Hi, Please find the latest report on new defect(s) introduced to freerangerouting/frr found with Coverity Scan. 11 new defect(s) introduced to freerangerouting/frr found with Coverity Scan. 15 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan. New defect(s) Reported-by: Coverity Scan Showing 11 of 11 defect(s) ** CID 1485637: Incorrect expression (SIZEOF_MISMATCH) /qpb/qpb_allocator.h: 57 in qpb_alloc_ptr_array() ________________________________________________________________________________________________________ *** CID 1485637: Incorrect expression (SIZEOF_MISMATCH) /qpb/qpb_allocator.h: 57 in qpb_alloc_ptr_array() 51 * 52 * Allocate space for the specified number of pointers. 53 */ 54 static inline void *qpb_alloc_ptr_array(qpb_allocator_t *allocator, 55 size_t num_ptrs) 56 {
CID 1485637: Incorrect expression (SIZEOF_MISMATCH) Passing argument "num_ptrs * 8UL /* sizeof (void *) */" to function "qpb_alloc" which returns a value of type "void *" is suspicious.
57 return qpb_alloc(allocator, num_ptrs * sizeof(void *)); 58 } 59 60 /* 61 * qpb_free 62 */
** CID 1485636: Null pointer dereferences (FORWARD_NULL) ________________________________________________________________________________________________________ *** CID 1485636: Null pointer dereferences (FORWARD_NULL) /lib/filter.c: 2058 in access_list_exact() 2052 prefix = argv[idx]->arg; 2053 2054 idx = 0; 2055 if (argv_find(argv, argc, "exact-match", &idx)) 2056 exact = 1; 2057
CID 1485636: Null pointer dereferences (FORWARD_NULL) Passing null pointer "prefix" to "filter_set_zebra", which dereferences it.
2058 return filter_set_zebra(vty, argv[1]->arg, seq, permit_deny, 2059 AFI_IP, prefix, exact, 1); 2060 } 2061 2062 DEFUN (access_list_any, 2063 access_list_any_cmd,
** CID 1485635: Incorrect expression (SIZEOF_MISMATCH) /qpb/qpb.h: 124 in qpb__l3_prefix__get() ________________________________________________________________________________________________________ *** CID 1485635: Incorrect expression (SIZEOF_MISMATCH) /qpb/qpb.h: 124 in qpb__l3_prefix__get() 118 uint8_t family, struct prefix *prefix) 119 { 120 121 switch (family) { 122 123 case AF_INET:
CID 1485635: Incorrect expression (SIZEOF_MISMATCH) Passing argument "prefix" of type "struct prefix *" and argument "16UL" ("sizeof (struct prefix_ipv4)") to function "memset" is suspicious because a multiple of "sizeof (struct prefix) /*48*/" is expected.
124 memset(prefix, 0, sizeof(struct prefix_ipv4)); 125 break; 126 127 case AF_INET6: 128 memset(prefix, 0, sizeof(struct prefix_ipv6)); 129 break;
** CID 1485634: Null pointer dereferences (FORWARD_NULL) ________________________________________________________________________________________________________ *** CID 1485634: Null pointer dereferences (FORWARD_NULL) /lib/filter.c: 1956 in no_mac_access_list() 1950 1951 idx = 0; 1952 argv_find(argv, argc, "X:X:X:X:X:X", &idx); 1953 if (idx) 1954 mac = argv[idx]->arg; 1955
CID 1485634: Null pointer dereferences (FORWARD_NULL) Passing null pointer "mac" to "filter_set_zebra", which dereferences it.
1956 return filter_set_zebra(vty, argv[2]->arg, seq, permit_deny, AFI_L2VPN, 1957 mac, 0, 0); 1958 } 1959 1960 DEFUN (mac_access_list_any, 1961 mac_access_list_any_cmd,
** CID 1485633: Null pointer dereferences (REVERSE_INULL) /zebra/zebra_vty.c: 1021 in show_route_all_table_vrf_magic() ________________________________________________________________________________________________________ *** CID 1485633: Null pointer dereferences (REVERSE_INULL) /zebra/zebra_vty.c: 1021 in show_route_all_table_vrf_magic() 1015 rib_table_info_t *info = route_table_get_info(zrt->table); 1016 1017 if (zvrf && zvrf != info->zvrf) 1018 continue; 1019 if (zrt->afi != afi || zrt->safi != SAFI_UNICAST) 1020 continue;
CID 1485633: Null pointer dereferences (REVERSE_INULL) Null-checking "zrt->table" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
1021 if (zrt->table) 1022 do_show_route_helper(vty, info->zvrf, zrt->table, afi, 1023 false, 0, false, false, 1024 0, 0, !!json, zrt->tableid); 1025 } 1026 return CMD_SUCCESS;
** CID 1485632: (FORWARD_NULL) ________________________________________________________________________________________________________ *** CID 1485632: (FORWARD_NULL) /pimd/pim_zebra.c: 1240 in pim_forward_start() 1234 pim_channel_oil_change_iif(pim, up->channel_oil, 1235 MAXVIFS, 1236 __PRETTY_FUNCTION__); 1237 } 1238 1239 else
CID 1485632: (FORWARD_NULL) Passing null pointer "up->channel_oil" to "pim_channel_oil_change_iif", which dereferences it.
