diff options
author | Nick Desaulniers <ndesaulniers@google.com> | 2016-08-10 15:44:19 -0700 |
---|---|---|
committer | Nick Desaulniers <ndesaulniers@google.com> | 2016-08-10 15:44:19 -0700 |
commit | 98a20cd1283b6ee029e871c0876815300475c40a (patch) | |
tree | d87cfe89486df2c4ce18f5e2680b763000249d38 | |
parent | 17985b261d49ea1c15c0dc306df948e25d1b81b4 (diff) | |
download | extras-98a20cd1283b6ee029e871c0876815300475c40a.tar.gz |
procrank: fix bounds check to prevent heap overflow
Bug: 30774296
Change-Id: I44005caaa3cc17fe829f375a4cfeb5a464c97fbe
-rw-r--r-- | libpagemap/pm_memusage.c | 12 |
1 files changed, 6 insertions, 6 deletions
diff --git a/libpagemap/pm_memusage.c b/libpagemap/pm_memusage.c index 70cfedec..71a5783e 100644 --- a/libpagemap/pm_memusage.c +++ b/libpagemap/pm_memusage.c @@ -89,15 +89,15 @@ void pm_memusage_pswap_add_offset(pm_memusage_t *mu, unsigned int offset) { if (mu->p_swap == NULL) return; - if (offset > mu->p_swap->array_size) { + if (offset >= mu->p_swap->array_size) { fprintf(stderr, "SWAP offset %d is out of swap bounds.\n", offset); return; + } + + if (mu->p_swap->offset_array[offset] == USHRT_MAX) { + fprintf(stderr, "SWAP offset %d ref. count if overflowing ushort type.\n", offset); } else { - if (mu->p_swap->offset_array[offset] == USHRT_MAX) { - fprintf(stderr, "SWAP offset %d ref. count if overflowing ushort type.\n", offset); - } else { - mu->p_swap->offset_array[offset]++; - } + mu->p_swap->offset_array[offset]++; } soff = malloc(sizeof(pm_swap_offset_t)); |