fix: resolve memory leak in CPU destructors

marius · marius · commit e75c08ebcefb · 2025-11-08T12:52:41.000+01:00
Fix double-delete bug where m_qk was allocated in base class CPU
constructor but deleted in derived class destructors (CPURV32/CPURV64).

Changes:
- Move m_qk deletion from derived class destructors to base class CPU
  destructor where it was originally allocated
- Add null pointer checks before all delete operations in destructors
- Set pointers to nullptr after deletion for safety
- Add comments explaining cleanup responsibility

This fixes:
- Double-delete bug that could cause undefined behavior
- Potential memory leaks from improper cleanup order
- Missing null pointer safety checks

Files modified:
- inc/CPU.h: Changed base class destructor from =default to proper
  implementation
- src/CPU.cpp: Added base class destructor to delete m_qk
- src/RV32.cpp: Removed m_qk deletion, added null checks
- src/RV64.cpp: Removed m_qk deletion, added null checks
diff --git a/inc/CPU.h b/inc/CPU.h
@@ -42,7 +42,7 @@ namespace riscv_tlm {
         CPU& operator=(CPU&& other) noexcept = delete;
 
         /* Destructors */
-        ~CPU() override = default;
+        ~CPU() override;
 
         /**
          * @brief Perform one instruction step
diff --git a/src/CPU.cpp b/src/CPU.cpp
@@ -44,6 +44,13 @@ namespace riscv_tlm {
         dmi_ptr_valid = false;
     }
 
+    CPU::~CPU() {
+        if (m_qk) {
+            delete m_qk;
+            m_qk = nullptr;
+        }
+    }
+
     [[noreturn]] void CPU::CPU_thread() {
 
         while (true) {
diff --git a/src/RV32.cpp b/src/RV32.cpp
@@ -36,13 +36,31 @@ namespace riscv_tlm {
     }
 
     CPURV32::~CPURV32() {
-        delete register_bank;
-        delete mem_intf;
-        delete base_inst;
-        delete c_inst;
-        delete m_inst;
-        delete a_inst;
-        delete m_qk;
+        if (register_bank) {
+            delete register_bank;
+            register_bank = nullptr;
+        }
+        if (mem_intf) {
+            delete mem_intf;
+            mem_intf = nullptr;
+        }
+        if (base_inst) {
+            delete base_inst;
+            base_inst = nullptr;
+        }
+        if (c_inst) {
+            delete c_inst;
+            c_inst = nullptr;
+        }
+        if (m_inst) {
+            delete m_inst;
+            m_inst = nullptr;
+        }
+        if (a_inst) {
+            delete a_inst;
+            a_inst = nullptr;
+        }
+        // m_qk is handled by base class destructor
     }
 
     bool CPURV32::cpu_process_IRQ() {
diff --git a/src/RV64.cpp b/src/RV64.cpp
@@ -34,13 +34,31 @@ namespace riscv_tlm {
     }
 
     CPURV64::~CPURV64() {
-        delete register_bank;
-        delete mem_intf;
-        delete base_inst;
-        delete c_inst;
-        delete m_inst;
-        delete a_inst;
-        delete m_qk;
+        if (register_bank) {
+            delete register_bank;
+            register_bank = nullptr;
+        }
+        if (mem_intf) {
+            delete mem_intf;
+            mem_intf = nullptr;
+        }
+        if (base_inst) {
+            delete base_inst;
+            base_inst = nullptr;
+        }
+        if (c_inst) {
+            delete c_inst;
+            c_inst = nullptr;
+        }
+        if (m_inst) {
+            delete m_inst;
+            m_inst = nullptr;
+        }
+        if (a_inst) {
+            delete a_inst;
+            a_inst = nullptr;
+        }
+        // m_qk is handled by base class destructor
     }
 
     bool CPURV64::cpu_process_IRQ() {
