From 14352169ab14629dc0c7cac1a1eaf98e8aba8be8 Mon Sep 17 00:00:00 2001
From: "erwin.coumans" <erwin.coumans@08e121b0-ae19-0410-a57b-3be3395fd4fd>
Date: Mon, 24 Oct 2011 18:24:31 +0000
Subject: [PATCH] Fix some array out-of-bounds access errors Add an assert
 using MAX_DEGENERATE_STATS Fixes Issue 561, thanks to jarno for the report

---
 .../SpuGatheringCollisionTask.cpp                        | 9 ++++++---
 src/BulletMultiThreaded/btParallelConstraintSolver.cpp   | 8 +++++---
 2 files changed, 11 insertions(+), 6 deletions(-)

diff --git a/src/BulletMultiThreaded/SpuNarrowPhaseCollisionTask/SpuGatheringCollisionTask.cpp b/src/BulletMultiThreaded/SpuNarrowPhaseCollisionTask/SpuGatheringCollisionTask.cpp
index e5e263c22..42f5f45c0 100644
--- a/src/BulletMultiThreaded/SpuNarrowPhaseCollisionTask/SpuGatheringCollisionTask.cpp
+++ b/src/BulletMultiThreaded/SpuNarrowPhaseCollisionTask/SpuGatheringCollisionTask.cpp
@@ -621,8 +621,9 @@ void	ProcessConvexConcaveSpuCollision(SpuCollisionPairInput* wuInput, CollisionT
 }
 
 
-int stats[11]={0,0,0,0,0,0,0,0,0,0,0};
-int degenerateStats[11]={0,0,0,0,0,0,0,0,0,0,0};
+#define MAX_DEGENERATE_STATS 15
+int stats[MAX_DEGENERATE_STATS]={0,0,0,0,0,0,0,0,0,0,0,0,0,0,0};
+int degenerateStats[MAX_DEGENERATE_STATS]={0,0,0,0,0,0,0,0,0,0,0,0,0,0,0};
 
 
 ////////////////////////
@@ -758,8 +759,10 @@ void	ProcessSpuConvexConvexCollision(SpuCollisionPairInput* wuInput, CollisionTa
 		{
 			btGjkPairDetector gjk(shape0Ptr,shape1Ptr,shapeType0,shapeType1,marginA,marginB,&simplexSolver,penetrationSolver);//&vsSolver,penetrationSolver);
 			gjk.getClosestPoints(cpInput,spuContacts,0);//,debugDraw);
-			
+
+			btAssert(gjk.m_lastUsedMethod <MAX_DEGENERATE_STATS);
 			stats[gjk.m_lastUsedMethod]++;
+			btAssert(gjk.m_degenerateSimplex <MAX_DEGENERATE_STATS);
 			degenerateStats[gjk.m_degenerateSimplex]++;
 
 #ifdef USE_SEPDISTANCE_UTIL			
diff --git a/src/BulletMultiThreaded/btParallelConstraintSolver.cpp b/src/BulletMultiThreaded/btParallelConstraintSolver.cpp
index 47e4c88b8..10164f8eb 100644
--- a/src/BulletMultiThreaded/btParallelConstraintSolver.cpp
+++ b/src/BulletMultiThreaded/btParallelConstraintSolver.cpp
@@ -1178,7 +1178,7 @@ btScalar btParallelConstraintSolver::solveGroup(btCollisionObject** bodies1,int
 				totalNumRows += info1.m_numConstraintRows;
 			}
 			m_tmpSolverNonContactConstraintPool.resize(totalNumRows);
-			offsetSolverConstraints = &m_tmpSolverNonContactConstraintPool[0];
+			offsetSolverConstraints =totalNumRows? &m_tmpSolverNonContactConstraintPool[0]:0;
 
 			
 			///setup the btSolverConstraints
@@ -1303,8 +1303,10 @@ btScalar btParallelConstraintSolver::solveGroup(btCollisionObject** bodies1,int
 					pfxSetRigidBodyIdA(pair,idA);
 					pfxSetRigidBodyIdB(pair,idB);
 					//is this needed?
-					pfxSetMotionMaskA(pair,m_memoryCache->m_mystates[idA].getMotionMask());
-					pfxSetMotionMaskB(pair,m_memoryCache->m_mystates[idB].getMotionMask());
+					if (idA>=0)
+						pfxSetMotionMaskA(pair,m_memoryCache->m_mystates[idA].getMotionMask());
+					if (idB>=0)
+						pfxSetMotionMaskB(pair,m_memoryCache->m_mystates[idB].getMotionMask());
 
 					pfxSetActive(pair,true);
 					int id = currentConstraintRow-offsetSolverConstraints;