Fix index out of bounds error in procmon (#1792)

* Fix index out of bounds error in procmon

* Fix

src/plugins/procmon/privileges.h

@@ -164,7 +164,7 @@ struct LUID_AND_ATTRIBUTES
 struct TOKEN_PRIVILEGES
 {
     uint32_t privilege_count;
-    struct LUID_AND_ATTRIBUTES privileges[1];
+    struct LUID_AND_ATTRIBUTES privileges[];
 } __attribute__((packed));
 
 std::pair<std::string, fmt::Aarg> stringify_privilege(struct LUID_AND_ATTRIBUTES& privilege);

src/plugins/procmon/win.cpp

@@ -696,17 +696,15 @@ static event_response_t adjust_privileges_token_cb(drakvuf_t drakvuf, drakvuf_tr
             VMI_SUCCESS != vmi_read(vmi, &ctx, sizeof(struct TOKEN_PRIVILEGES), newstate, nullptr) ||
             !newstate->privilege_count)
             goto done;
-        if (newstate->privilege_count > 1)
-        {
-            auto count = newstate->privilege_count - 1;
-            auto size = sizeof(struct TOKEN_PRIVILEGES) + sizeof(struct LUID_AND_ATTRIBUTES) * count;
-            g_free(newstate);
-            newstate = (struct TOKEN_PRIVILEGES*)g_malloc0(size);
-            if (!newstate ||
-                VMI_SUCCESS != vmi_read(vmi, &ctx, size, newstate, nullptr) ||
-                !newstate->privilege_count)
-                goto done;
-        }
+
+        auto count = newstate->privilege_count;
+        auto size = sizeof(struct TOKEN_PRIVILEGES) + sizeof(struct LUID_AND_ATTRIBUTES) * count;
+        g_free(newstate);
+        newstate = (struct TOKEN_PRIVILEGES*)g_malloc0(size);
+
+        if (!newstate || VMI_SUCCESS != vmi_read(vmi, &ctx, size, newstate, nullptr) ||
+            !newstate->privilege_count)
+            goto done;
 
         for (size_t i = 0; i < newstate->privilege_count; ++i)
             privileges.push_back(stringify_privilege(newstate->privileges[i]));