Skip to content

Commit

Permalink
zdb: segfault in dump_bpobj_subobjs()
Browse files Browse the repository at this point in the history 
Avoid buffer overrun on all-zero bpobj subobjects by using signed
array index.  Also fix the type cast on the printf() argument.

Signed-off-by: Tim Chase <[email protected]>
Signed-off-by: Brian Behlendorf <[email protected]>
Closes #3905
  • Loading branch information
@tonyhutter
Tim Chase authored and tonyhutter committed Jun 9, 2017
1 parent 4a4c57d commit 34a3a7c
Showing 1 changed file with 2 additions and 2 deletions.
4 changes: 2 additions & 2 deletions cmd/zdb/zdb.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -478,7 +478,7 @@ static void
dump_bpobj_subobjs(objset_t *os, uint64_t object, void *data, size_t size)
{
dmu_object_info_t doi;
uint64_t i;
int64_t i;

VERIFY0(dmu_object_info(os, object, &doi));
uint64_t *subobjs = kmem_alloc(doi.doi_max_offset, KM_SLEEP);
Expand All @@ -497,7 +497,7 @@ dump_bpobj_subobjs(objset_t *os, uint64_t object, void *data, size_t size)
}

for (i = 0; i <= last_nonzero; i++) {
(void) printf("\t%llu\n", (longlong_t)subobjs[i]);
(void) printf("\t%llu\n", (u_longlong_t)subobjs[i]);
}
kmem_free(subobjs, doi.doi_max_offset);
}
Expand Down

0 comments on commit 34a3a7c

Please sign in to comment.