Hi, Please find the latest report on new defect(s) introduced to freerangerouting/frr found with Coverity Scan. 13 new defect(s) introduced to freerangerouting/frr found with Coverity Scan. New defect(s) Reported-by: Coverity Scan Showing 13 of 13 defect(s) ** CID 1479151: Null pointer dereferences (NULL_RETURNS) /pbrd/pbr_zebra.c: 111 in interface_address_add() ________________________________________________________________________________________________________ *** CID 1479151: Null pointer dereferences (NULL_RETURNS) /pbrd/pbr_zebra.c: 111 in interface_address_add() 105 { 106 struct connected *c; 107 char buf[PREFIX_STRLEN]; 108 109 c = zebra_interface_address_read(command, zclient->ibuf, vrf_id); 110
CID 1479151: Null pointer dereferences (NULL_RETURNS) Dereferencing a null pointer "c".
111 DEBUGD(&pbr_dbg_zebra, 112 "%s: %s added %s", __PRETTY_FUNCTION__, c->ifp->name, 113 prefix2str(c->address, buf, sizeof(buf))); 114 115 return 0; 116 }
** CID 1479150: Null pointer dereferences (FORWARD_NULL) ________________________________________________________________________________________________________ *** CID 1479150: Null pointer dereferences (FORWARD_NULL) /bgpd/bgp_routemap.c: 2013 in route_set_lcommunity_delete_compile() 2007 str = XCALLOC(MTYPE_ROUTE_MAP_COMPILED, len + 1); 2008 memcpy(str, arg, len); 2009 } else 2010 str = NULL; 2011 2012 rcom->name = str;
CID 1479150: Null pointer dereferences (FORWARD_NULL) Passing null pointer "rcom->name" to "bgp_clist_hash_key", which dereferences it.
2013 rcom->name_hash = bgp_clist_hash_key(rcom->name); 2014 return rcom; 2015 } 2016 2017 /* Free function for set lcommunity. */ 2018 static void route_set_lcommunity_delete_free(void *rule)
** CID 1479149: Control flow issues (DEADCODE) /zebra/zebra_rib.c: 486 in nexthop_active() ________________________________________________________________________________________________________ *** CID 1479149: Control flow issues (DEADCODE) /zebra/zebra_rib.c: 486 in nexthop_active() 480 __PRETTY_FUNCTION__, ifp->name); 481 return 0; 482 } 483 } 484 if (!if_is_operative(ifp)) { 485 if (IS_ZEBRA_DEBUG_RIB_DETAILED)
CID 1479149: Control flow issues (DEADCODE) Execution cannot reach the expression ""Unknown"" inside this statement: "zlog_debug("\t%s: Interface...".
486 zlog_debug( 487 "\t%s: Interface %s is not unnumbered", 488 __PRETTY_FUNCTION__, 489 ifp ? ifp->name : "Unknown"); 490 return 0; 491 }
** CID 1479148: Incorrect expression (COPY_PASTE_ERROR) /zebra/zebra_rib.c: 1940 in rib_process_result() ________________________________________________________________________________________________________ *** CID 1479148: Incorrect expression (COPY_PASTE_ERROR) /zebra/zebra_rib.c: 1940 in rib_process_result() 1934 if (old_re->dplane_sequence != dplane_ctx_get_old_seq(ctx)) { 1935 if (IS_ZEBRA_DEBUG_DPLANE_DETAIL) 1936 zlog_debug("%u:%s Stale dplane result for old_re %p", 1937 dplane_ctx_get_vrf(ctx), 1938 dest_str, old_re); 1939 } else
CID 1479148: Incorrect expression (COPY_PASTE_ERROR) "re" in "re->status" looks like a copy-paste error.
1940 UNSET_FLAG(re->status, ROUTE_ENTRY_QUEUED); 1941 } 1942 1943 switch (op) { 1944 case DPLANE_OP_ROUTE_INSTALL: 1945 case DPLANE_OP_ROUTE_UPDATE:
** CID 1479147: Null pointer dereferences (FORWARD_NULL) ________________________________________________________________________________________________________ *** CID 1479147: Null pointer dereferences (FORWARD_NULL) /zebra/zebra_vxlan.c: 9215 in zebra_vxlan_dad_mac_auto_recovery_exp() 9209 zebra_neigh_t *nbr = NULL; 9210 char buf[ETHER_ADDR_STRLEN]; 9211 9212 mac = THREAD_ARG(t); 9213 9214 /* since this is asynchronous we need sanity checks*/
CID 1479147: Null pointer dereferences (FORWARD_NULL) Passing null pointer "zvni" to "zvni_mac_lookup", which dereferences it.
