[dev] New Defects reported by Coverity Scan for freerangerouting/frr
scan-admin at coverity.com
scan-admin at coverity.com
Fri Aug 2 08:03:57 EDT 2019
Hi,
Please find the latest report on new defect(s) introduced to freerangerouting/frr found with Coverity Scan.
11 new defect(s) introduced to freerangerouting/frr found with Coverity Scan.
15 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 11 of 11 defect(s)
** CID 1485637: Incorrect expression (SIZEOF_MISMATCH)
/qpb/qpb_allocator.h: 57 in qpb_alloc_ptr_array()
________________________________________________________________________________________________________
*** CID 1485637: Incorrect expression (SIZEOF_MISMATCH)
/qpb/qpb_allocator.h: 57 in qpb_alloc_ptr_array()
51 *
52 * Allocate space for the specified number of pointers.
53 */
54 static inline void *qpb_alloc_ptr_array(qpb_allocator_t *allocator,
55 size_t num_ptrs)
56 {
>>> CID 1485637: Incorrect expression (SIZEOF_MISMATCH)
>>> Passing argument "num_ptrs * 8UL /* sizeof (void *) */" to function "qpb_alloc" which returns a value of type "void *" is suspicious.
57 return qpb_alloc(allocator, num_ptrs * sizeof(void *));
58 }
59
60 /*
61 * qpb_free
62 */
** CID 1485636: Null pointer dereferences (FORWARD_NULL)
________________________________________________________________________________________________________
*** CID 1485636: Null pointer dereferences (FORWARD_NULL)
/lib/filter.c: 2058 in access_list_exact()
2052 prefix = argv[idx]->arg;
2053
2054 idx = 0;
2055 if (argv_find(argv, argc, "exact-match", &idx))
2056 exact = 1;
2057
>>> CID 1485636: Null pointer dereferences (FORWARD_NULL)
>>> Passing null pointer "prefix" to "filter_set_zebra", which dereferences it.
2058 return filter_set_zebra(vty, argv[1]->arg, seq, permit_deny,
2059 AFI_IP, prefix, exact, 1);
2060 }
2061
2062 DEFUN (access_list_any,
2063 access_list_any_cmd,
** CID 1485635: Incorrect expression (SIZEOF_MISMATCH)
/qpb/qpb.h: 124 in qpb__l3_prefix__get()
________________________________________________________________________________________________________
*** CID 1485635: Incorrect expression (SIZEOF_MISMATCH)
/qpb/qpb.h: 124 in qpb__l3_prefix__get()
118 uint8_t family, struct prefix *prefix)
119 {
120
121 switch (family) {
122
123 case AF_INET:
>>> CID 1485635: Incorrect expression (SIZEOF_MISMATCH)
>>> Passing argument "prefix" of type "struct prefix *" and argument "16UL" ("sizeof (struct prefix_ipv4)") to function "memset" is suspicious because a multiple of "sizeof (struct prefix) /*48*/" is expected.
124 memset(prefix, 0, sizeof(struct prefix_ipv4));
125 break;
126
127 case AF_INET6:
128 memset(prefix, 0, sizeof(struct prefix_ipv6));
129 break;
** CID 1485634: Null pointer dereferences (FORWARD_NULL)
________________________________________________________________________________________________________
*** CID 1485634: Null pointer dereferences (FORWARD_NULL)
/lib/filter.c: 1956 in no_mac_access_list()
1950
1951 idx = 0;
1952 argv_find(argv, argc, "X:X:X:X:X:X", &idx);
1953 if (idx)
1954 mac = argv[idx]->arg;
1955
>>> CID 1485634: Null pointer dereferences (FORWARD_NULL)
>>> Passing null pointer "mac" to "filter_set_zebra", which dereferences it.
1956 return filter_set_zebra(vty, argv[2]->arg, seq, permit_deny, AFI_L2VPN,
1957 mac, 0, 0);
1958 }
1959
1960 DEFUN (mac_access_list_any,
1961 mac_access_list_any_cmd,
** CID 1485633: Null pointer dereferences (REVERSE_INULL)
/zebra/zebra_vty.c: 1021 in show_route_all_table_vrf_magic()
________________________________________________________________________________________________________
*** CID 1485633: Null pointer dereferences (REVERSE_INULL)
/zebra/zebra_vty.c: 1021 in show_route_all_table_vrf_magic()
1015 rib_table_info_t *info = route_table_get_info(zrt->table);
1016
1017 if (zvrf && zvrf != info->zvrf)
1018 continue;
1019 if (zrt->afi != afi || zrt->safi != SAFI_UNICAST)
1020 continue;
>>> CID 1485633: Null pointer dereferences (REVERSE_INULL)
>>> Null-checking "zrt->table" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
1021 if (zrt->table)
1022 do_show_route_helper(vty, info->zvrf, zrt->table, afi,
1023 false, 0, false, false,
1024 0, 0, !!json, zrt->tableid);
1025 }
1026 return CMD_SUCCESS;
** CID 1485632: (FORWARD_NULL)
________________________________________________________________________________________________________
*** CID 1485632: (FORWARD_NULL)
/pimd/pim_zebra.c: 1240 in pim_forward_start()
1234 pim_channel_oil_change_iif(pim, up->channel_oil,
1235 MAXVIFS,
1236 __PRETTY_FUNCTION__);
1237 }
1238
1239 else
>>> CID 1485632: (FORWARD_NULL)
>>> Passing null pointer "up->channel_oil" to "pim_channel_oil_change_iif", which dereferences it.
