From nobody Fri May 17 10:34:31 2024
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of _spf.google.com designates
 209.85.221.67 as permitted sender) client-ip=209.85.221.67;
 envelope-from=philippe.mathieu.daude@gmail.com; helo=mail-wr1-f67.google.com;
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of _spf.google.com designates 209.85.221.67 as
 permitted sender)  smtp.mailfrom=philippe.mathieu.daude@gmail.com
ARC-Seal: i=1; a=rsa-sha256; t=1604267652; cv=none;
	d=zohomail.com; s=zohoarc;
	b=e0skImxW08wNC02aRQ4UJTdo67AFOWndOTsDOGJg60Qp9TQyHBFoltIUC2Gb1Xppw8hEQ7p+reCEdg5iYkBhD5be7D5+quHi2OThm8glr+fxi4OiM5BxMt/oKmKqHKSF7vB5gbZr5K++TmbwsvF70Z9kLtzb6pzPqmCftrAKWoU=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1604267652;
 h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:MIME-Version:Message-ID:Sender:Subject:To;
	bh=wU0CMsjyneTK6Sroi2xvnUlYFM1FI2/0Ny5mpCCsVCo=;
	b=RCJwSXeyW3S+6kjG9YLAG1PXydAxeGNAgVPl9aEwmQUyORJHJPMuyP7pxQOZAqU2Yf92zZDc8xqqDX6i4Hb7dDbKwXtdKzHrwKdsY6qScyHH0CBOCf20u9iF/HLP1Euxkk5FLmrN0F8lUFXEb06bZLD7cog3BgR+MdawlTb/ZGo=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of _spf.google.com designates 209.85.221.67 as
 permitted sender)  smtp.mailfrom=philippe.mathieu.daude@gmail.com
Received: from mail-wr1-f67.google.com (mail-wr1-f67.google.com
 [209.85.221.67]) by mx.zohomail.com
	with SMTPS id 1604267652843974.4798109047921;
 Sun, 1 Nov 2020 13:54:12 -0800 (PST)
Received: by mail-wr1-f67.google.com with SMTP id x7so12390562wrl.3
        for <importer@patchew.org>; Sun, 01 Nov 2020 13:54:12 -0800 (PST)
Return-Path: <philippe.mathieu.daude@gmail.com>
Return-Path: <philippe.mathieu.daude@gmail.com>
Received: from localhost.localdomain (234.red-83-42-66.dynamicip.rima-tde.net.
 [83.42.66.234])
        by smtp.gmail.com with ESMTPSA id
 m12sm12595997wmi.33.2020.11.01.13.54.09
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Sun, 01 Nov 2020 13:54:09 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20161025;
        h=sender:from:to:cc:subject:date:message-id:mime-version
         :content-transfer-encoding;
        bh=wU0CMsjyneTK6Sroi2xvnUlYFM1FI2/0Ny5mpCCsVCo=;
        b=vZFioILRZmZe+X/Lt/Nrxc2HoCNY0FJVaNEbq7uc6OAORgtjDU1/O80HRJMGDVBm4R
         Uj/Rs64tq++1tyIV+9W/bkeBMTrcxpaLEa2nELGF06KwN1gwgODb7/dpgFYVrcoAtH5n
         +gwW10P7PvNRbu3sFP3dnJSbTUtSeJEA0vYfV5cBFKDnl4aJ/kMmBQLcMgh5dxXmlreD
         ZqIizTq6mbpmMcArhQG5v7STLrxO27VfvZbO+709qdBOvrXMLy1cFl/KTpi7z8AF3ltW
         0YfGDtwi7UtxRd8ujrpKPJBIA+nfBtHHN/E41asEmd14dgG4qs0pE4muesUBDZbh8HEQ
         cH7A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:sender:from:to:cc:subject:date:message-id
         :mime-version:content-transfer-encoding;
        bh=wU0CMsjyneTK6Sroi2xvnUlYFM1FI2/0Ny5mpCCsVCo=;
        b=gs+Z9azPqNZ+lDApbTq/Up5KvR3y6HewIhfZ3SYPcCLby4gHJ/6OhrRhu9rfD0UXP9
         mR3J+sPsR7KLhWovk/9zWMyYY+dKPw3w7dYqnl4iN8joLzSlJVB+plyxqmJAwJEJ7Nbg
         fmlgezMZClMbwXpSfFNosj0XIfXsqKIwaLOJqF2s2RNUhvAgvZfJVHZpoxla9QZ5OUIF
         yVuMHDj8ebHHHHoSrsBs/dk39XyXhIioRCfLvt40XrgDp+jS7xcJNKtWDBDf1+H45bxJ
         IEOxyTSCnxEvgo7VnezOlvoZHVGPsavn0lYLEGVfke67PzbiTiPKKszEuurlsQ7MZo7Y
         WAmQ==
X-Gm-Message-State: AOAM5328W8bIW5xDwi+/sayHLJMU9W21IN1yca8al4Ipxrq/8cZud8ym
	lV0pUO9RaQVGM+L8ifVWlJU=
X-Google-Smtp-Source: 
 ABdhPJy2Km+Cs5SxTE4VaLEqxVoAFA9tFmS/BL2zWUQZY6Ezus3JySlr00HK1OgHq3diSHvvJXj/dw==
X-Received: by 2002:a5d:6110:: with SMTP id
 v16mr17712087wrt.219.1604267650876;
        Sun, 01 Nov 2020 13:54:10 -0800 (PST)
Sender: =?UTF-8?Q?Philippe_Mathieu=2DDaud=C3=A9?=
 <philippe.mathieu.daude@gmail.com>
From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= <f4bug@amsat.org>
To: qemu-devel@nongnu.org
Cc: Alistair Francis <alistair.francis@wdc.com>,
	Richard Henderson <rth@twiddle.net>,
	Luc Michel <luc@lmichel.fr>,
	Eric Blake <eblake@redhat.com>,
	Peter Maydell <peter.maydell@linaro.org>,
	=?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= <f4bug@amsat.org>,
	Eduardo Habkost <ehabkost@redhat.com>
Subject: [PATCH-for-5.2 v2] util/cutils: Fix Coverity array overrun in
 freq_to_str()
Date: Sun,  1 Nov 2020 22:54:08 +0100
Message-Id: <20201101215408.2019266-1-f4bug@amsat.org>
X-Mailer: git-send-email 2.26.2
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
X-ZohoMail-DKIM: pass (identity @gmail.com)

