From 2e08df84d8649439e5e9ed39ea13d4b755ee97c9 Mon Sep 17 00:00:00 2001 From: Richard Yao Date: Thu, 27 Oct 2022 15:41:39 -0400 Subject: [PATCH] Cleanup dump_bookmarks() Assertions are meant to check assumptions, but the way that this assertion is written does not check an assumption, since it is provably always true. Removing the assertion will cause a compiler warning (made into an error by -Werror) about printing up to 512 bytes to a 256-byte buffer, so instead, we change the assertion to verify the assumption that we never do a snprintf() that is truncated to avoid overrunning the 256-byte buffer. This was caught by an audit of the codebase to look for misuse of `snprintf()` after CodeQL reported that we had misused `snprintf()`. An explanation of how snprintf() can be misused is here: https://www.redhat.com/en/blog/trouble-snprintf This particular instance did not misuse `snprintf()`, but it was caught by the audit anyway. Reviewed-by: Brian Behlendorf Signed-off-by: Richard Yao Closes #14098 --- cmd/zdb/zdb.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/cmd/zdb/zdb.c b/cmd/zdb/zdb.c index d626d08244..d19eb71f0f 100644 --- a/cmd/zdb/zdb.c +++ b/cmd/zdb/zdb.c @@ -2858,9 +2858,11 @@ dump_bookmarks(objset_t *os, int verbosity) zap_cursor_advance(&zc)) { char osname[ZFS_MAX_DATASET_NAME_LEN]; char buf[ZFS_MAX_DATASET_NAME_LEN]; + int len; dmu_objset_name(os, osname); - VERIFY3S(0, <=, snprintf(buf, sizeof (buf), "%s#%s", osname, - attr.za_name)); + len = snprintf(buf, sizeof (buf), "%s#%s", osname, + attr.za_name); + VERIFY3S(len, <, ZFS_MAX_DATASET_NAME_LEN); (void) dump_bookmark(dp, buf, verbosity >= 5, verbosity >= 6); } zap_cursor_fini(&zc);