dmu_tx: Fix possible NULL pointer dereference

dmu_tx_hold_object_impl can return NULL on error.  Check for this
condition prior to dereferencing pointer.  This can only occur if
the passed object was invalid or unallocated.

Signed-off-by: Nathaniel Clark <Nathaniel.Clark@misrule.us>
Signed-off-by: Brian Behlendorf <behlendorf1@llnl.gov>
Closes #1610

diff --git a/module/zfs/dmu_tx.c b/module/zfs/dmu_tx.c
index b0dc64f..fd71413 100644 (file)
--- a/module/zfs/dmu_tx.c
+++ b/module/zfs/dmu_tx.c
@@ -773,12 +773,13 @@ void
 dmu_tx_hold_space(dmu_tx_t *tx, uint64_t space)
 {
        dmu_tx_hold_t *txh;
+
        ASSERT(tx->tx_txg == 0);
 
        txh = dmu_tx_hold_object_impl(tx, tx->tx_objset,
            DMU_NEW_OBJECT, THT_SPACE, space, 0);
-
-       txh->txh_space_towrite += space;
+       if (txh)
+               txh->txh_space_towrite += space;
 }
 
 int
@@ -1320,6 +1321,8 @@ dmu_tx_hold_spill(dmu_tx_t *tx, uint64_t object)
 
        txh = dmu_tx_hold_object_impl(tx, tx->tx_objset, object,
            THT_SPILL, 0, 0);
+       if (txh == NULL)
+               return;
 
        dn = txh->txh_dnode;