Rewrite the iteration to avoid an array overrun. This fixes
CID 1435957:  Memory - illegal accesses (OVERRUN):

>>> Overrunning array "suffixes" of 7 8-byte elements at element
    index 7 (byte offset 63) using index "idx" (which evaluates to 7).

Note, the biggest input value freq_to_str() can accept is UINT64_MAX,
which is ~18.446 EHz, less than 1000 EHz.

Reported-by: Eduardo Habkost <ehabkost@redhat.com>
Signed-off-by: Philippe Mathieu-Daud=C3=A9 <f4bug@amsat.org>
---
Supersedes: <20201029185506.1241912-1-f4bug@amsat.org>
---
 util/cutils.c | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/util/cutils.c b/util/cutils.c
index c395974fab4..723051da6e8 100644
--- a/util/cutils.c
+++ b/util/cutils.c
@@ -889,11 +889,13 @@ char *freq_to_str(uint64_t freq_hz)
 {
     static const char *const suffixes[] =3D { "", "K", "M", "G", "T", "P",=
 "E" };
     double freq =3D freq_hz;
-    size_t idx =3D 0;
+    size_t idx;
=20
-    while (freq >=3D 1000.0 && idx < ARRAY_SIZE(suffixes)) {
+    for (idx =3D 0; idx < ARRAY_SIZE(suffixes) - 1; idx++) {
+        if (freq < 1000.0) {
+            break;
+        }
         freq /=3D 1000.0;
-        idx++;
     }
=20
     return g_strdup_printf("%0.3g %sHz", freq, suffixes[idx]);
--=20
2.26.2