Fix aapt badging segmentation fault
Unsigned subtraction lead to arithmetic overflow which caused aapt
to reference the vector out of its bounds.
Bug: 175789289
Test: dump badging on a manifest with no uses-sdk tag
Change-Id: Id1b96376a8bfe13c0c195bb6f62b681c3d686034
diff --git a/tools/aapt/Command.cpp b/tools/aapt/Command.cpp
index f2c3b86..812e208 100644
--- a/tools/aapt/Command.cpp
+++ b/tools/aapt/Command.cpp
@@ -1121,8 +1121,8 @@
// Skip all "uses-sdk" tags besides the very last tag. The android runtime only uses
// the attribute values from the last defined tag.
- for (size_t i = 0; i < usesSdkTagPositions.size() - 1; i++) {
- tagsToSkip.emplace_back(usesSdkTagPositions[i]);
+ for (size_t i = 1; i < usesSdkTagPositions.size(); i++) {
+ tagsToSkip.emplace_back(usesSdkTagPositions[i - 1]);
}
// Reset the position before parsing.