Hi, Please find the latest report on new defect(s) introduced to freerangerouting/frr found with Coverity Scan. 7 new defect(s) introduced to freerangerouting/frr found with Coverity Scan. 13 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan. New defect(s) Reported-by: Coverity Scan Showing 7 of 7 defect(s) ** CID 1487863: Incorrect expression (DIVIDE_BY_ZERO) ________________________________________________________________________________________________________ *** CID 1487863: Incorrect expression (DIVIDE_BY_ZERO) /bgpd/bgp_route.c: 12126 in bgp_damp_set() 12120 if (suppress < reuse) { 12121 vty_out(vty, 12122 "Suppress value cannot be less than reuse value \n"); 12123 return 0; 12124 } 12125
CID 1487863: Incorrect expression (DIVIDE_BY_ZERO) In function call "bgp_damp_enable", division by expression "reuse" which may be zero has undefined behavior.
12126 return bgp_damp_enable(bgp, bgp_node_afi(vty), bgp_node_safi(vty), half, 12127 reuse, suppress, max); 12128 } 12129 12130 DEFUN (bgp_damp_unset, 12131 bgp_damp_unset_cmd,
** CID 1487862: Incorrect expression (DIVIDE_BY_ZERO) ________________________________________________________________________________________________________ *** CID 1487862: Incorrect expression (DIVIDE_BY_ZERO) /bgpd/bgp_damp.c: 171 in bgp_reuse_timer() 165 bgp_damp_info_free(bdi, 1, bdc->afi, bdc->safi); 166 else 167 BGP_DAMP_LIST_ADD(bdc, bdi); 168 } else 169 /* Re-insert into another list (See RFC2439 Section 170 * 4.8.6). */
CID 1487862: Incorrect expression (DIVIDE_BY_ZERO) In function call "bgp_reuse_list_add", division by expression "bdc->reuse_limit" which may be zero has undefined behavior.
171 bgp_reuse_list_add(bdi, bdc); 172 } 173 174 return 0; 175 } 176
** CID 1487861: (DIVIDE_BY_ZERO) ________________________________________________________________________________________________________ *** CID 1487861: (DIVIDE_BY_ZERO) /bgpd/bgp_route.c: 12126 in bgp_damp_set() 12120 if (suppress < reuse) { 12121 vty_out(vty, 12122 "Suppress value cannot be less than reuse value \n"); 12123 return 0; 12124 } 12125
CID 1487861: (DIVIDE_BY_ZERO) In function call "bgp_damp_enable", division by expression "half" which may be zero has undefined behavior.
12126 return bgp_damp_enable(bgp, bgp_node_afi(vty), bgp_node_safi(vty), half, 12127 reuse, suppress, max); 12128 } 12129 12130 DEFUN (bgp_damp_unset, 12131 bgp_damp_unset_cmd, /bgpd/bgp_route.c: 12126 in bgp_damp_set() 12120 if (suppress < reuse) { 12121 vty_out(vty, 12122 "Suppress value cannot be less than reuse value \n"); 12123 return 0; 12124 } 12125
CID 1487861: (DIVIDE_BY_ZERO) In function call "bgp_damp_enable", division by expression "half" which may be zero has undefined behavior.
12126 return bgp_damp_enable(bgp, bgp_node_afi(vty), bgp_node_safi(vty), half, 12127 reuse, suppress, max); 12128 } 12129 12130 DEFUN (bgp_damp_unset, 12131 bgp_damp_unset_cmd,
** CID 1487860: Memory - corruptions (OVERRUN) ________________________________________________________________________________________________________ *** CID 1487860: Memory - corruptions (OVERRUN) /zebra/rt_netlink.c: 2481 in netlink_request_nexthop() 2475 memset(&req, 0, sizeof(req)); 2476 req.n.nlmsg_type = type; 2477 req.n.nlmsg_flags = NLM_F_ROOT | NLM_F_MATCH | NLM_F_REQUEST; 2478 req.n.nlmsg_len = NLMSG_LENGTH(sizeof(struct nhmsg)); 2479 req.nhm.nh_family = family; 2480
CID 1487860: Memory - corruptions (OVERRUN) Overrunning struct type nlmsghdr of 16 bytes by passing it to a function which accesses it at byte offset 23 using argument "req.n.nlmsg_len" (which evaluates to 24).
2481 return netlink_request(&zns->netlink_cmd, &req.n); 2482 } 2483 2484 2485 /** 2486 * netlink_nexthop_read() - Nexthop read function using netlink interface
** CID 1487859: Null pointer dereferences (NULL_RETURNS) ________________________________________________________________________________________________________ *** CID 1487859: Null pointer dereferences (NULL_RETURNS) /isisd/isis_zebra.c: 97 in isis_zebra_if_address_add() 91 if (p->family == AF_INET) 92 zlog_debug("connected IP address %s", buf); 93 if (p->family == AF_INET6) 94 zlog_debug("connected IPv6 address %s", buf); 95 #endif /* EXTREME_DEBUG */ 96 if (if_is_operative(c->ifp))
CID 1487859: Null pointer dereferences (NULL_RETURNS) Dereferencing a pointer that might be "NULL" "circuit_scan_by_ifp(c->ifp)" when calling "isis_circuit_add_addr".
97 isis_circuit_add_addr(circuit_scan_by_ifp(c->ifp), c); 98 99 return 0; 100 } 101 102 static int isis_zebra_if_address_del(ZAPI_CALLBACK_ARGS)
** CID 1487858: Memory - illegal accesses (USE_AFTER_FREE) /ospfd/ospf_interface.c: 908 in ospf_vl_if_delete() ________________________________________________________________________________________________________ *** CID 1487858: Memory - illegal accesses (USE_AFTER_FREE) /ospfd/ospf_interface.c: 908 in ospf_vl_if_delete() 902 903 static void ospf_vl_if_delete(struct ospf_vl_data *vl_data) 904 { 905 vl_data->vl_oi->address->u.prefix4.s_addr = 0; 906 vl_data->vl_oi->address->prefixlen = 0; 907 ospf_if_free(vl_data->vl_oi);
CID 1487858: Memory - illegal accesses (USE_AFTER_FREE) Dereferencing freed pointer "vl_data->vl_oi".
908 if_delete(&vl_data->vl_oi->ifp); 909 vlink_count--; 910 } 911 912 /* for a defined area, count the number of configured vl 913 */
** CID 20290: Control flow issues (MISSING_BREAK) /lib/command_parse.c: 1001 in yytnamerr() ________________________________________________________________________________________________________ *** CID 20290: Control flow issues (MISSING_BREAK) /lib/command_parse.c: 1001 in yytnamerr() 995 switch (*++yyp) 996 { 997 case '\'': 998 case ',': 999 goto do_not_strip_quotes; 1000
CID 20290: Control flow issues (MISSING_BREAK) The case for value "'\\'" is not terminated by a 'break' statement.
1001 case '\\': 1002 if (*++yyp != '\\') 1003 goto do_not_strip_quotes; 1004 else 1005 goto append; 1006
________________________________________________________________________________________________________ To view the defects in Coverity Scan visit, https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05...