Hi, Please find the latest report on new defect(s) introduced to freerangerouting/frr found with Coverity Scan. 5 new defect(s) introduced to freerangerouting/frr found with Coverity Scan. New defect(s) Reported-by: Coverity Scan Showing 5 of 5 defect(s) ** CID 1480235: Incorrect expression (NO_EFFECT) /vrrpd/vrrp.c: 1387 in vrrp_change_state_initialize() ________________________________________________________________________________________________________ *** CID 1480235: Incorrect expression (NO_EFFECT) /vrrpd/vrrp.c: 1387 in vrrp_change_state_initialize() 1381 * 1382 * r 1383 * VRRP Router to operate on 1384 */ 1385 static void vrrp_change_state_initialize(struct vrrp_router *r) 1386 {

...

...

CID 1480235: Incorrect expression (NO_EFFECT) Assigning "r->vr->advertisement_interval" to itself has no effect.

1387 r->vr->advertisement_interval = r->vr->advertisement_interval; 1388 r->master_adver_interval = 0; 1389 vrrp_recalculate_timers(r); 1390 1391 r->advert_pending = false; 1392 r->garp_pending = false;

** CID 1480234: Integer handling issues (NEGATIVE_RETURNS) ________________________________________________________________________________________________________ *** CID 1480234: Integer handling issues (NEGATIVE_RETURNS) /vrrpd/vrrp_arp.c: 145 in vrrp_garp_send() 139 VRRP_LOGPFX VRRP_LOGPFX_VRID VRRP_LOGPFX_FAM 140 "Sending gratuitous ARP on %s for %s", 141 r->vr->vrid, family2str(r->family), ifp->name, astr); 142 if (DEBUG_MODE_CHECK(&vrrp_dbg_arp, DEBUG_MODE_ALL)) 143 zlog_hexdump(garpbuf, garpbuf_len); 144

...

...

CID 1480234: Integer handling issues (NEGATIVE_RETURNS) "garpbuf_len" is passed to a parameter that cannot be negative.

145 sent_len = vrrp_send_garp(ifp, garpbuf, garpbuf_len); 146 147 if (sent_len < 0) 148 zlog_warn(VRRP_LOGPFX VRRP_LOGPFX_VRID VRRP_LOGPFX_FAM 149 "Error sending gratuitous ARP on %s for %s", 150 r->vr->vrid, family2str(r->family), ifp->name, astr);

** CID 1480233: Memory - corruptions (OVERRUN) ________________________________________________________________________________________________________ *** CID 1480233: Memory - corruptions (OVERRUN) /vrrpd/vrrp_ndisc.c: 142 in vrrp_ndisc_una_build() 136 struct ipv6_ph ph = {}; 137 138 ph.src = ip6h->ip6_src; 139 ph.dst = ip6h->ip6_dst; 140 ph.ulpl = htonl(len); 141 ph.next_hdr = IPPROTO_ICMPV6;

...

...

CID 1480233: Memory - corruptions (OVERRUN) Overrunning struct type icmp6_hdr of 8 bytes by passing it to a function which accesses it at byte offset 31 using argument "len" (which evaluates to 32).

142 icmp6h->icmp6_cksum = in_cksum_with_ph6(&ph, (void *)icmp6h, len); 143 144 return 0; 145 } 146 147 int vrrp_ndisc_una_send(struct vrrp_router *r, struct ipaddr *ip)

** CID 1480232: Uninitialized variables (UNINIT) /vrrpd/vrrp.c: 984 in vrrp_read() ________________________________________________________________________________________________________ *** CID 1480232: Uninitialized variables (UNINIT) /vrrpd/vrrp.c: 984 in vrrp_read() 978 m.msg_namelen = sizeof(sa); 979 m.msg_iov = &iov; 980 m.msg_iovlen = 1; 981 m.msg_control = control; 982 m.msg_controllen = sizeof(control); 983

...

...

CID 1480232: Uninitialized variables (UNINIT) Using uninitialized value "m". Field "m.msg_flags" is uninitialized when calling "recvmsg".

984 nbytes = recvmsg(r->sock_rx, &m, MSG_DONTWAIT); 985 986 if ((nbytes < 0 && ERRNO_IO_RETRY(errno))) { 987 resched = true; 988 goto done; 989 } else if (nbytes <= 0) {

** CID 1480231: Error handling issues (CHECKED_RETURN) /vrrpd/vrrp.c: 766 in vrrp_send_advertisement() ________________________________________________________________________________________________________ *** CID 1480231: Error handling issues (CHECKED_RETURN) /vrrpd/vrrp.c: 766 in vrrp_send_advertisement() 760 761 if (DEBUG_MODE_CHECK(&vrrp_dbg_pkt, DEBUG_MODE_ALL)) 762 zlog_hexdump(pkt, (size_t)pktsz); 763 764 const char *group = r->family == AF_INET ? VRRP_MCASTV4_GROUP_STR 765 : VRRP_MCASTV6_GROUP_STR;

...

...

CID 1480231: Error handling issues (CHECKED_RETURN) Calling "str2sockunion" without checking return value (as is done elsewhere 26 out of 27 times).

766 str2sockunion(group, &dest); 767 768 ssize_t sent = sendto(r->sock_tx, pkt, (size_t)pktsz, 0, &dest.sa, 769 sockunion_sizeof(&dest)); 770 771 XFREE(MTYPE_VRRP_PKT, pkt);

________________________________________________________________________________________________________ To view the defects in Coverity Scan visit, https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05...