New Defects reported by Coverity Scan for freerangerouting/frr

18 Feb 2020

      Hi,

Please find the latest report on new defect(s) introduced to freerangerouting/frr found with Coverity Scan.

4 new defect(s) introduced to freerangerouting/frr found with Coverity Scan.
37 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 4 of 4 defect(s)

** CID 1491273:  Memory - corruptions  (ARRAY_VS_SINGLETON)
/lib/command_parse.c: 1470 in cmd_yyparse()

________________________________________________________________________________________________________
*** CID 1491273:  Memory - corruptions  (ARRAY_VS_SINGLETON)
/lib/command_parse.c: 1470 in cmd_yyparse()
1464             if (yyss1 != yyssa)
1465               YYSTACK_FREE (yyss1);
1466           }
1467     # endif
1468     
1469           yyssp = yyss + yysize - 1;
...
...
...
CID 1491273:  Memory - corruptions  (ARRAY_VS_SINGLETON)
    Using "yyvs" as an array.  This might corrupt or misinterpret adjacent memory locations.
1470           yyvsp = yyvs + yysize - 1;
1471           yylsp = yyls + yysize - 1;
1472     
1473           YY_IGNORE_USELESS_CAST_BEGIN
1474           YYDPRINTF ((stderr, "Stack size increased to %ld\n",
1475                       YY_CAST (long, yystacksize)));
** CID 1491272:  Memory - corruptions  (ARRAY_VS_SINGLETON)
/lib/command_parse.c: 1469 in cmd_yyparse()

________________________________________________________________________________________________________
*** CID 1491272:  Memory - corruptions  (ARRAY_VS_SINGLETON)
/lib/command_parse.c: 1469 in cmd_yyparse()
1463     # undef YYSTACK_RELOCATE
1464             if (yyss1 != yyssa)
1465               YYSTACK_FREE (yyss1);
1466           }
1467     # endif
1468
...
...
...
CID 1491272:  Memory - corruptions  (ARRAY_VS_SINGLETON)
    Using "yyss" as an array.  This might corrupt or misinterpret adjacent memory locations.
1469           yyssp = yyss + yysize - 1;
1470           yyvsp = yyvs + yysize - 1;
1471           yylsp = yyls + yysize - 1;
1472     
1473           YY_IGNORE_USELESS_CAST_BEGIN
1474           YYDPRINTF ((stderr, "Stack size increased to %ld\n",
** CID 1491271:    (CONSTANT_EXPRESSION_RESULT)
/lib/command_parse.c: 1187 in yysyntax_error()
/lib/command_parse.c: 1216 in yysyntax_error()

________________________________________________________________________________________________________
*** CID 1491271:    (CONSTANT_EXPRESSION_RESULT)
/lib/command_parse.c: 1187 in yysyntax_error()
1181                         break;
1182                       }
1183                     yyarg[yycount++] = yytname[yyx];
1184                     {
1185                       YYPTRDIFF_T yysize1
1186                         = yysize + yytnamerr (YY_NULLPTR, yytname[yyx]);
...
...
...
CID 1491271:    (CONSTANT_EXPRESSION_RESULT)
    "yysize1 <= 9223372036854775807L /* (long)((9223372036854775807L < (unsigned long)-1) ? 9223372036854775807L : (unsigned long)-1) */" is always true regardless of the values of its operands. This occurs as the logical second operand of "&&".
1187                       if (yysize <= yysize1 && yysize1 <= YYSTACK_ALLOC_MAXIMUM)
1188                         yysize = yysize1;
1189                       else
1190                         return 2;
1191                     }
1192                   }
/lib/command_parse.c: 1216 in yysyntax_error()
1210         }
1211     
1212       {
1213         /* Don't count the "%s"s in the final size, but reserve room for
1214            the terminator.  */
1215         YYPTRDIFF_T yysize1 = yysize + (yystrlen (yyformat) - 2 * yycount) + 1;
...
CID 1491271:    (CONSTANT_EXPRESSION_RESULT)
    "yysize1 <= 9223372036854775807L /* (long)((9223372036854775807L < (unsigned long)-1) ? 9223372036854775807L : (unsigned long)-1) */" is always true regardless of the values of its operands. This occurs as the logical second operand of "&&".
1216         if (yysize <= yysize1 && yysize1 <= YYSTACK_ALLOC_MAXIMUM)
1217           yysize = yysize1;
1218         else
1219           return 2;
1220       }
1221
** CID 1491270:  Integer handling issues  (CONSTANT_EXPRESSION_RESULT)
/lib/command_parse.c: 1226 in yysyntax_error()

________________________________________________________________________________________________________
*** CID 1491270:  Integer handling issues  (CONSTANT_EXPRESSION_RESULT)
/lib/command_parse.c: 1226 in yysyntax_error()
1220       }
1221     
1222       if (*yymsg_alloc < yysize)
1223         {
1224           *yymsg_alloc = 2 * yysize;
1225           if (! (yysize <= *yymsg_alloc
...
...
...
CID 1491270:  Integer handling issues  (CONSTANT_EXPRESSION_RESULT)
    "*yymsg_alloc <= 9223372036854775807L /* (long)((9223372036854775807L < (unsigned long)-1) ? 9223372036854775807L : (unsigned long)-1) */" is always true regardless of the values of its operands. This occurs as the logical second operand of "&&".
1226                  && *yymsg_alloc <= YYSTACK_ALLOC_MAXIMUM))
1227             *yymsg_alloc = YYSTACK_ALLOC_MAXIMUM;
1228           return 1;
1229         }
1230     
1231       /* Avoid sprintf, as that infringes on the user's name space.
________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u2389337.ct.sendgrid.net/ls/click?upn=nJaKvJSIH-2FPAfmty-2BK5tYpPklA...

scan-admin＠coverity.com

tags

participants (1)