Possible use-after-free when handler is destroyed before operation completes? #26
Assignees
Labels
bug
Something isn't working
Comments
|
Hi @igchor, it is a valid concern and you understanding is correct, thanks for bringing this issue! |
|
Just FYI, the documentation was updated to reflect this limitation. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Consider the following code:
{ auto h = dml::submit<path>(...); }The handler returned from submit may be destroyed before the operation completes. I don't see any mention in the documentation that the handler should be kept alive until the operation completes, so I would assume this code is valid.
However, I believe this can cause use-after-free in the hardware path since DML will try to write the completion status to the descriptor (which, if I understand correctly, is owned by the handler). Possibly the same is true for C API and dml_finalize_job().
Is my understanding correct or this is already handled by the DML somehow? If not, I think the best way to avoid this would be to wait for the operation to complete inside the handler destructor.
The text was updated successfully, but these errors were encountered: