Archive-Team
/
zfs
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 103 Wiki Activity

Avoid undefined shift overflow in fzap_cursor_retrieve() 

Avoid calculating (1<<64) if lh_prefix_len == 0. Semantics of the method remain
the same.

Assert (lh_prefix_len > 0) in zap_expand_leaf() to detect possibly the same
problem.

Issue #4883

Signed-off-by: Gvozden Neskovic <neskovic@gmail.com>
This commit is contained in:
Gvozden Neskovic 2016-09-02 15:10:34 +02:00 committed by Brian Behlendorf
parent 4ca9c1de12
commit 6ca636a152
1 changed files with 17 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
module/zfs/zap.c
View File

@ -693,6 +693,8 @@ zap_expand_leaf(zap_name_t *zn, zap_leaf_t *l,
ASSERT0(err); /* we checked for i/o errors above */ ASSERT0(err); /* we checked for i/o errors above */
} }
ASSERT3U(zap_leaf_phys(l)->l_hdr.lh_prefix_len, >, 0);
if (hash & (1ULL << (64 - zap_leaf_phys(l)->l_hdr.lh_prefix_len))) { if (hash & (1ULL << (64 - zap_leaf_phys(l)->l_hdr.lh_prefix_len))) {
/* we want the sibling */ /* we want the sibling */
zap_put_leaf(l); zap_put_leaf(l);
@ -1230,17 +1232,23 @@ again:
err = zap_leaf_lookup_closest(l, zc->zc_hash, zc->zc_cd, &zeh); err = zap_leaf_lookup_closest(l, zc->zc_hash, zc->zc_cd, &zeh);
if (err == ENOENT) { if (err == ENOENT) {
uint64_t nocare = if (zap_leaf_phys(l)->l_hdr.lh_prefix_len == 0) {
(1ULL << (64 - zap_leaf_phys(l)->l_hdr.lh_prefix_len)) - 1;
zc->zc_hash = (zc->zc_hash & ~nocare) + nocare + 1;
zc->zc_cd = 0;
if (zap_leaf_phys(l)->l_hdr.lh_prefix_len == 0 ||
zc->zc_hash == 0) {
zc->zc_hash = -1ULL; zc->zc_hash = -1ULL;
zc->zc_cd = 0;
} else { } else {
zap_put_leaf(zc->zc_leaf); uint64_t nocare = (1ULL <<
zc->zc_leaf = NULL; (64 - zap_leaf_phys(l)->l_hdr.lh_prefix_len)) - 1;
goto again;
zc->zc_hash = (zc->zc_hash & ~nocare) + nocare + 1;
zc->zc_cd = 0;
if (zc->zc_hash == 0) {
zc->zc_hash = -1ULL;
} else {
zap_put_leaf(zc->zc_leaf);
zc->zc_leaf = NULL;
goto again;
}
} }
} }