diff options
author | Tim Chase <[email protected]> | 2015-10-09 13:28:12 -0500 |
---|---|---|
committer | Brian Behlendorf <[email protected]> | 2015-10-13 09:56:51 -0700 |
commit | 2986b3fd2587b1da5b6047a5c0b6bbb0b6d9c47e (patch) | |
tree | 40177ac5ab8fbd77702ba54c82d23f2ab4c388f8 | |
parent | 385f9691c46811e5e04626ef879bf7061a4009ed (diff) |
zdb: segfault in dump_bpobj_subobjs()
Avoid buffer overrun on all-zero bpobj subobjects by using signed
array index. Also fix the type cast on the printf() argument.
Signed-off-by: Tim Chase <[email protected]>
Signed-off-by: Brian Behlendorf <[email protected]>
Closes #3905
-rw-r--r-- | cmd/zdb/zdb.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/cmd/zdb/zdb.c b/cmd/zdb/zdb.c index 56f56700f..18378c4e6 100644 --- a/cmd/zdb/zdb.c +++ b/cmd/zdb/zdb.c @@ -469,7 +469,7 @@ static void dump_bpobj_subobjs(objset_t *os, uint64_t object, void *data, size_t size) { dmu_object_info_t doi; - uint64_t i; + int64_t i; VERIFY0(dmu_object_info(os, object, &doi)); uint64_t *subobjs = kmem_alloc(doi.doi_max_offset, KM_SLEEP); @@ -488,7 +488,7 @@ dump_bpobj_subobjs(objset_t *os, uint64_t object, void *data, size_t size) } for (i = 0; i <= last_nonzero; i++) { - (void) printf("\t%llu\n", (longlong_t)subobjs[i]); + (void) printf("\t%llu\n", (u_longlong_t)subobjs[i]); } kmem_free(subobjs, doi.doi_max_offset); } |