Fix dereference after null check in enqueue_range

If the bp is NULL, we have a hole. However, when we build with assertions, we will dereference bp when `blkid == DMU_SPILL_BLKID`. When this happens on a hole, we will have a NULL pointer dereference. Reported-by: Coverity (CID-1524670) Signed-off-by: Richard Yao <[email protected]>
openzfs · Dec 4, 2022 · c769066 · c769066
1 parent 6869a26
commit c769066
Showing 1 changed file with 3 additions and 1 deletion.
diff --git a/module/zfs/dmu_send.c b/module/zfs/dmu_send.c
@@ -1712,8 +1712,10 @@ enqueue_range(struct send_reader_thread_arg *srta, bqueue_t *q, dnode_t *dn,
 	struct send_range *range = range_alloc(range_type, dn->dn_object,
 	    blkid, blkid + count, B_FALSE);
 
-	if (blkid == DMU_SPILL_BLKID)
+	if (blkid == DMU_SPILL_BLKID) {
+		ASSERT3P(bp, !=, NULL);
 		ASSERT3U(BP_GET_TYPE(bp), ==, DMU_OT_SA);
+	}
 
 	switch (range_type) {
 	case HOLE: