From a486cac359566467274bffef1fea367cb6120cbe Mon Sep 17 00:00:00 2001 From: Syed Shahrukh Hussain Date: Sat, 5 Apr 2025 03:34:38 +0500 Subject: [PATCH] Added fix for zpool get state segfaults with two or more vdevs (#15972). (#17213) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The problem was identified in handling of the zpool get state command line arguments. A pointer vdev was used to point to the argv[1], and its address set to cb.cb_vdevs.cb_names(pointer to array of strings) so any increment to cb_names resulted in a segfault. Fix covers a special case of root parameter at argv[1] and remaining cases are handled by passing in the argv + 1, which allows cb_names iteration of next command line arguments (vdevs). Reviewed-by: Tony Hutter Reviewed-by: Attila Fülöp Signed-off-by: Syed Shahrukh Hussain --- cmd/zpool/zpool_main.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/cmd/zpool/zpool_main.c b/cmd/zpool/zpool_main.c index f2c2c3f41..8eb7e35cf 100644 --- a/cmd/zpool/zpool_main.c +++ b/cmd/zpool/zpool_main.c @@ -12747,11 +12747,13 @@ found: if (strcmp(argv[1], "root") == 0) vdev = strdup("root-0"); - else - vdev = strdup(argv[1]); /* ... and the rest are vdev names */ - cb.cb_vdevs.cb_names = &vdev; + if (vdev == NULL) + cb.cb_vdevs.cb_names = argv + 1; + else + cb.cb_vdevs.cb_names = &vdev; + cb.cb_vdevs.cb_names_count = argc - 1; cb.cb_type = ZFS_TYPE_VDEV; argc = 1; /* One pool to process */