Fix dangling pointer in forward_ref_die_to_func

Bug: google-breakpad:843
Change-Id: I14358b239604e1faeb5a8c4c4734102571dbed09
Reviewed-on: https://chromium-review.googlesource.com/c/breakpad/breakpad/+/2951787
Reviewed-by: Mike Frysinger <vapier@chromium.org>

src/common/dwarf_cu_to_module.cc

@@ -269,6 +269,9 @@ struct DwarfCUToModule::CUContext {
   //
   // Destroying this destroys all the functions this vector points to.
   vector<Module::Function*> functions;
+
+  // A map of function pointers to the its forward specification DIE's offset.
+  map<Module::Function*, uint64_t> spec_function_offsets;
 };
 
 // Information about the context of a particular DIE. This is for
@@ -714,6 +717,9 @@ void DwarfCUToModule::FuncHandler::Finish() {
         cu_context_->file_context->file_private_
             ->forward_ref_die_to_func[forward_ref_die_offset_] =
             cu_context_->functions.back();
+
+        cu_context_->spec_function_offsets[cu_context_->functions.back()] =
+            forward_ref_die_offset_;
       }
     }
   } else if (inline_) {
@@ -1313,9 +1319,15 @@ void DwarfCUToModule::Finish() {
   AssignLinesToFunctions();
 
   // Add our functions, which now have source lines assigned to them,
-  // to module_.
-  cu_context_->file_context->module_->AddFunctions(functions->begin(),
-                                                   functions->end());
+  // to module_, and remove duplicate functions.
+  for (Module::Function* func : *functions)
+    if (!cu_context_->file_context->module_->AddFunction(func)) {
+      auto iter = cu_context_->spec_function_offsets.find(func);
+      if (iter != cu_context_->spec_function_offsets.end())
+        cu_context_->file_context->file_private_->forward_ref_die_to_func.erase(
+            iter->second);
+      delete func;
+    }
 
   // Ownership of the function objects has shifted from cu_context to
   // the Module.