From nobody Fri May 17 11:28:45 2024
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of _spf.google.com designates
 209.85.128.65 as permitted sender) client-ip=209.85.128.65;
 envelope-from=philippe.mathieu.daude@gmail.com; helo=mail-wm1-f65.google.com;
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of _spf.google.com designates 209.85.128.65 as
 permitted sender)  smtp.mailfrom=philippe.mathieu.daude@gmail.com
ARC-Seal: i=1; a=rsa-sha256; t=1604267880; cv=none;
	d=zohomail.com; s=zohoarc;
	b=d6l7md1cKrK3QcmQBUC5vlLHQSiZSJGCh6uMMmpSgFwV7EFHaOJpyVPF2wqttG8BaFFKE1v1D/VadMWLmal3azIwoPcHdMor77MiXQpyUGgiWrrrf13p744dWIIYaaJPBADB6Efnd0RQQjk/hUB4Lekpe4ccYyZAJ4pI1IEIrPY=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1604267880;
 h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:MIME-Version:Message-ID:Sender:Subject:To;
	bh=JIbIS5UYgadRW7dH7fGMNKuMnx0ji6qCG/NIkbv4yjE=;
	b=RAsKMB/m57azo2JP9lk7Ap/bFXLtgceZLloYNrProp9kjvCFspKvdfcQJYHvcaj3jw/SnUzlRuJGnDU/3kjNJ+gN1tlhizKjU9uDDKBXBTSeK2sXD4D0JfFP6frJBSufP4pmAim0JyqVza8UjKjChLhC7m5d9sI9ca1jZp9vD58=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of _spf.google.com designates 209.85.128.65 as
 permitted sender)  smtp.mailfrom=philippe.mathieu.daude@gmail.com
Received: from mail-wm1-f65.google.com (mail-wm1-f65.google.com
 [209.85.128.65]) by mx.zohomail.com
	with SMTPS id 1604267880045823.0493279970813;
 Sun, 1 Nov 2020 13:58:00 -0800 (PST)
Received: by mail-wm1-f65.google.com with SMTP id k18so7656787wmj.5
        for <importer@patchew.org>; Sun, 01 Nov 2020 13:57:59 -0800 (PST)
Return-Path: <philippe.mathieu.daude@gmail.com>
Return-Path: <philippe.mathieu.daude@gmail.com>
Received: from localhost.localdomain (234.red-83-42-66.dynamicip.rima-tde.net.
 [83.42.66.234])
        by smtp.gmail.com with ESMTPSA id
 f5sm12535167wmh.16.2020.11.01.13.57.56
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Sun, 01 Nov 2020 13:57:57 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20161025;
        h=sender:from:to:cc:subject:date:message-id:mime-version
         :content-transfer-encoding;
        bh=JIbIS5UYgadRW7dH7fGMNKuMnx0ji6qCG/NIkbv4yjE=;
        b=uywipnOEOB1tMpu+cUShzuNu1H0OOcxE8e3N+KbirTvaa2DG7w2u3Iu/Ka7REKMePX
         6L/SLrBSoM74ivj2+VMVVcGWisKasPQ9zwsWaIu0fRXYDSul+M4yDBr++WkA6vcujkkC
         Ce0U/JdpOvg2c5W4YYCScPYzZ3E/vJDbWFt23gzqZgaZvm0vzki4QrnFve4bd03v10Wr
         t+vWARgGdZosLnSkEOVrbJbw27FH0sjwd2uaCtrwQZNIAKo5JEob4SLQDDO7sKQejaDn
         H/evq1MLdxrYa29wdWQC92Eb/3xJVUs+joQQYHYwZWSl0Hl1AZiKCVdRSGb6ehMCpKy4
         h7sw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:sender:from:to:cc:subject:date:message-id
         :mime-version:content-transfer-encoding;
        bh=JIbIS5UYgadRW7dH7fGMNKuMnx0ji6qCG/NIkbv4yjE=;
        b=VIyMcOAR02SZn/cdzN2qS077IF6jARJF17SiW6HQ3WNC71DdE60UT3xehj2PeWvHAu
         Bx3JUn8eRpsT92gOMBvX3UQDtQvelkySOdY2hZP/GoU81CD208jkYGfvscXKI1/pN7ai
         3hw4e6cqcQ0RQwcsFfQgy+ryQUwRZwQsEaOjD6fGVP7oh1D8kUS22I2RlzB42cYXjU5J
         YPOoHMfb/dz9UQdEm76SIM6ygcfDtlfMrxGnIbFhXiWPln1SgfnnM9k1noh54RVUiVql
         gpJe3k43nZ4L0EIYA8JeXe7w1tVliASyNVf7cLxvJxMX9Gyj7EVigBRKvxMRogRrpUG4
         1QOA==
X-Gm-Message-State: AOAM5304Y76UPJ7hTRdRlw1Ngl+Sw9DK/n4iKdpMlq/dzLeBJRw/BnY/
	gHpru6k6muDFMPhiqTwdCas=
X-Google-Smtp-Source: 
 ABdhPJy5YA0ljbIEnKc4nys9tn23GAM1xIhdjaG17N4q2izgLT4BTN7g9ID7+XuaNz7hyQoKrvdY1Q==
X-Received: by 2002:a1c:448:: with SMTP id 69mr3993668wme.12.1604267878037;
        Sun, 01 Nov 2020 13:57:58 -0800 (PST)
Sender: =?UTF-8?Q?Philippe_Mathieu=2DDaud=C3=A9?=
 <philippe.mathieu.daude@gmail.com>
From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= <f4bug@amsat.org>
To: qemu-devel@nongnu.org
Cc: Peter Maydell <peter.maydell@linaro.org>,
	Luc Michel <luc@lmichel.fr>,
	Eric Blake <eblake@redhat.com>,
	Alistair Francis <alistair.francis@wdc.com>,
	Richard Henderson <rth@twiddle.net>,
	=?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= <f4bug@amsat.org>,
	Eduardo Habkost <ehabkost@redhat.com>
Subject: [PATCH-for-5.2 v3] util/cutils: Fix Coverity array overrun in
 freq_to_str()
Date: Sun,  1 Nov 2020 22:57:55 +0100
Message-Id: <20201101215755.2021421-1-f4bug@amsat.org>
X-Mailer: git-send-email 2.26.2
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
X-ZohoMail-DKIM: pass (identity @gmail.com)

