commit e84d8db2bae6bcff8eb18c05a842c305da7cf152
author Brian Silverman <bsilver16384@gmail.com> Wed Jul 29 19:53:40 2020 -0700
committer Gerrit Code Review <gerrit@software.frc971.org> Wed Jul 29 19:53:40 2020 -0700
tree 8cd2136fb64b625626763c1888cd1474abae012b
parent 85bd85b8d130dc460ea2c03e6565da5cc1352ca2
parent ba3b04d55d2cdfb780c2b90a0919e2e0abe7adaa

Merge "Avoid reading off the ends of arrays in lockless_queue"

aos/ipc_lib/lockless_queue.cc

diff --git a/aos/ipc_lib/lockless_queue.cc b/aos/ipc_lib/lockless_queue.cc
index 02aebcb..030054a 100644
--- a/aos/ipc_lib/lockless_queue.cc
+++ b/aos/ipc_lib/lockless_queue.cc
@@ -181,8 +181,14 @@
         const Index to_replace = sender->to_replace.RelaxedLoad();
 
         // Candidate.
-        CHECK_LE(to_replace.message_index(), accounted_for.size());
-        if (accounted_for[to_replace.message_index()]) {
+        if (to_replace.valid()) {
+          CHECK_LE(to_replace.message_index(), accounted_for.size());
+        }
+        if (scratch_index.valid()) {
+          CHECK_LE(scratch_index.message_index(), accounted_for.size());
+        }
+        if (!to_replace.valid() || accounted_for[to_replace.message_index()]) {
+          CHECK(scratch_index.valid());
           VLOG(3) << "Sender " << i
                   << " died, to_replace is already accounted for";
           // If both are accounted for, we are corrupt...
@@ -200,7 +206,8 @@
           accounted_for[scratch_index.message_index()] = true;
           --num_missing;
           ++num_accounted_for;
-        } else if (accounted_for[scratch_index.message_index()]) {
+        } else if (!scratch_index.valid() ||
+                   accounted_for[scratch_index.message_index()]) {
           VLOG(3) << "Sender " << i
                   << " died, scratch_index is already accounted for";
           // scratch_index is accounted for.  That means we did the insert,