New Defects reported by Coverity Scan for freerangerouting/frr
scan-admin at coverity.com
scan-admin at coverity.com
Tue Feb 18 11:01:43 EST 2020
Hi,
Please find the latest report on new defect(s) introduced to freerangerouting/frr found with Coverity Scan.
4 new defect(s) introduced to freerangerouting/frr found with Coverity Scan.
37 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 4 of 4 defect(s)
** CID 1491273: Memory - corruptions (ARRAY_VS_SINGLETON)
/lib/command_parse.c: 1470 in cmd_yyparse()
________________________________________________________________________________________________________
*** CID 1491273: Memory - corruptions (ARRAY_VS_SINGLETON)
/lib/command_parse.c: 1470 in cmd_yyparse()
1464 if (yyss1 != yyssa)
1465 YYSTACK_FREE (yyss1);
1466 }
1467 # endif
1468
1469 yyssp = yyss + yysize - 1;
>>> CID 1491273: Memory - corruptions (ARRAY_VS_SINGLETON)
>>> Using "yyvs" as an array. This might corrupt or misinterpret adjacent memory locations.
1470 yyvsp = yyvs + yysize - 1;
1471 yylsp = yyls + yysize - 1;
1472
1473 YY_IGNORE_USELESS_CAST_BEGIN
1474 YYDPRINTF ((stderr, "Stack size increased to %ld\n",
1475 YY_CAST (long, yystacksize)));
** CID 1491272: Memory - corruptions (ARRAY_VS_SINGLETON)
/lib/command_parse.c: 1469 in cmd_yyparse()
________________________________________________________________________________________________________
*** CID 1491272: Memory - corruptions (ARRAY_VS_SINGLETON)
/lib/command_parse.c: 1469 in cmd_yyparse()
1463 # undef YYSTACK_RELOCATE
1464 if (yyss1 != yyssa)
1465 YYSTACK_FREE (yyss1);
1466 }
1467 # endif
1468
>>> CID 1491272: Memory - corruptions (ARRAY_VS_SINGLETON)
>>> Using "yyss" as an array. This might corrupt or misinterpret adjacent memory locations.
1469 yyssp = yyss + yysize - 1;
1470 yyvsp = yyvs + yysize - 1;
1471 yylsp = yyls + yysize - 1;
1472
1473 YY_IGNORE_USELESS_CAST_BEGIN
1474 YYDPRINTF ((stderr, "Stack size increased to %ld\n",
** CID 1491271: (CONSTANT_EXPRESSION_RESULT)
/lib/command_parse.c: 1187 in yysyntax_error()
/lib/command_parse.c: 1216 in yysyntax_error()
________________________________________________________________________________________________________
*** CID 1491271: (CONSTANT_EXPRESSION_RESULT)
/lib/command_parse.c: 1187 in yysyntax_error()
1181 break;
1182 }
1183 yyarg[yycount++] = yytname[yyx];
1184 {
1185 YYPTRDIFF_T yysize1
1186 = yysize + yytnamerr (YY_NULLPTR, yytname[yyx]);
>>> CID 1491271: (CONSTANT_EXPRESSION_RESULT)
>>> "yysize1 <= 9223372036854775807L /* (long)((9223372036854775807L < (unsigned long)-1) ? 9223372036854775807L : (unsigned long)-1) */" is always true regardless of the values of its operands. This occurs as the logical second operand of "&&".
1187 if (yysize <= yysize1 && yysize1 <= YYSTACK_ALLOC_MAXIMUM)
1188 yysize = yysize1;
1189 else
1190 return 2;
1191 }
1192 }
/lib/command_parse.c: 1216 in yysyntax_error()
1210 }
1211
1212 {
1213 /* Don't count the "%s"s in the final size, but reserve room for
1214 the terminator. */
1215 YYPTRDIFF_T yysize1 = yysize + (yystrlen (yyformat) - 2 * yycount) + 1;
>>> CID 1491271: (CONSTANT_EXPRESSION_RESULT)
>>> "yysize1 <= 9223372036854775807L /* (long)((9223372036854775807L < (unsigned long)-1) ? 9223372036854775807L : (unsigned long)-1) */" is always true regardless of the values of its operands. This occurs as the logical second operand of "&&".
1216 if (yysize <= yysize1 && yysize1 <= YYSTACK_ALLOC_MAXIMUM)
1217 yysize = yysize1;
1218 else
1219 return 2;
1220 }
1221
** CID 1491270: Integer handling issues (CONSTANT_EXPRESSION_RESULT)
/lib/command_parse.c: 1226 in yysyntax_error()
________________________________________________________________________________________________________
*** CID 1491270: Integer handling issues (CONSTANT_EXPRESSION_RESULT)
/lib/command_parse.c: 1226 in yysyntax_error()
1220 }
1221
1222 if (*yymsg_alloc < yysize)
1223 {
1224 *yymsg_alloc = 2 * yysize;
1225 if (! (yysize <= *yymsg_alloc
>>> CID 1491270: Integer handling issues (CONSTANT_EXPRESSION_RESULT)
>>> "*yymsg_alloc <= 9223372036854775807L /* (long)((9223372036854775807L < (unsigned long)-1) ? 9223372036854775807L : (unsigned long)-1) */" is always true regardless of the values of its operands. This occurs as the logical second operand of "&&".
1226 && *yymsg_alloc <= YYSTACK_ALLOC_MAXIMUM))
1227 *yymsg_alloc = YYSTACK_ALLOC_MAXIMUM;
1228 return 1;
1229 }
1230
1231 /* Avoid sprintf, as that infringes on the user's name space.
________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u2389337.ct.sendgrid.net/ls/click?upn=nJaKvJSIH-2FPAfmty-2BK5tYpPklAc1eEA-2F1zfUjH6teEwtXAn74UdOrNjckt5W0LJ0CDxXoQFnSJSV51LhpQIExOPuUyDQ-2BIaYqt88E1d5-2F-2Fc-3Dz9B3_O0IDF7c8sUs2B6kWTeWwAJZqriD5fgsfL8PAN30oQTxoNBOnZet3rqp3OPxmuGZSzeRzEmNBbrFgQkXYT63YGethQu-2FRpyrTmqavgb5zAISdogPgH4e-2Bn7xd70Vr8EVRZqmPPa03XjVjtwM0QbCH0q3I3jut6VVmpCTQgKRmt2OhYue8GyU0WUZLxf0IN-2BOMfHkEOqqKAm0IPj2cmjkzt72G0SkX1uf7vE4m8CVdLT4-3D
More information about the dev
mailing list