[dev] New Defects reported by Coverity Scan for freerangerouting/frr

Fri Apr 20 09:39:52 EDT 2018

Hi,

Please find the latest report on new defect(s) introduced to freerangerouting/frr found with Coverity Scan.

3 new defect(s) introduced to freerangerouting/frr found with Coverity Scan.
1 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 3 of 3 defect(s)

** CID 1468032:  Null pointer dereferences  (FORWARD_NULL)

________________________________________________________________________________________________________
*** CID 1468032:  Null pointer dereferences  (FORWARD_NULL)
/pbrd/pbr_vty_clippy.c: 217 in pbr_map_nexthop()
211     	}
212     #if 1 /* anything that can fail? */
213     	if (_failcnt)
214     		return CMD_WARNING;
215     #endif
216     #endif
>>>     CID 1468032:  Null pointer dereferences  (FORWARD_NULL)
>>>     Passing null pointer "addr" to "pbr_map_nexthop_magic", which dereferences it.
217     	return pbr_map_nexthop_magic(self, vty, argc, argv, no, addr, addr_str, intf, name);
218     }
219     
220     /* pbr_policy => "[no] pbr-policy NAME$mapname" */
221     DEFUN_CMD_FUNC_DECL(pbr_policy)
222     #define funcdecl_pbr_policy static int pbr_policy_magic(\

** CID 1468031:  Integer handling issues  (OVERFLOW_BEFORE_WIDEN)
/pbrd/pbr_zebra.c: 497 in pbr_send_pbr_map()

________________________________________________________________________________________________________
*** CID 1468031:  Integer handling issues  (OVERFLOW_BEFORE_WIDEN)
/pbrd/pbr_zebra.c: 497 in pbr_send_pbr_map()
491     
492     void pbr_send_pbr_map(struct pbr_map_sequence *pbrms,
493     		      struct pbr_map_interface *pmi, bool install)
494     {
495     	struct pbr_map *pbrm = pbrms->parent;
496     	struct stream *s;
>>>     CID 1468031:  Integer handling issues  (OVERFLOW_BEFORE_WIDEN)
>>>     Potentially overflowing expression "1 << pmi->install_bit" with type "int" (32 bits, signed) is evaluated using 32-bit arithmetic, and then used in a context that expects an expression of type "uint64_t" (64 bits, unsigned).
497     	uint64_t is_installed = 1 << pmi->install_bit;
498     
499     	is_installed &= pbrms->installed;
500     
501     	DEBUGD(&pbr_dbg_zebra, "%s: for %s %d(%" PRIu64 ")",
502     	       __PRETTY_FUNCTION__, pbrm->name, install, is_installed);

** CID 1468030:  Null pointer dereferences  (FORWARD_NULL)

________________________________________________________________________________________________________
*** CID 1468030:  Null pointer dereferences  (FORWARD_NULL)
/lib/nexthop_group_clippy.c: 67 in ecmp_nexthops()
61     	}
62     #if 1 /* anything that can fail? */
63     	if (_failcnt)
64     		return CMD_WARNING;
65     #endif
66     #endif
>>>     CID 1468030:  Null pointer dereferences  (FORWARD_NULL)
>>>     Passing null pointer "addr" to "ecmp_nexthops_magic", which dereferences it.
67     	return ecmp_nexthops_magic(self, vty, argc, argv, no, addr, addr_str, intf, name);

________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRa7dJ8klHLUFWVd2fqpS-2B-2FHaN43B-2FQ11ntcKmbKat2WeHs8691VOJpZofPkpp-2BRBqc-3D_d-2Fi2nRutHp-2FDWtw8JRg-2Bc1m9CS4-2B5uVbodfDyLsp-2FJmGh1oaMARAwshhFtn8NYRudp-2F-2BH5-2F5x2CQ-2BpcOA7npruCrO2UBqb4TWewkFOVcwBEZQ5EUJpghix8hdXZedQnIoZ723C-2BIt6k-2BL0ccYU8-2FZkCsZOYBFDaHEyFLqxgGQaiHe-2FhtaajY0bWI8LFoHBt0eyF9nDdy0wXfc68KPKYU9g-3D-3D