diff options
| author | Harry Cutts <hcutts@google.com> | 2023-12-08 16:15:44 +0000 |
|---|---|---|
| committer | Chromeos LUCI <chromeos-scoped@luci-project-accounts.iam.gserviceaccount.com> | 2023-12-13 17:46:28 +0000 |
| commit | b31ef0adcaff61c045e95158cb9720543b42b531 (patch) | |
| tree | 9012ca55ccadd34d3db041f79e4b807bedfe4926 /tools/tplog.py | |
| parent | d2ec17e2817001e97841fbab6da708a4183da4e1 (diff) | |
| download | libchrome-gestures-b31ef0adcaff61c045e95158cb9720543b42b531.tar.gz | |
ImmediateInterpreter: fix UBSan vla-bound check failure
The fs array in GetGesturingFingers could potentially be given a length
of 0 (a valid value of HardwareState::finger_cnt). Allocating a
zero-length array can lead to undefined behaviour in C++, so this is
causing a crash due to UBSan's vla-bound check in Android. While I'm
unable to reproduce the crash locally, the stack trace points to the
line declaring fs, and it's the only variable-length array in the
method, so I think we can be confident that this is the fix.
BUG=b:315418482
TEST=On Android, run Gestures library and inputflinger tests; install
the library on a device and check motions, gestures, etc. perform
normally (tested on a Pixel Tablet with an Apple Magic Trackpad 1)
Change-Id: If0bbe7f43ccd761f4a9cb80a55b69cb94e371ba1
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/gestures/+/5106028
Code-Coverage: Zoss <zoss-cl-coverage@prod.google.com>
Auto-Submit: Harry Cutts <hcutts@chromium.org>
Commit-Queue: Harry Cutts <hcutts@chromium.org>
Code-Coverage: Torsha Banerjee <torsha@google.com>
Reviewed-by: Henry Barnor <hbarnor@chromium.org>
Reviewed-by: Torsha Banerjee <torsha@google.com>
Tested-by: Harry Cutts <hcutts@chromium.org>
Diffstat (limited to 'tools/tplog.py')
0 files changed, 0 insertions, 0 deletions