From ced28193b06b3d93f404a5d67713c124731a2a0d Mon Sep 17 00:00:00 2001 From: Tobin Harding Date: Tue, 17 Oct 2017 09:32:48 +1100 Subject: [PATCH] Fix coverity defects: 147480, 147584 CID 147480: Logically dead code (DEADCODE) Remove non-null check and subsequent function call. Add ASSERT to future proof the code. usage label is only jumped to before `zhp` is initialized. CID 147584: Out-of-bounds access (OVERRUN) Subtract length of current string from buffer length for `size` argument to `snprintf`. Starting address for the write is the start of the buffer + the current string length. We need to subtract this string length else risk a buffer overflow. Reviewed-by: Brian Behlendorf Signed-off-by: Tobin C. Harding Closes #6745 --- cmd/zdb/zdb.c | 8 ++++---- cmd/zfs/zfs_main.c | 3 +-- 2 files changed, 5 insertions(+), 6 deletions(-) diff --git a/cmd/zdb/zdb.c b/cmd/zdb/zdb.c index ae8d00f154..af34bd9ad5 100644 --- a/cmd/zdb/zdb.c +++ b/cmd/zdb/zdb.c @@ -2001,13 +2001,13 @@ dump_object(objset_t *os, uint64_t object, int verbosity, int *print_header, aux[0] = '\0'; if (doi.doi_checksum != ZIO_CHECKSUM_INHERIT || verbosity >= 6) { - (void) snprintf(aux + strlen(aux), sizeof (aux), " (K=%s)", - ZDB_CHECKSUM_NAME(doi.doi_checksum)); + (void) snprintf(aux + strlen(aux), sizeof (aux) - strlen(aux), + " (K=%s)", ZDB_CHECKSUM_NAME(doi.doi_checksum)); } if (doi.doi_compress != ZIO_COMPRESS_INHERIT || verbosity >= 6) { - (void) snprintf(aux + strlen(aux), sizeof (aux), " (Z=%s)", - ZDB_COMPRESS_NAME(doi.doi_compress)); + (void) snprintf(aux + strlen(aux), sizeof (aux) - strlen(aux), + " (Z=%s)", ZDB_COMPRESS_NAME(doi.doi_compress)); } (void) printf("%10lld %3u %5s %5s %5s %6s %5s %6s %s%s\n", diff --git a/cmd/zfs/zfs_main.c b/cmd/zfs/zfs_main.c index b9b53f22b5..26096e1152 100644 --- a/cmd/zfs/zfs_main.c +++ b/cmd/zfs/zfs_main.c @@ -785,8 +785,7 @@ zfs_do_clone(int argc, char **argv) return (!!ret); usage: - if (zhp) - zfs_close(zhp); + ASSERT3P(zhp, ==, NULL); nvlist_free(props); usage(B_FALSE); return (-1);