[dev] New Defects reported by Coverity Scan for freerangerouting/frr

scan-admin at coverity.com scan-admin at coverity.com
Fri Aug 2 08:03:57 EDT 2019


Hi,

Please find the latest report on new defect(s) introduced to freerangerouting/frr found with Coverity Scan.

11 new defect(s) introduced to freerangerouting/frr found with Coverity Scan.
15 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 11 of 11 defect(s)


** CID 1485637:  Incorrect expression  (SIZEOF_MISMATCH)
/qpb/qpb_allocator.h: 57 in qpb_alloc_ptr_array()


________________________________________________________________________________________________________
*** CID 1485637:  Incorrect expression  (SIZEOF_MISMATCH)
/qpb/qpb_allocator.h: 57 in qpb_alloc_ptr_array()
51      *
52      * Allocate space for the specified number of pointers.
53      */
54     static inline void *qpb_alloc_ptr_array(qpb_allocator_t *allocator,
55     					size_t num_ptrs)
56     {
>>>     CID 1485637:  Incorrect expression  (SIZEOF_MISMATCH)
>>>     Passing argument "num_ptrs * 8UL /* sizeof (void *) */" to function "qpb_alloc" which returns a value of type "void *" is suspicious.
57     	return qpb_alloc(allocator, num_ptrs * sizeof(void *));
58     }
59     
60     /*
61      * qpb_free
62      */

** CID 1485636:  Null pointer dereferences  (FORWARD_NULL)


________________________________________________________________________________________________________
*** CID 1485636:  Null pointer dereferences  (FORWARD_NULL)
/lib/filter.c: 2058 in access_list_exact()
2052     		prefix = argv[idx]->arg;
2053     
2054     	idx = 0;
2055     	if (argv_find(argv, argc, "exact-match", &idx))
2056     		exact = 1;
2057     
>>>     CID 1485636:  Null pointer dereferences  (FORWARD_NULL)
>>>     Passing null pointer "prefix" to "filter_set_zebra", which dereferences it.
2058     	return filter_set_zebra(vty, argv[1]->arg, seq, permit_deny,
2059     				AFI_IP, prefix, exact, 1);
2060     }
2061     
2062     DEFUN (access_list_any,
2063            access_list_any_cmd,

** CID 1485635:  Incorrect expression  (SIZEOF_MISMATCH)
/qpb/qpb.h: 124 in qpb__l3_prefix__get()


________________________________________________________________________________________________________
*** CID 1485635:  Incorrect expression  (SIZEOF_MISMATCH)
/qpb/qpb.h: 124 in qpb__l3_prefix__get()
118     				      uint8_t family, struct prefix *prefix)
119     {
120     
121     	switch (family) {
122     
123     	case AF_INET:
>>>     CID 1485635:  Incorrect expression  (SIZEOF_MISMATCH)
>>>     Passing argument "prefix" of type "struct prefix *" and argument "16UL" ("sizeof (struct prefix_ipv4)") to function "memset" is suspicious because a multiple of "sizeof (struct prefix) /*48*/" is expected.
124     		memset(prefix, 0, sizeof(struct prefix_ipv4));
125     		break;
126     
127     	case AF_INET6:
128     		memset(prefix, 0, sizeof(struct prefix_ipv6));
129     		break;

** CID 1485634:  Null pointer dereferences  (FORWARD_NULL)


________________________________________________________________________________________________________
*** CID 1485634:  Null pointer dereferences  (FORWARD_NULL)
/lib/filter.c: 1956 in no_mac_access_list()
1950     
1951     	idx = 0;
1952     	argv_find(argv, argc, "X:X:X:X:X:X", &idx);
1953     	if (idx)
1954     		mac = argv[idx]->arg;
1955     
>>>     CID 1485634:  Null pointer dereferences  (FORWARD_NULL)
>>>     Passing null pointer "mac" to "filter_set_zebra", which dereferences it.
1956     	return filter_set_zebra(vty, argv[2]->arg, seq, permit_deny, AFI_L2VPN,
1957     				mac, 0, 0);
1958     }
1959     
1960     DEFUN (mac_access_list_any,
1961            mac_access_list_any_cmd,

