Hi, Please find the latest report on new defect(s) introduced to freerangerouting/frr found with Coverity Scan. 6 new defect(s) introduced to freerangerouting/frr found with Coverity Scan. 4 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan. New defect(s) Reported-by: Coverity Scan Showing 6 of 6 defect(s) ** CID 1469898: Uninitialized variables (UNINIT) ________________________________________________________________________________________________________ *** CID 1469898: Uninitialized variables (UNINIT) /lib/command.c: 270 in argv_concat() 264 int cnt = argc - shift; 265 const char *argstr[cnt]; 266 267 for (int i = 0; i < cnt; i++) 268 argstr[i] = argv[i + shift]->arg; 269
CID 1469898: Uninitialized variables (UNINIT) Using uninitialized element of array "argstr" when calling "frrstr_join".
270 return frrstr_join(argstr, cnt, " "); 271 } 272 273 vector cmd_make_strvec(const char *string) 274 { 275 if (!string)
** CID 1469897: Memory - corruptions (OVERRUN) /bgpd/bgp_route.c: 6978 in route_vty_out_tag() ________________________________________________________________________________________________________ *** CID 1469897: Memory - corruptions (OVERRUN) /bgpd/bgp_route.c: 6978 in route_vty_out_tag() 6972 } else if (attr->mp_nexthop_len 6973 == BGP_ATTR_NHLEN_IPV6_GLOBAL_AND_LL) { 6974 if (json) { 6975 inet_ntop(AF_INET6, 6976 &attr->mp_nexthop_global, 6977 buf_a, BUFSIZ);
CID 1469897: Memory - corruptions (OVERRUN) Overrunning array "buf_b" of 512 bytes by passing it to a function which accesses it at byte offset 8191 using argument "8192U".
6978 inet_ntop(AF_INET6, 6979 &attr->mp_nexthop_local, 6980 buf_b, BUFSIZ); 6981 sprintf(buf_c, "%s(%s)", buf_a, buf_b); 6982 json_object_string_add( 6983 json_out,
** CID 1469896: Null pointer dereferences (FORWARD_NULL) ________________________________________________________________________________________________________ *** CID 1469896: Null pointer dereferences (FORWARD_NULL) /vtysh/vtysh.c: 556 in vtysh_execute_func() 550 551 if (vline == NULL && vty->is_paged) { 552 vty_close_pager(vty); 553 return CMD_SUCCESS; 554 } 555
CID 1469896: Null pointer dereferences (FORWARD_NULL) Passing null pointer "vline" to "cmd_execute_command", which dereferences it.
556 ret = cmd_execute_command(vline, vty, &cmd, 1); 557 cmd_free_strvec(vline); 558 if (ret != CMD_SUCCESS_DAEMON) 559 break; 560 } else if (cmd->func) { 561 (*cmd->func)(cmd, vty, 0, NULL);
** CID 1469895: Null pointer dereferences (FORWARD_NULL) /lib/vty.c: 129 in vty_set_include() ________________________________________________________________________________________________________ *** CID 1469895: Null pointer dereferences (FORWARD_NULL) /lib/vty.c: 129 in vty_set_include() 123 if (!regexp && vty->filter) { 124 regfree(&vty->include); 125 vty->filter = false; 126 return true; 127 } 128
CID 1469895: Null pointer dereferences (FORWARD_NULL) Passing null pointer "regexp" to "regcomp", which dereferences it.
129 errcode = regcomp(&vty->include, regexp, 130 REG_EXTENDED | REG_NEWLINE | REG_NOSUB); 131 if (errcode) { 132 ret = false; 133 regerror(ret, &vty->include, errbuf, sizeof(errbuf)); 134 vty_out(vty, "%% Regex compilation error: %s", errbuf);
** CID 1469894: Null pointer dereferences (NULL_RETURNS) /lib/command.c: 1216 in handle_pipe_action() ________________________________________________________________________________________________________ *** CID 1469894: Null pointer dereferences (NULL_RETURNS) /lib/command.c: 1216 in handle_pipe_action() 1210 1211 if (!succ) { 1212 vty_out(vty, "%% Bad regexp '%s'\n", regexp); 1213 goto fail; 1214 } 1215 *cmd_out = XSTRDUP(MTYPE_TMP, cmd_in);
CID 1469894: Null pointer dereferences (NULL_RETURNS) Dereferencing a null pointer "strstr(*cmd_out, "|")".
1216 *(strstr(*cmd_out, "|")) = '\0'; 1217 } else { 1218 vty_out(vty, "%% Unknown action '%s'\n", token); 1219 goto fail; 1220 } 1221
** CID 1469893: Memory - corruptions (OVERRUN) /bgpd/bgp_route.c: 6975 in route_vty_out_tag() ________________________________________________________________________________________________________ *** CID 1469893: Memory - corruptions (OVERRUN) /bgpd/bgp_route.c: 6975 in route_vty_out_tag() 6969 AF_INET6, 6970 &attr->mp_nexthop_global, 6971 buf_a, BUFSIZ)); 6972 } else if (attr->mp_nexthop_len 6973 == BGP_ATTR_NHLEN_IPV6_GLOBAL_AND_LL) { 6974 if (json) {
CID 1469893: Memory - corruptions (OVERRUN) Overrunning array "buf_a" of 512 bytes by passing it to a function which accesses it at byte offset 8191 using argument "8192U".
6975 inet_ntop(AF_INET6, 6976 &attr->mp_nexthop_global, 6977 buf_a, BUFSIZ); 6978 inet_ntop(AF_INET6, 6979 &attr->mp_nexthop_local, 6980 buf_b, BUFSIZ);
________________________________________________________________________________________________________ To view the defects in Coverity Scan visit, https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05...