Hi, Please find the latest report on new defect(s) introduced to freerangerouting/frr found with Coverity Scan. 4 new defect(s) introduced to freerangerouting/frr found with Coverity Scan. 9 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan. New defect(s) Reported-by: Coverity Scan Showing 4 of 4 defect(s) ** CID 1514597: Memory - illegal accesses (OVERRUN) /vtysh/vtysh.c: 3594 in vtysh_log_print() ________________________________________________________________________________________________________ *** CID 1514597: Memory - illegal accesses (OVERRUN) /vtysh/vtysh.c: 3594 in vtysh_log_print() 3588 vis = &visual_prios[hdr->prio]; 3589 3590 localtime_r(&ts, &tm); 3591 strftime(ts_buf, sizeof(ts_buf), "%Y-%m-%d %H:%M:%S", &tm); 3592 3593 if (!stderr_tty) {
CID 1514597: Memory - illegal accesses (OVERRUN) Overrunning array of 128 bytes at byte offset 128 by dereferencing pointer "vis".
3594 const char *label = vis->label + strlen(vis->label) - 4; 3595 3596 fprintf(stderr, "%s.%03u [%s] %s: %.*s\n", ts_buf, 3597 hdr->ts_nsec / 1000000U, label, vclient->name, 3598 (int)textlen, text); 3599 return;
** CID 1514596: Control flow issues (UNEXPECTED_CONTROL_FLOW) /vtysh/vtysh.c: 222 in vtysh_client_receive() ________________________________________________________________________________________________________ *** CID 1514596: Control flow issues (UNEXPECTED_CONTROL_FLOW) /vtysh/vtysh.c: 222 in vtysh_client_receive() 216 cmh->cmsg_len = CMSG_LEN(sizeof(int)); 217 memset(CMSG_DATA(cmh), -1, sizeof(int)); 218 219 do { 220 ret = recvmsg(vclient->fd, &mh, 0); 221 if (ret < 0 && (errno == EINTR || errno == EAGAIN))
CID 1514596: Control flow issues (UNEXPECTED_CONTROL_FLOW) A "continue" statement within a "do ... while (...)" loop only continues execution of the loop body if the loop continuation condition is still true. Since the condition will never be true in a "do ... while (false)" loop, the "continue"statement has the same effect as a "break" statement. Did you intend execution to continue at the top of the loop?
222 continue; 223 } while (false); 224 225 if (cmh->cmsg_len == CMSG_LEN(sizeof(int))) { 226 int fd; 227
** CID 1514595: (STRING_NULL) /vtysh/vtysh.c: 3657 in vtysh_log_read() ________________________________________________________________________________________________________ *** CID 1514595: (STRING_NULL) /vtysh/vtysh.c: 3682 in vtysh_log_read() 3676 puts("\r"); 3677 #endif 3678 fflush(stdout); 3679 } 3680 3681 text = buf.text + sizeof(buf.hdr.argpos[0]) * buf.hdr.n_argpos;
CID 1514595: (STRING_NULL) Passing unterminated string "text" to "vtysh_log_print", which expects a null-terminated string.
3682 vtysh_log_print(vclient, &buf.hdr, text); 3683 3684 if (stderr_stdout_same) 3685 rl_forced_update_display(); 3686 3687 return; /vtysh/vtysh.c: 3657 in vtysh_log_read() 3651 snprintfrr(buf.text, sizeof(buf.text), 3652 "log monitor connection error: %m"); 3653 else 3654 snprintfrr( 3655 buf.text, sizeof(buf.text), 3656 "log monitor connection closed unexpectedly");
CID 1514595: (STRING_NULL) Passing unterminated string "buf.text" to "strlen", which expects a null-terminated string.
3657 buf.hdr.textlen = strlen(buf.text); 3658 3659 THREAD_OFF(vclient->log_reader); 3660 close(vclient->log_fd); 3661 vclient->log_fd = -1; 3662
** CID 1514594: Memory - corruptions (OVERRUN) /lib/yang_wrappers.c: 719 in yang_dnode_get_binary_buf() ________________________________________________________________________________________________________ *** CID 1514594: Memory - corruptions (OVERRUN) /lib/yang_wrappers.c: 719 in yang_dnode_get_binary_buf() 713 char *value_str; 714 struct base64_decodestate s; 715 716 canon = YANG_DNODE_XPATH_GET_CANON(dnode, xpath_fmt); 717 cannon_len = strlen(canon); 718 decode_len = cannon_len;
CID 1514594: Memory - corruptions (OVERRUN) Allocating insufficient memory for the terminating null of the string.
719 value_str = (char *)malloc(decode_len); 720 base64_init_decodestate(&s); 721 cnt = base64_decode_block(canon, cannon_len, value_str, &s); 722 723 ret_len = size > cnt ? cnt : size; 724 memcpy(buf, value_str, ret_len);
________________________________________________________________________________________________________ To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0...