[lldb-dev] Invalid iterator dereference in TypeMap::ForEach when it's invoked with TypeMaptoList callback

Ravitheja Addepally via lldb-dev lldb-dev at lists.llvm.org
Tue Nov 17 01:42:38 PST 2015 

Hello,

                Yeah you are right Mikhail, thanks for pointing it out, I
must ask, is there any bug already logged for this issue ?

Ravi

On Mon, Nov 16, 2015 at 5:24 PM, Mikhail Filimonov via lldb-dev <
lldb-dev at lists.llvm.org> wrote:

> Hi guys and thank you for the excellent community project!
>
>
>
> Recently I’ve stumbled on a pesky, but trivial Invalid iterator
> dereference bug in SymbolContext and TypeMap implementations at revisions
>
>
> https://github.com/llvm-mirror/lldb/blob/e528da256d14ecac7df858462b44dca931879509/source/Symbol/SymbolContext.cpp#L823
>
> and
>
>
> https://github.com/llvm-mirror/lldb/blob/5ac1fc5bc961688505334395598a2bb174eabd3b/source/Symbol/TypeMap.cpp#L172
>
>
>
> From the code below it is obvious that TypeMap::ForEach calls the
> pre-increment operator on m_types iterator right after it has been
> invalidated by m_types.erase
>
>
>
> SymbolContext::SortTypeList(TypeMap &type_map, TypeList &type_list ) const
>
> {
>
>         TypeMaptoList callbackM2L (type_map, type_list);
>
>         type_map.ForEach(callbackM2L);
>
>                 return ;
>
> }
>
>
>
> void
>
> TypeMap::ForEach (std::function <bool(lldb::TypeSP &type_sp)> const
> &callback)
>
> {
>
>     for (auto pos = m_types.begin(), end = m_types.end(); pos != end;
> ++pos)
>
>     {
>
>         if (!callback(pos->second))
>
>             break;
>
>     }
>
> }
>
>
>
> bool
>
> TypeMap::RemoveTypeWithUID (user_id_t uid)
>
> {
>
>     iterator pos = m_types.find(uid);
>
>
>
>     if (pos != m_types.end())
>
>     {
>
>         m_types.erase(pos);
>
>         return true;
>
>     }
>
>     return false;
>
> }
>
>
>
> class TypeMaptoList
>
> {
>
> public:
>
>     TypeMaptoList(TypeMap &typem, TypeList &typel) :
>
>         type_map(typem),type_list(typel)
>
>     {
>
>     }
>
>
>
>     bool
>
>     operator() (const lldb::TypeSP& type)
>
>     {
>
>         if(type)
>
>         {
>
>             type_list.Insert(type);
>
>             type_map.RemoveTypeWithUID(type->GetID());
>
>             if (type_map.Empty())
>
>                 return false;
>
>         }
>
>         return true;
>
>     }
>
>
>
> private:
>
>     TypeMap &type_map;
>
>     TypeList &type_list;
>
> };
>
>
>
> Regards,
>
> Mikhail Filimonov
>
>
>
>
>
>
> ------------------------------
> This email message is for the sole use of the intended recipient(s) and
> may contain confidential information.  Any unauthorized review, use,
> disclosure or distribution is prohibited.  If you are not the intended
> recipient, please contact the sender by reply email and destroy all copies
> of the original message.
> ------------------------------
>
> _______________________________________________
> lldb-dev mailing list
> lldb-dev at lists.llvm.org
> http://lists.llvm.org/cgi-bin/mailman/listinfo/lldb-dev
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/lldb-dev/attachments/20151117/6a8483f3/attachment.html>

More information about the lldb-dev mailing list