When two events with different pointer id's end up
next to each other in touch history, then crash may
occur by trying to access the data associated with
the second to last pointer id by using the last event's
pointer id.
Test: monkey testing on sailfish
Command: adb shell monkey -p com.google.android.deskclock -p
com.android.calculator2 -p com.google.android.contacts -p
com.android.launcher -p com.google.android.launcher -p com.android.mms
-p com.google.android.apps.messaging -p com.android.phone -p
com.google.android.dialer -p com.android.providers.downloads.ui -p
com.android.settings -p com.google.android.calendar -p
com.google.android.GoogleCamera -p com.google.android.apps.photos -p
com.google.android.gms -p com.google.android.setupwizard -p
com.google.android.googlequicksearchbox -p
com.google.android.packageinstaller -p
com.google.android.apps.nexuslauncher -c
android.intent.category.LAUNCHER --ignore-security-exceptions
--monitor-native-crashes -s 611 -v -v -v 125000
Native tests will be added later.
Fixes:
65012433
Change-Id: I560a54d7f59a8892adfad3a54db9c436e4089343
const PointerCoords& getPointerById(uint32_t id) const {
return pointers[idToIndex[id]];
}
+
+ bool hasPointerId(uint32_t id) const {
+ return idBits.hasBit(id);
+ }
};
struct TouchState {
int32_t deviceId;
if (historySize < 2) {
return false;
}
+ if (!getHistory(0)->hasPointerId(id) || !getHistory(1)->hasPointerId(id)) {
+ return false;
+ }
float currentX = getHistory(0)->getPointerById(id).getX();
float currentY = getHistory(0)->getPointerById(id).getY();
float previousX = getHistory(1)->getPointerById(id).getX();