> On 17 Nov 2025, at 12:41 PM, Alec Brown via Grub-devel <[email protected]> > wrote: > > Coverity marks multiple issues in grub-core/fs/zfs/zfs.c as either "Untrusted > value as argument", "Untrusted pointer read", or "Untrusted loop bound". Each > of these issues share a common cause where Coverity finds that data->dnode_buf > gets tainted by dnbuf since it is downcasting from (void *) to (dnode_phys_t > *) > and could imply that the data the pointer points to is tainted. However, the > function zio_read(), which reads this data from disk, sanitizes this data by > verifying its checksum. To resolve the issues for Coverity, setting dnbuf to > (dnode_phys_t *) at the start of the function dnode_get() seems to do the > trick. > > Fixes: CID 896330 > Fixes: CID 896331 > Fixes: CID 896334 > Fixes: CID 896336 > Fixes: CID 897337 > Fixes: CID 896340 > Fixes: CID 314020 > > Signed-off-by: Alec Brown <[email protected]>
Reviewed-by: Sudhakar Kuppusamy <[email protected]> Thanks, Sudhakar > --- > grub-core/fs/zfs/zfs.c | 6 +++--- > 1 file changed, 3 insertions(+), 3 deletions(-) > > diff --git a/grub-core/fs/zfs/zfs.c b/grub-core/fs/zfs/zfs.c > index afe821f9b..83dfa6d52 100644 > --- a/grub-core/fs/zfs/zfs.c > +++ b/grub-core/fs/zfs/zfs.c > @@ -2743,7 +2743,7 @@ dnode_get (dnode_end_t * mdn, grub_uint64_t objnum, > grub_uint8_t type, > grub_uint64_t blkid, blksz; /* the block id this object dnode is in */ > int epbs; /* shift of number of dnodes in a block */ > int idx; /* index within a block */ > - void *dnbuf; > + dnode_phys_t *dnbuf; > grub_err_t err; > grub_zfs_endian_t endian; > > @@ -2773,7 +2773,7 @@ dnode_get (dnode_end_t * mdn, grub_uint64_t objnum, > grub_uint8_t type, > > grub_dprintf ("zfs", "endian = %d, blkid=%llx\n", mdn->endian, > (unsigned long long) blkid); > - err = dmu_read (mdn, blkid, &dnbuf, &endian, data); > + err = dmu_read (mdn, blkid, (void **) &dnbuf, &endian, data); > if (err) > return err; > grub_dprintf ("zfs", "alive\n"); > @@ -2795,7 +2795,7 @@ dnode_get (dnode_end_t * mdn, grub_uint64_t objnum, > grub_uint8_t type, > data->dnode_endian = endian; > } > > - grub_memmove (&(buf->dn), (dnode_phys_t *) dnbuf + idx, DNODE_SIZE); > + grub_memmove (&(buf->dn), dnbuf + idx, DNODE_SIZE); > if (data->dnode_buf == 0) > /* dnbuf not used anymore if data->dnode_mdn malloc failed */ > grub_free (dnbuf); > -- > 2.27.0 > > > _______________________________________________ > Grub-devel mailing list > [email protected] > https://lists.gnu.org/mailman/listinfo/grub-devel _______________________________________________ Grub-devel mailing list [email protected] https://lists.gnu.org/mailman/listinfo/grub-devel
