Fix dereference after free when MEM_DEBUG_MSG is enabled

174 (Local) /__w/fpga-runtime-for-opencl/fpga-runtime-for-opencl/src/acl_mem.cpp:4479 UFM.DEREF.MIGHT (1:Critical) Analyze Object 'block_allocation' was dereferenced at line 4479 after being freed by calling 'acl_delete<acl_block_allocation_t>' at line 4475 * acl_mem.cpp:4450: block_allocation==nullptr is false * acl_mem.cpp:4456: mem->reserved_allocations[physical_device_id] .size() >target_mem_id is true * acl_mem.cpp:4457: mem->reserved_allocations[physical_device_id] [target_mem_id] ==0 is true * acl_mem.cpp:4458: mem->reserved_allocations_count[physical_device_id] [target_mem_id] ==0 is true * acl_mem.cpp:4470: result is false * acl_mem.cpp:4475: 'block_allocation' is freed by calling 'acl_delete<acl_block_allocation_t>'. * acl_support.h:31: Tracking 't'. * acl_support.h:31: 't' is freed by calling 'delete'. * acl_mem.cpp:4479: Freed pointer 'block_allocation' is used by calling 'printf'. Signed-off-by: Peter Colberg <peter.colberg@intel.com>
intel · Apr 21, 2022 · 19ea29d · 19ea29d
1 parent df5aa45
commit 19ea29d
Showing 1 changed file with 6 additions and 5 deletions.
diff --git a/src/acl_mem.cpp b/src/acl_mem.cpp
@@ -4467,14 +4467,15 @@ cl_int acl_reserve_buffer_block(cl_mem mem, acl_mem_region_t *region,
     result = copy_image_metadata(mem);
   }
 
-  if (result) {
-    mem->reserved_allocations[physical_device_id][target_mem_id] =
-        block_allocation;
-    block_allocation->mem_obj = mem;
-  } else {
+  if (!result) {
     acl_delete(block_allocation);
+    return result;
   }
 
+  mem->reserved_allocations[physical_device_id][target_mem_id] =
+      block_allocation;
+  block_allocation->mem_obj = mem;
+
 #ifdef MEM_DEBUG_MSG
   printf("acl_reserve_buffer_block finished block_allocation:%zx, range:%zx - "
          "%zx \n",