]> granicus.if.org Git - zfs/commit
Do not attempt access beyond the declared end of the dn_blkptr array
authorJan Engelhardt <jengelh@inai.de>
Fri, 18 Jul 2014 18:00:27 +0000 (20:00 +0200)
committerBrian Behlendorf <behlendorf1@llnl.gov>
Tue, 22 Jul 2014 16:55:37 +0000 (09:55 -0700)
commitaca19e063b5126aab797f5739faaf3ddc82bd587
tree3baaf2f237d1978a106bb29cc17759c37fc58787
parent7a8f0e80eae9053ebe6a3c5ce5f3360e8df8de2f
Do not attempt access beyond the declared end of the dn_blkptr array

This loop in dmu_objset_write_ready():

for (i = 0; i < dnp->dn_nblkptr; i++)
bp->blk_fill += dnp->dn_blkptr[i].blk_fill;

invokes _undefined behavior_ for the (common) case of dn_nblkptr=3,
therefore, the compiler is free to do whatever it wants (such as
optimizing it away, or otherwise messing up your expections).

The fix is to be honest about the array size.

Signed-off-by: Tim Chase <tim@chase2k.com>
Signed-off-by: Brian Behlendorf <behlendorf1@llnl.gov>
Closes #2511
Closes #2010
include/sys/dnode.h