From 803fec5fdfcef4e09e6f86928974188ec59c3f62 Mon Sep 17 00:00:00 2001 From: Diane Bruce Date: Mon, 11 Jun 2018 19:12:50 +0000 Subject: [PATCH] Large file systems with inodes > 512K have been silently overflowing c_addr in spcl. So check before we start dumping otherwise we can end up with a corrupted dump. PR: 228807 Submitted by: db Reviewed by: imp Approved by: imp --- sbin/dump/main.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/sbin/dump/main.c b/sbin/dump/main.c index a7123fb96de3..cab9662c5918 100644 --- a/sbin/dump/main.c +++ b/sbin/dump/main.c @@ -103,6 +103,7 @@ main(int argc, char *argv[]) int i, ret, anydirskipped, bflag = 0, Tflag = 0, honorlevel = 1; int just_estimate = 0; ino_t maxino; + int c_count=0; char *tmsg; spcl.c_date = _time_to_time64(time(NULL)); @@ -433,7 +434,6 @@ main(int argc, char *argv[]) msgtail("to %s\n", tape); sync(); - sblock = NULL; if ((ret = sbget(diskfd, &sblock, -1)) != 0) { switch (ret) { case ENOENT: @@ -453,6 +453,9 @@ main(int argc, char *argv[]) quit("TP_BSIZE (%d) is not a power of 2", TP_BSIZE); maxino = sblock->fs_ipg * sblock->fs_ncg; mapsize = roundup(howmany(maxino, CHAR_BIT), TP_BSIZE); + c_count = howmany(mapsize * sizeof(char), TP_BSIZE); + if (c_count > TP_NINDIR) + quit("fs is too large for dump!"); usedinomap = (char *)calloc((unsigned) mapsize, sizeof(char)); dumpdirmap = (char *)calloc((unsigned) mapsize, sizeof(char)); dumpinomap = (char *)calloc((unsigned) mapsize, sizeof(char));