Hi, Please find the latest report on new defect(s) introduced to freerangerouting/frr found with Coverity Scan. 6 new defect(s) introduced to freerangerouting/frr found with Coverity Scan. 6 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan. New defect(s) Reported-by: Coverity Scan Showing 6 of 6 defect(s) ** CID 1488935: Error handling issues (CHECKED_RETURN) /pimd/pim_vxlan.c: 248 in pim_vxlan_orig_mr_up_del() ________________________________________________________________________________________________________ *** CID 1488935: Error handling issues (CHECKED_RETURN) /pimd/pim_vxlan.c: 248 in pim_vxlan_orig_mr_up_del() 242 __PRETTY_FUNCTION__); 243 } 244 /* if there are other references register the source 245 * for nht 246 */ 247 if (up)
CID 1488935: Error handling issues (CHECKED_RETURN) Calling "pim_rpf_update" without checking return value (as is done elsewhere 4 out of 5 times).
248 pim_rpf_update(vxlan_sg->pim, up, NULL, __func__); 249 } 250 } 251 252 static void pim_vxlan_orig_mr_up_iif_update(struct pim_vxlan_sg *vxlan_sg) 253 {
** CID 1488934: Uninitialized variables (UNINIT) /pimd/pim_mroute.c: 989 in pim_mroute_add() ________________________________________________________________________________________________________ *** CID 1488934: Uninitialized variables (UNINIT) /pimd/pim_mroute.c: 989 in pim_mroute_add() 983 * to the correct IIF afterwords. 984 */ 985 if (!c_oil->installed && c_oil->oil.mfcc_origin.s_addr != INADDR_ANY 986 && c_oil->oil.mfcc_parent != 0) { 987 tmp_oil.mfcc_parent = 0; 988 }
CID 1488934: Uninitialized variables (UNINIT) Using uninitialized value "tmp_oil". Field "tmp_oil.mfcc_pkt_cnt" is uninitialized when calling "setsockopt".
989 err = setsockopt(pim->mroute_socket, IPPROTO_IP, MRT_ADD_MFC, 990 &tmp_oil, sizeof(tmp_oil)); 991 992 if (!err && !c_oil->installed 993 && c_oil->oil.mfcc_origin.s_addr != INADDR_ANY 994 && c_oil->oil.mfcc_parent != 0) {
** CID 1488933: Null pointer dereferences (REVERSE_INULL) /zebra/zebra_nhg.c: 1415 in nexthop_active() ________________________________________________________________________________________________________ *** CID 1488933: Null pointer dereferences (REVERSE_INULL) /zebra/zebra_nhg.c: 1415 in nexthop_active() 1409 1410 /* Lookup should halt if we've matched against ourselves ('top', 1411 * if specified) - i.e., we cannot have a nexthop NH1 is 1412 * resolved by a route NH1. The exception is if the route is a 1413 * host route. 1414 */
CID 1488933: Null pointer dereferences (REVERSE_INULL) Null-checking "top" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
1415 if (top && rn == top) 1416 if (((afi == AFI_IP) && (rn->p.prefixlen != 32)) 1417 || ((afi == AFI_IP6) && (rn->p.prefixlen != 128))) { 1418 if (IS_ZEBRA_DEBUG_RIB_DETAILED) 1419 zlog_debug( 1420 "\t%s: Matched against ourself and prefix length is not max bit length",
** CID 1488932: Null pointer dereferences (FORWARD_NULL) ________________________________________________________________________________________________________ *** CID 1488932: Null pointer dereferences (FORWARD_NULL) /bgpd/bgp_evpn_vty.c: 3804 in bgp_evpn_advertise_pip_ip_mac_magic() 3798 update_advertise_vrf_routes(bgp_vrf); 3799 3800 /* Update (svi) type-2 routes */ 3801 for (ALL_LIST_ELEMENTS_RO(bgp_vrf->l2vnis, node, vpn)) { 3802 if (!bgp_evpn_is_svi_macip_enabled(vpn)) 3803 continue;
CID 1488932: Null pointer dereferences (FORWARD_NULL) Passing null pointer "bgp_evpn" to "update_routes_for_vni", which dereferences it.
3804 update_routes_for_vni(bgp_evpn, vpn); 3805 } 3806 } 3807 3808 return CMD_SUCCESS; 3809 }
** CID 1485637: Incorrect expression (SIZEOF_MISMATCH) /qpb/qpb_allocator.h: 57 in qpb_alloc_ptr_array() ________________________________________________________________________________________________________ *** CID 1485637: Incorrect expression (SIZEOF_MISMATCH) /qpb/qpb_allocator.h: 57 in qpb_alloc_ptr_array() 51 * 52 * Allocate space for the specified number of pointers. 53 */ 54 static inline void *qpb_alloc_ptr_array(qpb_allocator_t *allocator, 55 size_t num_ptrs) 56 {
CID 1485637: Incorrect expression (SIZEOF_MISMATCH) Passing argument "num_ptrs * 8UL /* sizeof (void *) */" to function "qpb_alloc" which returns a value of type "void *" is suspicious.
57 return qpb_alloc(allocator, num_ptrs * sizeof(void *)); 58 } 59 60 /* 61 * qpb_free 62 */
** CID 1485635: Incorrect expression (SIZEOF_MISMATCH) /qpb/qpb.h: 124 in qpb__l3_prefix__get() ________________________________________________________________________________________________________ *** CID 1485635: Incorrect expression (SIZEOF_MISMATCH) /qpb/qpb.h: 124 in qpb__l3_prefix__get() 118 uint8_t family, struct prefix *prefix) 119 { 120 121 switch (family) { 122 123 case AF_INET:
CID 1485635: Incorrect expression (SIZEOF_MISMATCH) Passing argument "prefix" of type "struct prefix *" and argument "16UL" ("sizeof (struct prefix_ipv4)") to function "memset" is suspicious because a multiple of "sizeof (struct prefix) /*48*/" is expected.
124 memset(prefix, 0, sizeof(struct prefix_ipv4)); 125 break; 126 127 case AF_INET6: 128 memset(prefix, 0, sizeof(struct prefix_ipv6)); 129 break;
________________________________________________________________________________________________________ To view the defects in Coverity Scan visit, https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05...