system/freebsd-src
system/freebsd-src
1
0
Fork 0
mirror of https://github.com/freebsd/freebsd-src synced 2024-10-18 22:33:39 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fix out of bounds write causing random panics,

Browse source 
uncovered by the change in r230256

Reviewed by:	pluknet@
MFC after:	3 days
This commit is contained in:
Martin Matuska 2012-02-02 16:18:40 +00:00
parent 2121d8a585
commit 3ce26884ba
Notes: svn2git 2020-12-20 02:59:44 +00:00 
svn path=/head/; revision=230913
1 changed files with 3 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
sys/cddl/contrib/opensolaris/uts/common/fs/zfs/dnode.c
View file

@ -993,7 +993,7 @@ dnode_buf_pageout(dmu_buf_t *db, void *arg)
dnh->dnh_dnode = NULL;
}
kmem_free(children_dnodes, sizeof (dnode_children_t) +
(epb - 1) * sizeof (dnode_handle_t));
epb * sizeof (dnode_handle_t));
}
/*
@ -1078,7 +1078,7 @@ dnode_hold_impl(objset_t *os, uint64_t object, int flag,
int i;
dnode_children_t *winner;
children_dnodes = kmem_zalloc(sizeof (dnode_children_t) +
(epb - 1) * sizeof (dnode_handle_t), KM_SLEEP);
epb * sizeof (dnode_handle_t), KM_SLEEP);
children_dnodes->dnc_count = epb;
dnh = &children_dnodes->dnc_children[0];
for (i = 0; i < epb; i++) {
@ -1088,7 +1088,7 @@ dnode_hold_impl(objset_t *os, uint64_t object, int flag,
if (winner = dmu_buf_set_user(&db->db, children_dnodes, NULL,
dnode_buf_pageout)) {
kmem_free(children_dnodes, sizeof (dnode_children_t) +
(epb - 1) * sizeof (dnode_handle_t));
epb * sizeof (dnode_handle_t));
children_dnodes = winner;
}
}