]> granicus.if.org Git - zfs/commitdiff
Fix integer overflow in get_next_chunk()
authormadz <olivier.mazouffre@ims-bordeaux.fr>
Wed, 29 May 2019 17:17:25 +0000 (19:17 +0200)
committerBrian Behlendorf <behlendorf1@llnl.gov>
Wed, 29 May 2019 17:17:25 +0000 (10:17 -0700)
dn->dn_datablksz type is uint32_t and need to be casted to uint64_t
to avoid an overflow when the record size is greater than 4 MiB.

Reviewed-by: Tom Caputi <tcaputi@datto.com>
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Signed-off-by: Olivier Mazouffre <olivier.mazouffre@ims-bordeaux.fr>
Closes #8778
Closes #8797

module/zfs/dmu.c

index 1697a632078eee50c6381ad5c98794d12c0fccd2..a283b0622384d736684b810a2e0f244ce3aee4b7 100644 (file)
@@ -719,8 +719,8 @@ get_next_chunk(dnode_t *dn, uint64_t *start, uint64_t minimum, uint64_t *l1blks)
        uint64_t blks;
        uint64_t maxblks = DMU_MAX_ACCESS >> (dn->dn_indblkshift + 1);
        /* bytes of data covered by a level-1 indirect block */
-       uint64_t iblkrange =
-           dn->dn_datablksz * EPB(dn->dn_indblkshift, SPA_BLKPTRSHIFT);
+       uint64_t iblkrange = (uint64_t)dn->dn_datablksz *
+           EPB(dn->dn_indblkshift, SPA_BLKPTRSHIFT);
 
        ASSERT3U(minimum, <=, *start);