MemoryDealer: Avoid using invalid iterator
'pos' is invalidated by the call to erase(), so we no longer
want to use it. Instead, we reassign 'pos' to the result of
erase(), which a valid iterator. Since that result could be
mList.end(), and since we would otherwise perform a '++pos',
we add a new check against mList.end() to break out of our
do/while loop. Since we'll invoke the "return freed" path,
we don't need to be worried about the outer 'for' loop
incrementing 'pos' beyond the end.
Test: TreeHugger
Change-Id: Iade7ed4077318840aca9da3a4196c268c9080e7c
diff --git a/libhidlcache/MemoryDealer.cpp b/libhidlcache/MemoryDealer.cpp
index e0e18c7..e5686a7 100644
--- a/libhidlcache/MemoryDealer.cpp
+++ b/libhidlcache/MemoryDealer.cpp
@@ -221,8 +221,9 @@
if (p->free || !cur->size) {
freed = p;
p->size += cur->size;
- mList.erase(pos);
+ pos = mList.erase(pos);
delete cur;
+ if (pos == mList.end()) break;
}
}
if (++pos == mList.end()) break;