Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit ffbd83c6 authored by Harry Cutts's avatar Harry Cutts
Browse files

input: don't log the whole MotionEvent in index checks 

We've had a crash report where this causes infinite recursion, probably
through the following call sequence:

  operator<<(std::ostream&, const MotionEvent&)
→ MotionEvent::get(X|Y)
→ MotionEvent::getAxisValue
→ MotionEvent::getHistoricalAxisValue
→ MotionEvent::getHistoricalRawPointerCoords
→ operator<<(std::ostream&, const MotionEvent&)

It's unclear how the MotionEvent gets corrupted such that
getHistoricalRawPointerCoords is called with invalid indexes, but the
simple fix is to only log a useful subset of the whole event in these
checks.

Bug: 379368465
Test: m checkinput
Flag: EXEMPT bug fix
Change-Id: I0822f88fc7da6ba08ba6dbbab71ca5aaf78fc35d
parent 6e566734

libs/input/Input.cpp

+6 −4
Original line number Diff line number Diff line
@@ -705,15 +705,17 @@ float MotionEvent::getAxisValue(int32_t axis, size_t pointerIndex) const { 
const PointerCoords* MotionEvent::getHistoricalRawPointerCoords(

        size_t pointerIndex, size_t historicalIndex) const {

    if (CC_UNLIKELY(pointerIndex < 0 || pointerIndex >= getPointerCount())) {

        LOG(FATAL) << __func__ << ": Invalid pointer index " << pointerIndex << " for " << *this;

        LOG(FATAL) << __func__ << ": Invalid pointer index " << pointerIndex

                   << "; should be between >0 and ≤" << getPointerCount();

    }

    if (CC_UNLIKELY(historicalIndex < 0 || historicalIndex > getHistorySize())) {

        LOG(FATAL) << __func__ << ": Invalid historical index " << historicalIndex << " for "

                   << *this;

        LOG(FATAL) << __func__ << ": Invalid historical index " << historicalIndex

                   << "; should be >0 and ≤" << getHistorySize();

    }

    const size_t position = historicalIndex * getPointerCount() + pointerIndex;

    if (CC_UNLIKELY(position < 0 || position >= mSamplePointerCoords.size())) {

        LOG(FATAL) << __func__ << ": Invalid array index " << position << " for " << *this;

        LOG(FATAL) << __func__ << ": Invalid array index " << position << "; should be >0 and ≤"

                   << mSamplePointerCoords.size();

    }

    return &mSamplePointerCoords[position];

}