Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit c7dc3784 authored by Siarhei Vishniakou's avatar Siarhei Vishniakou
Browse files

Ensure history has pointer id of interest. 

When two events with different pointer id's end up
next to each other in touch history, then crash may
occur by trying to access the data associated with
the second to last pointer id by using the last event's
pointer id.

Test: monkey testing on sailfish
Command: adb shell monkey -p com.google.android.deskclock -p
com.android.calculator2 -p com.google.android.contacts -p
com.android.launcher -p com.google.android.launcher -p com.android.mms
-p com.google.android.apps.messaging -p com.android.phone -p
com.google.android.dialer -p com.android.providers.downloads.ui -p
com.android.settings -p com.google.android.calendar -p
com.google.android.GoogleCamera -p com.google.android.apps.photos -p
com.google.android.gms -p com.google.android.setupwizard -p
com.google.android.googlequicksearchbox -p
com.google.android.packageinstaller -p
com.google.android.apps.nexuslauncher -c
android.intent.category.LAUNCHER --ignore-security-exceptions
--monitor-native-crashes -s 611 -v -v -v 125000
Native tests will be added later.
Fixes: 65012433

Change-Id: I560a54d7f59a8892adfad3a54db9c436e4089343
parent 775a54cb

include/input/InputTransport.h

+7 −0
Original line number Original line Diff line number Diff line
@@ -384,6 +384,10 @@ private: 
        const PointerCoords& getPointerById(uint32_t id) const {

        const PointerCoords& getPointerById(uint32_t id) const {

            return pointers[idToIndex[id]];

            return pointers[idToIndex[id]];

        }

        }



        bool hasPointerId(uint32_t id) const {

            return idBits.hasBit(id);

        }

    };

    };

    struct TouchState {

    struct TouchState {

        int32_t deviceId;

        int32_t deviceId;
@@ -419,6 +423,9 @@ private: 
            if (historySize < 2) {

            if (historySize < 2) {

                return false;

                return false;

            }

            }

            if (!getHistory(0)->hasPointerId(id) || !getHistory(1)->hasPointerId(id)) {

                return false;

            }

            float currentX = getHistory(0)->getPointerById(id).getX();

            float currentX = getHistory(0)->getPointerById(id).getX();

            float currentY = getHistory(0)->getPointerById(id).getY();

            float currentY = getHistory(0)->getPointerById(id).getY();

            float previousX = getHistory(1)->getPointerById(id).getX();

            float previousX = getHistory(1)->getPointerById(id).getX();