[profile] Prevent potential division by zero

Limit the profile sample count to INT_MAX to avoid both signed overflow and a potential division by zero when updating the stored mean value. Signed-off-by: Michael Brown <mcb30@ipxe.org>
2018-03-18 18:36:58 +02:00 · 2018-03-18 18:36:58 +02:00 · ae93064496
parent b11ae1d91b
commit ae93064496
1 changed files with 4 additions and 2 deletions
--- a/src/core/profile.c
+++ b/src/core/profile.c
@ -26,6 +26,7 @@ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
 #include <stdint.h>
 #include <stdio.h>
 #include <strings.h>
+#include <limits.h>
 #include <assert.h>
 #include <ipxe/isqrt.h>
 #include <ipxe/profile.h>
@ -122,8 +123,9 @@ void profile_update ( struct profiler *profiler, unsigned long sample ) {
 	 */
 	assert ( ( ( signed ) sample ) >= 0 );

-	/* Update sample count */
-	profiler->count++;
+	/* Update sample count, limiting to avoid signed overflow */
+	if ( profiler->count < INT_MAX )
+		profiler->count++;

 	/* Adjust mean sample value scale if necessary.  Skip if
 	 * sample is zero (in which case flsl(sample)-1 would