Fix use-after-free error in allocator

GCC 12 flags this as an error due to realloc followed by IREE_TRACE_FREE. Using the pointer even without dereferencing it after the realloc is undefined behavior.
nod-ai · Aug 21, 2023 · 8b1fdd7 · 8b1fdd7
1 parent 845b6bd
commit 8b1fdd7
Showing 1 changed file with 4 additions and 4 deletions.
diff --git a/runtime/src/iree/base/allocator.c b/runtime/src/iree/base/allocator.c
@@ -96,9 +96,12 @@ static iree_status_t iree_allocator_system_alloc(
 
   void* new_ptr = NULL;
   if (existing_ptr && command == IREE_ALLOCATOR_COMMAND_REALLOC) {
+    // This will erroneusly trace the free if the realloc fails.
+    // It can't be after it because it may trigger use-after-free error on
+    // GCC 12.
+    IREE_TRACE_FREE(existing_ptr);
     new_ptr = realloc(existing_ptr, byte_length);
   } else {
-    existing_ptr = NULL;
     if (command == IREE_ALLOCATOR_COMMAND_CALLOC) {
       new_ptr = calloc(1, byte_length);
     } else {
@@ -110,9 +113,6 @@ static iree_status_t iree_allocator_system_alloc(
                             "system allocator failed the request");
   }
 
-  if (existing_ptr) {
-    IREE_TRACE_FREE(existing_ptr);
-  }
   IREE_TRACE_ALLOC(new_ptr, byte_length);
 
   *inout_ptr = new_ptr;