Fix iterator (std::vector) invalidation during sampling heap profile retrieval

src/profiler/sampling-heap-profiler.cc

Index: src/profiler/sampling-heap-profiler.cc
diff --git a/src/profiler/sampling-heap-profiler.cc b/src/profiler/sampling-heap-profiler.cc
index a73f0789285ca050fb6f37ef10185316173ced1b..c13538c356dd21d16ef6c645bc77f6ded1c91cab 100644
--- a/src/profiler/sampling-heap-profiler.cc
+++ b/src/profiler/sampling-heap-profiler.cc
@@ -223,9 +223,15 @@ v8::AllocationProfile::Node* SamplingHeapProfiler::TranslateAllocationNode(
        script_name, node->script_id_, node->script_position_, line, column,
        std::vector<v8::AllocationProfile::Node*>(), allocations}));
   v8::AllocationProfile::Node* current = &profile->nodes().back();
-  for (auto child : node->children_) {
+  size_t child_len = node->children_.size();
+  // The children vector may have nodes appended to it during translation
+  // because the translation may allocate strings on the JS heap that have
+  // the potential to be sampled. We cache the length of the vector before
+  // iteration so that nodes appended to the vector during iteration are
+  // not processed.
+  for (size_t i = 0; i < child_len; i++) {
     current->children.push_back(
-        TranslateAllocationNode(profile, child, scripts));
+        TranslateAllocationNode(profile, node->children_[i], scripts));
   }
   return current;
 }