9215 mac = zvni_mac_lookup(zvni, &mac->macaddr); 9216 if (!mac) 9217 return 0; 9218 9219 zvni = zvni_lookup(mac->zvni->vni); 9220 if (!zvni)
** CID 1479146: Null pointer dereferences (FORWARD_NULL) /zebra/zebra_rib.c: 1940 in rib_process_result() ________________________________________________________________________________________________________ *** CID 1479146: Null pointer dereferences (FORWARD_NULL) /zebra/zebra_rib.c: 1940 in rib_process_result() 1934 if (old_re->dplane_sequence != dplane_ctx_get_old_seq(ctx)) { 1935 if (IS_ZEBRA_DEBUG_DPLANE_DETAIL) 1936 zlog_debug("%u:%s Stale dplane result for old_re %p", 1937 dplane_ctx_get_vrf(ctx), 1938 dest_str, old_re); 1939 } else
CID 1479146: Null pointer dereferences (FORWARD_NULL) Dereferencing null pointer "re".
1940 UNSET_FLAG(re->status, ROUTE_ENTRY_QUEUED); 1941 } 1942 1943 switch (op) { 1944 case DPLANE_OP_ROUTE_INSTALL: 1945 case DPLANE_OP_ROUTE_UPDATE:
** CID 1479145: Null pointer dereferences (NULL_RETURNS) ________________________________________________________________________________________________________ *** CID 1479145: Null pointer dereferences (NULL_RETURNS) /zebra/zebra_vxlan.c: 5527 in process_remote_macip_del() 5521 if (IS_ZEBRA_DEBUG_VXLAN) 5522 zlog_debug("%s: IP %s (flags 0x%x intf %s) is remote and duplicate, read kernel for local entry", 5523 __PRETTY_FUNCTION__, 5524 ipaddr2str(ipaddr, buf1, 5525 sizeof(buf1)), n->flags, 5526 vlan_if->name);
CID 1479145: Null pointer dereferences (NULL_RETURNS) Dereferencing a pointer that might be null "vlan_if" when calling "neigh_read_specific_ip".
5527 neigh_read_specific_ip(ipaddr, vlan_if); 5528 } 5529 5530 /* When the MAC changes for an IP, it is possible the 5531 * client may update the new MAC before trying to delete the 5532 * "old" neighbor (as these are two different MACIP routes).
** CID 1479144: Control flow issues (DEADCODE) /bgpd/bgp_mplsvpn.c: 322 in vpn_leak_zebra_vrf_label_withdraw() ________________________________________________________________________________________________________ *** CID 1479144: Control flow issues (DEADCODE) /bgpd/bgp_mplsvpn.c: 322 in vpn_leak_zebra_vrf_label_withdraw() 316 if (debug) { 317 zlog_debug("%s: deleting label for vrf %s (id=%d)", __func__, 318 bgp->name_pretty, bgp->vrf_id); 319 } 320 321 if (label == BGP_PREVENT_VRF_2_VRF_LEAK)
CID 1479144: Control flow issues (DEADCODE) Execution cannot reach this statement: "label = 4294967295U;".
322 label = MPLS_LABEL_NONE; 323 324 zclient_send_vrf_label(zclient, bgp->vrf_id, afi, label, ZEBRA_LSP_BGP); 325 bgp->vpn_policy[afi].tovpn_zebra_vrf_label_last_sent = label; 326 } 327
** CID 1479143: Null pointer dereferences (FORWARD_NULL) ________________________________________________________________________________________________________ *** CID 1479143: Null pointer dereferences (FORWARD_NULL) /bgpd/bgp_routemap.c: 2108 in route_set_community_delete_compile() 2102 str = XCALLOC(MTYPE_ROUTE_MAP_COMPILED, len + 1); 2103 memcpy(str, arg, len); 2104 } else 2105 str = NULL; 2106 2107 rcom->name = str;
CID 1479143: Null pointer dereferences (FORWARD_NULL) Passing null pointer "rcom->name" to "bgp_clist_hash_key", which dereferences it.
