[dev] New Defects reported by Coverity Scan for freerangerouting/frr
scan-admin at coverity.com
scan-admin at coverity.com
Wed Mar 20 11:30:20 EDT 2019
Hi,
Please find the latest report on new defect(s) introduced to freerangerouting/frr found with Coverity Scan.
13 new defect(s) introduced to freerangerouting/frr found with Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 13 of 13 defect(s)
** CID 1479151: Null pointer dereferences (NULL_RETURNS)
/pbrd/pbr_zebra.c: 111 in interface_address_add()
________________________________________________________________________________________________________
*** CID 1479151: Null pointer dereferences (NULL_RETURNS)
/pbrd/pbr_zebra.c: 111 in interface_address_add()
105 {
106 struct connected *c;
107 char buf[PREFIX_STRLEN];
108
109 c = zebra_interface_address_read(command, zclient->ibuf, vrf_id);
110
>>> CID 1479151: Null pointer dereferences (NULL_RETURNS)
>>> Dereferencing a null pointer "c".
111 DEBUGD(&pbr_dbg_zebra,
112 "%s: %s added %s", __PRETTY_FUNCTION__, c->ifp->name,
113 prefix2str(c->address, buf, sizeof(buf)));
114
115 return 0;
116 }
** CID 1479150: Null pointer dereferences (FORWARD_NULL)
________________________________________________________________________________________________________
*** CID 1479150: Null pointer dereferences (FORWARD_NULL)
/bgpd/bgp_routemap.c: 2013 in route_set_lcommunity_delete_compile()
2007 str = XCALLOC(MTYPE_ROUTE_MAP_COMPILED, len + 1);
2008 memcpy(str, arg, len);
2009 } else
2010 str = NULL;
2011
2012 rcom->name = str;
>>> CID 1479150: Null pointer dereferences (FORWARD_NULL)
>>> Passing null pointer "rcom->name" to "bgp_clist_hash_key", which dereferences it.
2013 rcom->name_hash = bgp_clist_hash_key(rcom->name);
2014 return rcom;
2015 }
2016
2017 /* Free function for set lcommunity. */
2018 static void route_set_lcommunity_delete_free(void *rule)
** CID 1479149: Control flow issues (DEADCODE)
/zebra/zebra_rib.c: 486 in nexthop_active()
________________________________________________________________________________________________________
*** CID 1479149: Control flow issues (DEADCODE)
/zebra/zebra_rib.c: 486 in nexthop_active()
480 __PRETTY_FUNCTION__, ifp->name);
481 return 0;
482 }
483 }
484 if (!if_is_operative(ifp)) {
485 if (IS_ZEBRA_DEBUG_RIB_DETAILED)
>>> CID 1479149: Control flow issues (DEADCODE)
>>> Execution cannot reach the expression ""Unknown"" inside this statement: "zlog_debug("\t%s: Interface...".
486 zlog_debug(
487 "\t%s: Interface %s is not unnumbered",
488 __PRETTY_FUNCTION__,
489 ifp ? ifp->name : "Unknown");
490 return 0;
491 }
** CID 1479148: Incorrect expression (COPY_PASTE_ERROR)
/zebra/zebra_rib.c: 1940 in rib_process_result()
________________________________________________________________________________________________________
*** CID 1479148: Incorrect expression (COPY_PASTE_ERROR)
/zebra/zebra_rib.c: 1940 in rib_process_result()
1934 if (old_re->dplane_sequence != dplane_ctx_get_old_seq(ctx)) {
1935 if (IS_ZEBRA_DEBUG_DPLANE_DETAIL)
1936 zlog_debug("%u:%s Stale dplane result for old_re %p",
1937 dplane_ctx_get_vrf(ctx),
1938 dest_str, old_re);
1939 } else
>>> CID 1479148: Incorrect expression (COPY_PASTE_ERROR)
>>> "re" in "re->status" looks like a copy-paste error.
1940 UNSET_FLAG(re->status, ROUTE_ENTRY_QUEUED);
1941 }
1942
1943 switch (op) {
1944 case DPLANE_OP_ROUTE_INSTALL:
1945 case DPLANE_OP_ROUTE_UPDATE:
** CID 1479147: Null pointer dereferences (FORWARD_NULL)
________________________________________________________________________________________________________
*** CID 1479147: Null pointer dereferences (FORWARD_NULL)
/zebra/zebra_vxlan.c: 9215 in zebra_vxlan_dad_mac_auto_recovery_exp()
9209 zebra_neigh_t *nbr = NULL;
9210 char buf[ETHER_ADDR_STRLEN];
9211
9212 mac = THREAD_ARG(t);
9213
9214 /* since this is asynchronous we need sanity checks*/
>>> CID 1479147: Null pointer dereferences (FORWARD_NULL)
>>> Passing null pointer "zvni" to "zvni_mac_lookup", which dereferences it.
