From ae930644962a886d3845e5d8836c5cf136c82df0 Mon Sep 17 00:00:00 2001
From: Michael Brown
Date: Sun, 18 Mar 2018 18:36:58 +0200
Subject: [profile] Prevent potential division by zero

Limit the profile sample count to INT_MAX to avoid both signed
overflow and a potential division by zero when updating the stored
mean value.

Signed-off-by: Michael Brown <mcb30@ipxe.org>
---
 src/core/profile.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/src/core/profile.c b/src/core/profile.c
index 1075047b..3655108e 100644
--- a/src/core/profile.c
+++ b/src/core/profile.c
@@ -26,6 +26,7 @@ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
 #include <stdint.h>
 #include <stdio.h>
 #include <strings.h>
+#include <limits.h>
 #include <assert.h>
 #include <ipxe/isqrt.h>
 #include <ipxe/profile.h>
@@ -122,8 +123,9 @@ void profile_update ( struct profiler *profiler, unsigned long sample ) {
 	 */
 	assert ( ( ( signed ) sample ) >= 0 );
 
-	/* Update sample count */
-	profiler->count++;
+	/* Update sample count, limiting to avoid signed overflow */
+	if ( profiler->count < INT_MAX )
+		profiler->count++;
 
 	/* Adjust mean sample value scale if necessary.  Skip if
 	 * sample is zero (in which case flsl(sample)-1 would
-- 
cgit v1.2.3-55-g7522