Hi, Please find the latest report on new defect(s) introduced to freerangerouting/frr found with Coverity Scan. 9 new defect(s) introduced to freerangerouting/frr found with Coverity Scan. 8 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan. New defect(s) Reported-by: Coverity Scan Showing 9 of 9 defect(s) ** CID 1496729: (SIGN_EXTENSION) /bgpd/bgp_ecommunity.c: 266 in ecommunity_dup() /bgpd/bgp_ecommunity.c: 268 in ecommunity_dup() ________________________________________________________________________________________________________ *** CID 1496729: (SIGN_EXTENSION) /bgpd/bgp_ecommunity.c: 266 in ecommunity_dup() 260 struct ecommunity *new; 261 262 new = XCALLOC(MTYPE_ECOMMUNITY, sizeof(struct ecommunity)); 263 new->size = ecom->size; 264 new->unit_size = ecom->unit_size; 265 if (new->size) {
CID 1496729: (SIGN_EXTENSION) Suspicious implicit sign extension: "ecom->unit_size" with type "uint8_t" (8 bits, unsigned) is promoted in "ecom->size * ecom->unit_size" to type "int" (32 bits, signed), then sign-extended to type "unsigned long" (64 bits, unsigned). If "ecom->size * ecom->unit_size" is greater than 0x7FFFFFFF, the upper bits of the result will all be 1.
266 new->val = XMALLOC(MTYPE_ECOMMUNITY_VAL, 267 ecom->size * ecom->unit_size); 268 memcpy(new->val, ecom->val, ecom->size * ecom->unit_size); 269 } else 270 new->val = NULL; 271 return new; /bgpd/bgp_ecommunity.c: 268 in ecommunity_dup() 262 new = XCALLOC(MTYPE_ECOMMUNITY, sizeof(struct ecommunity)); 263 new->size = ecom->size; 264 new->unit_size = ecom->unit_size; 265 if (new->size) { 266 new->val = XMALLOC(MTYPE_ECOMMUNITY_VAL, 267 ecom->size * ecom->unit_size);
CID 1496729: (SIGN_EXTENSION) Suspicious implicit sign extension: "ecom->unit_size" with type "uint8_t" (8 bits, unsigned) is promoted in "ecom->size * ecom->unit_size" to type "int" (32 bits, signed), then sign-extended to type "unsigned long" (64 bits, unsigned). If "ecom->size * ecom->unit_size" is greater than 0x7FFFFFFF, the upper bits of the result will all be 1.
268 memcpy(new->val, ecom->val, ecom->size * ecom->unit_size); 269 } else 270 new->val = NULL; 271 return new; 272 } 273
** CID 1496728: Resource leaks (RESOURCE_LEAK) /pimd/pim_igmp.c: 1016 in pim_igmp_sock_add() ________________________________________________________________________________________________________ *** CID 1496728: Resource leaks (RESOURCE_LEAK) /pimd/pim_igmp.c: 1016 in pim_igmp_sock_add() 1010 sin.sin_family = AF_INET; 1011 sin.sin_addr = ifaddr; 1012 sin.sin_port = 0; 1013 if (bind(fd, (struct sockaddr *) &sin, sizeof(sin)) != 0) { 1014 zlog_warn("Could not bind IGMP socket for %s on %s", 1015 inet_ntoa(ifaddr), ifp->name);
CID 1496728: Resource leaks (RESOURCE_LEAK) Handle variable "fd" going out of scope leaks the handle.
