inputflinger_tests: Fix asan error about new-delete type mismatch

pirama-arumuga-nainar · pirama-arumuga-nainar · commit ee2f164e7e67 · 2025-01-29T05:27:41.000Z
Cast the value returned by InputDispatcher::verifyInputEvent to the
correct event type and call delete explicitly on the pointer.  This
fixes the `new-delete-type-mismatch` reported by asan with
clang-r547379.

We cannot rely on virtual destructor calls because InputEvent and
subclasses don't have a virtual destructor.  The proper fix is to either
consider using std::variant in some way, or introduce an intermediate
POD data structure that we will put the data into just prior to signing.
Adding virtual functions to these classes is undesirable as the bytes in
these objects are getting signed.

Bug: 392703785
Test: run inputflinger_tests on the host with aosp/3419479
Change-Id: Ie78684539536c8b62acc8d540df57b2bbaac3649
diff --git a/services/inputflinger/tests/InputDispatcher_test.cpp b/services/inputflinger/tests/InputDispatcher_test.cpp
@@ -8132,6 +8132,17 @@ TEST_F(InputDispatcherTest, VerifyInputEvent_KeyEvent) {
     ASSERT_EQ(keyArgs.scanCode, verifiedKey.scanCode);
     ASSERT_EQ(keyArgs.metaState, verifiedKey.metaState);
     ASSERT_EQ(0, verifiedKey.repeatCount);
+
+    // InputEvent and subclasses don't have a virtual destructor and only
+    // InputEvent's destructor gets called when `verified` goes out of scope,
+    // even if `verifyInputEvent` returns an object of a subclass.  To fix this,
+    // we should either consider using std::variant in some way, or introduce an
+    // intermediate POD data structure that we will put the data into just prior
+    // to signing.  Adding virtual functions to these classes is undesirable as
+    // the bytes in these objects are getting signed.  As a temporary fix, cast
+    // the pointer to the correct class (which is statically known) before
+    // destruction.
+    delete (VerifiedKeyEvent*)verified.release();
 }
 
 TEST_F(InputDispatcherTest, VerifyInputEvent_MotionEvent) {
@@ -8179,6 +8190,10 @@ TEST_F(InputDispatcherTest, VerifyInputEvent_MotionEvent) {
     EXPECT_EQ(motionArgs.downTime, verifiedMotion.downTimeNanos);
     EXPECT_EQ(motionArgs.metaState, verifiedMotion.metaState);
     EXPECT_EQ(motionArgs.buttonState, verifiedMotion.buttonState);
+
+    // Cast to the correct type before destruction.  See explanation at the end
+    // of the VerifyInputEvent_KeyEvent test.
+    delete (VerifiedMotionEvent*)verified.release();
 }
 
 /**