9215 mac = zvni_mac_lookup(zvni, &mac->macaddr);
9216 if (!mac)
9217 return 0;
9218
9219 zvni = zvni_lookup(mac->zvni->vni);
9220 if (!zvni)
** CID 1479146: Null pointer dereferences (FORWARD_NULL)
/zebra/zebra_rib.c: 1940 in rib_process_result()
________________________________________________________________________________________________________
*** CID 1479146: Null pointer dereferences (FORWARD_NULL)
/zebra/zebra_rib.c: 1940 in rib_process_result()
1934 if (old_re->dplane_sequence != dplane_ctx_get_old_seq(ctx)) {
1935 if (IS_ZEBRA_DEBUG_DPLANE_DETAIL)
1936 zlog_debug("%u:%s Stale dplane result for old_re %p",
1937 dplane_ctx_get_vrf(ctx),
1938 dest_str, old_re);
1939 } else
>>> CID 1479146: Null pointer dereferences (FORWARD_NULL)
>>> Dereferencing null pointer "re".
1940 UNSET_FLAG(re->status, ROUTE_ENTRY_QUEUED);
1941 }
1942
1943 switch (op) {
1944 case DPLANE_OP_ROUTE_INSTALL:
1945 case DPLANE_OP_ROUTE_UPDATE:
** CID 1479145: Null pointer dereferences (NULL_RETURNS)
________________________________________________________________________________________________________
*** CID 1479145: Null pointer dereferences (NULL_RETURNS)
/zebra/zebra_vxlan.c: 5527 in process_remote_macip_del()
5521 if (IS_ZEBRA_DEBUG_VXLAN)
5522 zlog_debug("%s: IP %s (flags 0x%x intf %s) is remote and duplicate, read kernel for local entry",
5523 __PRETTY_FUNCTION__,
5524 ipaddr2str(ipaddr, buf1,
5525 sizeof(buf1)), n->flags,
5526 vlan_if->name);
>>> CID 1479145: Null pointer dereferences (NULL_RETURNS)
>>> Dereferencing a pointer that might be null "vlan_if" when calling "neigh_read_specific_ip".
5527 neigh_read_specific_ip(ipaddr, vlan_if);
5528 }
5529
5530 /* When the MAC changes for an IP, it is possible the
5531 * client may update the new MAC before trying to delete the
5532 * "old" neighbor (as these are two different MACIP routes).
** CID 1479144: Control flow issues (DEADCODE)
/bgpd/bgp_mplsvpn.c: 322 in vpn_leak_zebra_vrf_label_withdraw()
________________________________________________________________________________________________________
*** CID 1479144: Control flow issues (DEADCODE)
/bgpd/bgp_mplsvpn.c: 322 in vpn_leak_zebra_vrf_label_withdraw()
316 if (debug) {
317 zlog_debug("%s: deleting label for vrf %s (id=%d)", __func__,
318 bgp->name_pretty, bgp->vrf_id);
319 }
320
321 if (label == BGP_PREVENT_VRF_2_VRF_LEAK)
>>> CID 1479144: Control flow issues (DEADCODE)
>>> Execution cannot reach this statement: "label = 4294967295U;".
322 label = MPLS_LABEL_NONE;
323
324 zclient_send_vrf_label(zclient, bgp->vrf_id, afi, label, ZEBRA_LSP_BGP);
325 bgp->vpn_policy[afi].tovpn_zebra_vrf_label_last_sent = label;
326 }
327
** CID 1479143: Null pointer dereferences (FORWARD_NULL)
________________________________________________________________________________________________________
*** CID 1479143: Null pointer dereferences (FORWARD_NULL)
/bgpd/bgp_routemap.c: 2108 in route_set_community_delete_compile()
2102 str = XCALLOC(MTYPE_ROUTE_MAP_COMPILED, len + 1);
2103 memcpy(str, arg, len);
2104 } else
2105 str = NULL;
2106
2107 rcom->name = str;
>>> CID 1479143: Null pointer dereferences (FORWARD_NULL)
>>> Passing null pointer "rcom->name" to "bgp_clist_hash_key", which dereferences it.