1016 return 0; 1017 } 1018 1019 igmp = igmp_sock_new(fd, ifaddr, ifp, mtrace_only); 1020 1021 igmp_read_on(igmp);
** CID 1496727: (FORWARD_NULL) /bgpd/bgp_zebra.c: 2377 in bgp_encode_pbr_rule_action() /bgpd/bgp_zebra.c: 2408 in bgp_encode_pbr_rule_action() ________________________________________________________________________________________________________ *** CID 1496727: (FORWARD_NULL) /bgpd/bgp_zebra.c: 2377 in bgp_encode_pbr_rule_action() 2371 * - FS PBR entries based on iprule 2372 * the latter may contain default routing information injected by FS 2373 */ 2374 if (pbr) 2375 stream_putl(s, pbr->unique); 2376 else
CID 1496727: (FORWARD_NULL) Dereferencing null pointer "pbra".
2377 stream_putl(s, pbra->unique); 2378 if (pbr && pbr->flags & MATCH_IP_SRC_SET) 2379 memcpy(&pfx, &(pbr->src), sizeof(struct prefix)); 2380 else { 2381 memset(&pfx, 0, sizeof(pfx)); 2382 pfx.family = fam; /bgpd/bgp_zebra.c: 2408 in bgp_encode_pbr_rule_action() 2402 /* if pbr present, fwmark is not used */ 2403 if (pbr) 2404 stream_putl(s, 0); 2405 else 2406 stream_putl(s, pbra->fwmark); /* fwmark */ 2407
CID 1496727: (FORWARD_NULL) Dereferencing null pointer "pbra".
2408 stream_putl(s, pbra->table_id); 2409 2410 stream_putl(s, 0); /* ifindex unused */ 2411 } 2412 2413 static void bgp_encode_pbr_ipset_match(struct stream *s,
** CID 1496726: Integer handling issues (SIGN_EXTENSION) /bgpd/bgp_ecommunity.c: 1234 in ecommunity_strip() ________________________________________________________________________________________________________ *** CID 1496726: Integer handling issues (SIGN_EXTENSION) /bgpd/bgp_ecommunity.c: 1234 in ecommunity_strip() 1228 XFREE(MTYPE_ECOMMUNITY_VAL, ecom->val); 1229 ecom->size = 0; 1230 return true; 1231 } 1232 1233 /* Strip matching ext community(ies). */
CID 1496726: Integer handling issues (SIGN_EXTENSION) Suspicious implicit sign extension: "ecom->unit_size" with type "uint8_t" (8 bits, unsigned) is promoted in "(ecom->size - found) * ecom->unit_size" to type "int" (32 bits, signed), then sign-extended to type "unsigned long" (64 bits, unsigned). If "(ecom->size - found) * ecom->unit_size" is greater than 0x7FFFFFFF, the upper bits of the result will all be 1.
1234 new = XMALLOC(MTYPE_ECOMMUNITY_VAL, 1235 (ecom->size - found) * ecom->unit_size); 1236 q = new; 1237 for (c = 0, p = ecom->val; c < ecom->size; c++, p += ecom->unit_size) { 1238 if (!(p[0] == type && p[1] == subtype)) { 1239 memcpy(q, p, ecom->unit_size);
** CID 1496725: (SIGN_EXTENSION) /bgpd/bgp_ecommunity.c: 294 in ecommunity_merge() /bgpd/bgp_ecommunity.c: 289 in ecommunity_merge() /bgpd/bgp_ecommunity.c: 299 in ecommunity_merge() ________________________________________________________________________________________________________ *** CID 1496725: (SIGN_EXTENSION) /bgpd/bgp_ecommunity.c: 294 in ecommunity_merge() 288 ecom1->val = 289 XREALLOC(MTYPE_ECOMMUNITY_VAL, ecom1->val, 290 (ecom1->size + ecom2->size) * 291 ecom1->unit_size); 292 else 293 ecom1->val =
CID 1496725: (SIGN_EXTENSION) Suspicious implicit sign extension: "ecom1->unit_size" with type "uint8_t" (8 bits, unsigned) is promoted in "(ecom1->size + ecom2->size) * ecom1->unit_size" to type "int" (32 bits, signed), then sign-extended to type "unsigned long" (64 bits, unsigned). If "(ecom1->size + ecom2->size) * ecom1->unit_size" is greater than 0x7FFFFFFF, the upper bits of the result will all be 1.
