Fix too few arguments to formatting function
CodeQL reported that when the VERIFY3U condition is false, we do not pass enough arguments to `spl_panic()`. This is because the format string from `snprintf()` was concatenated into the format string for `spl_panic()`, which causes us to have an unexpected format specifier. A CodeQL developer suggested fixing the macro to have a `%s` format string that takes a stringified RIGHT argument, which would fix this. However, upon inspection, the VERIFY3U check was never necessary in the first place, so we remove it in favor of just calling `snprintf()`. Lastly, it is interesting that every other static analyzer run on the codebase did not catch this, including some that made an effort to catch such things. Presumably, all of them relied on header annotations, which we have not yet done on `spl_panic()`. CodeQL apparently is able to track the flow of arguments on their way to annotated functions, which llowed it to catch this when others did not. A future patch that I have in development should annotate `spl_panic()`, so the others will catch this too. Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov> Signed-off-by: Richard Yao <richard.yao@alumni.stonybrook.edu> Closes #14098
This commit is contained in:
parent
52e658edd7
commit
e9a8fb17b5
|
@ -277,9 +277,9 @@ zcp_table_to_nvlist(lua_State *state, int index, int depth)
|
||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
case LUA_TNUMBER:
|
case LUA_TNUMBER:
|
||||||
VERIFY3U(sizeof (buf), >,
|
(void) snprintf(buf, sizeof (buf), "%lld",
|
||||||
snprintf(buf, sizeof (buf), "%lld",
|
(longlong_t)lua_tonumber(state, -2));
|
||||||
(longlong_t)lua_tonumber(state, -2)));
|
|
||||||
key = buf;
|
key = buf;
|
||||||
if (saw_str_could_collide) {
|
if (saw_str_could_collide) {
|
||||||
key_could_collide = B_TRUE;
|
key_could_collide = B_TRUE;
|
||||||
|
|
Loading…
Reference in New Issue