From b891f85177b4fcfbfecb6ff8c87e142ffa07fc43 Mon Sep 17 00:00:00 2001
From: Jean Chalard <jchalard@google.com>
Date: Thu, 10 Nov 2011 12:07:30 +0900
Subject: [PATCH] Fix a bug that would end up in memory corruption

Square distances array was not the right size. Copying long words
into it would result in fandango on core.

Bug: 5508337
Bug: 5591925
Change-Id: I7598081b3cfcd1975b206dada1baf8da9be35641
---
 native/src/proximity_info.cpp | 15 +++++++++------
 1 file changed, 9 insertions(+), 6 deletions(-)

diff --git a/native/src/proximity_info.cpp b/native/src/proximity_info.cpp
index 20fa18a44c..763a3a174c 100644
--- a/native/src/proximity_info.cpp
+++ b/native/src/proximity_info.cpp
@@ -49,14 +49,17 @@ ProximityInfo::ProximityInfo(const int maxProximityCharsSize, const int keyboard
                   && sweetSpotCenterYs && sweetSpotRadii),
           mInputXCoordinates(NULL), mInputYCoordinates(NULL),
           mTouchPositionCorrectionEnabled(false) {
-    const int len = GRID_WIDTH * GRID_HEIGHT * MAX_PROXIMITY_CHARS_SIZE;
-    mProximityCharsArray = new uint32_t[len];
-    mNormalizedSquaredDistances = new int[len];
+    const int proximityGridLength = GRID_WIDTH * GRID_HEIGHT * MAX_PROXIMITY_CHARS_SIZE;
+    mProximityCharsArray = new uint32_t[proximityGridLength];
     if (DEBUG_PROXIMITY_INFO) {
-        LOGI("Create proximity info array %d", len);
+        LOGI("Create proximity info array %d", proximityGridLength);
     }
-    memcpy(mProximityCharsArray, proximityCharsArray, len * sizeof(mProximityCharsArray[0]));
-    for (int i = 0; i < len; ++i) {
+    memcpy(mProximityCharsArray, proximityCharsArray,
+            proximityGridLength * sizeof(mProximityCharsArray[0]));
+    const int normalizedSquaredDistancesLength =
+            MAX_PROXIMITY_CHARS_SIZE * MAX_WORD_LENGTH_INTERNAL;
+    mNormalizedSquaredDistances = new int[normalizedSquaredDistancesLength];
+    for (int i = 0; i < normalizedSquaredDistancesLength; ++i) {
         mNormalizedSquaredDistances[i] = NOT_A_DISTANCE;
     }
 
-- 
GitLab