Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 1faef801 authored by Dan Austin's avatar Dan Austin
Browse files

Eliminate multiple benign overflow conditions. 

In InputTransport.cpp, there are multiple loops in which loop
termination occurs when the value becomes zero. These termination
conditions are all written value-- > 0, which, since value is
unsigned, result in an unsigned integer overflow when value is 0.
These loops were refactored to eliminate these conditions.

Bug: 24171356
Change-Id: Ie135c4306d1f2cef2778e295242305ed5139221a
parent 251c8b3f

libs/input/InputTransport.cpp

+10 −4
Original line number Original line Diff line number Diff line
@@ -510,7 +510,8 @@ status_t InputConsumer::consume(InputEventFactoryInterface* factory, 
status_t InputConsumer::consumeBatch(InputEventFactoryInterface* factory,

status_t InputConsumer::consumeBatch(InputEventFactoryInterface* factory,

        nsecs_t frameTime, uint32_t* outSeq, InputEvent** outEvent) {

        nsecs_t frameTime, uint32_t* outSeq, InputEvent** outEvent) {

    status_t result;

    status_t result;

    for (size_t i = mBatches.size(); i-- > 0; ) {

    for (size_t i = mBatches.size(); i > 0; ) {

        i--;

        Batch& batch = mBatches.editItemAt(i);

        Batch& batch = mBatches.editItemAt(i);

        if (frameTime < 0) {

        if (frameTime < 0) {

            result = consumeSamples(factory, batch, batch.samples.size(),

            result = consumeSamples(factory, batch, batch.samples.size(),
@@ -815,7 +816,8 @@ status_t InputConsumer::sendFinishedSignal(uint32_t seq, bool handled) { 
        uint32_t currentSeq = seq;

        uint32_t currentSeq = seq;

        uint32_t chainSeqs[seqChainCount];

        uint32_t chainSeqs[seqChainCount];

        size_t chainIndex = 0;

        size_t chainIndex = 0;

        for (size_t i = seqChainCount; i-- > 0; ) {

        for (size_t i = seqChainCount; i > 0; ) {

             i--;

             const SeqChain& seqChain = mSeqChains.itemAt(i);

             const SeqChain& seqChain = mSeqChains.itemAt(i);

             if (seqChain.seq == currentSeq) {

             if (seqChain.seq == currentSeq) {

                 currentSeq = seqChain.chain;

                 currentSeq = seqChain.chain;
@@ -824,7 +826,8 @@ status_t InputConsumer::sendFinishedSignal(uint32_t seq, bool handled) { 
             }

             }

        }

        }

        status_t status = OK;

        status_t status = OK;

        while (!status && chainIndex-- > 0) {

        while (!status && chainIndex > 0) {

            chainIndex--;

            status = sendUnchainedFinishedSignal(chainSeqs[chainIndex], handled);

            status = sendUnchainedFinishedSignal(chainSeqs[chainIndex], handled);

        }

        }

        if (status) {

        if (status) {
@@ -834,7 +837,10 @@ status_t InputConsumer::sendFinishedSignal(uint32_t seq, bool handled) { 
                seqChain.seq = chainIndex != 0 ? chainSeqs[chainIndex - 1] : seq;

                seqChain.seq = chainIndex != 0 ? chainSeqs[chainIndex - 1] : seq;

                seqChain.chain = chainSeqs[chainIndex];

                seqChain.chain = chainSeqs[chainIndex];

                mSeqChains.push(seqChain);

                mSeqChains.push(seqChain);

            } while (chainIndex-- > 0);

                if (chainIndex != 0) {

                    chainIndex--;

                }

            } while (chainIndex > 0);

            return status;

            return status;

        }

        }

    }

    }