summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorTim Chase <[email protected]>2015-10-09 13:28:12 -0500
committerBrian Behlendorf <[email protected]>2015-10-13 09:56:51 -0700
commit2986b3fd2587b1da5b6047a5c0b6bbb0b6d9c47e (patch)
tree40177ac5ab8fbd77702ba54c82d23f2ab4c388f8
parent385f9691c46811e5e04626ef879bf7061a4009ed (diff)
zdb: segfault in dump_bpobj_subobjs()
Avoid buffer overrun on all-zero bpobj subobjects by using signed array index. Also fix the type cast on the printf() argument. Signed-off-by: Tim Chase <[email protected]> Signed-off-by: Brian Behlendorf <[email protected]> Closes #3905
-rw-r--r--cmd/zdb/zdb.c4
1 files changed, 2 insertions, 2 deletions
diff --git a/cmd/zdb/zdb.c b/cmd/zdb/zdb.c
index 56f56700f..18378c4e6 100644
--- a/cmd/zdb/zdb.c
+++ b/cmd/zdb/zdb.c
@@ -469,7 +469,7 @@ static void
dump_bpobj_subobjs(objset_t *os, uint64_t object, void *data, size_t size)
{
dmu_object_info_t doi;
- uint64_t i;
+ int64_t i;
VERIFY0(dmu_object_info(os, object, &doi));
uint64_t *subobjs = kmem_alloc(doi.doi_max_offset, KM_SLEEP);
@@ -488,7 +488,7 @@ dump_bpobj_subobjs(objset_t *os, uint64_t object, void *data, size_t size)
}
for (i = 0; i <= last_nonzero; i++) {
- (void) printf("\t%llu\n", (longlong_t)subobjs[i]);
+ (void) printf("\t%llu\n", (u_longlong_t)subobjs[i]);
}
kmem_free(subobjs, doi.doi_max_offset);
}