From: Bart Van Assche <bvanassche@acm.org>
Date: Thu, 2 Jul 2020 21:53:09 +0000 (-0700)
Subject: num2str(): Fix overflow handling
X-Git-Tag: fio-3.21~21^2~2
X-Git-Url: https://git.kernel.dk/?a=commitdiff_plain;h=fd99605cc5f16bc8171233ba6a8f0ab47e57c4f9;p=fio.git

num2str(): Fix overflow handling

This patch changes the output for the arguments (UINT64_MAX, 4, 1, 0,
N2S_NONE, "18.4") from "18.4(null)" into "18.4".

This patch fixes the following Coverity complaint:

CID 169307 (#1 of 1): Out-of-bounds read (OVERRUN)
27. overrun-local: Overrunning array of 6 8-byte elements at element
    index 6 (byte offset 55) by dereferencing pointer unitprefix + post_index.

Signed-off-by: Bart Van Assche <bvanassche@acm.org>
---

diff --git a/lib/num2str.c b/lib/num2str.c
index 923e21d9..7f628d29 100644
--- a/lib/num2str.c
+++ b/lib/num2str.c
@@ -80,14 +80,14 @@ char *num2str(uint64_t num, int maxlen, int base, int pow2, enum n2s_unit units)
 		post_index++;
 	}
 
+	if (post_index >= ARRAY_SIZE(sistr))
+		post_index = 0;
+
 	/*
 	 * If no modulo, then we're done.
 	 */
 	if (modulo == -1U) {
 done:
-		if (post_index >= ARRAY_SIZE(sistr))
-			post_index = 0;
-
 		if (asprintf(&buf, "%llu%s%s", (unsigned long long) num,
 			     unitprefix[post_index], unitstr[units]) < 0)
 			buf = NULL;