294 XMALLOC(MTYPE_ECOMMUNITY_VAL, 295 (ecom1->size + ecom2->size) * 296 ecom1->unit_size); 297 298 memcpy(ecom1->val + (ecom1->size * ecom1->unit_size), ecom2->val, 299 ecom2->size * ecom1->unit_size); /bgpd/bgp_ecommunity.c: 289 in ecommunity_merge() 283 /* Merge two Extended Communities Attribute structure. */ 284 struct ecommunity *ecommunity_merge(struct ecommunity *ecom1, 285 struct ecommunity *ecom2) 286 { 287 if (ecom1->val) 288 ecom1->val =
CID 1496725: (SIGN_EXTENSION) Suspicious implicit sign extension: "ecom1->unit_size" with type "uint8_t" (8 bits, unsigned) is promoted in "(ecom1->size + ecom2->size) * ecom1->unit_size" to type "int" (32 bits, signed), then sign-extended to type "unsigned long" (64 bits, unsigned). If "(ecom1->size + ecom2->size) * ecom1->unit_size" is greater than 0x7FFFFFFF, the upper bits of the result will all be 1.
289 XREALLOC(MTYPE_ECOMMUNITY_VAL, ecom1->val, 290 (ecom1->size + ecom2->size) * 291 ecom1->unit_size); 292 else 293 ecom1->val = 294 XMALLOC(MTYPE_ECOMMUNITY_VAL, /bgpd/bgp_ecommunity.c: 299 in ecommunity_merge() 293 ecom1->val = 294 XMALLOC(MTYPE_ECOMMUNITY_VAL, 295 (ecom1->size + ecom2->size) * 296 ecom1->unit_size); 297 298 memcpy(ecom1->val + (ecom1->size * ecom1->unit_size), ecom2->val,
CID 1496725: (SIGN_EXTENSION) Suspicious implicit sign extension: "ecom1->unit_size" with type "uint8_t" (8 bits, unsigned) is promoted in "ecom2->size * ecom1->unit_size" to type "int" (32 bits, signed), then sign-extended to type "unsigned long" (64 bits, unsigned). If "ecom2->size * ecom1->unit_size" is greater than 0x7FFFFFFF, the upper bits of the result will all be 1.
299 ecom2->size * ecom1->unit_size); 300 ecom1->size += ecom2->size; 301 302 return ecom1; 303 } 304
** CID 1496724: (SIGN_EXTENSION) /bgpd/bgp_ecommunity.c: 1275 in ecommunity_del_val() /bgpd/bgp_ecommunity.c: 1273 in ecommunity_del_val() /bgpd/bgp_ecommunity.c: 1279 in ecommunity_del_val() ________________________________________________________________________________________________________ *** CID 1496724: (SIGN_EXTENSION) /bgpd/bgp_ecommunity.c: 1275 in ecommunity_del_val() 1269 return false; 1270 1271 /* Delete the selected value */ 1272 ecom->size--; 1273 p = XMALLOC(MTYPE_ECOMMUNITY_VAL, ecom->size * ecom->unit_size); 1274 if (c != 0)
CID 1496724: (SIGN_EXTENSION) Suspicious implicit sign extension: "ecom->unit_size" with type "uint8_t" (8 bits, unsigned) is promoted in "c * ecom->unit_size" to type "int" (32 bits, signed), then sign-extended to type "unsigned long" (64 bits, unsigned). If "c * ecom->unit_size" is greater than 0x7FFFFFFF, the upper bits of the result will all be 1.
