[gem5-dev] Change in gem5/gem5[develop]: cpu: In SimpleIndirectPredictor, avoid an accidental nullptr deref.

Tue, 30 Nov 2021 03:14:09 -0800

Gabe Black has uploaded this change for review. ( https://gem5-review.googlesource.com/c/public/gem5/+/53403 ) 


Change subject: cpu: In SimpleIndirectPredictor, avoid an accidental  
nullptr deref.

......................................................................

cpu: In SimpleIndirectPredictor, avoid an accidental nullptr deref.

The default value of IPredEntry::tag is 0, and if we just blindly
compare the tag we're looking for against this value, we might run into
cases where we match against an uninitialized IPredEntry. In that case,
IPredEntry::target has not been initialized, and if we try to use it in
lookup(...) we'll dereference nullptr and segfault.

To avoid that, we can just add one additional check that makes sure that
not only does the tag of the IPredEntry match, but also that the value
of target is not null, and so the IPredEntry *actually* has tag 0 and
isn't just uninitialized.

Change-Id: I892d0df7c00a0a4cd3ca215fe3a7586ddbca9395
---
M src/cpu/pred/simple_indirect.cc
1 file changed, 23 insertions(+), 1 deletion(-)




diff --git a/src/cpu/pred/simple_indirect.cc  
b/src/cpu/pred/simple_indirect.cc

index 2a1fc7a..f09cdee 100644
--- a/src/cpu/pred/simple_indirect.cc
+++ b/src/cpu/pred/simple_indirect.cc
@@ -104,7 +104,9 @@
     DPRINTF(Indirect, "Looking up %x (set:%d)\n", br_addr, set_index);
     const auto &iset = targetCache[set_index];
     for (auto way = iset.begin(); way != iset.end(); ++way) {
-        if (way->tag == tag) {

+        // tag may be 0 and match the default in way->tag, so we also have  
to

+        // check that way->target has been initialized.
+        if (way->tag == tag && way->target) {

             DPRINTF(Indirect, "Hit %x (target:%s)\n", br_addr,  
*way->target);

             set(target, *way->target);
             return true;

--
To view, visit https://gem5-review.googlesource.com/c/public/gem5/+/53403

To unsubscribe, or for help writing mail filters, visit  
https://gem5-review.googlesource.com/settings


Gerrit-Project: public/gem5
Gerrit-Branch: develop
Gerrit-Change-Id: I892d0df7c00a0a4cd3ca215fe3a7586ddbca9395
Gerrit-Change-Number: 53403
Gerrit-PatchSet: 1
Gerrit-Owner: Gabe Black <[email protected]>
Gerrit-MessageType: newchange

_______________________________________________
gem5-dev mailing list -- [email protected]
To unsubscribe send an email to [email protected]
%(web_page_url)slistinfo%(cgiext)s/%(_internal_name)s





















					Reply via email to