Skip to content

fix(replay): add explicit ComposeRect type reference to prevent DexGuard stripping #5505

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Draft
sentry-junior wants to merge 1 commit into
base: main
Choose a base branch
from
+4 −1
Draft

fix(replay): add explicit ComposeRect type reference to prevent DexGuard stripping #5505

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 4 additions & 1 deletion sentry-android-replay/src/main/java/io/sentry/android/replay/util/Nodes.kt
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@

import android.graphics.Rect
import androidx.compose.ui.geometry.Offset
import androidx.compose.ui.geometry.Rect as ComposeRect
import androidx.compose.ui.graphics.Color
import androidx.compose.ui.graphics.ColorProducer
import androidx.compose.ui.graphics.painter.Painter
Expand Down Expand Up @@ -168,8 +169,10 @@
val rootHeight = root.size.height.toFloat()

// pass clipBounds explicitly to avoid the `localBoundingBoxOf$default` bridge that AGP 8.13's D8
// desugars inconsistently on minSdk < 24

Check warning on line 172 in sentry-android-replay/src/main/java/io/sentry/android/replay/util/Nodes.kt

View check run for this annotation

@sentry/warden / warden: check-code-attribution

⚠️ Vendored function missing copyright holder and license name 

**io.sentry.android.replay.util.Nodes** — The `boundsInWindow` function is documented as "A faster copy of" the androidx `LayoutCoordinates.kt` implementation and includes a source URL, but is missing a copyright holder (e.g. `Copyright (C) The Android Open Source Project`) and a license name (e.g. `Apache License, Version 2.0`). Both are required attribution fields for vendored code.
Copy link
Copy Markdown

@sentry-warden sentry-warden Bot Jun 5, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Vendored function missing copyright holder and license name

io.sentry.android.replay.util.Nodes — The boundsInWindow function is documented as "A faster copy of" the androidx LayoutCoordinates.kt implementation and includes a source URL, but is missing a copyright holder (e.g. Copyright (C) The Android Open Source Project) and a license name (e.g. Apache License, Version 2.0). Both are required attribution fields for vendored code.

Evidence
  • The function docstring at lines ~155–165 (context before hunk) reads A faster copy of https://github.com/androidx/androidx/blob/fc7df0dd68466ac3bb16b1c79b7a73dd0bfdd4c1/compose/ui/ui/src/commonMain/kotlin/androidx/compose/ui/layout/LayoutCoordinates.kt#L187 — vendoring origin phrase and source URL are present.
  • Neither the docstring nor the file header (first 50 lines: imports and ComposeTextLayout) contains a copyright holder or license name for this copied code.
  • The androidx codebase is Apache 2.0 licensed; the copyright holder is The Android Open Source Project.
  • All four required fields must be physically present in the file/docstring header; two are absent.

Identified by Warden check-code-attribution · PW4-M9D

val bounds = root.localBoundingBoxOf(this, true)
// Explicit type reference ensures androidx.compose.ui.geometry.Rect is not stripped by aggressive
// obfuscation tools (e.g. DexGuard), which can miss implicit return types and cause VerifyError.
val bounds: ComposeRect = root.localBoundingBoxOf(this, true)
val boundsLeft = bounds.left.fastCoerceIn(0f, rootWidth)
val boundsTop = bounds.top.fastCoerceIn(0f, rootHeight)
val boundsRight = bounds.right.fastCoerceIn(0f, rootWidth)
Expand Down
Loading