New Defects reported by Coverity Scan for freerangerouting/frr

17 Mar 2020

      Hi,

Please find the latest report on new defect(s) introduced to freerangerouting/frr found with Coverity Scan.

2 new defect(s) introduced to freerangerouting/frr found with Coverity Scan.
35 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 2 of 2 defect(s)

** CID 1491755:  Memory - illegal accesses  (USE_AFTER_FREE)
/pimd/pim_vxlan.c: 792 in pim_vxlan_sg_del()

________________________________________________________________________________________________________
*** CID 1491755:  Memory - illegal accesses  (USE_AFTER_FREE)
/pimd/pim_vxlan.c: 792 in pim_vxlan_sg_del()
786     
787     	vxlan_sg = pim_vxlan_sg_find(pim, sg);
788     	if (!vxlan_sg)
789     		return;
790     
791     	pim_vxlan_sg_del_item(vxlan_sg);
...
...
...
CID 1491755:  Memory - illegal accesses  (USE_AFTER_FREE)
    Passing freed pointer "vxlan_sg" as an argument to "hash_release".
792     	hash_release(pim->vxlan.sg_hash, vxlan_sg);
793     }
794     
795     /******************************* MLAG handling *******************************/
796     bool pim_vxlan_do_mlag_reg(void)
797     {
** CID 1491754:  Null pointer dereferences  (REVERSE_INULL)
/lib/mlag.c: 90 in mlag_lib_decode_mlag_hdr()

________________________________________________________________________________________________________
*** CID 1491754:  Null pointer dereferences  (REVERSE_INULL)
/lib/mlag.c: 90 in mlag_lib_decode_mlag_hdr()
84     int mlag_lib_decode_mlag_hdr(struct stream *s, struct mlag_msg *msg,
85     			     size_t *length)
86     {
87     #define LIB_MLAG_HDR_LENGTH 8
88     	*length = stream_get_endp(s);
89
...
...
...
CID 1491754:  Null pointer dereferences  (REVERSE_INULL)
    Null-checking "s" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
90     	if (s == NULL || msg == NULL || *length < LIB_MLAG_HDR_LENGTH)
91     		return -1;
92     
93     	*length -= LIB_MLAG_HDR_LENGTH;
94     
95     	STREAM_GETL(s, msg->msg_type);
________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u2389337.ct.sendgrid.net/ls/click?upn=nJaKvJSIH-2FPAfmty-2BK5tYpPklA...

scan-admin＠coverity.com

tags

participants (1)