[dev] New Defects reported by Coverity Scan for freerangerouting/frr
scan-admin at coverity.com
scan-admin at coverity.com
Fri Jul 14 10:18:22 EDT 2017
Hi,
Please find the latest report on new defect(s) introduced to freerangerouting/frr found with Coverity Scan.
6 new defect(s) introduced to freerangerouting/frr found with Coverity Scan.
3 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 6 of 6 defect(s)
** CID 1450988: Error handling issues (CHECKED_RETURN)
/bgpd/bgp_evpn.c: 2533 in bgp_evpn_derive_auto_rd()
________________________________________________________________________________________________________
*** CID 1450988: Error handling issues (CHECKED_RETURN)
/bgpd/bgp_evpn.c: 2533 in bgp_evpn_derive_auto_rd()
2527 {
2528 char buf[100];
2529
2530 vpn->prd.family = AF_UNSPEC;
2531 vpn->prd.prefixlen = 64;
2532 sprintf (buf, "%s:%hu", inet_ntoa (bgp->router_id), vpn->rd_id);
>>> CID 1450988: Error handling issues (CHECKED_RETURN)
>>> Calling "str2prefix_rd" without checking return value (as is done elsewhere 15 out of 16 times).
2533 str2prefix_rd (buf, &vpn->prd);
2534 UNSET_FLAG (vpn->flags, VNI_FLAG_RD_CFGD);
2535 }
2536
2537 /*
2538 * Lookup VNI.
** CID 1450987: Null pointer dereferences (FORWARD_NULL)
/bgpd/bgp_evpn.c: 509 in add_mac_mobility_to_attr()
________________________________________________________________________________________________________
*** CID 1450987: Null pointer dereferences (FORWARD_NULL)
/bgpd/bgp_evpn.c: 509 in add_mac_mobility_to_attr()
503 /* Build MM */
504 encode_mac_mobility_extcomm (0, seq_num, &eval);
505
506 /* Find current MM ecommunity */
507 ecom_mm = NULL;
508
>>> CID 1450987: Null pointer dereferences (FORWARD_NULL)
>>> Comparing "attr->ecommunity" to null implies that "attr->ecommunity" might be null.
509 if (attr->ecommunity)
510 {
511 for (i = 0; i < attr->ecommunity->size; i++)
512 {
513 pnt = attr->ecommunity->val + (i * 8);
514 type = *pnt++;
** CID 1450986: (RESOURCE_LEAK)
/bgpd/bgp_mpath.c: 775 in bgp_info_mpath_aggregate_update()
/bgpd/bgp_mpath.c: 775 in bgp_info_mpath_aggregate_update()
________________________________________________________________________________________________________
*** CID 1450986: (RESOURCE_LEAK)
/bgpd/bgp_mpath.c: 775 in bgp_info_mpath_aggregate_update()
769 bgp_attr_unintern (&old_attr);
770 bgp_info_mpath_attr_set (new_best, new_attr);
771 SET_FLAG (new_best->flags, BGP_INFO_ATTR_CHANGED);
772 }
773 else
774 bgp_attr_unintern (&new_attr);
>>> CID 1450986: (RESOURCE_LEAK)
>>> Variable "lcomm" going out of scope leaks the storage it points to.
/bgpd/bgp_mpath.c: 775 in bgp_info_mpath_aggregate_update()
769 bgp_attr_unintern (&old_attr);
770 bgp_info_mpath_attr_set (new_best, new_attr);
771 SET_FLAG (new_best->flags, BGP_INFO_ATTR_CHANGED);
772 }
773 else
774 bgp_attr_unintern (&new_attr);
>>> CID 1450986: (RESOURCE_LEAK)
>>> Variable "lcomm" going out of scope leaks the storage it points to.
** CID 1450985: Null pointer dereferences (REVERSE_INULL)
/zebra/zebra_vxlan.c: 841 in zvni_neigh_uninstall()
________________________________________________________________________________________________________
*** CID 1450985: Null pointer dereferences (REVERSE_INULL)
/zebra/zebra_vxlan.c: 841 in zvni_neigh_uninstall()
835
836 if (!(n->flags & ZEBRA_NEIGH_REMOTE))
837 return 0;
838
839 zvrf = vrf_info_lookup(zvni->vxlan_if->vrf_id);
840 assert(zvrf);
>>> CID 1450985: Null pointer dereferences (REVERSE_INULL)
>>> Null-checking "zvni->vxlan_if" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
841 if (!zvni->vxlan_if)
842 {
843 zlog_err ("VNI %u hash %p couldn't be uninstalled - no intf",
844 zvni->vni, zvni);
845 return -1;
846 }
** CID 1450984: Null pointer dereferences (FORWARD_NULL)
/bgpd/bgp_evpn.c: 279 in map_vni_to_rt()
________________________________________________________________________________________________________
*** CID 1450984: Null pointer dereferences (FORWARD_NULL)
/bgpd/bgp_evpn.c: 279 in map_vni_to_rt()
273 */
274 memcpy (&eval_tmp, eval, ECOMMUNITY_SIZE);
275 if (!is_import_rt_configured (vpn))
276 mask_ecom_global_admin (&eval_tmp, eval);
277
278 irt = lookup_import_rt (bgp, &eval_tmp);
>>> CID 1450984: Null pointer dereferences (FORWARD_NULL)
>>> Comparing "irt->vnis" to null implies that "irt->vnis" might be null.
