The code will increment *numPtr until it is equal to CP_MAX_CONTACTS_PER_ARBITER. Then, on the next call, it will return &arr[CP_MAX_CONTACTS_PER_ARBITER] - which is 1 beyond what it should be. If this is the last cpContact in the cpContactBuffer, it can cause a crash or other serious failures.
The fix is simple: change
Code: Select all
if(num < CP_MAX_CONTACTS_PER_ARBITER)
(*numPtr) = num + 1;
Code: Select all
if(num + 1 < CP_MAX_CONTACTS_PER_ARBITER)
(*numPtr) = num + 1;