** CID 1485633:  Null pointer dereferences  (REVERSE_INULL)
/zebra/zebra_vty.c: 1021 in show_route_all_table_vrf_magic()


________________________________________________________________________________________________________
*** CID 1485633:  Null pointer dereferences  (REVERSE_INULL)
/zebra/zebra_vty.c: 1021 in show_route_all_table_vrf_magic()
1015     		rib_table_info_t *info = route_table_get_info(zrt->table);
1016     
1017     		if (zvrf && zvrf != info->zvrf)
1018     			continue;
1019     		if (zrt->afi != afi || zrt->safi != SAFI_UNICAST)
1020     			continue;
>>>     CID 1485633:  Null pointer dereferences  (REVERSE_INULL)
>>>     Null-checking "zrt->table" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
1021     		if (zrt->table)
1022     			do_show_route_helper(vty, info->zvrf, zrt->table, afi,
1023     					     false, 0, false, false,
1024     					     0, 0, !!json, zrt->tableid);
1025     	}
1026     	return CMD_SUCCESS;

** CID 1485632:    (FORWARD_NULL)


________________________________________________________________________________________________________
*** CID 1485632:    (FORWARD_NULL)
/pimd/pim_zebra.c: 1240 in pim_forward_start()
1234     			pim_channel_oil_change_iif(pim, up->channel_oil,
1235     						   MAXVIFS,
1236     						   __PRETTY_FUNCTION__);
1237     		}
1238     
1239     		else
>>>     CID 1485632:    (FORWARD_NULL)
>>>     Passing null pointer "up->channel_oil" to "pim_channel_oil_change_iif", which dereferences it.
1240     			pim_channel_oil_change_iif(pim, up->channel_oil,
1241     						   input_iface_vif_index,
1242     						   __PRETTY_FUNCTION__);
1243     
1244     		if (PIM_DEBUG_TRACE) {
1245     			struct interface *in_intf = pim_if_find_by_vif_index(
/pimd/pim_zebra.c: 1234 in pim_forward_start()
1228     					       source_str, sizeof(source_str));
1229     				zlog_debug(
1230     					"%s %s: could not find input interface for source %s",
1231     					__FILE__, __PRETTY_FUNCTION__,
1232     					source_str);
1233     			}
>>>     CID 1485632:    (FORWARD_NULL)
>>>     Passing null pointer "up->channel_oil" to "pim_channel_oil_change_iif", which dereferences it.
1234     			pim_channel_oil_change_iif(pim, up->channel_oil,
1235     						   MAXVIFS,
1236     						   __PRETTY_FUNCTION__);
1237     		}
1238     
1239     		else

** CID 1485631:  Null pointer dereferences  (FORWARD_NULL)


________________________________________________________________________________________________________
*** CID 1485631:  Null pointer dereferences  (FORWARD_NULL)
/lib/filter.c: 1919 in mac_access_list()
1913     
1914     	idx = 0;
1915     	argv_find(argv, argc, "X:X:X:X:X:X", &idx);
1916     	if (idx)
1917     		mac = argv[idx]->arg;
1918     
>>>     CID 1485631:  Null pointer dereferences  (FORWARD_NULL)
>>>     Passing null pointer "mac" to "filter_set_zebra", which dereferences it.
1919     	return filter_set_zebra(vty, argv[2]->arg, seq, permit_deny, AFI_L2VPN,
1920     				mac, 0, 1);
1921     }
1922     
1923     DEFUN (no_mac_access_list,
1924            no_mac_access_list_cmd,

