From c7dc3784a3302b74b895c2e8318adc62b3a0db4d Mon Sep 17 00:00:00 2001
From: Siarhei Vishniakou <svv@google.com>
Date: Thu, 24 Aug 2017 20:36:28 -0700
Subject: [PATCH] Ensure history has pointer id of interest.

When two events with different pointer id's end up
next to each other in touch history, then crash may
occur by trying to access the data associated with
the second to last pointer id by using the last event's
pointer id.

Test: monkey testing on sailfish
Command: adb shell monkey -p com.google.android.deskclock -p
com.android.calculator2 -p com.google.android.contacts -p
com.android.launcher -p com.google.android.launcher -p com.android.mms
-p com.google.android.apps.messaging -p com.android.phone -p
com.google.android.dialer -p com.android.providers.downloads.ui -p
com.android.settings -p com.google.android.calendar -p
com.google.android.GoogleCamera -p com.google.android.apps.photos -p
com.google.android.gms -p com.google.android.setupwizard -p
com.google.android.googlequicksearchbox -p
com.google.android.packageinstaller -p
com.google.android.apps.nexuslauncher -c
android.intent.category.LAUNCHER --ignore-security-exceptions
--monitor-native-crashes -s 611 -v -v -v 125000
Native tests will be added later.
Fixes: 65012433

Change-Id: I560a54d7f59a8892adfad3a54db9c436e4089343
---
 include/input/InputTransport.h | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/include/input/InputTransport.h b/include/input/InputTransport.h
index 0dd15b1221..944947420e 100644
--- a/include/input/InputTransport.h
+++ b/include/input/InputTransport.h
@@ -384,6 +384,10 @@ private:
         const PointerCoords& getPointerById(uint32_t id) const {
             return pointers[idToIndex[id]];
         }
+
+        bool hasPointerId(uint32_t id) const {
+            return idBits.hasBit(id);
+        }
     };
     struct TouchState {
         int32_t deviceId;
@@ -419,6 +423,9 @@ private:
             if (historySize < 2) {
                 return false;
             }
+            if (!getHistory(0)->hasPointerId(id) || !getHistory(1)->hasPointerId(id)) {
+                return false;
+            }
             float currentX = getHistory(0)->getPointerById(id).getX();
             float currentY = getHistory(0)->getPointerById(id).getY();
             float previousX = getHistory(1)->getPointerById(id).getX();
-- 
2.11.0