New Defects reported by Coverity Scan for freerangerouting/frr

scan-admin at coverity.com scan-admin at coverity.com
Fri Dec 6 19:36:58 EST 2019


Hi,

Please find the latest report on new defect(s) introduced to freerangerouting/frr found with Coverity Scan.

6 new defect(s) introduced to freerangerouting/frr found with Coverity Scan.
6 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 6 of 6 defect(s)


** CID 1488935:  Error handling issues  (CHECKED_RETURN)
/pimd/pim_vxlan.c: 248 in pim_vxlan_orig_mr_up_del()


________________________________________________________________________________________________________
*** CID 1488935:  Error handling issues  (CHECKED_RETURN)
/pimd/pim_vxlan.c: 248 in pim_vxlan_orig_mr_up_del()
242     				__PRETTY_FUNCTION__);
243     		}
244     		/* if there are other references register the source
245     		 * for nht
246     		 */
247     		if (up)
>>>     CID 1488935:  Error handling issues  (CHECKED_RETURN)
>>>     Calling "pim_rpf_update" without checking return value (as is done elsewhere 4 out of 5 times).
248     			pim_rpf_update(vxlan_sg->pim, up, NULL, __func__);
249     	}
250     }
251     
252     static void pim_vxlan_orig_mr_up_iif_update(struct pim_vxlan_sg *vxlan_sg)
253     {

** CID 1488934:  Uninitialized variables  (UNINIT)
/pimd/pim_mroute.c: 989 in pim_mroute_add()


________________________________________________________________________________________________________
*** CID 1488934:  Uninitialized variables  (UNINIT)
/pimd/pim_mroute.c: 989 in pim_mroute_add()
983     	 * to the correct IIF afterwords.
984     	 */
985     	if (!c_oil->installed && c_oil->oil.mfcc_origin.s_addr != INADDR_ANY
986     	    && c_oil->oil.mfcc_parent != 0) {
987     		tmp_oil.mfcc_parent = 0;
988     	}
>>>     CID 1488934:  Uninitialized variables  (UNINIT)
>>>     Using uninitialized value "tmp_oil". Field "tmp_oil.mfcc_pkt_cnt" is uninitialized when calling "setsockopt".
989     	err = setsockopt(pim->mroute_socket, IPPROTO_IP, MRT_ADD_MFC,
990     			 &tmp_oil, sizeof(tmp_oil));
991     
992     	if (!err && !c_oil->installed
993     	    && c_oil->oil.mfcc_origin.s_addr != INADDR_ANY
994     	    && c_oil->oil.mfcc_parent != 0) {

** CID 1488933:  Null pointer dereferences  (REVERSE_INULL)
/zebra/zebra_nhg.c: 1415 in nexthop_active()


________________________________________________________________________________________________________
*** CID 1488933:  Null pointer dereferences  (REVERSE_INULL)
/zebra/zebra_nhg.c: 1415 in nexthop_active()
1409     
1410     		/* Lookup should halt if we've matched against ourselves ('top',
1411     		 * if specified) - i.e., we cannot have a nexthop NH1 is
1412     		 * resolved by a route NH1. The exception is if the route is a
1413     		 * host route.
1414     		 */
>>>     CID 1488933:  Null pointer dereferences  (REVERSE_INULL)
>>>     Null-checking "top" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
1415     		if (top && rn == top)
1416     			if (((afi == AFI_IP) && (rn->p.prefixlen != 32))
1417     			    || ((afi == AFI_IP6) && (rn->p.prefixlen != 128))) {
1418     				if (IS_ZEBRA_DEBUG_RIB_DETAILED)
1419     					zlog_debug(
1420     						"\t%s: Matched against ourself and prefix length is not max bit length",

** CID 1488932:  Null pointer dereferences  (FORWARD_NULL)


________________________________________________________________________________________________________
*** CID 1488932:  Null pointer dereferences  (FORWARD_NULL)
/bgpd/bgp_evpn_vty.c: 3804 in bgp_evpn_advertise_pip_ip_mac_magic()
3798     		update_advertise_vrf_routes(bgp_vrf);
3799     
3800     		/* Update (svi) type-2 routes */
3801     		for (ALL_LIST_ELEMENTS_RO(bgp_vrf->l2vnis, node, vpn)) {
3802     			if (!bgp_evpn_is_svi_macip_enabled(vpn))
3803     				continue;
>>>     CID 1488932:  Null pointer dereferences  (FORWARD_NULL)
>>>     Passing null pointer "bgp_evpn" to "update_routes_for_vni", which dereferences it.
3804     			update_routes_for_vni(bgp_evpn, vpn);
3805     		}
3806     	}
3807     
3808     	return CMD_SUCCESS;
3809     }

** CID 1485637:  Incorrect expression  (SIZEOF_MISMATCH)
/qpb/qpb_allocator.h: 57 in qpb_alloc_ptr_array()


________________________________________________________________________________________________________
*** CID 1485637:  Incorrect expression  (SIZEOF_MISMATCH)
/qpb/qpb_allocator.h: 57 in qpb_alloc_ptr_array()
51      *
52      * Allocate space for the specified number of pointers.
53      */
54     static inline void *qpb_alloc_ptr_array(qpb_allocator_t *allocator,
55     					size_t num_ptrs)
56     {
>>>     CID 1485637:  Incorrect expression  (SIZEOF_MISMATCH)
>>>     Passing argument "num_ptrs * 8UL /* sizeof (void *) */" to function "qpb_alloc" which returns a value of type "void *" is suspicious.
57     	return qpb_alloc(allocator, num_ptrs * sizeof(void *));
58     }
59     
60     /*
61      * qpb_free
62      */

** CID 1485635:  Incorrect expression  (SIZEOF_MISMATCH)
/qpb/qpb.h: 124 in qpb__l3_prefix__get()


________________________________________________________________________________________________________
*** CID 1485635:  Incorrect expression  (SIZEOF_MISMATCH)
/qpb/qpb.h: 124 in qpb__l3_prefix__get()
118     				      uint8_t family, struct prefix *prefix)
119     {
120     
121     	switch (family) {
122     
123     	case AF_INET:
>>>     CID 1485635:  Incorrect expression  (SIZEOF_MISMATCH)
>>>     Passing argument "prefix" of type "struct prefix *" and argument "16UL" ("sizeof (struct prefix_ipv4)") to function "memset" is suspicious because a multiple of "sizeof (struct prefix) /*48*/" is expected.
124     		memset(prefix, 0, sizeof(struct prefix_ipv4));
125     		break;
126     
127     	case AF_INET6:
128     		memset(prefix, 0, sizeof(struct prefix_ipv6));
129     		break;


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRa7dJ8klHLUFWVd2fqpS-2B-2FHaN43B-2FQ11ntcKmbKat2WeDU1AdI-2FBBrnda9ub5tlg3U-3D_d-2Fi2nRutHp-2FDWtw8JRg-2Bc1m9CS4-2B5uVbodfDyLsp-2FJnB4jF4Bb-2Bt0r8DSsRjoaVwjbCq4jtVZEXGUScuIk2tZeOZ7-2FQixNOoQLwSIQ0t4myCD6eK8EpeVg96dwKJ3PVBM49Oe1fLcFHCpvrXADHOzhfzp9NK5mOE79FjR6rJLcWu37YAV4wlO8-2FI5F8QatvcfJ76clM44Afx6z-2FUlEcc4w-3D-3D




More information about the dev mailing list