Added fix for zpool get state segfaults with two or more vdevs (#15972). (#17213)

The problem was identified in handling of the zpool get state command
line arguments. A pointer vdev was used to point to the argv[1], and
its address set to cb.cb_vdevs.cb_names(pointer to array of strings)
so any increment to cb_names resulted in a segfault. Fix covers a
special case of root parameter at argv[1] and remaining cases are
handled by passing in the argv + 1, which allows cb_names iteration
of next command line arguments (vdevs).

Reviewed-by: Tony Hutter <hutter2@llnl.gov>
Reviewed-by: Attila Fülöp <attila@fueloep.org>

Signed-off-by: Syed Shahrukh Hussain <syed.shahrukh@ossrevival.org>
This commit is contained in:
Syed Shahrukh Hussain 2025-04-05 03:34:38 +05:00 committed by GitHub
parent b14b3e3985
commit 78a7c78bdf
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194

View File

@ -12747,11 +12747,13 @@ found:
if (strcmp(argv[1], "root") == 0)
vdev = strdup("root-0");
else
vdev = strdup(argv[1]);
/* ... and the rest are vdev names */
cb.cb_vdevs.cb_names = &vdev;
if (vdev == NULL)
cb.cb_vdevs.cb_names = argv + 1;
else
cb.cb_vdevs.cb_names = &vdev;
cb.cb_vdevs.cb_names_count = argc - 1;
cb.cb_type = ZFS_TYPE_VDEV;
argc = 1; /* One pool to process */