The freqs array size is RTE_MAX_LCORE_FREQS. Before filling the array with num_freqs elements, restrict the total num to RTE_MAX_LCORE_FREQS. This fix aims to fix the coverity scan issue like: Overrunning array "pi->freqs" of 256 bytes by passing it to a function which accesses it at byte offset 464.
Coverity issue: 371913 Fixes: ef1cc88f1837 ("power: support cppc_cpufreq driver") Cc: richael.zhu...@arm.com Cc: sta...@dpdk.org Signed-off-by: Richael Zhuang <richael.zhu...@arm.com> --- lib/power/power_cppc_cpufreq.c | 5 +++++ lib/power/power_pstate_cpufreq.c | 5 +++++ 2 files changed, 10 insertions(+) diff --git a/lib/power/power_cppc_cpufreq.c b/lib/power/power_cppc_cpufreq.c index e92973ab54..db63c2cc10 100644 --- a/lib/power/power_cppc_cpufreq.c +++ b/lib/power/power_cppc_cpufreq.c @@ -246,6 +246,11 @@ power_get_available_freqs(struct cppc_power_info *pi) pi->nominal_perf * UNIT_DIFF : pi->nominal_perf; num_freqs = (nominal_perf - scaling_min_freq) / BUS_FREQ + 1 + pi->turbo_available; + if (num_freqs >= RTE_MAX_LCORE_FREQS) { + RTE_LOG(ERR, POWER, "Too many available frequencies : %d\n", + num_freqs); + goto out; + } /* Generate the freq bucket array. */ for (i = 0, pi->nb_freqs = 0; i < num_freqs; i++) { diff --git a/lib/power/power_pstate_cpufreq.c b/lib/power/power_pstate_cpufreq.c index 3b607515fd..619090c8d1 100644 --- a/lib/power/power_pstate_cpufreq.c +++ b/lib/power/power_pstate_cpufreq.c @@ -419,6 +419,11 @@ power_get_available_freqs(struct pstate_power_info *pi) */ num_freqs = (base_max_freq - sys_min_freq) / BUS_FREQ + 1 + pi->turbo_available; + if (num_freqs >= RTE_MAX_LCORE_FREQS) { + RTE_LOG(ERR, POWER, "Too many available frequencies : %d\n", + num_freqs); + goto out; + } /* Generate the freq bucket array. * If turbo is available the freq bucket[0] value is base_max +1 -- 2.20.1