Bug 22190 - crash in read_context::get_or_compute_canonical_die

When computing a canonical DIE while reading DWARF, we crash in
get_or_compute_canonical_die basically because we loop over a vector
using an iterator which gets invalidated during the walk because some
code in the loop can increase the size of the vector (by adding
elements at its end) during the loop.

This patch fixes the issue by looping over the vector without using an
iterator that can be invalidated.  The code now properly expects the
vector to grow during the walk.

Signed-off-by: Dodji Seketeli <dodji@redhat.com>

diff --git a/src/abg-dwarf-reader.cc b/src/abg-dwarf-reader.cc
index 6cc88c7c5c7b6422e19d768429b2e441536aea83..c5639eaf21009e55ff83f5f2df9209e5ab5f927b 100644 (file)
--- a/src/abg-dwarf-reader.cc
+++ b/src/abg-dwarf-reader.cc
@@ -3877,12 +3877,13 @@ public:
        return true;
       }
 
-    Dwarf_Off die_offset;
-    for (dwarf_offsets_type::const_iterator o = i->second.begin();
-        o != i->second.end();
-        ++o)
+    // walk i->second without any iterator (using a while loop rather
+    // than a for loop) because compare_dies might add new content to
+    // the end of the i->second vector during the walking.
+    dwarf_offsets_type::size_type n = 0, s = i->second.size();
+    while (n < s)
       {
-       die_offset = *o;
+       Dwarf_Off die_offset = i->second[n];
        get_die_from_offset(source, die_offset, &canonical_die);
        // compare die and canonical_die.
        if (compare_dies(*this, die, &canonical_die,
@@ -3893,6 +3894,7 @@ public:
                                     die_offset);
            return true;
          }
+       ++n;
       }
 
     // We didn't find a canonical DIE for 'die'.  So let's consider