From: StefanBruens <stefan.bruens@rwth-aachen.de>
Date: Tue, 22 Dec 2020 02:23:42 +0000 (+0100)
Subject: Fix use-after-free in LUT opt pass
X-Git-Tag: working-ls180~152^2
X-Git-Url: https://git.libre-soc.org/?a=commitdiff_plain;h=9396678db4f0e32192e73697c012d25432d602ca;p=yosys.git

Fix use-after-free in LUT opt pass

RTLIL::Module::remove(Cell* cell) calls `delete cell`.

Any subsequent accesses of `cell` then causes undefined behavior.
---

diff --git a/passes/opt/opt_lut.cc b/passes/opt/opt_lut.cc
index 07a91af8a..623101016 100644
--- a/passes/opt/opt_lut.cc
+++ b/passes/opt/opt_lut.cc
@@ -277,12 +277,13 @@ struct OptLutWorker
 					module->connect(lut_output, value);
 					sigmap.add(lut_output, value);
 
-					module->remove(lut);
 					luts.erase(lut);
 					luts_arity.erase(lut);
 					luts_dlogics.erase(lut);
 					luts_dlogic_inputs.erase(lut);
 
+					module->remove(lut);
+					
 					eliminated_count++;
 					if (limit > 0)
 						limit--;
@@ -493,11 +494,12 @@ struct OptLutWorker
 					luts_arity[lutM] = lutM_arity;
 					luts.erase(lutR);
 					luts_arity.erase(lutR);
-					lutR->module->remove(lutR);
 
 					worklist.insert(lutM);
 					worklist.erase(lutR);
 
+					lutR->module->remove(lutR);
+
 					combined_count++;
 					if (limit > 0)
 						limit--;