[dev] New Defects reported by Coverity Scan for freerangerouting/frr

scan-admin at coverity.com scan-admin at coverity.com
Mon Jul 17 09:03:20 EDT 2017


Hi,

Please find the latest report on new defect(s) introduced to freerangerouting/frr found with Coverity Scan.

4 new defect(s) introduced to freerangerouting/frr found with Coverity Scan.
7 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 4 of 4 defect(s)


** CID 1451363:  Null pointer dereferences  (FORWARD_NULL)
/ospf6d/ospf6_lsdb.c: 392 in ospf6_lsdb_show()


________________________________________________________________________________________________________
*** CID 1451363:  Null pointer dereferences  (FORWARD_NULL)
/ospf6d/ospf6_lsdb.c: 392 in ospf6_lsdb_show()
386     		return;
387     	}
388     
389     	if (level == OSPF6_LSDB_SHOW_LEVEL_NORMAL)
390     		ospf6_lsa_show_summary_header(vty);
391     
>>>     CID 1451363:  Null pointer dereferences  (FORWARD_NULL)
>>>     Dereferencing null pointer "type".
392     	end = ospf6_lsdb_head(lsdb, !!type + !!(type && adv_router), *type,
393     			      *adv_router, &lsa);
394     	while (lsa) {
395     		if ((!adv_router || lsa->header->adv_router == *adv_router)
396     		    && (!id || lsa->header->id == *id))
397     			(*showfunc)(vty, lsa);

** CID 1451362:  Null pointer dereferences  (REVERSE_INULL)
/ospf6d/ospf6_lsdb.c: 395 in ospf6_lsdb_show()


________________________________________________________________________________________________________
*** CID 1451362:  Null pointer dereferences  (REVERSE_INULL)
/ospf6d/ospf6_lsdb.c: 395 in ospf6_lsdb_show()
389     	if (level == OSPF6_LSDB_SHOW_LEVEL_NORMAL)
390     		ospf6_lsa_show_summary_header(vty);
391     
392     	end = ospf6_lsdb_head(lsdb, !!type + !!(type && adv_router), *type,
393     			      *adv_router, &lsa);
394     	while (lsa) {
>>>     CID 1451362:  Null pointer dereferences  (REVERSE_INULL)
>>>     Null-checking "adv_router" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
395     		if ((!adv_router || lsa->header->adv_router == *adv_router)
396     		    && (!id || lsa->header->id == *id))
397     			(*showfunc)(vty, lsa);
398     
399     		lsa = ospf6_lsdb_next(end, lsa);
400     	}

** CID 1451361:  Null pointer dereferences  (REVERSE_INULL)
/lib/command_match.c: 598 in disambiguate()


________________________________________________________________________________________________________
*** CID 1451361:  Null pointer dereferences  (REVERSE_INULL)
/lib/command_match.c: 598 in disambiguate()
592     				 vector vline, unsigned int n)
593     {
594     	// doesn't make sense for these to be inequal length
595     	assert(first->count == second->count);
596     	assert(first->count == vector_active(vline) - n + 1);
597     
>>>     CID 1451361:  Null pointer dereferences  (REVERSE_INULL)
>>>     Null-checking "second" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
598     	struct listnode *fnode = listhead(first), *snode = listhead(second);
599     	struct cmd_token *ftok = listgetdata(fnode), *stok = listgetdata(snode),
600     			 *best = NULL;
601     
602     	// compare each token, if one matches better use that one
603     	for (unsigned int i = n; i < vector_active(vline); i++) {

** CID 1451360:  Null pointer dereferences  (FORWARD_NULL)
/ospf6d/ospf6_lsdb.c: 392 in ospf6_lsdb_show()


________________________________________________________________________________________________________
*** CID 1451360:  Null pointer dereferences  (FORWARD_NULL)
/ospf6d/ospf6_lsdb.c: 392 in ospf6_lsdb_show()
386     		return;
387     	}
388     
389     	if (level == OSPF6_LSDB_SHOW_LEVEL_NORMAL)
390     		ospf6_lsa_show_summary_header(vty);
391     
>>>     CID 1451360:  Null pointer dereferences  (FORWARD_NULL)
>>>     Dereferencing null pointer "adv_router".
392     	end = ospf6_lsdb_head(lsdb, !!type + !!(type && adv_router), *type,
393     			      *adv_router, &lsa);
394     	while (lsa) {
395     		if ((!adv_router || lsa->header->adv_router == *adv_router)
396     		    && (!id || lsa->header->id == *id))
397     			(*showfunc)(vty, lsa);


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRa7dJ8klHLUFWVd2fqpS-2B-2FHaN43B-2FQ11ntcKmbKat2WeHs8691VOJpZofPkpp-2BRBqc-3D_d-2Fi2nRutHp-2FDWtw8JRg-2Bc1m9CS4-2B5uVbodfDyLsp-2FJmfckndUcOOODaAuBBVsE7-2FZtxVcyesm9zAd2EdIJU4ZNAAPNfmA3LiyAFHoz3Wd6pcWr2-2Bwe0L-2BWE8iukP0M-2B8c3fPcXjOAZ5-2BGyhVoBZDr5ZVSHCAP5w415mIKfP6SIkptqMZml3PZEwsvikpN-2F9CBRid1HQOm5Eu4bXkrKOYog-3D-3D

To manage Coverity Scan email notifications for "frr at lists.nox.tf", click https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRbVDbis712qZDP-2FA8y06Nq4lcTWm1Zma8LQDNpOYqrETKrqBiM18kcBcL8b08LzBPOYJYGySZ4Vv7d5QYcnSbGxl3QyORKgEmDxh-2BE2mj6dp1V4JSs2jbMZuLnEQJOW0Z0-3D_d-2Fi2nRutHp-2FDWtw8JRg-2Bc1m9CS4-2B5uVbodfDyLsp-2FJmfckndUcOOODaAuBBVsE7-2FXfDmOtRf1bmUNbOeQa2CLZ6VBqgRoTkldMGwoGlOwSMqDDOa3Z07qQrwxTBe7U9oNzow-2BNQ5KeLG1oycW68kz8KbEMUYalbCc-2Bd-2BYrltuS7TDJnYntNr02LdzsVc2Vk0NHoSVbg1aW1P9GGyD5Jg7g-3D-3D




More information about the dev mailing list