Fix dereference after null check in enqueue_range
If the bp is NULL, we have a hole. However, when we build with assertions, we will dereference bp when `blkid == DMU_SPILL_BLKID`. When this happens on a hole, we will have a NULL pointer dereference. Reported-by: Coverity (CID-1524670) Reviewed-by: Damian Szuberski <szuberskidamian@gmail.com> Reviewed-by: Alexander Motin <mav@FreeBSD.org> Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov> Signed-off-by: Richard Yao <richard.yao@alumni.stonybrook.edu> Closes #14264
This commit is contained in:
parent
e23ed1b330
commit
24a6d8316a
|
@ -1714,8 +1714,10 @@ enqueue_range(struct send_reader_thread_arg *srta, bqueue_t *q, dnode_t *dn,
|
||||||
struct send_range *range = range_alloc(range_type, dn->dn_object,
|
struct send_range *range = range_alloc(range_type, dn->dn_object,
|
||||||
blkid, blkid + count, B_FALSE);
|
blkid, blkid + count, B_FALSE);
|
||||||
|
|
||||||
if (blkid == DMU_SPILL_BLKID)
|
if (blkid == DMU_SPILL_BLKID) {
|
||||||
|
ASSERT3P(bp, !=, NULL);
|
||||||
ASSERT3U(BP_GET_TYPE(bp), ==, DMU_OT_SA);
|
ASSERT3U(BP_GET_TYPE(bp), ==, DMU_OT_SA);
|
||||||
|
}
|
||||||
|
|
||||||
switch (range_type) {
|
switch (range_type) {
|
||||||
case HOLE:
|
case HOLE:
|
||||||
|
|
Loading…
Reference in New Issue