1275 memcpy(p, ecom->val, c * ecom->unit_size); 1276 if ((ecom->size - c) != 0) 1277 memcpy(p + (c)*ecom->unit_size, 1278 ecom->val + (c + 1) * ecom->unit_size, 1279 (ecom->size - c) * ecom->unit_size); 1280 XFREE(MTYPE_ECOMMUNITY_VAL, ecom->val); /bgpd/bgp_ecommunity.c: 1273 in ecommunity_del_val() 1267 } 1268 if (found == 0) 1269 return false; 1270 1271 /* Delete the selected value */ 1272 ecom->size--;
CID 1496724: (SIGN_EXTENSION) Suspicious implicit sign extension: "ecom->unit_size" with type "uint8_t" (8 bits, unsigned) is promoted in "ecom->size * ecom->unit_size" to type "int" (32 bits, signed), then sign-extended to type "unsigned long" (64 bits, unsigned). If "ecom->size * ecom->unit_size" is greater than 0x7FFFFFFF, the upper bits of the result will all be 1.
1273 p = XMALLOC(MTYPE_ECOMMUNITY_VAL, ecom->size * ecom->unit_size); 1274 if (c != 0) 1275 memcpy(p, ecom->val, c * ecom->unit_size); 1276 if ((ecom->size - c) != 0) 1277 memcpy(p + (c)*ecom->unit_size, 1278 ecom->val + (c + 1) * ecom->unit_size, /bgpd/bgp_ecommunity.c: 1279 in ecommunity_del_val() 1273 p = XMALLOC(MTYPE_ECOMMUNITY_VAL, ecom->size * ecom->unit_size); 1274 if (c != 0) 1275 memcpy(p, ecom->val, c * ecom->unit_size); 1276 if ((ecom->size - c) != 0) 1277 memcpy(p + (c)*ecom->unit_size, 1278 ecom->val + (c + 1) * ecom->unit_size,
CID 1496724: (SIGN_EXTENSION) Suspicious implicit sign extension: "ecom->unit_size" with type "uint8_t" (8 bits, unsigned) is promoted in "(ecom->size - c) * ecom->unit_size" to type "int" (32 bits, signed), then sign-extended to type "unsigned long" (64 bits, unsigned). If "(ecom->size - c) * ecom->unit_size" is greater than 0x7FFFFFFF, the upper bits of the result will all be 1.
1279 (ecom->size - c) * ecom->unit_size); 1280 XFREE(MTYPE_ECOMMUNITY_VAL, ecom->val); 1281 ecom->val = p; 1282 return true; 1283 } 1284
** CID 1496723: (SIGN_EXTENSION) /bgpd/bgp_ecommunity.c: 162 in ecommunity_add_val_internal() /bgpd/bgp_ecommunity.c: 156 in ecommunity_add_val_internal() /bgpd/bgp_ecommunity.c: 104 in ecommunity_add_val_internal() ________________________________________________________________________________________________________ *** CID 1496723: (SIGN_EXTENSION) /bgpd/bgp_ecommunity.c: 162 in ecommunity_add_val_internal() 156 ecom->val = XREALLOC(MTYPE_ECOMMUNITY_VAL, ecom->val, 157 ecom_length_size(ecom, ecom_size)); 158 159 160 memmove(ecom->val + ((ins_idx + 1) * ecom_size), 161 ecom->val + (ins_idx * ecom_size),
CID 1496723: (SIGN_EXTENSION) Suspicious implicit sign extension: "ecom_size" with type "uint8_t" (8 bits, unsigned) is promoted in "(ecom->size - 1 - ins_idx) * ecom_size" to type "int" (32 bits, signed), then sign-extended to type "unsigned long" (64 bits, unsigned). If "(ecom->size - 1 - ins_idx) * ecom_size" is greater than 0x7FFFFFFF, the upper bits of the result will all be 1.
