From b7e147d1552c022838f4b9d8f02c477b6f906084 Mon Sep 17 00:00:00 2001
From: Jens Axboe <axboe@fb.com>
Date: Mon, 14 Apr 2014 10:21:11 -0600
Subject: [PATCH] num2str: ensure we never access postfix[] out-of-bounds

Signed-off-by: Jens Axboe <axboe@fb.com>
---
 lib/num2str.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/lib/num2str.c b/lib/num2str.c
index 12d6f39a..89618688 100644
--- a/lib/num2str.c
+++ b/lib/num2str.c
@@ -4,6 +4,8 @@
 
 #include "../fio.h"
 
+#define ARRAY_LENGTH(arr)	sizeof(arr) / sizeof((arr)[0])
+
 /*
  * Cheesy number->string conversion, complete with carry rounding error.
  */
@@ -46,6 +48,9 @@ char *num2str(unsigned long num, int maxlen, int base, int pow2, int unit_base)
 
 	if (modulo == -1U) {
 done:
+		if (post_index >= ARRAY_LENGTH(postfix))
+			post_index = 0;
+
 		sprintf(buf, "%lu%s%s", num, postfix[post_index],
 			byte_postfix[byte_post_index]);
 		return buf;
-- 
2.25.1