From ec4afd27f198d93a7bd32a05cb288708ba754ada Mon Sep 17 00:00:00 2001
From: madz <olivier.mazouffre@ims-bordeaux.fr>
Date: Wed, 29 May 2019 19:17:25 +0200
Subject: [PATCH] Fix integer overflow in get_next_chunk()

dn->dn_datablksz type is uint32_t and need to be casted to uint64_t
to avoid an overflow when the record size is greater than 4 MiB.

Reviewed-by: Tom Caputi <tcaputi@datto.com>
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Signed-off-by: Olivier Mazouffre <olivier.mazouffre@ims-bordeaux.fr>
Closes #8778
Closes #8797
---
 module/zfs/dmu.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/module/zfs/dmu.c b/module/zfs/dmu.c
index 1697a6320..a283b0622 100644
--- a/module/zfs/dmu.c
+++ b/module/zfs/dmu.c
@@ -719,8 +719,8 @@ get_next_chunk(dnode_t *dn, uint64_t *start, uint64_t minimum, uint64_t *l1blks)
 	uint64_t blks;
 	uint64_t maxblks = DMU_MAX_ACCESS >> (dn->dn_indblkshift + 1);
 	/* bytes of data covered by a level-1 indirect block */
-	uint64_t iblkrange =
-	    dn->dn_datablksz * EPB(dn->dn_indblkshift, SPA_BLKPTRSHIFT);
+	uint64_t iblkrange = (uint64_t)dn->dn_datablksz *
+	    EPB(dn->dn_indblkshift, SPA_BLKPTRSHIFT);
 
 	ASSERT3U(minimum, <=, *start);
 
-- 
2.40.0