From ccd9d51bc1551df02498dc759deee5bda8376ccb Mon Sep 17 00:00:00 2001 From: Harry Cutts Date: Tue, 17 Sep 2024 16:33:27 +0000 Subject: TestEventMatchers: bounds check pointer indexes MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit b/365166534 was caused by a WithPointer… matcher not checking that its pointer index was in bounds, and this check is missing from a couple of other WithPointer… matchers. Add it, so that more bugs like this can be found instantly in future rather than causing flaky assertions against uninitialized memory. Test: atest inputflinger_tests Bug: 365166534 Flag: TEST_ONLY Change-Id: I57d23909888749e15d4d034ddb0c091336b016d1 --- services/inputflinger/tests/TestEventMatchers.h | 17 +++++++++++++---- 1 file changed, 13 insertions(+), 4 deletions(-) (limited to 'services/inputflinger') diff --git a/services/inputflinger/tests/TestEventMatchers.h b/services/inputflinger/tests/TestEventMatchers.h index 513bd72797..6fa3365faa 100644 --- a/services/inputflinger/tests/TestEventMatchers.h +++ b/services/inputflinger/tests/TestEventMatchers.h @@ -615,7 +615,12 @@ public: explicit WithPointerIdMatcher(size_t index, int32_t pointerId) : mIndex(index), mPointerId(pointerId) {} - bool MatchAndExplain(const NotifyMotionArgs& args, std::ostream*) const { + bool MatchAndExplain(const NotifyMotionArgs& args, std::ostream* os) const { + if (mIndex >= args.pointerCoords.size()) { + *os << "Pointer index " << mIndex << " is out of bounds"; + return false; + } + return args.pointerProperties[mIndex].id == mPointerId; } @@ -797,10 +802,14 @@ MATCHER_P(WithToolType, toolType, "InputEvent with specified tool type") { return argToolType == toolType; } -MATCHER_P2(WithPointerToolType, pointer, toolType, +MATCHER_P2(WithPointerToolType, pointerIndex, toolType, "InputEvent with specified tool type for pointer") { - const auto argToolType = arg.pointerProperties[pointer].toolType; - *result_listener << "expected pointer " << pointer << " to have tool type " + if (std::cmp_greater_equal(pointerIndex, arg.getPointerCount())) { + *result_listener << "Pointer index " << pointerIndex << " is out of bounds"; + return false; + } + const auto argToolType = arg.pointerProperties[pointerIndex].toolType; + *result_listener << "expected pointer " << pointerIndex << " to have tool type " << ftl::enum_string(toolType) << ", but got " << ftl::enum_string(argToolType); return argToolType == toolType; } -- cgit v1.2.3-59-g8ed1b