From: madz Date: Wed, 29 May 2019 17:17:25 +0000 (+0200) Subject: Fix integer overflow in get_next_chunk() X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=ec4afd27f198d93a7bd32a05cb288708ba754ada;p=zfs Fix integer overflow in get_next_chunk() dn->dn_datablksz type is uint32_t and need to be casted to uint64_t to avoid an overflow when the record size is greater than 4 MiB. Reviewed-by: Tom Caputi Reviewed-by: Brian Behlendorf Signed-off-by: Olivier Mazouffre Closes #8778 Closes #8797 --- diff --git a/module/zfs/dmu.c b/module/zfs/dmu.c index 1697a6320..a283b0622 100644 --- a/module/zfs/dmu.c +++ b/module/zfs/dmu.c @@ -719,8 +719,8 @@ get_next_chunk(dnode_t *dn, uint64_t *start, uint64_t minimum, uint64_t *l1blks) uint64_t blks; uint64_t maxblks = DMU_MAX_ACCESS >> (dn->dn_indblkshift + 1); /* bytes of data covered by a level-1 indirect block */ - uint64_t iblkrange = - dn->dn_datablksz * EPB(dn->dn_indblkshift, SPA_BLKPTRSHIFT); + uint64_t iblkrange = (uint64_t)dn->dn_datablksz * + EPB(dn->dn_indblkshift, SPA_BLKPTRSHIFT); ASSERT3U(minimum, <=, *start);