aboutsummaryrefslogtreecommitdiff
path: root/util
diff options
context:
space:
mode:
authorPhilippe Mathieu-Daudé <f4bug@amsat.org>2020-11-17 12:56:32 +0000
committerPeter Maydell <peter.maydell@linaro.org>2020-11-17 12:56:32 +0000
commit6d7ccc576d52fe2e7d965bfdb0e63b997e77975a (patch)
tree3375a28eb5bd9c5424c548be52b5d7579e66dbc4 /util
parentea2d7fcf3556bc279922fac08ea990093f1d7923 (diff)
downloadqemu-6d7ccc576d52fe2e7d965bfdb0e63b997e77975a.zip
qemu-6d7ccc576d52fe2e7d965bfdb0e63b997e77975a.tar.gz
qemu-6d7ccc576d52fe2e7d965bfdb0e63b997e77975a.tar.bz2
util/cutils: Fix Coverity array overrun in freq_to_str()
Fix Coverity CID 1435957: Memory - illegal accesses (OVERRUN): >>> Overrunning array "suffixes" of 7 8-byte elements at element index 7 (byte offset 63) using index "idx" (which evaluates to 7). Note, the biggest input value freq_to_str() can accept is UINT64_MAX, which is ~18.446 EHz, less than 1000 EHz. Reported-by: Eduardo Habkost <ehabkost@redhat.com> Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Eduardo Habkost <ehabkost@redhat.com> Reviewed-by: Luc Michel <luc@lmichel.fr> Message-id: 20201101215755.2021421-1-f4bug@amsat.org Suggested-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Diffstat (limited to 'util')
-rw-r--r--util/cutils.c3
1 files changed, 2 insertions, 1 deletions
diff --git a/util/cutils.c b/util/cutils.c
index 9498e28..0b5073b 100644
--- a/util/cutils.c
+++ b/util/cutils.c
@@ -891,10 +891,11 @@ char *freq_to_str(uint64_t freq_hz)
double freq = freq_hz;
size_t idx = 0;
- while (freq >= 1000.0 && idx < ARRAY_SIZE(suffixes)) {
+ while (freq >= 1000.0) {
freq /= 1000.0;
idx++;
}
+ assert(idx < ARRAY_SIZE(suffixes));
return g_strdup_printf("%0.3g %sHz", freq, suffixes[idx]);
}