Hi, Please find the latest report on new defect(s) introduced to freerangerouting/frr found with Coverity Scan. 9 new defect(s) introduced to freerangerouting/frr found with Coverity Scan. New defect(s) Reported-by: Coverity Scan Showing 9 of 9 defect(s) ** CID 1566848: (NULL_RETURNS) /pbrd/pbr_vty.c: 830 in pbr_map_action_dst_port_magic() /pbrd/pbr_vty.c: 825 in pbr_map_action_dst_port_magic() ________________________________________________________________________________________________________ *** CID 1566848: (NULL_RETURNS) /pbrd/pbr_vty.c: 830 in pbr_map_action_dst_port_magic() 824 if (no) { 825 if (!CHECK_FLAG(pbrms->action_bm, PBR_ACTION_DST_PORT)) 826 return CMD_SUCCESS; 827 UNSET_FLAG(pbrms->action_bm, PBR_ACTION_DST_PORT); 828 goto check; 829 }
CID 1566848: (NULL_RETURNS) Dereferencing "pbrms", which is known to be "NULL".
830 if (CHECK_FLAG(pbrms->action_bm, PBR_ACTION_DST_PORT) && 831 (pbrms->action_dst_port == port)) 832 return CMD_SUCCESS; 833 834 SET_FLAG(pbrms->action_bm, PBR_ACTION_DST_PORT); 835 pbrms->action_dst_port = port; /pbrd/pbr_vty.c: 825 in pbr_map_action_dst_port_magic() 819 "The Destination Port\n") 820 { 821 /* clang-format on */ 822 struct pbr_map_sequence *pbrms = VTY_GET_CONTEXT(pbr_map_sequence); 823 824 if (no) {
CID 1566848: (NULL_RETURNS) Dereferencing "pbrms", which is known to be "NULL".
825 if (!CHECK_FLAG(pbrms->action_bm, PBR_ACTION_DST_PORT)) 826 return CMD_SUCCESS; 827 UNSET_FLAG(pbrms->action_bm, PBR_ACTION_DST_PORT); 828 goto check; 829 } 830 if (CHECK_FLAG(pbrms->action_bm, PBR_ACTION_DST_PORT) &&
** CID 1566847: (NULL_RETURNS) /pbrd/pbr_vty.c: 800 in pbr_map_action_src_port_magic() /pbrd/pbr_vty.c: 794 in pbr_map_action_src_port_magic() ________________________________________________________________________________________________________ *** CID 1566847: (NULL_RETURNS) /pbrd/pbr_vty.c: 800 in pbr_map_action_src_port_magic() 794 if (!CHECK_FLAG(pbrms->action_bm, PBR_ACTION_SRC_PORT)) 795 return CMD_SUCCESS; 796 UNSET_FLAG(pbrms->action_bm, PBR_ACTION_SRC_PORT); 797 goto check; 798 } 799
CID 1566847: (NULL_RETURNS) Dereferencing "pbrms", which is known to be "NULL".
800 if (CHECK_FLAG(pbrms->action_bm, PBR_ACTION_SRC_PORT) && 801 (pbrms->action_src_port == port)) 802 return CMD_SUCCESS; 803 804 pbrms->action_src_port = port; 805 SET_FLAG(pbrms->action_bm, PBR_ACTION_SRC_PORT); /pbrd/pbr_vty.c: 794 in pbr_map_action_src_port_magic() 788 "The Source Port\n") 789 { 790 /* clang-format on */ 791 struct pbr_map_sequence *pbrms = VTY_GET_CONTEXT(pbr_map_sequence); 792 793 if (no) {
CID 1566847: (NULL_RETURNS) Dereferencing "pbrms", which is known to be "NULL".
