[lldb-dev] Invalid iterator dereference in TypeMap::ForEach when it's invoked with TypeMaptoList callback

Greg Clayton via lldb-dev lldb-dev at lists.llvm.org
Thu Nov 19 15:13:43 PST 2015 

I fixed this:

% svn commit
Sending        include/lldb/Symbol/TypeMap.h
Sending        source/Symbol/SymbolContext.cpp
Sending        source/Symbol/TypeMap.cpp
Transmitting file data ...
Committed revision 253618.


> On Nov 18, 2015, at 12:54 AM, Ravitheja Addepally via lldb-dev <lldb-dev at lists.llvm.org> wrote:
> 
> Hello,
>      Pavel- my question is how do we solve it ? should Mikhail log a bug ? for this issue 
> 
> BR,
> A Ravi Theja
> 
> On Tue, Nov 17, 2015 at 10:42 AM, Ravitheja Addepally <ravithejawork at gmail.com> wrote:
> Hello,
> 
>                 Yeah you are right Mikhail, thanks for pointing it out, I must ask, is there any bug already logged for this issue ?
> 
> Ravi
> 
> 
> On Mon, Nov 16, 2015 at 5:24 PM, Mikhail Filimonov via lldb-dev <lldb-dev at lists.llvm.org> wrote:
> Hi guys and thank you for the excellent community project!
> 
>  
> 
> Recently I’ve stumbled on a pesky, but trivial Invalid iterator dereference bug in SymbolContext and TypeMap implementations at revisions
> 
> https://github.com/llvm-mirror/lldb/blob/e528da256d14ecac7df858462b44dca931879509/source/Symbol/SymbolContext.cpp#L823
> 
> and
> 
> https://github.com/llvm-mirror/lldb/blob/5ac1fc5bc961688505334395598a2bb174eabd3b/source/Symbol/TypeMap.cpp#L172
> 
>  
> 
> From the code below it is obvious that TypeMap::ForEach calls the pre-increment operator on m_types iterator right after it has been invalidated by m_types.erase
> 
>  
> 
> SymbolContext::SortTypeList(TypeMap &type_map, TypeList &type_list ) const
> 
> {
> 
>         TypeMaptoList callbackM2L (type_map, type_list);
> 
>         type_map.ForEach(callbackM2L);
> 
>                 return ;
> 
> }
> 
>  
> 
> void
> 
> TypeMap::ForEach (std::function <bool(lldb::TypeSP &type_sp)> const &callback)
> 
> {
> 
>     for (auto pos = m_types.begin(), end = m_types.end(); pos != end; ++pos)
> 
>     {
> 
>         if (!callback(pos->second))
> 
>             break;
> 
>     }
> 
> }
> 
>  
> 
> bool
> 
> TypeMap::RemoveTypeWithUID (user_id_t uid)
> 
> {
> 
>     iterator pos = m_types.find(uid);
> 
>    
> 
>     if (pos != m_types.end())
> 
>     {
> 
>         m_types.erase(pos);
> 
>         return true;
> 
>     }
> 
>     return false;
> 
> }
> 
>  
> 
> class TypeMaptoList
> 
> {
> 
> public:
> 
>     TypeMaptoList(TypeMap &typem, TypeList &typel) :
> 
>         type_map(typem),type_list(typel)
> 
>     {
> 
>     }
> 
>  
> 
>     bool
> 
>     operator() (const lldb::TypeSP& type)
> 
>     {
> 
>         if(type)
> 
>         {
> 
>             type_list.Insert(type);
> 
>             type_map.RemoveTypeWithUID(type->GetID());
> 
>             if (type_map.Empty())
> 
>                 return false;
> 
>         }
> 
>         return true;
> 
>     }
> 
>  
> 
> private:
> 
>     TypeMap &type_map;
> 
>     TypeList &type_list;
> 
> };
> 
>  
> 
> Regards,
> 
> Mikhail Filimonov
> 
>  
> 
>  
> 
>  
> 
> This email message is for the sole use of the intended recipient(s) and may contain confidential information.  Any unauthorized review, use, disclosure or distribution is prohibited.  If you are not the intended recipient, please contact the sender by reply email and destroy all copies of the original message.
> 
> _______________________________________________
> lldb-dev mailing list
> lldb-dev at lists.llvm.org
> http://lists.llvm.org/cgi-bin/mailman/listinfo/lldb-dev
> 
> 
> 
> _______________________________________________
> lldb-dev mailing list
> lldb-dev at lists.llvm.org
> http://lists.llvm.org/cgi-bin/mailman/listinfo/lldb-dev

More information about the lldb-dev mailing list