nvpair: Use flexible array member for nvpair name strings

Coverity reported possible out-of-bounds reads from doing `((char
*)(nvp) + sizeof (nvpair_t))` to get the nvpair name string. These were
initially marked as false positives, but since we are now using C99
flexible array members elsewhere, we could use them here too as cleanup
to make the code easier to understand.

Reviewed-by: Tino Reichardt <milky-zfs@mcmilk.de>
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Signed-off-by: Richard Yao <richard.yao@alumni.stonybrook.edu>
Reported-by: Coverity (CID-977165)
Reported-by: Coverity (CID-1524109)
Reported-by: Coverity (CID-1524642)
Closes #14612

diff --git a/include/sys/nvpair.h b/include/sys/nvpair.h
index 33eda9be10e8e70e708c6e14eccf646553fee30e..2dbd9e3eaf4667d3c07a55defaefc6880b4d1bd6 100644 (file)
--- a/include/sys/nvpair.h
+++ b/include/sys/nvpair.h
@@ -76,7 +76,7 @@ typedef struct nvpair {
        int16_t nvp_reserve;    /* not used */
        int32_t nvp_value_elem; /* number of elements for array types */
        data_type_t nvp_type;   /* type of value */
-       /* name string */
+       char    nvp_name[];     /* name string */
        /* aligned ptr array for string arrays */
        /* aligned array of data for value */
 } nvpair_t;
@@ -109,7 +109,7 @@ typedef struct nvlist {
 #define        NV_ALIGN4(x)            (((x) + 3) & ~3)
 
 #define        NVP_SIZE(nvp)           ((nvp)->nvp_size)
-#define        NVP_NAME(nvp)           ((char *)(nvp) + sizeof (nvpair_t))
+#define        NVP_NAME(nvp)           ((nvp)->nvp_name)
 #define        NVP_TYPE(nvp)           ((nvp)->nvp_type)
 #define        NVP_NELEM(nvp)          ((nvp)->nvp_value_elem)
 #define        NVP_VALUE(nvp)          ((char *)(nvp) + NV_ALIGN(sizeof (nvpair_t) \