[Bug 225162] Source file zfs_acl.c, function zfs_aclset_common contains a use after end of the lifetime of a local variable
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Sun Jan 14 17:48:21 UTC 2018
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=225162
Bug ID: 225162
Summary: Source file zfs_acl.c, function zfs_aclset_common
contains a use after end of the lifetime of a local
variable
Product: Base System
Version: CURRENT
Hardware: Any
OS: Any
Status: New
Severity: Affects Only Me
Priority: ---
Component: kern
Assignee: freebsd-bugs at FreeBSD.org
Reporter: msl0000023508 at gmail.com
Created attachment 189714
--> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=189714&action=edit
Patch
Source file
https://svnweb.freebsd.org/base/head/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/zfs_acl.c
(latest version r323491 at this time), line 1220, in function zfs_aclset_common
have a local variable definition "zfs_acl_phys_t acl_phys;". At line 1297, the
pointer to this variable (&acl_phys) is stored into the array "bulk"; then the
current code block and the lifetime of "acl_phys" is ended after this, but
"bulk" is still got used at line 1314.
This code resulted in undefined behavior, meaning this bug may not be generally
noticeable. In my test, the clang 3.4.1 on FreeBSD 10.3 amd64 won't trigger
wrong behavior; however gcc 4.7 4.8 4.9 at any optimization level (except
"-O0") will resulting a buggy behavior which showing to the user as:
[WHR at kmod-test /testpool]$ mkdir 35
[WHR at kmod-test /testpool]$ cd 35
-bash: cd: 35: Permission denied
Due the ACL is failed to store.
The attached patch will fix this bug by moving the definition of "acl_phys" to
the top block of the function, thus its lifetime will cover the whole function.
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the freebsd-bugs
mailing list