[profile] Prevent potential division by zero

Limit the profile sample count to INT_MAX to avoid both signed
overflow and a potential division by zero when updating the stored
mean value.

Signed-off-by: Michael Brown <mcb30@ipxe.org>

diff --git a/src/core/profile.c b/src/core/profile.c
index 1075047b9531958709ca4a7b88216d62edf7da2f..3655108eaab2c2822d718e3eff4025b4ea9cb973 100644 (file)
--- a/src/core/profile.c
+++ b/src/core/profile.c
@@ -26,6 +26,7 @@ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
 #include <stdint.h>
 #include <stdio.h>
 #include <strings.h>
+#include <limits.h>
 #include <assert.h>
 #include <ipxe/isqrt.h>
 #include <ipxe/profile.h>
@@ -122,8 +123,9 @@ void profile_update ( struct profiler *profiler, unsigned long sample ) {
         */
        assert ( ( ( signed ) sample ) >= 0 );
 
-       /* Update sample count */
-       profiler->count++;
+       /* Update sample count, limiting to avoid signed overflow */
+       if ( profiler->count < INT_MAX )
+               profiler->count++;
 
        /* Adjust mean sample value scale if necessary.  Skip if
         * sample is zero (in which case flsl(sample)-1 would