procrank: fix bounds check to prevent heap overflow

Bug: 30774296 Change-Id: I44005caaa3cc17fe829f375a4cfeb5a464c97fbe
author: Nick Desaulniers <ndesaulniers@google.com> 2016-08-10 15:44:19 -0700
committer: Nick Desaulniers <ndesaulniers@google.com> 2016-08-10 15:44:19 -0700
commit: 98a20cd1283b6ee029e871c0876815300475c40a (patch)
tree: d87cfe89486df2c4ce18f5e2680b763000249d38
parent: 17985b261d49ea1c15c0dc306df948e25d1b81b4 (diff)
download: extras-98a20cd1283b6ee029e871c0876815300475c40a.tar.gz
1 files changed, 6 insertions, 6 deletions
diff --git a/libpagemap/pm_memusage.c b/libpagemap/pm_memusage.c
index 70cfedec..71a5783e 100644
--- a/libpagemap/pm_memusage.c
+++ b/libpagemap/pm_memusage.c
@@ -89,15 +89,15 @@ void pm_memusage_pswap_add_offset(pm_memusage_t *mu, unsigned int offset) {
     if (mu->p_swap == NULL)
         return;
 
-    if (offset > mu->p_swap->array_size) {
+    if (offset >= mu->p_swap->array_size) {
         fprintf(stderr, "SWAP offset %d is out of swap bounds.\n", offset);
         return;
+    }
+
+    if (mu->p_swap->offset_array[offset] == USHRT_MAX) {
+        fprintf(stderr, "SWAP offset %d ref. count if overflowing ushort type.\n", offset);
     } else {
-        if (mu->p_swap->offset_array[offset] == USHRT_MAX) {
-            fprintf(stderr, "SWAP offset %d ref. count if overflowing ushort type.\n", offset);
-        } else {
-            mu->p_swap->offset_array[offset]++;
-        }
+        mu->p_swap->offset_array[offset]++;
     }
 
     soff = malloc(sizeof(pm_swap_offset_t));
author	Nick Desaulniers <ndesaulniers@google.com>	2016-08-10 15:44:19 -0700
committer	Nick Desaulniers <ndesaulniers@google.com>	2016-08-10 15:44:19 -0700
commit	98a20cd1283b6ee029e871c0876815300475c40a (patch)
tree	d87cfe89486df2c4ce18f5e2680b763000249d38
parent	17985b261d49ea1c15c0dc306df948e25d1b81b4 (diff)
download	extras-98a20cd1283b6ee029e871c0876815300475c40a.tar.gz