Don't crash in UsdImagingInstanceAdapter::GetScenePrimPaths when passing invalid instanceIndices

[mtavenrath]

Description of Change(s)

Added index checking for each passed instance index to avoid out of bounds accesses.

Fixes Issue(s)

Crash when passing invalid instance indices

• I have submitted a signed Contributor License Agreement

[asluk]

Hi @sunyab / @tcauchois -- I can do a review pass on this before you take a look later this week, if that works. This fixes some critical crashes in Omniverse that rely on GetScenePrimPaths. I'll also look to get a developer on my team to look into making a unit test if possible. Thanks!

[sunyab]

Filed as internal issue #USD-7470

[sunyab]

The comment says that requestedIndicesMap created below will be empty in this case, but it appears it will be a vector of size 1 instead.

But as a simplification: if there isn't a single valid index, can't we just return immediately?

[mtavenrath]

Yes, I updated the code to skip the whole loop if there's no valid instance index.

[sunyab]

This resize call doesn't seem to take into account whether there were any invalid entries in instanceIndices, so in that case result will be too large and contain empty paths, which clients likely won't expect. Do we need to do some extra handling here?

[mtavenrath]

I changed the code to count the number of valid indices for a correct resize.

[sunyab]

@asluk We're getting ready to publish 22.08-rc1 in the next few days and since this is a regression introduced in this release we'd like to merge this as soon as possible. I've left some initial review notes and will update if there are additional notes from the team.

[asluk]

@asluk We're getting ready to publish 22.08-rc1 in the next few days and since this is a regression introduced in this release we'd like to merge this as soon as possible. I've left some initial review notes and will update if there are additional notes from the team.

Thanks @sunyab ; I don't have any further notes on the PR on top of yours.