2108 rcom->name_hash = bgp_clist_hash_key(rcom->name); 2109 return rcom; 2110 } 2111 2112 /* Free function for set community. */ 2113 static void route_set_community_delete_free(void *rule)
** CID 1479142: Memory - illegal accesses (OVERRUN) /zebra/zebra_rib.c: 2241 in rib_meta_queue_add() ________________________________________________________________________________________________________ *** CID 1479142: Memory - illegal accesses (OVERRUN) /zebra/zebra_rib.c: 2241 in rib_meta_queue_add() 2235 "rn %p is already queued in sub-queue %u", 2236 (void *)rn, qindex); 2237 return; 2238 } 2239 2240 SET_FLAG(rib_dest_from_rnode(rn)->flags, RIB_ROUTE_QUEUED(qindex));
CID 1479142: Memory - illegal accesses (OVERRUN) Overrunning array "mq->subq" of 5 8-byte elements at element index 5 (byte offset 40) using index "qindex" (which evaluates to 5).
2241 listnode_add(mq->subq[qindex], rn); 2242 route_lock_node(rn); 2243 mq->size++; 2244 2245 if (IS_ZEBRA_DEBUG_RIB_DETAILED) 2246 rnode_debug(rn, re->vrf_id, "queued rn %p into sub-queue %u",
** CID 1479141: Control flow issues (DEADCODE) /bgpd/bgp_evpn_vty.c: 3224 in bgp_evpn_advertise_svi_ip_vni_magic() ________________________________________________________________________________________________________ *** CID 1479141: Control flow issues (DEADCODE) /bgpd/bgp_evpn_vty.c: 3224 in bgp_evpn_advertise_svi_ip_vni_magic() 3218 VTY_DECLVAR_CONTEXT_SUB(bgpevpn, vpn); 3219 3220 if (!bgp) 3221 return CMD_WARNING; 3222 3223 if (!vpn)
CID 1479141: Control flow issues (DEADCODE) Execution cannot reach this statement: "return 1;".
3224 return CMD_WARNING; 3225 3226 if (no) 3227 evpn_set_advertise_svi_macip(bgp, vpn, 0); 3228 else 3229 evpn_set_advertise_svi_macip(bgp, vpn, 1);
** CID 1479140: Null pointer dereferences (FORWARD_NULL) ________________________________________________________________________________________________________ *** CID 1479140: Null pointer dereferences (FORWARD_NULL) /zebra/zebra_vxlan.c: 9165 in zebra_vxlan_dad_ip_auto_recovery_exp() 9159 char buf1[INET6_ADDRSTRLEN]; 9160 char buf2[ETHER_ADDR_STRLEN]; 9161 9162 nbr = THREAD_ARG(t); 9163 9164 /* since this is asynchronous we need sanity checks*/
CID 1479140: Null pointer dereferences (FORWARD_NULL) Passing null pointer "zvni" to "zvni_neigh_lookup", which dereferences it.
9165 nbr = zvni_neigh_lookup(zvni, &nbr->ip); 9166 if (!nbr) 9167 return 0; 9168 9169 zvni = zvni_lookup(nbr->zvni->vni); 9170 if (!zvni)
** CID 1479139: Control flow issues (UNREACHABLE) /ospfd/ospf_packet.c: 2110 in ospf_ls_upd() ________________________________________________________________________________________________________ *** CID 1479139: Control flow issues (UNREACHABLE) /ospfd/ospf_packet.c: 2110 in ospf_ls_upd() 2104 && !IS_LSA_MAXAGE(lsa))) { 2105 zlog_debug( 2106 "Link State Update[%s]: has Max Seq but not MaxAge. Dropping it", 2107 dump_lsa_key(lsa)); 2108 2109 DISCARD_LSA(lsa, 4);
CID 1479139: Control flow issues (UNREACHABLE) This code cannot be reached: "continue;".
2110 continue; 2111 } 2112 2113 /* Actual flooding procedure. */ 2114 if (ospf_flood(oi->ospf, nbr, current, lsa) 2115 < 0) /* Trap NSSA later. */
________________________________________________________________________________________________________ To view the defects in Coverity Scan visit, https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05...