commit d4c884330c384bbb06f9a0d1fee2d2ae2086521c
author Christopher Ferris <cferris@google.com> Fri Feb 05 11:07:12 2016 -0800
committer Christopher Ferris <cferris@google.com> Fri Feb 05 15:22:34 2016 -0800
tree 2bcbc13b5dd0c2dc91e2f16f26a0a8c97da61e30
parent 718625010d839481cdef5f0305f2622a0aa87cd8

Fix use of uninitialized memory.

When creating an UnwindMapLocal fails in the Build() function call,
the destructor for UnwindMap is called. Unfortunately, the map_cursor_
member variable has not been initialized, so the call to destroy it
winds up operating on garbage data.

Part of this is a result of a bad class hierarchy, so this refactors
the classes slightly, and properly initializes the map_cursor_ member
variable in the base class.

Bug: 26931578
Change-Id: I885596bf65e4ef63559cee2c56cd41576d5ecc1b

libbacktrace/UnwindMap.h

diff --git a/libbacktrace/UnwindMap.h b/libbacktrace/UnwindMap.h
index e292016..111401f 100644
--- a/libbacktrace/UnwindMap.h
+++ b/libbacktrace/UnwindMap.h
@@ -29,29 +29,35 @@
 class UnwindMap : public BacktraceMap {
 public:
   UnwindMap(pid_t pid);
-  virtual ~UnwindMap();
-
-  virtual bool Build();
 
   unw_map_cursor_t* GetMapCursor() { return &map_cursor_; }
 
 protected:
-  virtual bool GenerateMap();
-
   unw_map_cursor_t map_cursor_;
 };
 
+class UnwindMapRemote : public UnwindMap {
+public:
+  UnwindMapRemote(pid_t pid);
+  virtual ~UnwindMapRemote();
+
+  bool Build() override;
+
+private:
+  bool GenerateMap();
+};
+
 class UnwindMapLocal : public UnwindMap {
 public:
   UnwindMapLocal();
   virtual ~UnwindMapLocal();
 
-  virtual bool Build();
+  bool Build() override;
 
-  virtual void FillIn(uintptr_t addr, backtrace_map_t* map);
+  void FillIn(uintptr_t addr, backtrace_map_t* map) override;
 
-protected:
-  virtual bool GenerateMap();
+private:
+  bool GenerateMap();
 
   bool map_created_;
 };