From 5cf3c24fd8ada1949959deb8d511eeda9bc54e5b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=D0=BD=D0=B0=D0=B1?= <nabijaczleweli@nabijaczleweli.xyz>
Date: Wed, 16 Feb 2022 15:29:01 +0100
Subject: [PATCH] libzfs: sendrecv: fix NULL arithmetic UB
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Reviewed-by: Alejandro Colomar <alx.manpages@gmail.com>
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Signed-off-by: Ahelenia Ziemiańska <nabijaczleweli@nabijaczleweli.xyz>
Closes #13110
---
 lib/libzfs/libzfs_sendrecv.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/lib/libzfs/libzfs_sendrecv.c b/lib/libzfs/libzfs_sendrecv.c
index 0f99d41e5..f6fee6074 100644
--- a/lib/libzfs/libzfs_sendrecv.c
+++ b/lib/libzfs/libzfs_sendrecv.c
@@ -294,11 +294,13 @@ send_iterate_snap(zfs_handle_t *zhp, void *arg)
 	uint64_t guid = zhp->zfs_dmustats.dds_guid;
 	uint64_t txg = zhp->zfs_dmustats.dds_creation_txg;
 	boolean_t isfromsnap, istosnap, istosnapwithnofrom;
-	char *snapname = strrchr(zhp->zfs_name, '@') + 1;
+	char *snapname;
 	const char *from = sd->fromsnap;
 	const char *to = sd->tosnap;
 
-	assert(snapname != (NULL + 1));
+	snapname = strrchr(zhp->zfs_name, '@');
+	assert(snapname != NULL);
+	++snapname;
 
 	isfromsnap = (from != NULL && strcmp(from, snapname) == 0);
 	istosnap = (to != NULL && strcmp(to, snapname) == 0);