Skip to content

Commit

Permalink
zdb: segfault in dump_bpobj_subobjs()
Browse files Browse the repository at this point in the history 
Avoid buffer overrun on all-zero bpobj subobjects by using signed
array index.  Also fix the type cast on the printf() argument.

Signed-off-by: Tim Chase <tim@onlight.com>
Signed-off-by: Brian Behlendorf <behlendorf1@llnl.gov>
Closes openzfs#3905
  • Loading branch information
@l1k
Tim Chase authored and l1k committed Apr 25, 2017
1 parent 7bdcf65 commit 24017d9
Showing 1 changed file with 2 additions and 2 deletions.
4 changes: 2 additions & 2 deletions cmd/zdb/zdb.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -478,7 +478,7 @@ static void
dump_bpobj_subobjs(objset_t *os, uint64_t object, void *data, size_t size)
{
dmu_object_info_t doi;
uint64_t i;
int64_t i;

VERIFY0(dmu_object_info(os, object, &doi));
uint64_t *subobjs = kmem_alloc(doi.doi_max_offset, KM_SLEEP);
Expand All @@ -497,7 +497,7 @@ dump_bpobj_subobjs(objset_t *os, uint64_t object, void *data, size_t size)
}

for (i = 0; i <= last_nonzero; i++) {
(void) printf("\t%llu\n", (longlong_t)subobjs[i]);
(void) printf("\t%llu\n", (u_longlong_t)subobjs[i]);
}
kmem_free(subobjs, doi.doi_max_offset);
}
Expand Down

0 comments on commit 24017d9

Please sign in to comment.