New Defects reported by Coverity Scan for freerangerouting/frr
scan-admin at coverity.com
scan-admin at coverity.com
Thu Apr 2 21:28:29 EDT 2020
Hi,
Please find the latest report on new defect(s) introduced to freerangerouting/frr found with Coverity Scan.
3 new defect(s) introduced to freerangerouting/frr found with Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 3 of 3 defect(s)
** CID 1492482: Memory - corruptions (OVERRUN)
________________________________________________________________________________________________________
*** CID 1492482: Memory - corruptions (OVERRUN)
/zebra/zebra_rnh.c: 1048 in send_client()
1042 stream_putl(s, re->metric);
1043 num = 0;
1044 nump = stream_get_endp(s);
1045 stream_putc(s, 0);
1046 for (ALL_NEXTHOPS(re->nhe->nhg, nh))
1047 if (rnh_nexthop_valid(re, nh)) {
>>> CID 1492482: Memory - corruptions (OVERRUN)
>>> Overrunning struct type zapi_nexthop of 112 bytes by passing it to a function which accesses it at byte offset 115.
1048 zapi_nexthop_from_nexthop(&znh, nh);
1049 zapi_nexthop_encode(s, &znh, 0 /* flags */);
1050 num++;
1051 }
1052 stream_putc_at(s, nump, num);
1053 } else {
** CID 1492481: Null pointer dereferences (NULL_RETURNS)
/zebra/zebra_vxlan.c: 10262 in zebra_evpn_pim_cfg_clean_up()
________________________________________________________________________________________________________
*** CID 1492481: Null pointer dereferences (NULL_RETURNS)
/zebra/zebra_vxlan.c: 10262 in zebra_evpn_pim_cfg_clean_up()
10256 }
10257
10258 static int zebra_evpn_pim_cfg_clean_up(struct zserv *client)
10259 {
10260 struct zebra_vrf *zvrf = zebra_vrf_get_evpn();
10261
>>> CID 1492481: Null pointer dereferences (NULL_RETURNS)
>>> Dereferencing "zvrf", which is known to be "NULL".
10262 if (CHECK_FLAG(zvrf->flags, ZEBRA_PIM_SEND_VXLAN_SG)) {
10263 if (IS_ZEBRA_DEBUG_VXLAN)
10264 zlog_debug("VxLAN SG updates to PIM, stop");
10265 UNSET_FLAG(zvrf->flags, ZEBRA_PIM_SEND_VXLAN_SG);
10266 }
10267
** CID 1492480: Memory - corruptions (OVERRUN)
________________________________________________________________________________________________________
*** CID 1492480: Memory - corruptions (OVERRUN)
/pimd/pim_nht.c: 737 in pim_parse_nexthop_update()
731 struct zapi_route nhr;
732
733 if (!vrf)
734 return 0;
735 pim = vrf->info;
736
>>> CID 1492480: Memory - corruptions (OVERRUN)
>>> Overrunning struct type zapi_route of 14456 bytes by passing it to a function which accesses it at byte offset 29815.
737 if (!zapi_nexthop_update_decode(zclient->ibuf, &nhr)) {
738 if (PIM_DEBUG_PIM_NHT)
739 zlog_debug(
740 "%s: Decode of nexthop update from zebra failed",
741 __func__);
742 return 0;
________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u2389337.ct.sendgrid.net/ls/click?upn=nJaKvJSIH-2FPAfmty-2BK5tYpPklAc1eEA-2F1zfUjH6teEwtXAn74UdOrNjckt5W0LJ0CDxXoQFnSJSV51LhpQIExOPuUyDQ-2BIaYqt88E1d5-2F-2Fc-3Dp4jF_O0IDF7c8sUs2B6kWTeWwAJZqriD5fgsfL8PAN30oQTwp1QcaYx-2BQ-2BPJCwP-2BbHBS7-2F9jaU-2F00qoMNu1mP-2BhJZbYgXju3Y7SqGaXYLlPMgq-2F7LV7C69K4corGdFRlPC7EpdbSi9gpvQahQbwIwNL17-2FkXH8NbgWBSHG2G1GQWdFD3rMIQLZJD4xy-2Fyp04mqf0eir-2F66FHjNTECVEBb-2FLdqMV3O7gqNvIiEXs5df7VMDZc-3D
More information about the dev
mailing list