openpower-pels: repository: fix use-after-free
ERROR: AddressSanitizer: heap-use-after-free
READ of size 4 at 0x60b0000007f0 thread T0
#0 0x55b0e3e2740e in openpower::pels::Repository::remove(
openpower::pels::Repository::LogID const&)
../extensions/openpower-pels/repository.cpp:228
This is caused by using an element out of a vector after it has
already been erased. Modify function to avoid stale use.
Signed-off-by: Patrick Williams <patrick@stwcx.xyz>
Change-Id: I91a66a0fe45b82439cbe6c8c66463075b50aa953
diff --git a/extensions/openpower-pels/repository.cpp b/extensions/openpower-pels/repository.cpp
index 1ab774a..fd5c238 100644
--- a/extensions/openpower-pels/repository.cpp
+++ b/extensions/openpower-pels/repository.cpp
@@ -211,23 +211,23 @@
std::optional<Repository::LogID> Repository::remove(const LogID& id)
{
- std::optional<LogID> actualID;
-
auto pel = findPEL(id);
- if (pel != _pelAttributes.end())
+ if (pel == _pelAttributes.end())
{
- actualID = pel->first;
- updateRepoStats(pel->second, false);
-
- log<level::DEBUG>("Removing PEL from repository",
- entry("PEL_ID=0x%X", pel->first.pelID.id),
- entry("OBMC_LOG_ID=%d", pel->first.obmcID.id));
- fs::remove(pel->second.path);
- _pelAttributes.erase(pel);
-
- processDeleteCallbacks(pel->first.pelID.id);
+ return std::nullopt;
}
+ LogID actualID = pel->first;
+ updateRepoStats(pel->second, false);
+
+ log<level::DEBUG>("Removing PEL from repository",
+ entry("PEL_ID=0x%X", actualID.pelID.id),
+ entry("OBMC_LOG_ID=%d", actualID.obmcID.id));
+ fs::remove(pel->second.path);
+ _pelAttributes.erase(pel);
+
+ processDeleteCallbacks(actualID.pelID.id);
+
return actualID;
}