Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 42e79138 authored by Daniele Di Proietto's avatar Daniele Di Proietto
Browse files

FenceTime: Fix undefined behavior 

std::unordered_map::erase() invalidates iterators to the erased
elements. Using erase() inside a range based for loop can lead to
undefined behavior, because the loop holds the same iterator that are
invalidated.

Fix the problem by using an interator directly and incrementng only when
it makes sense.

This was found by surfaceflinger_frametracer_fuzzer running with asan
(not hwasan!).

TESTED=only fuzzer

Bug: 307601836
Change-Id: Id99feaec21300dbd55d35acba67801b2483dd144
parent fed5eb68

libs/ui/FenceTime.cpp

+5 −3
Original line number Diff line number Diff line
@@ -363,9 +363,9 @@ void FenceToFenceTimeMap::signalAllForTest( 
}



void FenceToFenceTimeMap::garbageCollectLocked() {

    for (auto& it : mMap) {

    for (auto it = mMap.begin(); it != mMap.end();) {

        // Erase all expired weak pointers from the vector.

        auto& vect = it.second;

        auto& vect = it->second;

        vect.erase(

                std::remove_if(vect.begin(), vect.end(),

                        [](const std::weak_ptr<FenceTime>& ft) {
@@ -375,7 +375,9 @@ void FenceToFenceTimeMap::garbageCollectLocked() { 


        // Also erase the map entry if the vector is now empty.

        if (vect.empty()) {

            mMap.erase(it.first);

            it = mMap.erase(it);

        } else {

            it++;

        }

    }

}