From ce012c04a1b1acaa9546e8cd6c70208bfd6f4cd8 Mon Sep 17 00:00:00 2001
From: Hideto Ueno <uenoku.tokotoko@gmail.com>
Date: Wed, 29 May 2024 16:20:36 +0900
Subject: [PATCH] [FIRRTL][LowerClass] Pre-allocate namespaces before caputring
 refs (#7102)

There has been a lifetime bug that caused an UAF crash. Heaps allocated by DenseMap could be invalided when DenseMap size grows.
---
 lib/Dialect/FIRRTL/Transforms/LowerClasses.cpp | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/lib/Dialect/FIRRTL/Transforms/LowerClasses.cpp b/lib/Dialect/FIRRTL/Transforms/LowerClasses.cpp
index cf375356dd..b78a84f48f 100644
--- a/lib/Dialect/FIRRTL/Transforms/LowerClasses.cpp
+++ b/lib/Dialect/FIRRTL/Transforms/LowerClasses.cpp
@@ -289,6 +289,13 @@ PathTracker::run(CircuitOp circuit, InstanceGraph &instanceGraph,
                  const SymbolTable &symbolTable,
                  const DenseMap<DistinctAttr, FModuleOp> &owningModules) {
   SmallVector<PathTracker> trackers;
+
+  // First allocate module namespaces. Don't capture a namespace reference at
+  // this point since they could be invalidated when DenseMap grows.
+  for (auto *node : instanceGraph)
+    if (auto module = node->getModule<FModuleLike>())
+      (void)namespaces.get(module);
+
   // Prepare workers.
   for (auto *node : instanceGraph)
     if (auto module = node->getModule<FModuleLike>())