162 (ecom->size - 1 - ins_idx) * ecom_size); 163 memcpy(ecom->val + (ins_idx * ecom_size), 164 eval, ecom_size); 165 166 return true; 167 } /bgpd/bgp_ecommunity.c: 156 in ecommunity_add_val_internal() 150 151 if (ins_idx == -1) 152 ins_idx = c; 153 154 /* Add the value to the structure with numerical sorting. */ 155 ecom->size++;
CID 1496723: (SIGN_EXTENSION) Suspicious implicit sign extension: "ecom_size" with type "uint8_t" (8 bits, unsigned) is promoted in "ecom->size * ecom_size" to type "int" (32 bits, signed), then sign-extended to type "unsigned long" (64 bits, unsigned). If "ecom->size * ecom_size" is greater than 0x7FFFFFFF, the upper bits of the result will all be 1.
156 ecom->val = XREALLOC(MTYPE_ECOMMUNITY_VAL, ecom->val, 157 ecom_length_size(ecom, ecom_size)); 158 159 160 memmove(ecom->val + ((ins_idx + 1) * ecom_size), 161 ecom->val + (ins_idx * ecom_size), /bgpd/bgp_ecommunity.c: 104 in ecommunity_add_val_internal() 98 const struct ecommunity_val_ipv6 *eval6 = 99 (struct ecommunity_val_ipv6 *)eval; 100 101 /* When this is fist value, just add it. */ 102 if (ecom->val == NULL) { 103 ecom->size = 1;
CID 1496723: (SIGN_EXTENSION) Suspicious implicit sign extension: "ecom_size" with type "uint8_t" (8 bits, unsigned) is promoted in "ecom->size * ecom_size" to type "int" (32 bits, signed), then sign-extended to type "unsigned long" (64 bits, unsigned). If "ecom->size * ecom_size" is greater than 0x7FFFFFFF, the upper bits of the result will all be 1.
104 ecom->val = XMALLOC(MTYPE_ECOMMUNITY_VAL, 105 ecom_length_size(ecom, ecom_size)); 106 memcpy(ecom->val, eval, ecom_size); 107 return true; 108 } 109
** CID 1496722: Incorrect expression (USELESS_CALL) ________________________________________________________________________________________________________ *** CID 1496722: Incorrect expression (USELESS_CALL) /bgpd/bgp_flowspec_vty.c: 276 in route_vty_out_flowspec() 270 char timebuf[BGP_UPTIME_LEN]; 271 struct bgp_dest *dest = NULL; 272 273 if (path) 274 dest = path->net; 275 if (dest)
CID 1496722: Incorrect expression (USELESS_CALL) Calling "bgp_dest_get_bgp_table_info(dest)" is only useful for its return value, which is ignored.
276 bgp_dest_get_bgp_table_info(dest); 277 if (p == NULL || p->family != AF_FLOWSPEC) 278 return; 279 if (json_paths) { 280 if (display == NLRI_STRING_FORMAT_JSON) 281 json_nlri_path = json_object_new_object();
** CID 1496721: Integer handling issues (SIGN_EXTENSION) /bgpd/bgp_ecommunity.c: 367 in ecommunity_cmp() ________________________________________________________________________________________________________ *** CID 1496721: Integer handling issues (SIGN_EXTENSION) /bgpd/bgp_ecommunity.c: 367 in ecommunity_cmp() 361 return false; 362 363 if (ecom1->unit_size != ecom2->unit_size) 364 return false; 365 366 return (ecom1->size == ecom2->size
CID 1496721: Integer handling issues (SIGN_EXTENSION) Suspicious implicit sign extension: "ecom1->unit_size" with type "uint8_t const" (8 bits, unsigned) is promoted in "ecom1->size * ecom1->unit_size" to type "int" (32 bits, signed), then sign-extended to type "unsigned long" (64 bits, unsigned). If "ecom1->size * ecom1->unit_size" is greater than 0x7FFFFFFF, the upper bits of the result will all be 1.
367 && memcmp(ecom1->val, ecom2->val, ecom1->size * 368 ecom1->unit_size) == 0); 369 } 370 371 /* Initialize Extended Comminities related hash. */ 372 void ecommunity_init(void)
________________________________________________________________________________________________________ To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0...