[dev] New Defects reported by Coverity Scan for freerangerouting/frr

scan-admin at coverity.com scan-admin at coverity.com
Tue Sep 24 08:09:30 EDT 2019


Hi,

Please find the latest report on new defect(s) introduced to freerangerouting/frr found with Coverity Scan.

5 new defect(s) introduced to freerangerouting/frr found with Coverity Scan.


New defect(s) Reported-by: Coverity Scan
Showing 5 of 5 defect(s)


** CID 1486648:  Incorrect expression  (CONSTANT_EXPRESSION_RESULT)
/pbrd/pbr_nht.c: 713 in pbr_nht_individual_nexthop_gw_update()


________________________________________________________________________________________________________
*** CID 1486648:  Incorrect expression  (CONSTANT_EXPRESSION_RESULT)
/pbrd/pbr_nht.c: 713 in pbr_nht_individual_nexthop_gw_update()
707     
708     	if (!pnhi->nhr->nexthop_num) {
709     		is_valid = false;
710     		goto done;
711     	}
712     
>>>     CID 1486648:  Incorrect expression  (CONSTANT_EXPRESSION_RESULT)
>>>     The expression "pnhc->nexthop->type == NEXTHOP_TYPE_IPV4_IFINDEX || pnhc->nexthop->type == NEXTHOP_TYPE_IPV4_IFINDEX" does not accomplish anything because it evaluates to either of its identical operands, "pnhc->nexthop->type == NEXTHOP_TYPE_IPV4_IFINDEX".
713     	if (pnhc->nexthop->type == NEXTHOP_TYPE_IPV4_IFINDEX
714     	    || pnhc->nexthop->type == NEXTHOP_TYPE_IPV4_IFINDEX) {
715     
716     		/* GATEWAY_IFINDEX type shouldn't resolve to group */
717     		if (pnhi->nhr->nexthop_num > 1) {
718     			is_valid = false;

** CID 1486647:  Integer handling issues  (CONSTANT_EXPRESSION_RESULT)
/bgpd/bgp_routemap.c: 280 in route_match_peer()


________________________________________________________________________________________________________
*** CID 1486647:  Integer handling issues  (CONSTANT_EXPRESSION_RESULT)
/bgpd/bgp_routemap.c: 280 in route_match_peer()
274     		   */
275     		if (sockunion_same(su, &su_def)) {
276     			int ret;
277     			if (CHECK_FLAG(peer->rmap_type, PEER_RMAP_TYPE_NETWORK)
278     			    || CHECK_FLAG(peer->rmap_type,
279     					  PEER_RMAP_TYPE_REDISTRIBUTE)
>>>     CID 1486647:  Integer handling issues  (CONSTANT_EXPRESSION_RESULT)
>>>     "peer->rmap_type & (256 /* 1 << 8 */)" is always 0 regardless of the values of its operands. This occurs as the logical second operand of "||".
280     			    || CHECK_FLAG(peer->rmap_type,
281     					  PEER_RMAP_TYPE_AGGREGATE)
282     			    || CHECK_FLAG(peer->rmap_type,
283     					  PEER_RMAP_TYPE_DEFAULT))
284     				ret = RMAP_MATCH;
285     			else

** CID 1486646:  Integer handling issues  (CONSTANT_EXPRESSION_RESULT)
/bgpd/bgp_attr.c: 804 in bgp_attr_aggregate_intern()


________________________________________________________________________________________________________
*** CID 1486646:  Integer handling issues  (CONSTANT_EXPRESSION_RESULT)
/bgpd/bgp_attr.c: 804 in bgp_attr_aggregate_intern()
798     		struct bgp_path_info rmap_path;
799     
800     		memset(&rmap_path, 0, sizeof(struct bgp_path_info));
801     		rmap_path.peer = bgp->peer_self;
802     		rmap_path.attr = &attr_tmp;
803     
>>>     CID 1486646:  Integer handling issues  (CONSTANT_EXPRESSION_RESULT)
>>>     In "bgp->peer_self->rmap_type |= 256 /* 1 << 8 */", wider "256 /* 1 << 8 */" has high-order bits (0x100) that don't affect the narrower left-hand side.
804     		SET_FLAG(bgp->peer_self->rmap_type, PEER_RMAP_TYPE_AGGREGATE);
805     
806     		ret = route_map_apply(aggregate->rmap.map, p, RMAP_BGP,
807     				      &rmap_path);
808     
809     		bgp->peer_self->rmap_type = 0;

** CID 1486645:  Null pointer dereferences  (REVERSE_INULL)
/isisd/isis_te.c: 84 in isis_link_params_update()


________________________________________________________________________________________________________
*** CID 1486645:  Null pointer dereferences  (REVERSE_INULL)
/isisd/isis_te.c: 84 in isis_link_params_update()
78     
79     	/* Check if TE is enable or not */
80     	if (!circuit->area || !IS_MPLS_TE(circuit->area->mta))
81     		return;
82     
83     	/* Sanity Check */
>>>     CID 1486645:  Null pointer dereferences  (REVERSE_INULL)
>>>     Null-checking "circuit" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
84     	if ((circuit == NULL) || (ifp == NULL)
85     	    || (circuit->state != C_STATE_UP))
86     		return;
87     
88     	zlog_debug("TE(%s): Update circuit parameters for interface %s",
89     		   circuit->area->area_tag, ifp->name);

** CID 1486644:  Null pointer dereferences  (NULL_RETURNS)
/lib/if.c: 1511 in lib_interface_lookup_entry()


________________________________________________________________________________________________________
*** CID 1486644:  Null pointer dereferences  (NULL_RETURNS)
/lib/if.c: 1511 in lib_interface_lookup_entry()
1505     					      const struct yang_list_keys *keys)
1506     {
1507     	const char *ifname = keys->key[0];
1508     	const char *vrfname = keys->key[1];
1509     	struct vrf *vrf = vrf_lookup_by_name(vrfname);
1510     
>>>     CID 1486644:  Null pointer dereferences  (NULL_RETURNS)
>>>     Dereferencing "vrf", which is known to be "NULL".
1511     	return if_lookup_by_name(ifname, vrf->vrf_id);
1512     }
1513     
1514     /*
1515      * XPath: /frr-interface:lib/interface/description
1516      */


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRa7dJ8klHLUFWVd2fqpS-2B-2FHaN43B-2FQ11ntcKmbKat2WeDU1AdI-2FBBrnda9ub5tlg3U-3D_d-2Fi2nRutHp-2FDWtw8JRg-2Bc1m9CS4-2B5uVbodfDyLsp-2FJnIdt336nkP0linpd8Tj8l6RRaIBeS4p8Y0WYAFqDm7G9JehRkhofa-2Fv34P8zKDwSvMO-2FgFdWx-2FOg12aeFBzPz3LqiU1DHwdsax6MibOsIaJ62ZIDQsDDKQt-2FO20LR01fV67uOnztKMdYQPtn6VSLOYoScrIKzfc9TJDTHNjMbfBQ-3D-3D




More information about the dev mailing list