279 if (irt && irt->vnis)
280 if (is_vni_present_in_irt_vnis (irt->vnis, vpn))
281 /* Already mapped. */
282 return;
283
284 if (!irt)
** CID 1450983: (CONSTANT_EXPRESSION_RESULT)
/bgpd/bgp_evpn.c: 2089 in evpn_mpattr_encode_type5()
/bgpd/bgp_evpn.c: 2099 in evpn_mpattr_encode_type5()
________________________________________________________________________________________________________
*** CID 1450983: (CONSTANT_EXPRESSION_RESULT)
/bgpd/bgp_evpn.c: 2089 in evpn_mpattr_encode_type5()
2083 else
2084 len = 32; /* ipv6 */
2085 stream_putc(s, BGP_EVPN_IP_PREFIX_ROUTE);
2086 /* Prefix contains RD, ESI, EthTag, IP length, IP, GWIP and VNI */
2087 stream_putc(s, 8 + 10 + 4 + 1 + len + 3);
2088 stream_put(s, prd->val, 8);
>>> CID 1450983: (CONSTANT_EXPRESSION_RESULT)
>>> The expression "attr && attr" does not accomplish anything because it evaluates to either of its identical operands, "attr".
2089 if (attr && attr)
2090 stream_put(s, &(attr->evpn_overlay.eth_s_id), 10);
2091 else
2092 stream_put(s, &temp, 10);
2093 stream_putl(s, p_evpn_p->eth_tag);
2094 stream_putc(s, p_evpn_p->ip_prefix_length);
/bgpd/bgp_evpn.c: 2099 in evpn_mpattr_encode_type5()
2093 stream_putl(s, p_evpn_p->eth_tag);
2094 stream_putc(s, p_evpn_p->ip_prefix_length);
2095 if (IS_IPADDR_V4(&p_evpn_p->ip))
2096 stream_put_ipv4(s, p_evpn_p->ip.ipaddr_v4.s_addr);
2097 else
2098 stream_put(s, &p_evpn_p->ip.ipaddr_v6, 16);
>>> CID 1450983: (CONSTANT_EXPRESSION_RESULT)
>>> The expression "attr && attr" does not accomplish anything because it evaluates to either of its identical operands, "attr".
2099 if (attr && attr)
2100 {
2101 if (IS_IPADDR_V4(&p_evpn_p->ip))
2102 stream_put_ipv4(s, attr->evpn_overlay.gw_ip.ipv4. s_addr);
2103 else
2104 stream_put(s, &(attr->evpn_overlay.gw_ip.ipv6), 16);
________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRa7dJ8klHLUFWVd2fqpS-2B-2FHaN43B-2FQ11ntcKmbKat2WeHs8691VOJpZofPkpp-2BRBqc-3D_d-2Fi2nRutHp-2FDWtw8JRg-2Bc1m9CS4-2B5uVbodfDyLsp-2FJlcGzPeJYhFHW5l2MY2u4nKQ42WQ9yLYLv5ET1ct5rQmREr41P6lf-2FBARl8jpV6JuXVgrus2JWmusLKDk9D4ie0PMELRKY34BlkMifFVs9zIHATYxAR-2FEK7LSADga52B2CF8CrWEVLC24lDYGWF39y4kn4nwfZjOrsjnNuPAtt0NA-3D-3D
To manage Coverity Scan email notifications for "frr at lists.nox.tf", click https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRbVDbis712qZDP-2FA8y06Nq4lcTWm1Zma8LQDNpOYqrETKrqBiM18kcBcL8b08LzBPOYJYGySZ4Vv7d5QYcnSbGxl3QyORKgEmDxh-2BE2mj6dp1V4JSs2jbMZuLnEQJOW0Z0-3D_d-2Fi2nRutHp-2FDWtw8JRg-2Bc1m9CS4-2B5uVbodfDyLsp-2FJlcGzPeJYhFHW5l2MY2u4nKXawViQQ4mKco3jwcTeS-2B2Esls4Q1Cm1Ol4rp7qNQAMFlV-2FpHC5k-2BbvYme08f9RUHiXkoDTOk0NgIMRJscYr-2BjMKVKV-2F3WzNJtPEOeZpz1SR93XkSwB8Y8DGN2YOmfa6rGDosZcmJ-2F6wupZf3tw7QkA-3D-3D
More information about the dev
mailing list