[dev] New Defects reported by Coverity Scan for freerangerouting/frr
scan-admin at coverity.com
scan-admin at coverity.com
Tue Sep 24 08:09:30 EDT 2019
Hi,
Please find the latest report on new defect(s) introduced to freerangerouting/frr found with Coverity Scan.
5 new defect(s) introduced to freerangerouting/frr found with Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 5 of 5 defect(s)
** CID 1486648: Incorrect expression (CONSTANT_EXPRESSION_RESULT)
/pbrd/pbr_nht.c: 713 in pbr_nht_individual_nexthop_gw_update()
________________________________________________________________________________________________________
*** CID 1486648: Incorrect expression (CONSTANT_EXPRESSION_RESULT)
/pbrd/pbr_nht.c: 713 in pbr_nht_individual_nexthop_gw_update()
707
708 if (!pnhi->nhr->nexthop_num) {
709 is_valid = false;
710 goto done;
711 }
712
>>> CID 1486648: Incorrect expression (CONSTANT_EXPRESSION_RESULT)
>>> The expression "pnhc->nexthop->type == NEXTHOP_TYPE_IPV4_IFINDEX || pnhc->nexthop->type == NEXTHOP_TYPE_IPV4_IFINDEX" does not accomplish anything because it evaluates to either of its identical operands, "pnhc->nexthop->type == NEXTHOP_TYPE_IPV4_IFINDEX".
713 if (pnhc->nexthop->type == NEXTHOP_TYPE_IPV4_IFINDEX
714 || pnhc->nexthop->type == NEXTHOP_TYPE_IPV4_IFINDEX) {
715
716 /* GATEWAY_IFINDEX type shouldn't resolve to group */
717 if (pnhi->nhr->nexthop_num > 1) {
718 is_valid = false;
** CID 1486647: Integer handling issues (CONSTANT_EXPRESSION_RESULT)
/bgpd/bgp_routemap.c: 280 in route_match_peer()
________________________________________________________________________________________________________
*** CID 1486647: Integer handling issues (CONSTANT_EXPRESSION_RESULT)
/bgpd/bgp_routemap.c: 280 in route_match_peer()
274 */
275 if (sockunion_same(su, &su_def)) {
276 int ret;
277 if (CHECK_FLAG(peer->rmap_type, PEER_RMAP_TYPE_NETWORK)
278 || CHECK_FLAG(peer->rmap_type,
279 PEER_RMAP_TYPE_REDISTRIBUTE)
>>> CID 1486647: Integer handling issues (CONSTANT_EXPRESSION_RESULT)
>>> "peer->rmap_type & (256 /* 1 << 8 */)" is always 0 regardless of the values of its operands. This occurs as the logical second operand of "||".
280 || CHECK_FLAG(peer->rmap_type,
281 PEER_RMAP_TYPE_AGGREGATE)
282 || CHECK_FLAG(peer->rmap_type,
283 PEER_RMAP_TYPE_DEFAULT))
284 ret = RMAP_MATCH;
285 else
** CID 1486646: Integer handling issues (CONSTANT_EXPRESSION_RESULT)
/bgpd/bgp_attr.c: 804 in bgp_attr_aggregate_intern()
________________________________________________________________________________________________________
*** CID 1486646: Integer handling issues (CONSTANT_EXPRESSION_RESULT)
/bgpd/bgp_attr.c: 804 in bgp_attr_aggregate_intern()
798 struct bgp_path_info rmap_path;
799
800 memset(&rmap_path, 0, sizeof(struct bgp_path_info));
801 rmap_path.peer = bgp->peer_self;
802 rmap_path.attr = &attr_tmp;
803
>>> CID 1486646: Integer handling issues (CONSTANT_EXPRESSION_RESULT)
>>> In "bgp->peer_self->rmap_type |= 256 /* 1 << 8 */", wider "256 /* 1 << 8 */" has high-order bits (0x100) that don't affect the narrower left-hand side.
804 SET_FLAG(bgp->peer_self->rmap_type, PEER_RMAP_TYPE_AGGREGATE);
805
806 ret = route_map_apply(aggregate->rmap.map, p, RMAP_BGP,
807 &rmap_path);
808
809 bgp->peer_self->rmap_type = 0;
** CID 1486645: Null pointer dereferences (REVERSE_INULL)
/isisd/isis_te.c: 84 in isis_link_params_update()
________________________________________________________________________________________________________
*** CID 1486645: Null pointer dereferences (REVERSE_INULL)
/isisd/isis_te.c: 84 in isis_link_params_update()
78
79 /* Check if TE is enable or not */
80 if (!circuit->area || !IS_MPLS_TE(circuit->area->mta))
81 return;
82
83 /* Sanity Check */
>>> CID 1486645: Null pointer dereferences (REVERSE_INULL)
>>> Null-checking "circuit" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
84 if ((circuit == NULL) || (ifp == NULL)
85 || (circuit->state != C_STATE_UP))
86 return;
87
88 zlog_debug("TE(%s): Update circuit parameters for interface %s",
89 circuit->area->area_tag, ifp->name);
** CID 1486644: Null pointer dereferences (NULL_RETURNS)
/lib/if.c: 1511 in lib_interface_lookup_entry()
________________________________________________________________________________________________________
*** CID 1486644: Null pointer dereferences (NULL_RETURNS)
/lib/if.c: 1511 in lib_interface_lookup_entry()
1505 const struct yang_list_keys *keys)
1506 {
1507 const char *ifname = keys->key[0];
1508 const char *vrfname = keys->key[1];
1509 struct vrf *vrf = vrf_lookup_by_name(vrfname);
1510
>>> CID 1486644: Null pointer dereferences (NULL_RETURNS)
>>> Dereferencing "vrf", which is known to be "NULL".
1511 return if_lookup_by_name(ifname, vrf->vrf_id);
1512 }
1513
1514 /*
1515 * XPath: /frr-interface:lib/interface/description
1516 */
________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRa7dJ8klHLUFWVd2fqpS-2B-2FHaN43B-2FQ11ntcKmbKat2WeDU1AdI-2FBBrnda9ub5tlg3U-3D_d-2Fi2nRutHp-2FDWtw8JRg-2Bc1m9CS4-2B5uVbodfDyLsp-2FJnIdt336nkP0linpd8Tj8l6RRaIBeS4p8Y0WYAFqDm7G9JehRkhofa-2Fv34P8zKDwSvMO-2FgFdWx-2FOg12aeFBzPz3LqiU1DHwdsax6MibOsIaJ62ZIDQsDDKQt-2FO20LR01fV67uOnztKMdYQPtn6VSLOYoScrIKzfc9TJDTHNjMbfBQ-3D-3D
More information about the dev
mailing list