1240 pim_channel_oil_change_iif(pim, up->channel_oil,
1241 input_iface_vif_index,
1242 __PRETTY_FUNCTION__);
1243
1244 if (PIM_DEBUG_TRACE) {
1245 struct interface *in_intf = pim_if_find_by_vif_index(
/pimd/pim_zebra.c: 1234 in pim_forward_start()
1228 source_str, sizeof(source_str));
1229 zlog_debug(
1230 "%s %s: could not find input interface for source %s",
1231 __FILE__, __PRETTY_FUNCTION__,
1232 source_str);
1233 }
>>> CID 1485632: (FORWARD_NULL)
>>> Passing null pointer "up->channel_oil" to "pim_channel_oil_change_iif", which dereferences it.
1234 pim_channel_oil_change_iif(pim, up->channel_oil,
1235 MAXVIFS,
1236 __PRETTY_FUNCTION__);
1237 }
1238
1239 else
** CID 1485631: Null pointer dereferences (FORWARD_NULL)
________________________________________________________________________________________________________
*** CID 1485631: Null pointer dereferences (FORWARD_NULL)
/lib/filter.c: 1919 in mac_access_list()
1913
1914 idx = 0;
1915 argv_find(argv, argc, "X:X:X:X:X:X", &idx);
1916 if (idx)
1917 mac = argv[idx]->arg;
1918
>>> CID 1485631: Null pointer dereferences (FORWARD_NULL)
>>> Passing null pointer "mac" to "filter_set_zebra", which dereferences it.
1919 return filter_set_zebra(vty, argv[2]->arg, seq, permit_deny, AFI_L2VPN,
1920 mac, 0, 1);
1921 }
1922
1923 DEFUN (no_mac_access_list,
1924 no_mac_access_list_cmd,
** CID 1485630: API usage errors (LOCK)
/lib/log.c: 435 in vzlog()
________________________________________________________________________________________________________
*** CID 1485630: API usage errors (LOCK)
/lib/log.c: 435 in vzlog()
429 proto_str, msg, &tsctl);
430
431 out:
432 if (msg != buf)
433 XFREE(MTYPE_TMP, msg);
434 errno = original_errno;
>>> CID 1485630: API usage errors (LOCK)
>>> "pthread_mutex_unlock" unlocks "loglock" while it is unlocked.
435 pthread_mutex_unlock(&loglock);
436 }
437
438 int vzlog_test(int priority)
439 {
440 pthread_mutex_lock(&loglock);
** CID 1485629: Null pointer dereferences (FORWARD_NULL)
________________________________________________________________________________________________________
*** CID 1485629: Null pointer dereferences (FORWARD_NULL)
/lib/filter.c: 2375 in no_ipv6_access_list_exact()
2369 prefix = argv[idx]->arg;
2370
2371 idx = 0;
2372 if (argv_find(argv, argc, "exact-match", &idx))
2373 exact = 1;
2374
>>> CID 1485629: Null pointer dereferences (FORWARD_NULL)
>>> Passing null pointer "prefix" to "filter_set_zebra", which dereferences it.
2375 return filter_set_zebra(vty, argv[idx_word]->arg, seq, permit_deny,
2376 AFI_IP6, prefix, exact, 0);
2377 }
2378
2379 DEFUN (no_ipv6_access_list_any,
2380 no_ipv6_access_list_any_cmd,
** CID 1485628: Null pointer dereferences (FORWARD_NULL)
________________________________________________________________________________________________________
*** CID 1485628: Null pointer dereferences (FORWARD_NULL)
/lib/filter.c: 2130 in no_access_list_exact()
2124 prefix = argv[idx]->arg;
2125
2126 idx = 0;
2127 if (argv_find(argv, argc, "exact-match", &idx))
2128 exact = 1;
2129
>>> CID 1485628: Null pointer dereferences (FORWARD_NULL)
>>> Passing null pointer "prefix" to "filter_set_zebra", which dereferences it.
2130 return filter_set_zebra(vty, argv[2]->arg, seq, permit_deny,
2131 AFI_IP, prefix, exact, 0);
2132 }
2133
2134 DEFUN (no_access_list_any,
2135 no_access_list_any_cmd,
** CID 1399256: Null pointer dereferences (FORWARD_NULL)
________________________________________________________________________________________________________
*** CID 1399256: Null pointer dereferences (FORWARD_NULL)
/lib/filter.c: 2300 in ipv6_access_list_exact()
2294 prefix = argv[idx]->arg;
2295
2296 idx = 0;
2297 if (argv_find(argv, argc, "exact-match", &idx))
2298 exact = 1;
2299
>>> CID 1399256: Null pointer dereferences (FORWARD_NULL)
>>> Passing null pointer "prefix" to "filter_set_zebra", which dereferences it.
2300 return filter_set_zebra(vty, argv[idx_word]->arg, seq, permit_deny,
2301 AFI_IP6, prefix, exact, 1);
2302 }
2303
2304 DEFUN (ipv6_access_list_any,
2305 ipv6_access_list_any_cmd,
________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRa7dJ8klHLUFWVd2fqpS-2B-2FHaN43B-2FQ11ntcKmbKat2WeDU1AdI-2FBBrnda9ub5tlg3U-3D_d-2Fi2nRutHp-2FDWtw8JRg-2Bc1m9CS4-2B5uVbodfDyLsp-2FJkYIxzOLeZwxzrsE36xt7Ful1gVMAp6gA43jYHfrn14kbEOlWy3DVAMeqhK-2BXcammTZWfur4XfofQKfMPAJs0GqrQ2waXtSQr2O-2FvhJ2Ftx-2B8hOzD3prJOYj-2Fj0Z1WX43-2BvA2L0vtK7r4jS8vGmdqNZ0CtaQDSak-2FQqLtG1d-2BPX-2Fg-3D-3D
More information about the dev
mailing list