Fix Coverity CID 1435957:  Memory - illegal accesses (OVERRUN):

>>> Overrunning array "suffixes" of 7 8-byte elements at element
    index 7 (byte offset 63) using index "idx" (which evaluates to 7).

Note, the biggest input value freq_to_str() can accept is UINT64_MAX,
which is ~18.446 EHz, less than 1000 EHz.

Reported-by: Eduardo Habkost <ehabkost@redhat.com>
Suggested-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Philippe Mathieu-Daud=C3=A9 <f4bug@amsat.org>
Reviewed-by: Eduardo Habkost <ehabkost@redhat.com>
Reviewed-by: Luc Michel <luc@lmichel.fr>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
---
v3: Follow Peter's suggestion
---
 util/cutils.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/util/cutils.c b/util/cutils.c
index c395974fab4..2f869a843a5 100644
--- a/util/cutils.c
+++ b/util/cutils.c
@@ -891,10 +891,11 @@ char *freq_to_str(uint64_t freq_hz)
     double freq =3D freq_hz;
     size_t idx =3D 0;
=20
-    while (freq >=3D 1000.0 && idx < ARRAY_SIZE(suffixes)) {
+    while (freq >=3D 1000.0) {
         freq /=3D 1000.0;
         idx++;
     }
+    assert(idx < ARRAY_SIZE(suffixes));
=20
     return g_strdup_printf("%0.3g %sHz", freq, suffixes[idx]);
 }
--=20
2.26.2