From b891f85177b4fcfbfecb6ff8c87e142ffa07fc43 Mon Sep 17 00:00:00 2001 From: Jean Chalard Date: Thu, 10 Nov 2011 12:07:30 +0900 Subject: [PATCH] Fix a bug that would end up in memory corruption Square distances array was not the right size. Copying long words into it would result in fandango on core. Bug: 5508337 Bug: 5591925 Change-Id: I7598081b3cfcd1975b206dada1baf8da9be35641 --- native/src/proximity_info.cpp | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) diff --git a/native/src/proximity_info.cpp b/native/src/proximity_info.cpp index 20fa18a44..763a3a174 100644 --- a/native/src/proximity_info.cpp +++ b/native/src/proximity_info.cpp @@ -49,14 +49,17 @@ ProximityInfo::ProximityInfo(const int maxProximityCharsSize, const int keyboard && sweetSpotCenterYs && sweetSpotRadii), mInputXCoordinates(NULL), mInputYCoordinates(NULL), mTouchPositionCorrectionEnabled(false) { - const int len = GRID_WIDTH * GRID_HEIGHT * MAX_PROXIMITY_CHARS_SIZE; - mProximityCharsArray = new uint32_t[len]; - mNormalizedSquaredDistances = new int[len]; + const int proximityGridLength = GRID_WIDTH * GRID_HEIGHT * MAX_PROXIMITY_CHARS_SIZE; + mProximityCharsArray = new uint32_t[proximityGridLength]; if (DEBUG_PROXIMITY_INFO) { - LOGI("Create proximity info array %d", len); + LOGI("Create proximity info array %d", proximityGridLength); } - memcpy(mProximityCharsArray, proximityCharsArray, len * sizeof(mProximityCharsArray[0])); - for (int i = 0; i < len; ++i) { + memcpy(mProximityCharsArray, proximityCharsArray, + proximityGridLength * sizeof(mProximityCharsArray[0])); + const int normalizedSquaredDistancesLength = + MAX_PROXIMITY_CHARS_SIZE * MAX_WORD_LENGTH_INTERNAL; + mNormalizedSquaredDistances = new int[normalizedSquaredDistancesLength]; + for (int i = 0; i < normalizedSquaredDistancesLength; ++i) { mNormalizedSquaredDistances[i] = NOT_A_DISTANCE; }