diff options
author | Nick Desaulniers <ndesaulniers@google.com> | 2016-08-11 00:32:59 +0000 |
---|---|---|
committer | android-build-merger <android-build-merger@google.com> | 2016-08-11 00:32:59 +0000 |
commit | 791e7afcfc8fbe11f37e395601ec1d18fdb521d3 (patch) | |
tree | ff7078bc7ed09eb6c94c231e8e8244586c09d2a6 | |
parent | c66c0d2a9cdc42b05ee60248411a13873cfe70be (diff) | |
parent | 98a20cd1283b6ee029e871c0876815300475c40a (diff) | |
download | extras-791e7afcfc8fbe11f37e395601ec1d18fdb521d3.tar.gz |
procrank: fix bounds check to prevent heap overflow
am: 98a20cd128
Change-Id: I9e79ff3f83f36b68fa119d1b95f235a804cfb34e
-rw-r--r-- | libpagemap/pm_memusage.c | 12 |
1 files changed, 6 insertions, 6 deletions
diff --git a/libpagemap/pm_memusage.c b/libpagemap/pm_memusage.c index 70cfedec..71a5783e 100644 --- a/libpagemap/pm_memusage.c +++ b/libpagemap/pm_memusage.c @@ -89,15 +89,15 @@ void pm_memusage_pswap_add_offset(pm_memusage_t *mu, unsigned int offset) { if (mu->p_swap == NULL) return; - if (offset > mu->p_swap->array_size) { + if (offset >= mu->p_swap->array_size) { fprintf(stderr, "SWAP offset %d is out of swap bounds.\n", offset); return; + } + + if (mu->p_swap->offset_array[offset] == USHRT_MAX) { + fprintf(stderr, "SWAP offset %d ref. count if overflowing ushort type.\n", offset); } else { - if (mu->p_swap->offset_array[offset] == USHRT_MAX) { - fprintf(stderr, "SWAP offset %d ref. count if overflowing ushort type.\n", offset); - } else { - mu->p_swap->offset_array[offset]++; - } + mu->p_swap->offset_array[offset]++; } soff = malloc(sizeof(pm_swap_offset_t)); |