Hi, Please find the latest report on new defect(s) introduced to freerangerouting/frr found with Coverity Scan. 5 new defect(s) introduced to freerangerouting/frr found with Coverity Scan. New defect(s) Reported-by: Coverity Scan Showing 5 of 5 defect(s) ** CID 1574981: Null pointer dereferences (REVERSE_INULL) /lib/northbound.c: 2334 in nb_oper_data_iterate() ________________________________________________________________________________________________________ *** CID 1574981: Null pointer dereferences (REVERSE_INULL) /lib/northbound.c: 2334 in nb_oper_data_iterate() 2328 else 2329 ret = nb_oper_data_iter_node(nb_node->snode, xpath, list_entry, 2330 &list_keys, translator, true, 2331 flags, cb, arg, dnode); 2332 2333 list_delete(&list_dnodes);

...

...

CID 1574981: Null pointer dereferences (REVERSE_INULL) Null-checking "dnode" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.

2334 if (dnode) { 2335 while (lyd_parent(dnode)) 2336 dnode = lyd_parent(dnode); 2337 2338 if (tree && ret == NB_OK) 2339 *tree = dnode;

** CID 1574980: Null pointer dereferences (FORWARD_NULL) /mgmtd/mgmt_txn.c: 1292 in txn_get_tree_data_done() ________________________________________________________________________________________________________ *** CID 1574980: Null pointer dereferences (FORWARD_NULL) /mgmtd/mgmt_txn.c: 1292 in txn_get_tree_data_done() 1286 get_tree->partial_error, false); 1287 1288 /* we're done with the request */ 1289 mgmt_txn_req_free(&txn_req); 1290 1291 if (ret) {

...

...

CID 1574980: Null pointer dereferences (FORWARD_NULL) Dereferencing null pointer "txn_req".

1292 MGMTD_TXN_ERR("Error saving the results of GETTREE for txn-id %" PRIu64 1293 " req_id %" PRIu64 " to requested type %u", 1294 txn->txn_id, txn_req->req_id, 1295 get_tree->result_type); 1296 1297 (void)mgmt_fe_adapter_txn_error(txn->txn_id, txn_req->req_id,

** CID 1574979: Insecure data handling (TAINTED_SCALAR) ________________________________________________________________________________________________________ *** CID 1574979: Insecure data handling (TAINTED_SCALAR) /lib/mgmt_msg.c: 114 in mgmt_msg_read() 108 * Message was longer than what was left and we have no 109 * available space to read more in. B/c mcount == 0 the 110 * message starts at the beginning of the stream so 111 * therefor the stream is too small to fit the message.. 112 * Resize the stream to fit. 113 */

...

...

CID 1574979: Insecure data handling (TAINTED_SCALAR) Passing tainted expression "mhdr->len" to "stream_new", which uses it as an allocation size.

114 news = stream_new(mhdr->len); 115 stream_put(news, mhdr, left); 116 stream_set_endp(news, left); 117 stream_free(ms->ins); 118 ms->ins = news; 119 }

** CID 1574978: Possible Control flow issues (DEADCODE) /mgmtd/mgmt_txn.c: 531 in mgmt_txn_req_free() ________________________________________________________________________________________________________ *** CID 1574978: Possible Control flow issues (DEADCODE) /mgmtd/mgmt_txn.c: 531 in mgmt_txn_req_free() 525 case MGMTD_TXN_GETTREE_TIMEOUT: 526 case MGMTD_TXN_CLEANUP: 527 break; 528 } 529 530 if ((*txn_req)->pending_be_proc && pending_list) {

...

...

CID 1574978: Possible Control flow issues (DEADCODE) Execution cannot reach this statement: "mgmt_txn_reqs_del(pending_l...".

531 mgmt_txn_reqs_del(pending_list, *txn_req); 532 MGMTD_TXN_DBG("Removed req-id: %" PRIu64 533 " from pending-list (left:%zu)", 534 (*txn_req)->req_id, 535 mgmt_txn_reqs_count(pending_list)); 536 } else if (req_list) {

** CID 1574977: Control flow issues (DEADCODE) /lib/vty.c: 3660 in vty_mgmt_get_data_result_notified() ________________________________________________________________________________________________________ *** CID 1574977: Control flow issues (DEADCODE) /lib/vty.c: 3660 in vty_mgmt_get_data_result_notified() 3654 for (indx = 0; indx < num_data; indx++) { 3655 vty_out(vty, " \"%s\": \"%s\"\n", yang_data[indx]->xpath, 3656 yang_data[indx]->value->encoded_str_val); 3657 } 3658 if (next_key < 0) { 3659 vty_out(vty, "]\n");

...

...

CID 1574977: Control flow issues (DEADCODE) Execution cannot reach the expression "1" inside this statement: "vty_mgmt_resume_response(vt...".

3660 vty_mgmt_resume_response(vty, 3661 success ? CMD_SUCCESS : CMD_WARNING); 3662 } 3663 3664 return 0; 3665 }

________________________________________________________________________________________________________ To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0...