[lldb-dev] Invalid iterator dereference in TypeMap::ForEach when it's invoked with TypeMaptoList callback

Mikhail Filimonov via lldb-dev lldb-dev at lists.llvm.org
Mon Nov 16 08:24:09 PST 2015 

Hi guys and thank you for the excellent community project!

Recently I've stumbled on a pesky, but trivial Invalid iterator dereference bug in SymbolContext and TypeMap implementations at revisions
https://github.com/llvm-mirror/lldb/blob/e528da256d14ecac7df858462b44dca931879509/source/Symbol/SymbolContext.cpp#L823
and
https://github.com/llvm-mirror/lldb/blob/5ac1fc5bc961688505334395598a2bb174eabd3b/source/Symbol/TypeMap.cpp#L172

>From the code below it is obvious that TypeMap::ForEach calls the pre-increment operator on m_types iterator right after it has been invalidated by m_types.erase

SymbolContext::SortTypeList(TypeMap &type_map, TypeList &type_list ) const
{
        TypeMaptoList callbackM2L (type_map, type_list);
        type_map.ForEach(callbackM2L);
                return ;
}

void
TypeMap::ForEach (std::function <bool(lldb::TypeSP &type_sp)> const &callback)
{
    for (auto pos = m_types.begin(), end = m_types.end(); pos != end; ++pos)
    {
        if (!callback(pos->second))
            break;
    }
}

bool
TypeMap::RemoveTypeWithUID (user_id_t uid)
{
    iterator pos = m_types.find(uid);

    if (pos != m_types.end())
    {
        m_types.erase(pos);
        return true;
    }
    return false;
}

class TypeMaptoList
{
public:
    TypeMaptoList(TypeMap &typem, TypeList &typel) :
        type_map(typem),type_list(typel)
    {
    }

    bool
    operator() (const lldb::TypeSP& type)
    {
        if(type)
        {
            type_list.Insert(type);
            type_map.RemoveTypeWithUID(type->GetID());
            if (type_map.Empty())
                return false;
        }
        return true;
    }

private:
    TypeMap &type_map;
    TypeList &type_list;
};

Regards,
Mikhail Filimonov




-----------------------------------------------------------------------------------
This email message is for the sole use of the intended recipient(s) and may contain
confidential information.  Any unauthorized review, use, disclosure or distribution
is prohibited.  If you are not the intended recipient, please contact the sender by
reply email and destroy all copies of the original message.
-----------------------------------------------------------------------------------
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/lldb-dev/attachments/20151116/2d02ab9e/attachment.html>

More information about the lldb-dev mailing list