Hi, Please find the latest report on new defect(s) introduced to freerangerouting/frr found with Coverity Scan. 6 new defect(s) introduced to freerangerouting/frr found with Coverity Scan. 3 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan. New defect(s) Reported-by: Coverity Scan Showing 6 of 6 defect(s) ** CID 1496619: Null pointer dereferences (FORWARD_NULL) ________________________________________________________________________________________________________ *** CID 1496619: Null pointer dereferences (FORWARD_NULL) /zebra/zebra_evpn_mh.c: 360 in zebra_evpn_es_evi_show_vni() 354 vty_out(vty, "%-8s %-30s %-4s\n", "VNI", "ESI", "Type"); 355 } 356 } else { 357 if (!uj) 358 vty_out(vty, "VNI %d doesn't exist\n", vni); 359 }
CID 1496619: Null pointer dereferences (FORWARD_NULL) Passing null pointer "zvni" to "zebra_evpn_es_evi_show_one_vni", which dereferences it.
360 zebra_evpn_es_evi_show_one_vni(zvni, vty, json, detail); 361 } 362 363 /* Initialize the ES tables maintained per-L2_VNI */ 364 void zebra_evpn_vni_es_init(zebra_vni_t *zvni) 365 {
** CID 1496618: Null pointer dereferences (FORWARD_NULL) ________________________________________________________________________________________________________ *** CID 1496618: Null pointer dereferences (FORWARD_NULL) /bgpd/bgp_evpn_mh.c: 909 in bgp_evpn_type1_route_update() 903 attr_new = pi->attr; 904 905 /* Perform route selection; 906 * this is just to set the flags correctly as local route in 907 * the ES always wins. 908 */
CID 1496618: Null pointer dereferences (FORWARD_NULL) Passing null pointer "vpn" to "evpn_route_select_install", which dereferences it.
909 evpn_route_select_install(bgp, vpn, rn); 910 bgp_dest_unlock_node(rn); 911 912 /* If this is a new route or some attribute has changed, export the 913 * route to the global table. The route will be advertised to peers 914 * from there. Note that this table is a 2-level tree (RD-level +
** CID 1496617: Memory - illegal accesses (USE_AFTER_FREE) ________________________________________________________________________________________________________ *** CID 1496617: Memory - illegal accesses (USE_AFTER_FREE) /zebra/zebra_evpn_mh.c: 1688 in zebra_evpn_es_cleanup() 1682 struct zebra_evpn_es *es; 1683 struct zebra_evpn_es *es_next; 1684 1685 RB_FOREACH_SAFE(es, zebra_es_rb_head, 1686 &zmh_info->es_rb_tree, es_next) { 1687 zebra_evpn_local_es_del(es);
CID 1496617: Memory - illegal accesses (USE_AFTER_FREE) Calling "zebra_evpn_remote_es_flush" dereferences freed pointer "es".
1688 zebra_evpn_remote_es_flush(es); 1689 } 1690 } 1691 1692 /* Only certain types of access ports can be setup as an Ethernet Segment */ 1693 bool zebra_evpn_is_if_es_capable(struct zebra_if *zif)
** CID 1496616: Null pointer dereferences (REVERSE_INULL) /zebra/zebra_vxlan.c: 6885 in zebra_vxlan_proc_sync_neigh_update() ________________________________________________________________________________________________________ *** CID 1496616: Null pointer dereferences (REVERSE_INULL) /zebra/zebra_vxlan.c: 6885 in zebra_vxlan_proc_sync_neigh_update() 6879 if (old_bgp_ready) { 6880 zvni_neigh_send_del_to_client(zvni->vni, &n->ip, 6881 &n->emac, n->flags, n->state, 6882 false /*force*/); 6883 old_bgp_ready = false; 6884 }
CID 1496616: Null pointer dereferences (REVERSE_INULL) Null-checking "n->mac" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
6885 if (n->mac) 6886 zebra_vxlan_local_neigh_deref_mac(n, 6887 false /*send_mac_update*/); 6888 } 6889 /* clear old fwd info */ 6890 n->rem_seq = 0;
** CID 1496615: Integer handling issues (CONSTANT_EXPRESSION_RESULT) /zebra/rt_netlink.c: 3206 in netlink_macfdb_update_ctx() ________________________________________________________________________________________________________ *** CID 1496615: Integer handling issues (CONSTANT_EXPRESSION_RESULT) /zebra/rt_netlink.c: 3206 in netlink_macfdb_update_ctx() 3200 vid = dplane_ctx_mac_get_vlan(ctx); 3201 if (vid > 0) 3202 snprintf(vid_buf, sizeof(vid_buf), " VLAN %u", vid); 3203 else 3204 vid_buf[0] = '\0'; 3205
CID 1496615: Integer handling issues (CONSTANT_EXPRESSION_RESULT) "nfy & (8 /* 1 << 3 */)" is always 0 regardless of the values of its operands. This occurs as the logical first operand of "?:".
3206 zlog_debug("Tx %s family %s IF %s(%u)%s %sMAC %s dst %s nhg %u%s%s%s%s%s", 3207 nl_msg_type_to_str(cmd), nl_family_to_str(AF_BRIDGE), 3208 dplane_ctx_get_ifname(ctx), 3209 dplane_ctx_get_ifindex(ctx), vid_buf, 3210 dplane_ctx_mac_is_sticky(ctx) ? "sticky " : "", 3211 prefix_mac2str(mac, buf, sizeof(buf)),
** CID 1496614: Error handling issues (CHECKED_RETURN) /bgpd/bgp_evpn_mh.c: 1445 in bgp_evpn_local_es_up() ________________________________________________________________________________________________________ *** CID 1496614: Error handling issues (CHECKED_RETURN) /bgpd/bgp_evpn_mh.c: 1445 in bgp_evpn_local_es_up() 1439 /* generate EAD-EVI */ 1440 bgp_evpn_local_type1_evi_route_add(bgp, es); 1441 1442 /* generate EAD-ES */ 1443 build_evpn_type1_prefix(&p, BGP_EVPN_AD_ES_ETH_TAG, 1444 &es->esi, es->originator_ip);
CID 1496614: Error handling issues (CHECKED_RETURN) Calling "bgp_evpn_type1_route_update" without checking return value (as is done elsewhere 4 out of 5 times).
1445 bgp_evpn_type1_route_update(bgp, es, NULL, &p); 1446 } 1447 1448 static void bgp_evpn_local_es_do_del(struct bgp *bgp, struct bgp_evpn_es *es) 1449 { 1450 struct bgp_evpn_es_evi *es_evi;
________________________________________________________________________________________________________ To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0...