New Defects reported by Coverity Scan for freerangerouting/frr
scan-admin at coverity.com
scan-admin at coverity.com
Fri Dec 6 19:36:58 EST 2019
Hi,
Please find the latest report on new defect(s) introduced to freerangerouting/frr found with Coverity Scan.
6 new defect(s) introduced to freerangerouting/frr found with Coverity Scan.
6 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 6 of 6 defect(s)
** CID 1488935: Error handling issues (CHECKED_RETURN)
/pimd/pim_vxlan.c: 248 in pim_vxlan_orig_mr_up_del()
________________________________________________________________________________________________________
*** CID 1488935: Error handling issues (CHECKED_RETURN)
/pimd/pim_vxlan.c: 248 in pim_vxlan_orig_mr_up_del()
242 __PRETTY_FUNCTION__);
243 }
244 /* if there are other references register the source
245 * for nht
246 */
247 if (up)
>>> CID 1488935: Error handling issues (CHECKED_RETURN)
>>> Calling "pim_rpf_update" without checking return value (as is done elsewhere 4 out of 5 times).
248 pim_rpf_update(vxlan_sg->pim, up, NULL, __func__);
249 }
250 }
251
252 static void pim_vxlan_orig_mr_up_iif_update(struct pim_vxlan_sg *vxlan_sg)
253 {
** CID 1488934: Uninitialized variables (UNINIT)
/pimd/pim_mroute.c: 989 in pim_mroute_add()
________________________________________________________________________________________________________
*** CID 1488934: Uninitialized variables (UNINIT)
/pimd/pim_mroute.c: 989 in pim_mroute_add()
983 * to the correct IIF afterwords.
984 */
985 if (!c_oil->installed && c_oil->oil.mfcc_origin.s_addr != INADDR_ANY
986 && c_oil->oil.mfcc_parent != 0) {
987 tmp_oil.mfcc_parent = 0;
988 }
>>> CID 1488934: Uninitialized variables (UNINIT)
>>> Using uninitialized value "tmp_oil". Field "tmp_oil.mfcc_pkt_cnt" is uninitialized when calling "setsockopt".
989 err = setsockopt(pim->mroute_socket, IPPROTO_IP, MRT_ADD_MFC,
990 &tmp_oil, sizeof(tmp_oil));
991
992 if (!err && !c_oil->installed
993 && c_oil->oil.mfcc_origin.s_addr != INADDR_ANY
994 && c_oil->oil.mfcc_parent != 0) {
** CID 1488933: Null pointer dereferences (REVERSE_INULL)
/zebra/zebra_nhg.c: 1415 in nexthop_active()
________________________________________________________________________________________________________
*** CID 1488933: Null pointer dereferences (REVERSE_INULL)
/zebra/zebra_nhg.c: 1415 in nexthop_active()
1409
1410 /* Lookup should halt if we've matched against ourselves ('top',
1411 * if specified) - i.e., we cannot have a nexthop NH1 is
1412 * resolved by a route NH1. The exception is if the route is a
1413 * host route.
1414 */
>>> CID 1488933: Null pointer dereferences (REVERSE_INULL)
>>> Null-checking "top" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
1415 if (top && rn == top)
1416 if (((afi == AFI_IP) && (rn->p.prefixlen != 32))
1417 || ((afi == AFI_IP6) && (rn->p.prefixlen != 128))) {
1418 if (IS_ZEBRA_DEBUG_RIB_DETAILED)
1419 zlog_debug(
1420 "\t%s: Matched against ourself and prefix length is not max bit length",
** CID 1488932: Null pointer dereferences (FORWARD_NULL)
________________________________________________________________________________________________________
*** CID 1488932: Null pointer dereferences (FORWARD_NULL)
/bgpd/bgp_evpn_vty.c: 3804 in bgp_evpn_advertise_pip_ip_mac_magic()
3798 update_advertise_vrf_routes(bgp_vrf);
3799
3800 /* Update (svi) type-2 routes */
3801 for (ALL_LIST_ELEMENTS_RO(bgp_vrf->l2vnis, node, vpn)) {
3802 if (!bgp_evpn_is_svi_macip_enabled(vpn))
3803 continue;
>>> CID 1488932: Null pointer dereferences (FORWARD_NULL)
>>> Passing null pointer "bgp_evpn" to "update_routes_for_vni", which dereferences it.
3804 update_routes_for_vni(bgp_evpn, vpn);
3805 }
3806 }
3807
3808 return CMD_SUCCESS;
3809 }
** CID 1485637: Incorrect expression (SIZEOF_MISMATCH)
/qpb/qpb_allocator.h: 57 in qpb_alloc_ptr_array()
________________________________________________________________________________________________________
*** CID 1485637: Incorrect expression (SIZEOF_MISMATCH)
/qpb/qpb_allocator.h: 57 in qpb_alloc_ptr_array()
51 *
52 * Allocate space for the specified number of pointers.
53 */
54 static inline void *qpb_alloc_ptr_array(qpb_allocator_t *allocator,
55 size_t num_ptrs)
56 {
>>> CID 1485637: Incorrect expression (SIZEOF_MISMATCH)
>>> Passing argument "num_ptrs * 8UL /* sizeof (void *) */" to function "qpb_alloc" which returns a value of type "void *" is suspicious.
57 return qpb_alloc(allocator, num_ptrs * sizeof(void *));
58 }
59
60 /*
61 * qpb_free
62 */
** CID 1485635: Incorrect expression (SIZEOF_MISMATCH)
/qpb/qpb.h: 124 in qpb__l3_prefix__get()
________________________________________________________________________________________________________
*** CID 1485635: Incorrect expression (SIZEOF_MISMATCH)
/qpb/qpb.h: 124 in qpb__l3_prefix__get()
118 uint8_t family, struct prefix *prefix)
119 {
120
121 switch (family) {
122
123 case AF_INET:
>>> CID 1485635: Incorrect expression (SIZEOF_MISMATCH)
>>> Passing argument "prefix" of type "struct prefix *" and argument "16UL" ("sizeof (struct prefix_ipv4)") to function "memset" is suspicious because a multiple of "sizeof (struct prefix) /*48*/" is expected.
124 memset(prefix, 0, sizeof(struct prefix_ipv4));
125 break;
126
127 case AF_INET6:
128 memset(prefix, 0, sizeof(struct prefix_ipv6));
129 break;
________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRa7dJ8klHLUFWVd2fqpS-2B-2FHaN43B-2FQ11ntcKmbKat2WeDU1AdI-2FBBrnda9ub5tlg3U-3D_d-2Fi2nRutHp-2FDWtw8JRg-2Bc1m9CS4-2B5uVbodfDyLsp-2FJnB4jF4Bb-2Bt0r8DSsRjoaVwjbCq4jtVZEXGUScuIk2tZeOZ7-2FQixNOoQLwSIQ0t4myCD6eK8EpeVg96dwKJ3PVBM49Oe1fLcFHCpvrXADHOzhfzp9NK5mOE79FjR6rJLcWu37YAV4wlO8-2FI5F8QatvcfJ76clM44Afx6z-2FUlEcc4w-3D-3D
More information about the dev
mailing list