Diffusion FreeBSD src repository aca19e063b51

Do not attempt access beyond the declared end of the dn_blkptr array
aca19e063b51
Actions

Description

Do not attempt access beyond the declared end of the dn_blkptr array

This loop in dmu_objset_write_ready():

for (i = 0; i < dnp->dn_nblkptr; i++)

		bp->blk_fill += dnp->dn_blkptr[i].blk_fill;

invokes _undefined behavior_ for the (common) case of dn_nblkptr=3,
therefore, the compiler is free to do whatever it wants (such as
optimizing it away, or otherwise messing up your expections).

The fix is to be honest about the array size.

Signed-off-by: Tim Chase <tim@chase2k.com>
Signed-off-by: Brian Behlendorf <behlendorf1@llnl.gov>
Closes #2511
Closes #2010

Details

Provenance

Jan Engelhardt <jengelh@inai.de>	Authored on Jul 18 2014, 6:00 PM
Brian Behlendorf <behlendorf1@llnl.gov>	Committed on Jul 22 2014, 4:55 PM

Parents

rG7a8f0e80eae9: zfs_trunc() should use dmu_tx_assign(tx, TXG_WAIT)

Branches

Unknown

Tags

Unknown

Event Timeline

Brian Behlendorf <behlendorf1@llnl.gov> committed rGaca19e063b51: Do not attempt access beyond the declared end of the dn_blkptr array (authored by Jan Engelhardt <jengelh@inai.de>).Jul 22 2014, 4:55 PM

Changes (1)

Path

Size

include/

sys/

dnode.h

rGaca19e063b51

View Options