[lldb-dev] Invalid iterator dereference in TypeMap::ForEach when it's invoked with TypeMaptoList callback

Mon, 16 Nov 2015 08:25:24 -0800 

Hi guys and thank you for the excellent community project!

Recently I've stumbled on a pesky, but trivial Invalid iterator dereference bug 
in SymbolContext and TypeMap implementations at revisions
https://github.com/llvm-mirror/lldb/blob/e528da256d14ecac7df858462b44dca931879509/source/Symbol/SymbolContext.cpp#L823
and
https://github.com/llvm-mirror/lldb/blob/5ac1fc5bc961688505334395598a2bb174eabd3b/source/Symbol/TypeMap.cpp#L172

>From the code below it is obvious that TypeMap::ForEach calls the 
>pre-increment operator on m_types iterator right after it has been invalidated 
>by m_types.erase

SymbolContext::SortTypeList(TypeMap &type_map, TypeList &type_list ) const
{
        TypeMaptoList callbackM2L (type_map, type_list);
        type_map.ForEach(callbackM2L);
                return ;
}

void
TypeMap::ForEach (std::function <bool(lldb::TypeSP &type_sp)> const &callback)
{
    for (auto pos = m_types.begin(), end = m_types.end(); pos != end; ++pos)
    {
        if (!callback(pos->second))
            break;
    }
}

bool
TypeMap::RemoveTypeWithUID (user_id_t uid)
{
    iterator pos = m_types.find(uid);

    if (pos != m_types.end())
    {
        m_types.erase(pos);
        return true;
    }
    return false;
}

class TypeMaptoList
{
public:
    TypeMaptoList(TypeMap &typem, TypeList &typel) :
        type_map(typem),type_list(typel)
    {
    }

    bool
    operator() (const lldb::TypeSP& type)
    {
        if(type)
        {
            type_list.Insert(type);
            type_map.RemoveTypeWithUID(type->GetID());
            if (type_map.Empty())
                return false;
        }
        return true;
    }

private:
    TypeMap &type_map;
    TypeList &type_list;
};

Regards,
Mikhail Filimonov




-----------------------------------------------------------------------------------
This email message is for the sole use of the intended recipient(s) and may 
contain
confidential information.  Any unauthorized review, use, disclosure or 
distribution
is prohibited.  If you are not the intended recipient, please contact the 
sender by
reply email and destroy all copies of the original message.
-----------------------------------------------------------------------------------

_______________________________________________
lldb-dev mailing list
lldb-dev@lists.llvm.org
http://lists.llvm.org/cgi-bin/mailman/listinfo/lldb-dev

Reply via email to