** CID 1485630:  API usage errors  (LOCK)
/lib/log.c: 435 in vzlog()


________________________________________________________________________________________________________
*** CID 1485630:  API usage errors  (LOCK)
/lib/log.c: 435 in vzlog()
429     			proto_str, msg, &tsctl);
430     
431     out:
432     	if (msg != buf)
433     		XFREE(MTYPE_TMP, msg);
434     	errno = original_errno;
>>>     CID 1485630:  API usage errors  (LOCK)
>>>     "pthread_mutex_unlock" unlocks "loglock" while it is unlocked.
435     	pthread_mutex_unlock(&loglock);
436     }
437     
438     int vzlog_test(int priority)
439     {
440     	pthread_mutex_lock(&loglock);

** CID 1485629:  Null pointer dereferences  (FORWARD_NULL)


________________________________________________________________________________________________________
*** CID 1485629:  Null pointer dereferences  (FORWARD_NULL)
/lib/filter.c: 2375 in no_ipv6_access_list_exact()
2369     		prefix = argv[idx]->arg;
2370     
2371     	idx = 0;
2372     	if (argv_find(argv, argc, "exact-match", &idx))
2373     		exact = 1;
2374     
>>>     CID 1485629:  Null pointer dereferences  (FORWARD_NULL)
>>>     Passing null pointer "prefix" to "filter_set_zebra", which dereferences it.
2375     	return filter_set_zebra(vty, argv[idx_word]->arg, seq, permit_deny,
2376     				AFI_IP6, prefix, exact, 0);
2377     }
2378     
2379     DEFUN (no_ipv6_access_list_any,
2380            no_ipv6_access_list_any_cmd,

** CID 1485628:  Null pointer dereferences  (FORWARD_NULL)


________________________________________________________________________________________________________
*** CID 1485628:  Null pointer dereferences  (FORWARD_NULL)
/lib/filter.c: 2130 in no_access_list_exact()
2124     		prefix = argv[idx]->arg;
2125     
2126     	idx = 0;
2127     	if (argv_find(argv, argc, "exact-match", &idx))
2128     		exact = 1;
2129     
>>>     CID 1485628:  Null pointer dereferences  (FORWARD_NULL)
>>>     Passing null pointer "prefix" to "filter_set_zebra", which dereferences it.
2130     	return filter_set_zebra(vty, argv[2]->arg, seq, permit_deny,
2131     				AFI_IP, prefix, exact, 0);
2132     }
2133     
2134     DEFUN (no_access_list_any,
2135            no_access_list_any_cmd,

** CID 1399256:  Null pointer dereferences  (FORWARD_NULL)


________________________________________________________________________________________________________
*** CID 1399256:  Null pointer dereferences  (FORWARD_NULL)
/lib/filter.c: 2300 in ipv6_access_list_exact()
2294     		prefix = argv[idx]->arg;
2295     
2296     	idx = 0;
2297     	if (argv_find(argv, argc, "exact-match", &idx))
2298     		exact = 1;
2299     
>>>     CID 1399256:  Null pointer dereferences  (FORWARD_NULL)
>>>     Passing null pointer "prefix" to "filter_set_zebra", which dereferences it.
2300     	return filter_set_zebra(vty, argv[idx_word]->arg, seq, permit_deny,
2301     				AFI_IP6, prefix, exact, 1);
2302     }
2303     
2304     DEFUN (ipv6_access_list_any,
2305            ipv6_access_list_any_cmd,


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRa7dJ8klHLUFWVd2fqpS-2B-2FHaN43B-2FQ11ntcKmbKat2WeDU1AdI-2FBBrnda9ub5tlg3U-3D_d-2Fi2nRutHp-2FDWtw8JRg-2Bc1m9CS4-2B5uVbodfDyLsp-2FJkYIxzOLeZwxzrsE36xt7Ful1gVMAp6gA43jYHfrn14kbEOlWy3DVAMeqhK-2BXcammTZWfur4XfofQKfMPAJs0GqrQ2waXtSQr2O-2FvhJ2Ftx-2B8hOzD3prJOYj-2Fj0Z1WX43-2BvA2L0vtK7r4jS8vGmdqNZ0CtaQDSak-2FQqLtG1d-2BPX-2Fg-3D-3D




More information about the dev mailing list