Cleanup dump_bookmarks()

Assertions are meant to check assumptions, but the way that this
assertion is written does not check an assumption, since it is provably
always true. Removing the assertion will cause a compiler warning (made
into an error by -Werror) about printing up to 512 bytes to a 256-byte
buffer, so instead, we change the assertion to verify the assumption
that we never do a snprintf() that is truncated to avoid overrunning the
256-byte buffer.

This was caught by an audit of the codebase to look for misuse of
`snprintf()` after CodeQL reported that we had misused `snprintf()`. An
explanation of how snprintf() can be misused is here:

https://www.redhat.com/en/blog/trouble-snprintf

This particular instance did not misuse `snprintf()`, but it was caught
by the audit anyway.

Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Signed-off-by: Richard Yao <richard.yao@alumni.stonybrook.edu>
Closes #14098

diff --git a/cmd/zdb/zdb.c b/cmd/zdb/zdb.c
index d626d082440f6b0b087b20eed8dc0d87dac6c21d..d19eb71f0f697eaace55baed73d0d22482d5030d 100644 (file)
--- a/cmd/zdb/zdb.c
+++ b/cmd/zdb/zdb.c
@@ -2858,9 +2858,11 @@ dump_bookmarks(objset_t *os, int verbosity)
            zap_cursor_advance(&zc)) {
                char osname[ZFS_MAX_DATASET_NAME_LEN];
                char buf[ZFS_MAX_DATASET_NAME_LEN];
+               int len;
                dmu_objset_name(os, osname);
-               VERIFY3S(0, <=, snprintf(buf, sizeof (buf), "%s#%s", osname,
-                   attr.za_name));
+               len = snprintf(buf, sizeof (buf), "%s#%s", osname,
+                   attr.za_name);
+               VERIFY3S(len, <, ZFS_MAX_DATASET_NAME_LEN);
                (void) dump_bookmark(dp, buf, verbosity >= 5, verbosity >= 6);
        }
        zap_cursor_fini(&zc);