
                                        luts_dlogic_inputs.erase(lut);
 
+                                       module->remove(lut);
+                                       
                                        eliminated_count++;
                                        if (limit > 0)
                                                limit--;
@@ -493,11 +494,12 @@ struct OptLutWorker
                                        luts_arity[lutM] = lutM_arity;
                                        luts.erase(lutR);
                                        luts_arity.erase(lutR);
-                                       lutR->module->remove(lutR);
 
                                        worklist.insert(lutM);
                                        worklist.erase(lutR);
 
+                                       lutR->module->remove(lutR);
+
                                        combined_count++;
                                        if (limit > 0)
                                                limit--;