794 if (!CHECK_FLAG(pbrms->action_bm, PBR_ACTION_SRC_PORT)) 795 return CMD_SUCCESS; 796 UNSET_FLAG(pbrms->action_bm, PBR_ACTION_SRC_PORT); 797 goto check; 798 } 799
** CID 1566846: Null pointer dereferences (REVERSE_INULL) /pbrd/pbr_vty.c: 455 in pbr_map_match_dscp_magic() ________________________________________________________________________________________________________ *** CID 1566846: Null pointer dereferences (REVERSE_INULL) /pbrd/pbr_vty.c: 455 in pbr_map_match_dscp_magic() 449 if (*pend) 450 raw_dscp = pbr_map_decode_dscp_enum(dscp); 451 else 452 raw_dscp = ul_dscp << 2; 453 if (raw_dscp > PBR_DSFIELD_DSCP) { 454 vty_out(vty, "Invalid dscp value: %s%s\n", dscp,
CID 1566846: Null pointer dereferences (REVERSE_INULL) Null-checking "pend" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
455 (pend ? "" : " (numeric value must be in range 0-63)")); 456 return CMD_WARNING_CONFIG_FAILED; 457 } 458 459 if (CHECK_FLAG(pbrms->filter_bm, PBR_FILTER_DSCP) && 460 (((pbrms->dsfield & PBR_DSFIELD_DSCP) >> 2) == raw_dscp)) {
** CID 1566845: Null pointer dereferences (FORWARD_NULL) ________________________________________________________________________________________________________ *** CID 1566845: Null pointer dereferences (FORWARD_NULL) /pbrd/pbr_vty_clippy.c: 1512 in pbr_map_vrf() 1506 #if 0 /* anything that can fail? */ 1507 if (_failcnt) 1508 return CMD_WARNING; 1509 #endif 1510 #endif 1511
CID 1566845: Null pointer dereferences (FORWARD_NULL) Passing null pointer "vrf_name" to "pbr_map_vrf_magic", which dereferences it.
1512 return pbr_map_vrf_magic(self, vty, argc, argv, vrf_name); 1513 } 1514 1515 /* no_pbr_map_vrf => "no set vrf [<NAME$vrf_name|unchanged>]" */ 1516 DEFUN_CMD_FUNC_DECL(no_pbr_map_vrf) 1517 #define funcdecl_no_pbr_map_vrf static int no_pbr_map_vrf_magic(\
** CID 1566844: (NULL_RETURNS) /pbrd/pbr_vty.c: 902 in pbr_map_action_ecn_magic() /pbrd/pbr_vty.c: 907 in pbr_map_action_ecn_magic() ________________________________________________________________________________________________________ *** CID 1566844: (NULL_RETURNS) /pbrd/pbr_vty.c: 902 in pbr_map_action_ecn_magic() 896 "Explicit Congestion Notification value\n") 897 { 898 /* clang-format on */ 899 struct pbr_map_sequence *pbrms = VTY_GET_CONTEXT(pbr_map_sequence); 900 901 if (no) {
CID 1566844: (NULL_RETURNS) Dereferencing "pbrms", which is known to be "NULL".
902 if (!CHECK_FLAG(pbrms->action_bm, PBR_ACTION_ECN)) 903 return CMD_SUCCESS; 904 UNSET_FLAG(pbrms->action_bm, PBR_ACTION_ECN); 905 goto check; 906 } 907 if (CHECK_FLAG(pbrms->action_bm, PBR_ACTION_ECN) && /pbrd/pbr_vty.c: 907 in pbr_map_action_ecn_magic() 901 if (no) { 902 if (!CHECK_FLAG(pbrms->action_bm, PBR_ACTION_ECN)) 903 return CMD_SUCCESS; 904 UNSET_FLAG(pbrms->action_bm, PBR_ACTION_ECN); 905 goto check; 906 }
CID 1566844: (NULL_RETURNS) Dereferencing "pbrms", which is known to be "NULL".
907 if (CHECK_FLAG(pbrms->action_bm, PBR_ACTION_ECN) && 908 (pbrms->action_ecn == ecn)) { 909 return CMD_SUCCESS; 910 } 911 SET_FLAG(pbrms->action_bm, PBR_ACTION_ECN); 912 pbrms->action_ecn = ecn;
** CID 1566843: Uninitialized variables (UNINIT) /bgpd/bgp_route.c: 6754 in bgp_static_set() ________________________________________________________________________________________________________ *** CID 1566843: Uninitialized variables (UNINIT) /bgpd/bgp_route.c: 6754 in bgp_static_set() 6748 bgp_static->backdoor = backdoor; 6749 bgp_static->valid = 0; 6750 bgp_static->igpmetric = 0; 6751 bgp_static->igpnexthop.s_addr = INADDR_ANY; 6752 bgp_static->label_index = label_index; 6753 bgp_static->label = label;
CID 1566843: Uninitialized variables (UNINIT) Using uninitialized value "prd".
