From owner-freebsd-bugs@freebsd.org Sun Jan 14 17:48:21 2018 Return-Path: Delivered-To: freebsd-bugs@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 14A19E7CD3B for ; Sun, 14 Jan 2018 17:48:21 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.ysv.freebsd.org (mxrelay.ysv.freebsd.org [IPv6:2001:1900:2254:206a::19:3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mxrelay.ysv.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id ED3951B6C for ; Sun, 14 Jan 2018 17:48:20 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.ysv.freebsd.org (Postfix) with ESMTPS id C9FA911829 for ; Sun, 14 Jan 2018 17:48:20 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id w0EHmKuD036905 for ; Sun, 14 Jan 2018 17:48:20 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id w0EHmK7p036904 for freebsd-bugs@FreeBSD.org; Sun, 14 Jan 2018 17:48:20 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: freebsd-bugs@FreeBSD.org Subject: [Bug 225162] Source file zfs_acl.c, function zfs_aclset_common contains a use after end of the lifetime of a local variable Date: Sun, 14 Jan 2018 17:48:20 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: new X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: CURRENT X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: msl0000023508@gmail.com X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: freebsd-bugs@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: bug_id short_desc product version rep_platform op_sys bug_status bug_severity priority component assigned_to reporter attachments.created Message-ID: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-bugs@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: Bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 14 Jan 2018 17:48:21 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D225162 Bug ID: 225162 Summary: Source file zfs_acl.c, function zfs_aclset_common contains a use after end of the lifetime of a local variable Product: Base System Version: CURRENT Hardware: Any OS: Any Status: New Severity: Affects Only Me Priority: --- Component: kern Assignee: freebsd-bugs@FreeBSD.org Reporter: msl0000023508@gmail.com Created attachment 189714 --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=3D189714&action= =3Dedit Patch Source file https://svnweb.freebsd.org/base/head/sys/cddl/contrib/opensolaris/uts/commo= n/fs/zfs/zfs_acl.c (latest version r323491 at this time), line 1220, in function zfs_aclset_co= mmon have a local variable definition "zfs_acl_phys_t acl_phys;". At line 1297, = the pointer to this variable (&acl_phys) is stored into the array "bulk"; then = the current code block and the lifetime of "acl_phys" is ended after this, but "bulk" is still got used at line 1314. This code resulted in undefined behavior, meaning this bug may not be gener= ally noticeable. In my test, the clang 3.4.1 on FreeBSD 10.3 amd64 won't trigger wrong behavior; however gcc 4.7 4.8 4.9 at any optimization level (except "-O0") will resulting a buggy behavior which showing to the user as: [WHR@kmod-test /testpool]$ mkdir 35 [WHR@kmod-test /testpool]$ cd 35 -bash: cd: 35: Permission denied Due the ACL is failed to store. The attached patch will fix this bug by moving the definition of "acl_phys"= to the top block of the function, thus its lifetime will cover the whole funct= ion. --=20 You are receiving this mail because: You are the assignee for the bug.=