Hi, Please find the latest report on new defect(s) introduced to freerangerouting/frr found with Coverity Scan. 3 new defect(s) introduced to freerangerouting/frr found with Coverity Scan. New defect(s) Reported-by: Coverity Scan Showing 3 of 3 defect(s) ** CID 1492482: Memory - corruptions (OVERRUN) ________________________________________________________________________________________________________ *** CID 1492482: Memory - corruptions (OVERRUN) /zebra/zebra_rnh.c: 1048 in send_client() 1042 stream_putl(s, re->metric); 1043 num = 0; 1044 nump = stream_get_endp(s); 1045 stream_putc(s, 0); 1046 for (ALL_NEXTHOPS(re->nhe->nhg, nh)) 1047 if (rnh_nexthop_valid(re, nh)) {
CID 1492482: Memory - corruptions (OVERRUN) Overrunning struct type zapi_nexthop of 112 bytes by passing it to a function which accesses it at byte offset 115.
1048 zapi_nexthop_from_nexthop(&znh, nh); 1049 zapi_nexthop_encode(s, &znh, 0 /* flags */); 1050 num++; 1051 } 1052 stream_putc_at(s, nump, num); 1053 } else {
** CID 1492481: Null pointer dereferences (NULL_RETURNS) /zebra/zebra_vxlan.c: 10262 in zebra_evpn_pim_cfg_clean_up() ________________________________________________________________________________________________________ *** CID 1492481: Null pointer dereferences (NULL_RETURNS) /zebra/zebra_vxlan.c: 10262 in zebra_evpn_pim_cfg_clean_up() 10256 } 10257 10258 static int zebra_evpn_pim_cfg_clean_up(struct zserv *client) 10259 { 10260 struct zebra_vrf *zvrf = zebra_vrf_get_evpn(); 10261
CID 1492481: Null pointer dereferences (NULL_RETURNS) Dereferencing "zvrf", which is known to be "NULL".
10262 if (CHECK_FLAG(zvrf->flags, ZEBRA_PIM_SEND_VXLAN_SG)) { 10263 if (IS_ZEBRA_DEBUG_VXLAN) 10264 zlog_debug("VxLAN SG updates to PIM, stop"); 10265 UNSET_FLAG(zvrf->flags, ZEBRA_PIM_SEND_VXLAN_SG); 10266 } 10267
** CID 1492480: Memory - corruptions (OVERRUN) ________________________________________________________________________________________________________ *** CID 1492480: Memory - corruptions (OVERRUN) /pimd/pim_nht.c: 737 in pim_parse_nexthop_update() 731 struct zapi_route nhr; 732 733 if (!vrf) 734 return 0; 735 pim = vrf->info; 736
CID 1492480: Memory - corruptions (OVERRUN) Overrunning struct type zapi_route of 14456 bytes by passing it to a function which accesses it at byte offset 29815.
737 if (!zapi_nexthop_update_decode(zclient->ibuf, &nhr)) { 738 if (PIM_DEBUG_PIM_NHT) 739 zlog_debug( 740 "%s: Decode of nexthop update from zebra failed", 741 __func__); 742 return 0;
________________________________________________________________________________________________________ To view the defects in Coverity Scan visit, https://u2389337.ct.sendgrid.net/ls/click?upn=nJaKvJSIH-2FPAfmty-2BK5tYpPklA...