[dev] New Defects reported by Coverity Scan for freerangerouting/frr
scan-admin at coverity.com
scan-admin at coverity.com
Mon Jun 11 11:53:14 EDT 2018
Hi,
Please find the latest report on new defect(s) introduced to freerangerouting/frr found with Coverity Scan.
6 new defect(s) introduced to freerangerouting/frr found with Coverity Scan.
4 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 6 of 6 defect(s)
** CID 1469898: Uninitialized variables (UNINIT)
________________________________________________________________________________________________________
*** CID 1469898: Uninitialized variables (UNINIT)
/lib/command.c: 270 in argv_concat()
264 int cnt = argc - shift;
265 const char *argstr[cnt];
266
267 for (int i = 0; i < cnt; i++)
268 argstr[i] = argv[i + shift]->arg;
269
>>> CID 1469898: Uninitialized variables (UNINIT)
>>> Using uninitialized element of array "argstr" when calling "frrstr_join".
270 return frrstr_join(argstr, cnt, " ");
271 }
272
273 vector cmd_make_strvec(const char *string)
274 {
275 if (!string)
** CID 1469897: Memory - corruptions (OVERRUN)
/bgpd/bgp_route.c: 6978 in route_vty_out_tag()
________________________________________________________________________________________________________
*** CID 1469897: Memory - corruptions (OVERRUN)
/bgpd/bgp_route.c: 6978 in route_vty_out_tag()
6972 } else if (attr->mp_nexthop_len
6973 == BGP_ATTR_NHLEN_IPV6_GLOBAL_AND_LL) {
6974 if (json) {
6975 inet_ntop(AF_INET6,
6976 &attr->mp_nexthop_global,
6977 buf_a, BUFSIZ);
>>> CID 1469897: Memory - corruptions (OVERRUN)
>>> Overrunning array "buf_b" of 512 bytes by passing it to a function which accesses it at byte offset 8191 using argument "8192U".
6978 inet_ntop(AF_INET6,
6979 &attr->mp_nexthop_local,
6980 buf_b, BUFSIZ);
6981 sprintf(buf_c, "%s(%s)", buf_a, buf_b);
6982 json_object_string_add(
6983 json_out,
** CID 1469896: Null pointer dereferences (FORWARD_NULL)
________________________________________________________________________________________________________
*** CID 1469896: Null pointer dereferences (FORWARD_NULL)
/vtysh/vtysh.c: 556 in vtysh_execute_func()
550
551 if (vline == NULL && vty->is_paged) {
552 vty_close_pager(vty);
553 return CMD_SUCCESS;
554 }
555
>>> CID 1469896: Null pointer dereferences (FORWARD_NULL)
>>> Passing null pointer "vline" to "cmd_execute_command", which dereferences it.
556 ret = cmd_execute_command(vline, vty, &cmd, 1);
557 cmd_free_strvec(vline);
558 if (ret != CMD_SUCCESS_DAEMON)
559 break;
560 } else if (cmd->func) {
561 (*cmd->func)(cmd, vty, 0, NULL);
** CID 1469895: Null pointer dereferences (FORWARD_NULL)
/lib/vty.c: 129 in vty_set_include()
________________________________________________________________________________________________________
*** CID 1469895: Null pointer dereferences (FORWARD_NULL)
/lib/vty.c: 129 in vty_set_include()
123 if (!regexp && vty->filter) {
124 regfree(&vty->include);
125 vty->filter = false;
126 return true;
127 }
128
>>> CID 1469895: Null pointer dereferences (FORWARD_NULL)
>>> Passing null pointer "regexp" to "regcomp", which dereferences it.
129 errcode = regcomp(&vty->include, regexp,
130 REG_EXTENDED | REG_NEWLINE | REG_NOSUB);
131 if (errcode) {
132 ret = false;
133 regerror(ret, &vty->include, errbuf, sizeof(errbuf));
134 vty_out(vty, "%% Regex compilation error: %s", errbuf);
** CID 1469894: Null pointer dereferences (NULL_RETURNS)
/lib/command.c: 1216 in handle_pipe_action()
________________________________________________________________________________________________________
*** CID 1469894: Null pointer dereferences (NULL_RETURNS)
/lib/command.c: 1216 in handle_pipe_action()
1210
1211 if (!succ) {
1212 vty_out(vty, "%% Bad regexp '%s'\n", regexp);
1213 goto fail;
1214 }
1215 *cmd_out = XSTRDUP(MTYPE_TMP, cmd_in);
>>> CID 1469894: Null pointer dereferences (NULL_RETURNS)
>>> Dereferencing a null pointer "strstr(*cmd_out, "|")".
1216 *(strstr(*cmd_out, "|")) = '\0';
1217 } else {
1218 vty_out(vty, "%% Unknown action '%s'\n", token);
1219 goto fail;
1220 }
1221
** CID 1469893: Memory - corruptions (OVERRUN)
/bgpd/bgp_route.c: 6975 in route_vty_out_tag()
________________________________________________________________________________________________________
*** CID 1469893: Memory - corruptions (OVERRUN)
/bgpd/bgp_route.c: 6975 in route_vty_out_tag()
6969 AF_INET6,
6970 &attr->mp_nexthop_global,
6971 buf_a, BUFSIZ));
6972 } else if (attr->mp_nexthop_len
6973 == BGP_ATTR_NHLEN_IPV6_GLOBAL_AND_LL) {
6974 if (json) {
>>> CID 1469893: Memory - corruptions (OVERRUN)
>>> Overrunning array "buf_a" of 512 bytes by passing it to a function which accesses it at byte offset 8191 using argument "8192U".
6975 inet_ntop(AF_INET6,
6976 &attr->mp_nexthop_global,
6977 buf_a, BUFSIZ);
6978 inet_ntop(AF_INET6,
6979 &attr->mp_nexthop_local,
6980 buf_b, BUFSIZ);
________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRa7dJ8klHLUFWVd2fqpS-2B-2FHaN43B-2FQ11ntcKmbKat2WeHs8691VOJpZofPkpp-2BRBqc-3D_d-2Fi2nRutHp-2FDWtw8JRg-2Bc1m9CS4-2B5uVbodfDyLsp-2FJlZwukMp6Bk4JKeKPG1HI-2FVbPjLfRWHglruetYozJ8WBBXHMUeGOaeEg0yD-2FhdxmNH5E5IkYWliKi-2B4yY75dl-2BXbSnc-2BUbkzvZ0vC0fqJDL5yvRF032ts4f4La4LQMkFFRWXMVq1QQZ6hX92SL0rrjj4hyE-2Bo1te6aQ2ktZC4RsMA-3D-3D
More information about the dev
mailing list