From d6e3cf4ab55ea68e60597526f43e973026aa2909 Mon Sep 17 00:00:00 2001
From: John Reck <jreck@google.com>
Date: Mon, 28 Mar 2016 09:35:00 -0700
Subject: Fix array out of bounds access in JankTracker

Fixes: 27873879

If frametime > max janktracker would accidentally
double-increment totalFrameCount due to overflowing
the end of frameCounts

Change-Id: Iebfd1349b7014ade807f42d9c196139274a96684
---
 libs/hwui/JankTracker.cpp | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'libs/hwui/JankTracker.cpp')

diff --git a/libs/hwui/JankTracker.cpp b/libs/hwui/JankTracker.cpp
index 2246cf9c1948..76e587e162b6 100644
--- a/libs/hwui/JankTracker.cpp
+++ b/libs/hwui/JankTracker.cpp
@@ -244,7 +244,7 @@ void JankTracker::addFrame(const FrameInfo& frame) {
     int64_t totalDuration =
             frame[FrameInfoIndex::FrameCompleted] - frame[FrameInfoIndex::IntendedVsync];
     uint32_t framebucket = frameCountIndexForFrameTime(
-            totalDuration, mData->frameCounts.size());
+            totalDuration, mData->frameCounts.size() - 1);
     // Keep the fast path as fast as possible.
     if (CC_LIKELY(totalDuration < mFrameInterval)) {
         mData->frameCounts[framebucket]++;
-- 
cgit v1.2.3-59-g8ed1b