c/mirror_zfs
1
0
Fork 0
mirror of https://git.proxmox.com/git/mirror_zfs.git synced 2025-10-26 18:05:04 +03:00
Code Issues Packages Projects Releases Wiki Activity

Fix dereference after null check in enqueue_range

Browse Source 
If the bp is NULL, we have a hole. However, when we build with
assertions, we will dereference bp when `blkid == DMU_SPILL_BLKID`. When
this happens on a hole, we will have a NULL pointer dereference.

Reported-by: Coverity (CID-1524670)
Reviewed-by: Damian Szuberski <szuberskidamian@gmail.com>
Reviewed-by: Alexander Motin <mav@FreeBSD.org>
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Signed-off-by: Richard Yao <richard.yao@alumni.stonybrook.edu>
Closes #14264
This commit is contained in:
Richard Yao 2022-12-04 16:31:28 -05:00 committed by Tony Hutter
parent e23ed1b330
commit 24a6d8316a
1 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
module/zfs/dmu_send.c
View File

@ -1714,8 +1714,10 @@ enqueue_range(struct send_reader_thread_arg *srta, bqueue_t *q, dnode_t *dn,
struct send_range *range = range_alloc(range_type, dn->dn_object, struct send_range *range = range_alloc(range_type, dn->dn_object,
blkid, blkid + count, B_FALSE); blkid, blkid + count, B_FALSE);
if (blkid == DMU_SPILL_BLKID) if (blkid == DMU_SPILL_BLKID) {
ASSERT3P(bp, !=, NULL);
ASSERT3U(BP_GET_TYPE(bp), ==, DMU_OT_SA); ASSERT3U(BP_GET_TYPE(bp), ==, DMU_OT_SA);
}
switch (range_type) { switch (range_type) {
case HOLE: case HOLE: