Fix NULL pointer dereference in dbuf_prefetch_indirect_done()

When ZFS is built with assertions, a prefetch is done on a redacted blkptr and `dpa->dpa_dnode` is NULL, we will have a NULL pointer dereference in `dbuf_prefetch_indirect_done()`. Both Coverity and Clang's Static Analyzer caught this. Reported-by: Coverity (CID 1524671) Reviewed-by: Brian Behlendorf <[email protected]> Reviewed-by: Ryan Moeller <[email protected]> Signed-off-by: Richard Yao <[email protected]> Closes #14210
author: Richard Yao <[email protected]> 2022-11-20 18:04:08 -0500
committer: Tony Hutter <[email protected]> 2022-12-01 12:39:44 -0800
commit: e48aaef89f3eba71da5ce6c12384348a698a5b29 (patch)
tree: 2cd8993505b642f40e55893e20cfee405e18e413 /module
parent: 0e3abd29945b6d6a4f89892445f4d85bcb1d1e92 (diff)
1 files changed, 2 insertions, 2 deletions
diff --git a/module/zfs/dbuf.c b/module/zfs/dbuf.c
index 7ecc2812b..53f5775c9 100644
--- a/module/zfs/dbuf.c
+++ b/module/zfs/dbuf.c
@@ -3300,10 +3300,10 @@ dbuf_prefetch_indirect_done(zio_t *zio, const zbookmark_phys_t *zb,
 	blkptr_t *bp = ((blkptr_t *)abuf->b_data) +
 	    P2PHASE(nextblkid, 1ULL << dpa->dpa_epbs);
 
-	ASSERT(!BP_IS_REDACTED(bp) ||
+	ASSERT(!BP_IS_REDACTED(bp) || (dpa->dpa_dnode &&
 	    dsl_dataset_feature_is_active(
 	    dpa->dpa_dnode->dn_objset->os_dsl_dataset,
-	    SPA_FEATURE_REDACTED_DATASETS));
+	    SPA_FEATURE_REDACTED_DATASETS)));
 	if (BP_IS_HOLE(bp) || BP_IS_REDACTED(bp)) {
 		dbuf_prefetch_fini(dpa, B_TRUE);
 	} else if (dpa->dpa_curlevel == dpa->dpa_zb.zb_level) {
author	Richard Yao <[email protected]>	2022-11-20 18:04:08 -0500
committer	Tony Hutter <[email protected]>	2022-12-01 12:39:44 -0800
commit	e48aaef89f3eba71da5ce6c12384348a698a5b29 (patch)
tree	2cd8993505b642f40e55893e20cfee405e18e413 /module
parent	0e3abd29945b6d6a4f89892445f4d85bcb1d1e92 (diff)