1240 pim_channel_oil_change_iif(pim, up->channel_oil, 1241 input_iface_vif_index, 1242 __PRETTY_FUNCTION__); 1243 1244 if (PIM_DEBUG_TRACE) { 1245 struct interface *in_intf = pim_if_find_by_vif_index( /pimd/pim_zebra.c: 1234 in pim_forward_start() 1228 source_str, sizeof(source_str)); 1229 zlog_debug( 1230 "%s %s: could not find input interface for source %s", 1231 __FILE__, __PRETTY_FUNCTION__, 1232 source_str); 1233 }
CID 1485632: (FORWARD_NULL) Passing null pointer "up->channel_oil" to "pim_channel_oil_change_iif", which dereferences it.
1234 pim_channel_oil_change_iif(pim, up->channel_oil, 1235 MAXVIFS, 1236 __PRETTY_FUNCTION__); 1237 } 1238 1239 else
** CID 1485631: Null pointer dereferences (FORWARD_NULL) ________________________________________________________________________________________________________ *** CID 1485631: Null pointer dereferences (FORWARD_NULL) /lib/filter.c: 1919 in mac_access_list() 1913 1914 idx = 0; 1915 argv_find(argv, argc, "X:X:X:X:X:X", &idx); 1916 if (idx) 1917 mac = argv[idx]->arg; 1918
CID 1485631: Null pointer dereferences (FORWARD_NULL) Passing null pointer "mac" to "filter_set_zebra", which dereferences it.
1919 return filter_set_zebra(vty, argv[2]->arg, seq, permit_deny, AFI_L2VPN, 1920 mac, 0, 1); 1921 } 1922 1923 DEFUN (no_mac_access_list, 1924 no_mac_access_list_cmd,
** CID 1485630: API usage errors (LOCK) /lib/log.c: 435 in vzlog() ________________________________________________________________________________________________________ *** CID 1485630: API usage errors (LOCK) /lib/log.c: 435 in vzlog() 429 proto_str, msg, &tsctl); 430 431 out: 432 if (msg != buf) 433 XFREE(MTYPE_TMP, msg); 434 errno = original_errno;
CID 1485630: API usage errors (LOCK) "pthread_mutex_unlock" unlocks "loglock" while it is unlocked.
435 pthread_mutex_unlock(&loglock); 436 } 437 438 int vzlog_test(int priority) 439 { 440 pthread_mutex_lock(&loglock);
** CID 1485629: Null pointer dereferences (FORWARD_NULL) ________________________________________________________________________________________________________ *** CID 1485629: Null pointer dereferences (FORWARD_NULL) /lib/filter.c: 2375 in no_ipv6_access_list_exact() 2369 prefix = argv[idx]->arg; 2370 2371 idx = 0; 2372 if (argv_find(argv, argc, "exact-match", &idx)) 2373 exact = 1; 2374
CID 1485629: Null pointer dereferences (FORWARD_NULL) Passing null pointer "prefix" to "filter_set_zebra", which dereferences it.
2375 return filter_set_zebra(vty, argv[idx_word]->arg, seq, permit_deny, 2376 AFI_IP6, prefix, exact, 0); 2377 } 2378 2379 DEFUN (no_ipv6_access_list_any, 2380 no_ipv6_access_list_any_cmd,
** CID 1485628: Null pointer dereferences (FORWARD_NULL) ________________________________________________________________________________________________________ *** CID 1485628: Null pointer dereferences (FORWARD_NULL) /lib/filter.c: 2130 in no_access_list_exact() 2124 prefix = argv[idx]->arg; 2125 2126 idx = 0; 2127 if (argv_find(argv, argc, "exact-match", &idx)) 2128 exact = 1; 2129
CID 1485628: Null pointer dereferences (FORWARD_NULL) Passing null pointer "prefix" to "filter_set_zebra", which dereferences it.
2130 return filter_set_zebra(vty, argv[2]->arg, seq, permit_deny, 2131 AFI_IP, prefix, exact, 0); 2132 } 2133 2134 DEFUN (no_access_list_any, 2135 no_access_list_any_cmd,
** CID 1399256: Null pointer dereferences (FORWARD_NULL) ________________________________________________________________________________________________________ *** CID 1399256: Null pointer dereferences (FORWARD_NULL) /lib/filter.c: 2300 in ipv6_access_list_exact() 2294 prefix = argv[idx]->arg; 2295 2296 idx = 0; 2297 if (argv_find(argv, argc, "exact-match", &idx)) 2298 exact = 1; 2299
CID 1399256: Null pointer dereferences (FORWARD_NULL) Passing null pointer "prefix" to "filter_set_zebra", which dereferences it.
2300 return filter_set_zebra(vty, argv[idx_word]->arg, seq, permit_deny, 2301 AFI_IP6, prefix, exact, 1); 2302 } 2303 2304 DEFUN (ipv6_access_list_any, 2305 ipv6_access_list_any_cmd,
________________________________________________________________________________________________________ To view the defects in Coverity Scan visit, https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05...