Fix dereference after null check in enqueue_range

If the bp is NULL, we have a hole. However, when we build with
assertions, we will dereference bp when `blkid == DMU_SPILL_BLKID`. When
this happens on a hole, we will have a NULL pointer dereference.

Reported-by: Coverity (CID-1524670)
Reviewed-by: Damian Szuberski <szuberskidamian@gmail.com>
Reviewed-by: Alexander Motin <mav@FreeBSD.org>
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Signed-off-by: Richard Yao <richard.yao@alumni.stonybrook.edu>
Closes #14264

diff --git a/module/zfs/dmu_send.c b/module/zfs/dmu_send.c
index fbf19d5c33729545093cfbf47753c143c7011f24..5ce2478e5611cf446266c6e5e3bb95b0c7c54fe7 100644 (file)
--- a/module/zfs/dmu_send.c
+++ b/module/zfs/dmu_send.c
@@ -1712,8 +1712,10 @@ enqueue_range(struct send_reader_thread_arg *srta, bqueue_t *q, dnode_t *dn,
        struct send_range *range = range_alloc(range_type, dn->dn_object,
            blkid, blkid + count, B_FALSE);
 
-       if (blkid == DMU_SPILL_BLKID)
+       if (blkid == DMU_SPILL_BLKID) {
+               ASSERT3P(bp, !=, NULL);
                ASSERT3U(BP_GET_TYPE(bp), ==, DMU_OT_SA);
+       }
 
        switch (range_type) {
        case HOLE: