From 2986b3fd2587b1da5b6047a5c0b6bbb0b6d9c47e Mon Sep 17 00:00:00 2001 From: Tim Chase Date: Fri, 9 Oct 2015 13:28:12 -0500 Subject: [PATCH] zdb: segfault in dump_bpobj_subobjs() Avoid buffer overrun on all-zero bpobj subobjects by using signed array index. Also fix the type cast on the printf() argument. Signed-off-by: Tim Chase Signed-off-by: Brian Behlendorf Closes #3905 --- cmd/zdb/zdb.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/cmd/zdb/zdb.c b/cmd/zdb/zdb.c index 56f56700fc..18378c4e6b 100644 --- a/cmd/zdb/zdb.c +++ b/cmd/zdb/zdb.c @@ -469,7 +469,7 @@ static void dump_bpobj_subobjs(objset_t *os, uint64_t object, void *data, size_t size) { dmu_object_info_t doi; - uint64_t i; + int64_t i; VERIFY0(dmu_object_info(os, object, &doi)); uint64_t *subobjs = kmem_alloc(doi.doi_max_offset, KM_SLEEP); @@ -488,7 +488,7 @@ dump_bpobj_subobjs(objset_t *os, uint64_t object, void *data, size_t size) } for (i = 0; i <= last_nonzero; i++) { - (void) printf("\t%llu\n", (longlong_t)subobjs[i]); + (void) printf("\t%llu\n", (u_longlong_t)subobjs[i]); } kmem_free(subobjs, doi.doi_max_offset); }