6754 bgp_static->prd = prd; 6755 6756 if (rmap) { 6757 XFREE(MTYPE_ROUTE_MAP_NAME, 6758 bgp_static->rmap.name); 6759 route_map_counter_decrement(
** CID 1566842: Null pointer dereferences (REVERSE_INULL) /pbrd/pbr_vty.c: 874 in pbr_map_action_dscp_magic() ________________________________________________________________________________________________________ *** CID 1566842: Null pointer dereferences (REVERSE_INULL) /pbrd/pbr_vty.c: 874 in pbr_map_action_dscp_magic() 868 raw_dscp = pbr_map_decode_dscp_enum(dscp); 869 else 870 raw_dscp = ul_dscp << 2; 871 872 if (raw_dscp > PBR_DSFIELD_DSCP) { 873 vty_out(vty, "Invalid dscp value: %s%s\n", dscp,
CID 1566842: Null pointer dereferences (REVERSE_INULL) Null-checking "pend" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
874 (pend ? "" : " (numeric value must be in range 0-63)")); 875 return CMD_WARNING_CONFIG_FAILED; 876 } 877 if (CHECK_FLAG(pbrms->action_bm, PBR_ACTION_DSCP) && 878 (pbrms->action_dscp == raw_dscp)) { 879 return CMD_SUCCESS;
** CID 1566841: (NULL_RETURNS) /pbrd/pbr_vty.c: 877 in pbr_map_action_dscp_magic() /pbrd/pbr_vty.c: 855 in pbr_map_action_dscp_magic() ________________________________________________________________________________________________________ *** CID 1566841: (NULL_RETURNS) /pbrd/pbr_vty.c: 877 in pbr_map_action_dscp_magic() 871 872 if (raw_dscp > PBR_DSFIELD_DSCP) { 873 vty_out(vty, "Invalid dscp value: %s%s\n", dscp, 874 (pend ? "" : " (numeric value must be in range 0-63)")); 875 return CMD_WARNING_CONFIG_FAILED; 876 }
CID 1566841: (NULL_RETURNS) Dereferencing "pbrms", which is known to be "NULL".
877 if (CHECK_FLAG(pbrms->action_bm, PBR_ACTION_DSCP) && 878 (pbrms->action_dscp == raw_dscp)) { 879 return CMD_SUCCESS; 880 } 881 SET_FLAG(pbrms->action_bm, PBR_ACTION_DSCP); 882 pbrms->action_dscp = raw_dscp; /pbrd/pbr_vty.c: 855 in pbr_map_action_dscp_magic() 849 "DSCP numeric value (0-63) or standard codepoint name\n") 850 { 851 /* clang-format on */ 852 struct pbr_map_sequence *pbrms = VTY_GET_CONTEXT(pbr_map_sequence); 853 854 if (no) {
CID 1566841: (NULL_RETURNS) Dereferencing "pbrms", which is known to be "NULL".
855 if (!CHECK_FLAG(pbrms->action_bm, PBR_ACTION_DSCP)) 856 return CMD_SUCCESS; 857 UNSET_FLAG(pbrms->action_bm, PBR_ACTION_DSCP); 858 goto check; 859 } 860
** CID 1566840: Incorrect expression (UNUSED_VALUE) /pbrd/pbr_zebra.c: 571 in pbr_encode_pbr_map_sequence() ________________________________________________________________________________________________________ *** CID 1566840: Incorrect expression (UNUSED_VALUE) /pbrd/pbr_zebra.c: 571 in pbr_encode_pbr_map_sequence() 565 r.filter.ip_proto = pbrms->ip_proto; 566 567 r.filter.filter_bm = pbrms->filter_bm; 568 569 /* actions */ 570
CID 1566840: Incorrect expression (UNUSED_VALUE) Assigning value "1U" to "r.action.flags" here, but that stored value is overwritten before it can be used.
571 SET_FLAG(r.action.flags, PBR_ACTION_TABLE); /* always valid */ 572 573 /* 574 * PBR should maintain its own set of action flags that we 575 * can copy here instead of trying to infer from magic values. 576 */
________________________________________________________________________________________________________ To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0...