New Defects reported by Coverity Scan for freerangerouting/frr
Hi, Please find the latest report on new defect(s) introduced to freerangerouting/frr found with Coverity Scan. 4 new defect(s) introduced to freerangerouting/frr found with Coverity Scan. New defect(s) Reported-by: Coverity Scan Showing 4 of 4 defect(s) ** CID 1575507: Null pointer dereferences (REVERSE_INULL) /lib/yang.c: 1146 in yang_lyd_trim_xpath() ________________________________________________________________________________________________________ *** CID 1575507: Null pointer dereferences (REVERSE_INULL) /lib/yang.c: 1146 in yang_lyd_trim_xpath() 1140 if (remove[i] == *root) 1141 *root = (*root)->next; 1142 lyd_free_tree(remove[i]); 1143 } 1144 darr_free(remove); 1145
CID 1575507: Null pointer dereferences (REVERSE_INULL) Null-checking "set" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
1146 if (set) 1147 ly_set_free(set, NULL); 1148 1149 return LY_SUCCESS; 1150 #endif 1151 }
** CID 1575506: Integer handling issues (CONSTANT_EXPRESSION_RESULT) /lib/yang.c: 279 in yang_resolve_snode_xpath() ________________________________________________________________________________________________________ *** CID 1575506: Integer handling issues (CONSTANT_EXPRESSION_RESULT) /lib/yang.c: 279 in yang_resolve_snode_xpath() 273 if (!set->count) { 274 ly_set_free(set, NULL); 275 return LY_ENOTFOUND; 276 } 277 278 *simple = false;
CID 1575506: Integer handling issues (CONSTANT_EXPRESSION_RESULT) "(int)(set->count - 1) <= 2147483647" is always true regardless of the values of its operands. This occurs as the logical second operand of "&&".
279 darr_ensure_i(*snodes, set->count - 1); 280 memcpy(*snodes, set->snodes, set->count * sizeof(set->snodes[0])); 281 ly_set_free(set, NULL); 282 return LY_SUCCESS; 283 } 284
** CID 1575505: Integer handling issues (CONSTANT_EXPRESSION_RESULT) /lib/northbound.c: 184 in nb_nodes_find() ________________________________________________________________________________________________________ *** CID 1575505: Integer handling issues (CONSTANT_EXPRESSION_RESULT) /lib/northbound.c: 184 in nb_nodes_find() 178 uint i; 179 180 err = yang_resolve_snode_xpath(ly_native_ctx, xpath, &snodes, &simple); 181 if (err) 182 return NULL; 183
CID 1575505: Integer handling issues (CONSTANT_EXPRESSION_RESULT) "(int)(((snodes == NULL) ? 0 : (ssize_t)((struct darr_metadata *)snodes - 1)->len) - 1) <= 2147483647" is always true regardless of the values of its operands. This occurs as the logical second operand of "&&".
184 darr_ensure_i(nb_nodes, darr_lasti(snodes)); 185 darr_foreach_i (snodes, i) 186 nb_nodes[i] = snodes[i]->priv; 187 darr_free(snodes); 188 return nb_nodes; 189 }
** CID 1575504: Insecure data handling (TAINTED_SCALAR) ________________________________________________________________________________________________________ *** CID 1575504: Insecure data handling (TAINTED_SCALAR) /mgmtd/mgmt_fe_adapter.c: 1103 in fe_adapter_send_tree_data() 1097 1098 if (!tree) { 1099 empty = yang_dnode_new(ly_native_ctx, false); 1100 tree = empty; 1101 } 1102
CID 1575504: Insecure data handling (TAINTED_SCALAR) Passing tainted expression "*buf" to "yang_print_tree_append", which uses it as an offset.
1103 ret = yang_print_tree_append(&buf, tree, result_type, 1104 (LYD_PRINT_WD_EXPLICIT | 1105 LYD_PRINT_WITHSIBLINGS)); 1106 /* buf may have been reallocated and moved */ 1107 msg = (typeof(msg))buf; 1108 (void)msg; /* suppress clang-SA unused warning on safety code */
________________________________________________________________________________________________________ To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0...
participants (1)
-
scan-admin@coverity.com