Source file zfs_acl.c, function zfs_aclset_common contains a use after end of the lifetime of a local variable
From FreeBSD PR:
Source file https://svnweb.freebsd.org/base/head/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/zfs_acl.c (latest version r323491 at this time), line 1220, in function zfs_aclset_common have a local variable definition "zfs_acl_phys_t acl_phys;". At line 1297, the pointer to this variable (&acl_phys) is stored into the array "bulk"; then the current code block and the lifetime of "acl_phys" is ended after this, but "bulk" is still got used at line 1314.
This code resulted in undefined behavior, meaning this bug may not be generally noticeable. In my test, the clang 3.4.1 on FreeBSD 10.3 amd64 won't trigger wrong behavior; however gcc 4.7 4.8 4.9 at any optimization level (except "-O0") will resulting a buggy behavior which showing to the user as:
[WHR@kmod-test /testpool]$ mkdir 35
[WHR@kmod-test /testpool]$ cd 35
-bash: cd: 35: Permission denied
Due the ACL is failed to store.
Updated by Electric Monk over 4 years ago
- Status changed from In Progress to Closed
- % Done changed from 50 to 100
commit 82693e09cc02331fa1b3b73b54b1060e73507a8d Author: WHR <firstname.lastname@example.org> Date: 2018-02-06T17:36:37.000Z 8966 Source file zfs_acl.c, function zfs_aclset_common contains a use after end of the lifetime of a local variable Reviewed by: Matt Ahrens <email@example.com> Reviewed by: Andriy Gapon <avg@FreeBSD.org> Approved by: Richard Lowe <firstname.lastname@example.org>