Protect against bad inputs in EnergyUncertaintyElectronSpecific

[Dr15Jones]

PR description:

ASAN reported out of bounds reads in calls to member functions. We now report if an input value would result in bad array reads.
In addition, moved the arrays from the stack to a compile time created memory location.

PR validation:

Compiles locally. Converted old array assignments into static_assert to check that array order was properly preserved. Obtained array values mechanically via command line pipes of grep, awk, head and tail.

[cmsbuild]

The code-checks are being triggered in jenkins.

[cmsbuild]

+code-checks

Logs: https://cmssdt.cern.ch/SDT/code-checks/cms-sw-PR-26241/8888

• This PR adds an extra 12KB to repository

[cmsbuild]

A new Pull Request was created by @Dr15Jones (Chris Jones) for master.

It involves the following packages:

RecoEgamma/EgammaElectronAlgos

@cmsbuild, @perrotta, @slava77 can you please review it and eventually sign? Thanks.
@jainshilpi, @Sam-Harper, @varuns23, @lgray this is something you requested to watch as well.
@davidlange6, @slava77, @fabiocos you are the release manager for this.

cms-bot commands are listed here

[Dr15Jones]

please test

[cmsbuild]

The tests are being triggered in jenkins.
https://cmssdt.cern.ch/jenkins/job/ib-any-integration/33736/console Started: 2019/03/24 23:37

[cmsbuild]

+1
Tested at: 0f9d47a
https://cmssdt.cern.ch/SDT/jenkins-artifacts/pull-request-integration/PR-26241/33736/summary.html

[cmsbuild]

Comparison job queued.

[cmsbuild]

Comparison is ready
https://cmssdt.cern.ch/SDT/jenkins-artifacts/pull-request-integration/PR-26241/33736/summary.html

Comparison Summary:

• No significant changes to the logs found
• Reco comparison results: 6 differences found in the comparisons
• DQMHistoTests: Total files compared: 32
• DQMHistoTests: Total histograms compared: 3114829
• DQMHistoTests: Total failures: 1
• DQMHistoTests: Total nulls: 0
• DQMHistoTests: Total successes: 3114631
• DQMHistoTests: Total skipped: 197
• DQMHistoTests: Total Missing objects: 0
• DQMHistoSizes: Histogram memory added: 0.0 KiB( 31 files compared)
• Checked 133 log files, 14 edm output root files, 32 DQM output files

[perrotta]

Do you plan to keep these asserts? (I imagine that they were there just to verify that numbers where migrated correctly...)

[Dr15Jones]

They are compile time checks so they have no effect at run time. I'm fine with keeping or with removing.

[perrotta]

My only complain is aesthetic, at this point (therefore, not really relevant).
I pointed it out to you, and I'll let you decide. (I'd personally remove them, though)

[perrotta]

Also here...

[perrotta]

+1

• This PR adds protections against bad inputs, and it reports if an input value would result in bad array reads (with the intent to help debugging the real origin of it)
• It addresses the issue stack buffer overflow in GsfElectronEcalDrivenProducer #26238, and no other effect is expected in unaffected reco outputs: jenkins tests pass and show no differences

[cmsbuild]

This pull request is fully signed and it will be integrated in one of the next master IBs (tests are also fine). This pull request will now be reviewed by the release team before it's merged. @davidlange6, @slava77, @smuzaffar, @fabiocos (and backports should be raised in the release meeting by the corresponding L2)

[fabiocos]

+1

[smuzaffar]

ping bot?

[slava77]

resolves #26238