Fix aapt badging segmentation fault

Unsigned subtraction lead to arithmetic overflow which caused aapt to reference the vector out of its bounds. Bug: 175789289 Test: dump badging on a manifest with no uses-sdk tag Change-Id: Id1b96376a8bfe13c0c195bb6f62b681c3d686034
author: Ryan Mitchell <rtmitchell@google.com> 2021-05-10 11:46:49 -0700
committer: Ryan Mitchell <rtmitchell@google.com> 2021-05-10 11:46:49 -0700
commit: 957168e2b2e90aae4c1846989e87d49fc4e7df3e (patch)
tree: c43252531d904de0ba050b67c6c28a45b46cbaaf
parent: 969f4ec61b7f6d069726ffcc795d438af7d47f7d (diff)
1 files changed, 2 insertions, 2 deletions
diff --git a/tools/aapt/Command.cpp b/tools/aapt/Command.cpp
index f2c3b86e409e..812e2087f36b 100644
--- a/tools/aapt/Command.cpp
+++ b/tools/aapt/Command.cpp
@@ -1121,8 +1121,8 @@ int doDump(Bundle* bundle)
 
                 // Skip all "uses-sdk" tags besides the very last tag. The android runtime only uses
                 // the attribute values from the last defined tag.
-                for (size_t i = 0; i < usesSdkTagPositions.size() - 1; i++) {
-                    tagsToSkip.emplace_back(usesSdkTagPositions[i]);
+                for (size_t i = 1; i < usesSdkTagPositions.size(); i++) {
+                    tagsToSkip.emplace_back(usesSdkTagPositions[i - 1]);
                 }
 
                 // Reset the position before parsing.
author	Ryan Mitchell <rtmitchell@google.com>	2021-05-10 11:46:49 -0700
committer	Ryan Mitchell <rtmitchell@google.com>	2021-05-10 11:46:49 -0700
commit	957168e2b2e90aae4c1846989e87d49fc4e7df3e (patch)
tree	c43252531d904de0ba050b67c6c28a45b46cbaaf
parent	969f4ec61b7f6d069726ffcc795d438af7d47f7d (diff)