]> git.ipfire.org Git - thirdparty/grub.git/commitdiff
projects / thirdparty / grub.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 2464d43)
fs/zfs/zfs: Avoid pointer downcasting in dnode_get()
authorAlec Brown <alec.r.brown@oracle.com>
Mon, 17 Nov 2025 07:11:15 +0000 (07:11 +0000)
committerDaniel Kiper <daniel.kiper@oracle.com>
Tue, 18 Nov 2025 13:34:44 +0000 (14:34 +0100)
Coverity marks multiple issues in grub-core/fs/zfs/zfs.c as either "Untrusted
value as argument", "Untrusted pointer read", or "Untrusted loop bound". Each
of these issues share a common cause where Coverity finds that data->dnode_buf
gets tainted by dnbuf since it is downcasting from (void *) to (dnode_phys_t *)
and could imply that the data the pointer points to is tainted. However, the
function zio_read(), which reads this data from disk, sanitizes this data by
verifying its checksum. To resolve the issues for Coverity, setting dnbuf to
(dnode_phys_t *) at the start of the function dnode_get() seems to do the trick.

Fixes: CID 314020
Fixes: CID 896330
Fixes: CID 896331
Fixes: CID 896334
Fixes: CID 896336
Fixes: CID 896340
Fixes: CID 897337
Signed-off-by: Alec Brown <alec.r.brown@oracle.com>
Reviewed-by: Sudhakar Kuppusamy <sudhakar@linux.ibm.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
grub-core/fs/zfs/zfs.c patch | blob | blame | history

diff --git a/grub-core/fs/zfs/zfs.c b/grub-core/fs/zfs/zfs.c
index afe821f9b4bc78c1cf3e1f8b48ba14bd110cc4e7..83dfa6d526ec4258b9bfb6128f02ef1e63d3ae16 100644 (file)
--- a/grub-core/fs/zfs/zfs.c
+++ b/grub-core/fs/zfs/zfs.c
@@ -2743,7 +2743,7 @@ dnode_get (dnode_end_t * mdn, grub_uint64_t objnum, grub_uint8_t type,
   grub_uint64_t blkid, blksz;  /* the block id this object dnode is in */
   int epbs;                    /* shift of number of dnodes in a block */
   int idx;                     /* index within a block */
-  void *dnbuf;
+  dnode_phys_t *dnbuf;
   grub_err_t err;
   grub_zfs_endian_t endian;
 
@@ -2773,7 +2773,7 @@ dnode_get (dnode_end_t * mdn, grub_uint64_t objnum, grub_uint8_t type,
 
   grub_dprintf ("zfs", "endian = %d, blkid=%llx\n", mdn->endian,
                (unsigned long long) blkid);
-  err = dmu_read (mdn, blkid, &dnbuf, &endian, data);
+  err = dmu_read (mdn, blkid, (void **) &dnbuf, &endian, data);
   if (err)
     return err;
   grub_dprintf ("zfs", "alive\n");
@@ -2795,7 +2795,7 @@ dnode_get (dnode_end_t * mdn, grub_uint64_t objnum, grub_uint8_t type,
       data->dnode_endian = endian;
     }
 
-  grub_memmove (&(buf->dn), (dnode_phys_t *) dnbuf + idx, DNODE_SIZE);
+  grub_memmove (&(buf->dn), dnbuf + idx, DNODE_SIZE);
   if (data->dnode_buf == 0)
          /* dnbuf not used anymore if data->dnode_mdn malloc failed */
          grub_free (dnbuf);
Mirror of https://git.savannah.gnu.org/git/grub.git