2108 rcom->name_hash = bgp_clist_hash_key(rcom->name);
2109 return rcom;
2110 }
2111
2112 /* Free function for set community. */
2113 static void route_set_community_delete_free(void *rule)
** CID 1479142: Memory - illegal accesses (OVERRUN)
/zebra/zebra_rib.c: 2241 in rib_meta_queue_add()
________________________________________________________________________________________________________
*** CID 1479142: Memory - illegal accesses (OVERRUN)
/zebra/zebra_rib.c: 2241 in rib_meta_queue_add()
2235 "rn %p is already queued in sub-queue %u",
2236 (void *)rn, qindex);
2237 return;
2238 }
2239
2240 SET_FLAG(rib_dest_from_rnode(rn)->flags, RIB_ROUTE_QUEUED(qindex));
>>> CID 1479142: Memory - illegal accesses (OVERRUN)
>>> Overrunning array "mq->subq" of 5 8-byte elements at element index 5 (byte offset 40) using index "qindex" (which evaluates to 5).
2241 listnode_add(mq->subq[qindex], rn);
2242 route_lock_node(rn);
2243 mq->size++;
2244
2245 if (IS_ZEBRA_DEBUG_RIB_DETAILED)
2246 rnode_debug(rn, re->vrf_id, "queued rn %p into sub-queue %u",
** CID 1479141: Control flow issues (DEADCODE)
/bgpd/bgp_evpn_vty.c: 3224 in bgp_evpn_advertise_svi_ip_vni_magic()
________________________________________________________________________________________________________
*** CID 1479141: Control flow issues (DEADCODE)
/bgpd/bgp_evpn_vty.c: 3224 in bgp_evpn_advertise_svi_ip_vni_magic()
3218 VTY_DECLVAR_CONTEXT_SUB(bgpevpn, vpn);
3219
3220 if (!bgp)
3221 return CMD_WARNING;
3222
3223 if (!vpn)
>>> CID 1479141: Control flow issues (DEADCODE)
>>> Execution cannot reach this statement: "return 1;".
3224 return CMD_WARNING;
3225
3226 if (no)
3227 evpn_set_advertise_svi_macip(bgp, vpn, 0);
3228 else
3229 evpn_set_advertise_svi_macip(bgp, vpn, 1);
** CID 1479140: Null pointer dereferences (FORWARD_NULL)
________________________________________________________________________________________________________
*** CID 1479140: Null pointer dereferences (FORWARD_NULL)
/zebra/zebra_vxlan.c: 9165 in zebra_vxlan_dad_ip_auto_recovery_exp()
9159 char buf1[INET6_ADDRSTRLEN];
9160 char buf2[ETHER_ADDR_STRLEN];
9161
9162 nbr = THREAD_ARG(t);
9163
9164 /* since this is asynchronous we need sanity checks*/
>>> CID 1479140: Null pointer dereferences (FORWARD_NULL)
>>> Passing null pointer "zvni" to "zvni_neigh_lookup", which dereferences it.
9165 nbr = zvni_neigh_lookup(zvni, &nbr->ip);
9166 if (!nbr)
9167 return 0;
9168
9169 zvni = zvni_lookup(nbr->zvni->vni);
9170 if (!zvni)
** CID 1479139: Control flow issues (UNREACHABLE)
/ospfd/ospf_packet.c: 2110 in ospf_ls_upd()
________________________________________________________________________________________________________
*** CID 1479139: Control flow issues (UNREACHABLE)
/ospfd/ospf_packet.c: 2110 in ospf_ls_upd()
2104 && !IS_LSA_MAXAGE(lsa))) {
2105 zlog_debug(
2106 "Link State Update[%s]: has Max Seq but not MaxAge. Dropping it",
2107 dump_lsa_key(lsa));
2108
2109 DISCARD_LSA(lsa, 4);
>>> CID 1479139: Control flow issues (UNREACHABLE)
>>> This code cannot be reached: "continue;".
2110 continue;
2111 }
2112
2113 /* Actual flooding procedure. */
2114 if (ospf_flood(oi->ospf, nbr, current, lsa)
2115 < 0) /* Trap NSSA later. */
________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRa7dJ8klHLUFWVd2fqpS-2B-2FHaN43B-2FQ11ntcKmbKat2WeDU1AdI-2FBBrnda9ub5tlg3U-3D_d-2Fi2nRutHp-2FDWtw8JRg-2Bc1m9CS4-2B5uVbodfDyLsp-2FJljESpP3FBivT-2FvzVrfLUV1du8lcr0TPo-2Ft1lr-2B7IRdAtaMnSbAmsX7euvS3EIcvsa0HV29krORa9cOMuuZa4tmfgvZZuet75d-2Bk-2F4KbOQFykPDRhbeHgfXf2cyRyr73jyqTq22VQ0L67vtDLUu-2FIXXXXVp9UohPUvy9MZcNOrVEQ-3D-3D
More information about the dev
mailing list