On 22:57 Sun 01 Nov , Philippe Mathieu-Daudé wrote:
> Fix Coverity CID 1435957: Memory - illegal accesses (OVERRUN):
>
> >>> Overrunning array "suffixes" of 7 8-byte elements at element
> index 7 (byte offset 63) using index "idx" (which evaluates to 7).
>
> Note, the biggest input value freq_to_str() can accept is UINT64_MAX,
> which is ~18.446 EHz, less than 1000 EHz.
>
> Reported-by: Eduardo Habkost <ehabk...@redhat.com>
> Suggested-by: Peter Maydell <peter.mayd...@linaro.org>
> Signed-off-by: Philippe Mathieu-Daudé <f4...@amsat.org>
Reviewed-by: Luc Michel <l...@lmichel.fr>
> ---
> v3: Follow Peter's suggestion
> ---
> util/cutils.c | 3 ++-
> 1 file changed, 2 insertions(+), 1 deletion(-)
>
> diff --git a/util/cutils.c b/util/cutils.c
> index c395974fab4..2f869a843a5 100644
> --- a/util/cutils.c
> +++ b/util/cutils.c
> @@ -891,10 +891,11 @@ char *freq_to_str(uint64_t freq_hz)
> double freq = freq_hz;
> size_t idx = 0;
>
> - while (freq >= 1000.0 && idx < ARRAY_SIZE(suffixes)) {
> + while (freq >= 1000.0) {
> freq /= 1000.0;
> idx++;
> }
> + assert(idx < ARRAY_SIZE(suffixes));
>
> return g_strdup_printf("%0.3g %sHz", freq, suffixes[idx]);
> }
> --
> 2.26.2
>
--
