ImmediateInterpreter: Add crash checks for SortFingersByProximity
This function is crashing occasionally. I'm not sure why,
unfortunately, but this should at least avoid the crash. In my tests,
there is no negative side effect of these checks.
BUG=chromium:341247
TEST=Manually tested, used mtstat to try to repro (and unfortunately
didn't work). Unittests pass.
Change-Id: Ie90d6caf35fa73c43d87609ab08d5cf1d502dc89
Reviewed-on: https://chromium-review.googlesource.com/185234
Reviewed-by: Dennis Kempin <denniskempin@chromium.org>
Commit-Queue: Andrew de los Reyes <adlr@chromium.org>
Tested-by: Andrew de los Reyes <adlr@chromium.org>
diff --git a/src/immediate_interpreter.cc b/src/immediate_interpreter.cc
index 3c793a0..d0ce86d 100644
--- a/src/immediate_interpreter.cc
+++ b/src/immediate_interpreter.cc
@@ -1524,7 +1524,9 @@
}
// To do the sort, we sort all inter-point distances^2, then scan through
// that until we have enough points
- DistSqElt dist_sq[(finger_ids.size() * (finger_ids.size() - 1)) / 2];
+ size_t dist_sq_capacity =
+ (finger_ids.size() * (finger_ids.size() - 1)) / 2;
+ DistSqElt dist_sq[dist_sq_capacity];
size_t dist_sq_len = 0;
for (size_t i = 0; i < hwstate.finger_cnt; i++) {
const FingerState& fs1 = hwstate.fingers[i];
@@ -1538,6 +1540,10 @@
DistSq(fs1, fs2),
{ fs1.tracking_id, fs2.tracking_id }
};
+ if (dist_sq_len >= dist_sq_capacity) {
+ Err("%s: Array overrun", __func__);
+ break;
+ }
dist_sq[dist_sq_len++] = elt;
}
}
@@ -1545,6 +1551,10 @@
DistSqCompare distSqCompare;
std::sort(dist_sq, dist_sq + dist_sq_len, distSqCompare);
+ if (out_sorted_ids == NULL) {
+ Err("out_sorted_ids became NULL");
+ return;
+ }
for (size_t i = 0; i < dist_sq_len; i++) {
short id1 = dist_sq[i].tracking_id[0];
short id2 = dist_sq[i].tracking_id[1];
