Gabe Black has submitted this change. (
https://gem5-review.googlesource.com/c/public/gem5/+/53403 )
Change subject: cpu: In SimpleIndirectPredictor, avoid an accidental
nullptr deref.
......................................................................
cpu: In SimpleIndirectPredictor, avoid an accidental nullptr deref.
The default value of IPredEntry::tag is 0, and if we just blindly
compare the tag we're looking for against this value, we might run into
cases where we match against an uninitialized IPredEntry. In that case,
IPredEntry::target has not been initialized, and if we try to use it in
lookup(...) we'll dereference nullptr and segfault.
To avoid that, we can just add one additional check that makes sure that
not only does the tag of the IPredEntry match, but also that the value
of target is not null, and so the IPredEntry *actually* has tag 0 and
isn't just uninitialized.
Change-Id: I892d0df7c00a0a4cd3ca215fe3a7586ddbca9395
Reviewed-on: https://gem5-review.googlesource.com/c/public/gem5/+/53403
Maintainer: Gabe Black <gabe.bl...@gmail.com>
Reviewed-by: Jason Lowe-Power <power...@gmail.com>
Tested-by: kokoro <noreply+kok...@google.com>
---
M src/cpu/pred/simple_indirect.cc
1 file changed, 27 insertions(+), 1 deletion(-)
Approvals:
Jason Lowe-Power: Looks good to me, approved
Gabe Black: Looks good to me, approved
kokoro: Regressions pass
diff --git a/src/cpu/pred/simple_indirect.cc
b/src/cpu/pred/simple_indirect.cc
index 2a1fc7a..f09cdee 100644
--- a/src/cpu/pred/simple_indirect.cc
+++ b/src/cpu/pred/simple_indirect.cc
@@ -104,7 +104,9 @@
DPRINTF(Indirect, "Looking up %x (set:%d)\n", br_addr, set_index);
const auto &iset = targetCache[set_index];
for (auto way = iset.begin(); way != iset.end(); ++way) {
- if (way->tag == tag) {
+ // tag may be 0 and match the default in way->tag, so we also have
to
+ // check that way->target has been initialized.
+ if (way->tag == tag && way->target) {
DPRINTF(Indirect, "Hit %x (target:%s)\n", br_addr,
*way->target);
set(target, *way->target);
return true;
--
To view, visit https://gem5-review.googlesource.com/c/public/gem5/+/53403
To unsubscribe, or for help writing mail filters, visit
https://gem5-review.googlesource.com/settings
Gerrit-Project: public/gem5
Gerrit-Branch: develop
Gerrit-Change-Id: I892d0df7c00a0a4cd3ca215fe3a7586ddbca9395
Gerrit-Change-Number: 53403
Gerrit-PatchSet: 2
Gerrit-Owner: Gabe Black <gabe.bl...@gmail.com>
Gerrit-Reviewer: Gabe Black <gabe.bl...@gmail.com>
Gerrit-Reviewer: Giacomo Travaglini <giacomo.travagl...@arm.com>
Gerrit-Reviewer: Jason Lowe-Power <ja...@lowepower.com>
Gerrit-Reviewer: Jason Lowe-Power <power...@gmail.com>
Gerrit-Reviewer: kokoro <noreply+kok...@google.com>
Gerrit-MessageType: merged
_______________________________________________
gem5-dev mailing list -- gem5-dev@gem5.org
To unsubscribe send an email to gem5-dev-le...@gem5.org
%(web_page_url)slistinfo%(cgiext)s/%(_internal_name)s
