NetBSD-Bugs archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: kern/57024: panic: solaris assert: arc_decompress(buf) == 0 (0x5 == 0x0), f ile: /home/riastradh/netbsd/current/src/sys/../external/cddl/osnet/dist/uts/common/fs/zfs/arc.c, line: 4962
The following reply was made to PR kern/57024; it has been noted by GNATS.
From: Patrick Welche <prlw1%talktalk.net@localhost>
To: gnats-bugs%netbsd.org@localhost
Cc:
Subject: Re: kern/57024: panic: solaris assert: arc_decompress(buf) == 0 (0x5
== 0x0), f ile:
/home/riastradh/netbsd/current/src/sys/../external/cddl/osnet/dist/uts/common/fs/zfs/arc.c,
line: 4962
Date: Sun, 25 Sep 2022 08:41:58 +0100
On Sun, Sep 25, 2022 at 07:15:01AM +0000, campbell+netbsd%mumble.net@localhost wrote:
> If I feed this into just the lz4_decompress logic of zfs (copied & pasted from
> http://cvsweb.netbsd.org/bsdweb.cgi/src/external/cddl/osnet/dist/uts/common/fs/zfs/lz4.c?rev=1.2&content-type=text/x-cvsweb-markup&only_with_tag=MAIN),
> the point at which it fails is:
>
> LZ4_SECURECOPY(ref, op, (oend - COPYLENGTH));
> while (op < cpy)
> *op++ = *ref++;
> op = cpy;
> if (op == oend)
> /*
> * Check EOF (should never happen, since
> * last 5 bytes are supposed to be literals)
> */
> goto _output_error;
Just took a quick a look at
https://github.com/openzfs/zfs/blob/master/module/zfs/lz4.c
and see they added
@@ -978,6 +982,13 @@ LZ4_uncompress_unknownOutputSize(const char *source, char *dest, int isize,
* destination buffer
*/
goto _output_error;
+#if LZ4_ARCH64
+ if ((ref + COPYLENGTH) > oend)
+#else
+ if ((ref + COPYLENGTH) > oend ||
+ (op + COPYLENGTH) > oend)
+#endif
+ goto _output_error;
LZ4_SECURECOPY(ref, op, (oend - COPYLENGTH));
while (op < cpy)
*op++ = *ref++;
in commit f871ab6ea2dd (and then later replaced the whole lot with
"upstream" lz4). No idea if relevant?
Home |
Main Index |
Thread Index |
Old Index