New Defects reported by Coverity Scan for freerangerouting/frr
Hi, Please find the latest report on new defect(s) introduced to freerangerouting/frr found with Coverity Scan. 6 new defect(s) introduced to freerangerouting/frr found with Coverity Scan. 26 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan. New defect(s) Reported-by: Coverity Scan Showing 6 of 6 defect(s) ** CID 1568134: Null pointer dereferences (NULL_RETURNS) /isisd/isis_zebra.c: 1146 in isis_zebra_process_srv6_locator_chunk() ________________________________________________________________________________________________________ *** CID 1568134: Null pointer dereferences (NULL_RETURNS) /isisd/isis_zebra.c: 1146 in isis_zebra_process_srv6_locator_chunk() 1140 "prefix %pFX, block_len %u, node_len %u, func_len %u, arg_len %u", 1141 chunk->locator_name, &chunk->prefix, chunk->block_bits_length, 1142 chunk->node_bits_length, chunk->function_bits_length, 1143 chunk->argument_bits_length); 1144 1145 /* Walk through all areas of the ISIS instance */
CID 1568134: Null pointer dereferences (NULL_RETURNS) Dereferencing "isis", which is known to be "NULL".
1146 for (ALL_LIST_ELEMENTS_RO(isis->area_list, node, area)) { 1147 if (strncmp(area->srv6db.config.srv6_locator_name, 1148 chunk->locator_name, 1149 sizeof(area->srv6db.config.srv6_locator_name)) != 0) 1150 continue; 1151
** CID 1568133: Null pointer dereferences (REVERSE_INULL) /isisd/isis_zebra.c: 1077 in isis_zebra_srv6_adj_sid_uninstall() ________________________________________________________________________________________________________ *** CID 1568133: Null pointer dereferences (REVERSE_INULL) /isisd/isis_zebra.c: 1077 in isis_zebra_srv6_adj_sid_uninstall() 1071 enum seg6local_action_t action = ZEBRA_SEG6_LOCAL_ACTION_UNSPEC; 1072 struct interface *ifp; 1073 uint16_t prefixlen = IPV6_MAX_BITLEN; 1074 struct isis_circuit *circuit = sra->adj->circuit; 1075 struct isis_area *area = circuit->area; 1076
CID 1568133: Null pointer dereferences (REVERSE_INULL) Null-checking "sra" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
1077 if (!sra) 1078 return; 1079 1080 switch (sra->behavior) { 1081 case SRV6_ENDPOINT_BEHAVIOR_END_X: 1082 prefixlen = IPV6_MAX_BITLEN;
** CID 1568132: Null pointer dereferences (REVERSE_INULL) /isisd/isis_zebra.c: 1023 in isis_zebra_srv6_adj_sid_install() ________________________________________________________________________________________________________ *** CID 1568132: Null pointer dereferences (REVERSE_INULL) /isisd/isis_zebra.c: 1023 in isis_zebra_srv6_adj_sid_install() 1017 struct seg6local_context ctx = {}; 1018 uint16_t prefixlen = IPV6_MAX_BITLEN; 1019 struct interface *ifp; 1020 struct isis_circuit *circuit = sra->adj->circuit; 1021 struct isis_area *area = circuit->area; 1022
CID 1568132: Null pointer dereferences (REVERSE_INULL) Null-checking "sra" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
1023 if (!sra) 1024 return; 1025 1026 sr_debug("ISIS-SRv6 (%s): setting adjacency SID %pI6", area->area_tag, 1027 &sra->sid); 1028
** CID 1568131: Possible Control flow issues (DEADCODE) /bgpd/bgp_route.c: 1503 in bgp_evpn_path_info_cmp() ________________________________________________________________________________________________________ *** CID 1568131: Possible Control flow issues (DEADCODE) /bgpd/bgp_route.c: 1503 in bgp_evpn_path_info_cmp() 1497 { 1498 enum bgp_path_selection_reason reason; 1499 char pfx_buf[PREFIX2STR_BUFFER] = {}; 1500 bool debug = false; 1501 1502 if (debug)
CID 1568131: Possible Control flow issues (DEADCODE) Execution cannot reach this statement: "prefix2str(union prefixcons...".
1503 prefix2str(bgp_dest_get_prefix(new->net), pfx_buf, 1504 sizeof(pfx_buf)); 1505 1506 return bgp_path_info_cmp(bgp, new, exist, paths_eq, NULL, debug, 1507 pfx_buf, AFI_L2VPN, SAFI_EVPN, &reason); 1508 }
** CID 1568130: Integer handling issues (BAD_SHIFT) /lib/event.c: 105 in cpu_records_add() ________________________________________________________________________________________________________ *** CID 1568130: Integer handling issues (BAD_SHIFT) /lib/event.c: 105 in cpu_records_add() 99 static int cpu_record_hash_cmp(const struct cpu_event_history *a, 100 const struct cpu_event_history *b) 101 { 102 return numcmp((uintptr_t)a->func, (uintptr_t)b->func); 103 } 104
CID 1568130: Integer handling issues (BAD_SHIFT) In expression "hval >> 33 - h->hh.tabshift", right shifting by more than 31 bits has undefined behavior. The shift amount, "33 - h->hh.tabshift", is 33.
105 DECLARE_HASH(cpu_records, struct cpu_event_history, item, cpu_record_hash_cmp, 106 cpu_record_hash_key); 107 108 static struct cpu_event_history *cpu_records_get(struct event_loop *loop, 109 void (*func)(struct event *e), 110 const char *funcname)
** CID 1568129: Null pointer dereferences (REVERSE_INULL) /isisd/isis_tlvs.c: 2813 in unpack_item_srv6_end_sid() ________________________________________________________________________________________________________ *** CID 1568129: Null pointer dereferences (REVERSE_INULL) /isisd/isis_tlvs.c: 2813 in unpack_item_srv6_end_sid() 2807 sid->subsubtlvs = NULL; 2808 } 2809 2810 append_item(&subtlvs->srv6_end_sids, (struct isis_item *)sid); 2811 return 0; 2812 out:
CID 1568129: Null pointer dereferences (REVERSE_INULL) Null-checking "sid" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
2813 if (sid) 2814 free_item_srv6_end_sid((struct isis_item *)sid); 2815 return 1; 2816 } 2817 2818 /* Functions related to TLVs 1 Area Addresses */
________________________________________________________________________________________________________ To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0...
participants (1)
-
scan-admin@coverity.com