From 6027c6bc99e1baddff6901db3c5ddde3e53e47df Mon Sep 17 00:00:00 2001 From: "Kenneth Benzie (Benie)" Date: Thu, 11 Apr 2024 12:20:35 +0100 Subject: [PATCH] Fix Coverity wrapper escape issue Issue was introduced in #1220 where a new allocation is created in a `std::unique_ptr` to enable buffer mapping. The `.get()` member function is called before the `std::unique_ptr` is passed into the `BufferMem` constructor. However, move semantics were not being explicitly followed. The `BufferMem` constructor was taking the `std::unique_ptr` by l-value refernece, then calling `std::move()` on it. This triggered a wrapper-escape, use-after-free defect in Coverity. This fix is to explicitly `std::move()` the `std::unique_ptr` into the `BufferMem` constructor, and also update the `BufferMem` constructor to take an r-value reference instead of an l-value reference. --- source/adapters/cuda/memory.hpp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/source/adapters/cuda/memory.hpp b/source/adapters/cuda/memory.hpp index b727fc1551..3f09552038 100644 --- a/source/adapters/cuda/memory.hpp +++ b/source/adapters/cuda/memory.hpp @@ -34,7 +34,7 @@ struct BufferMem { MapMem(nullptr) {} BufferMap(size_t MapSize, size_t MapOffset, ur_map_flags_t MapFlags, - std::unique_ptr &MapMem) + std::unique_ptr &&MapMem) : MapSize(MapSize), MapOffset(MapOffset), MapFlags(MapFlags), MapMem(std::move(MapMem)) {} @@ -105,7 +105,7 @@ struct BufferMem { auto MapMem = std::make_unique(MapSize); MapPtr = MapMem.get(); PtrToBufferMap.insert( - {MapPtr, BufferMap(MapSize, MapOffset, MapFlags, MapMem)}); + {MapPtr, BufferMap(MapSize, MapOffset, MapFlags, std::move(MapMem))}); } else { /// However, if HostPtr already has valid memory (e.g. pinned allocation), /// we can just use that memory for the mapping.