From d83044d0c42447de8a7853c5393943631dee3cc2 Mon Sep 17 00:00:00 2001
From: Akilesh Kailash <akailash@google.com>
Date: Mon, 23 Nov 2020 04:28:26 +0000
Subject: [PATCH] libsnapshot:snapuserd: Fix off by one error in merge path

We only need to iterate exceptions_per_area times during
merge. Additional iteration overhsoots the buffer and hence triggers
the assert.

BUG: 168311203
Test: Full OTA with VABC - Verified merge complete

Signed-off-by: Akilesh Kailash <akailash@google.com>
Change-Id: If6e8dee08802ea70a8fd40e93ad63a47f39ce96e
---
 fs_mgr/libsnapshot/snapuserd.cpp | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/fs_mgr/libsnapshot/snapuserd.cpp b/fs_mgr/libsnapshot/snapuserd.cpp
index 3abc4571d..49e6c3d2b 100644
--- a/fs_mgr/libsnapshot/snapuserd.cpp
+++ b/fs_mgr/libsnapshot/snapuserd.cpp
@@ -334,7 +334,7 @@ int Snapuserd::GetNumberOfMergedOps(void* merged_buffer, void* unmerged_buffer,
     int merged_ops_cur_iter = 0;
 
     // Find the operations which are merged in this cycle.
-    while ((unmerged_exceptions + merged_ops_cur_iter) <= exceptions_per_area_) {
+    while ((unmerged_exceptions + merged_ops_cur_iter) < exceptions_per_area_) {
         struct disk_exception* merged_de =
                 reinterpret_cast<struct disk_exception*>((char*)merged_buffer + offset);
         struct disk_exception* cow_de =