New Defects reported by Coverity Scan for freerangerouting/frr
scan-admin at coverity.com
scan-admin at coverity.com
Fri Jan 31 08:21:48 EST 2020
Hi,
Please find the latest report on new defect(s) introduced to freerangerouting/frr found with Coverity Scan.
15 new defect(s) introduced to freerangerouting/frr found with Coverity Scan.
47 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 15 of 15 defect(s)
** CID 1491106: Incorrect expression (USELESS_CALL)
________________________________________________________________________________________________________
*** CID 1491106: Incorrect expression (USELESS_CALL)
/bgpd/bgp_vty.c: 9606 in bgp_show_neighbor_graceful_restart_capability_per_afi_safi()
9600 vty_out(vty, " %s :\n",
9601 get_afi_safi_str(afi, safi, false));
9602
9603 vty_out(vty,
9604 " F bit : ");
9605 } else
>>> CID 1491106: Incorrect expression (USELESS_CALL)
>>> Calling "get_afi_safi_str(afi, safi, true)" is only useful for its return value, which is ignored.
9606 get_afi_safi_str(afi, safi, true);
9607
9608 if (peer->nsf[afi][safi]
9609 && CHECK_FLAG(
9610 peer->af_cap[afi][safi],
9611 PEER_CAP_RESTART_AF_PRESERVE_RCV)) {
** CID 1491105: Null pointer dereferences (FORWARD_NULL)
________________________________________________________________________________________________________
*** CID 1491105: Null pointer dereferences (FORWARD_NULL)
/bgpd/bgp_route.c: 10724 in show_ip_bgp_regexp()
10718 return CMD_WARNING;
10719
10720 // get index of regex
10721 if (argv_find(argv, argc, "REGEX", &idx))
10722 regstr = argv[idx]->arg;
10723
>>> CID 1491105: Null pointer dereferences (FORWARD_NULL)
>>> Passing null pointer "regstr" to "bgp_show_regexp", which dereferences it.
10724 return bgp_show_regexp(vty, bgp, (const char *)regstr, afi, safi,
10725 bgp_show_type_regexp, uj);
10726 }
10727
10728 DEFUN (show_ip_bgp_instance_all,
10729 show_ip_bgp_instance_all_cmd,
** CID 1491104: (CHECKED_RETURN)
/lib/agentx.c: 71 in agentx_read()
/lib/agentx.c: 79 in agentx_read()
________________________________________________________________________________________________________
*** CID 1491104: (CHECKED_RETURN)
/lib/agentx.c: 71 in agentx_read()
65 if (-1 == flags)
66 return -1;
67
68 if (flags & O_NONBLOCK)
69 nonblock = true;
70 else
>>> CID 1491104: (CHECKED_RETURN)
>>> Calling "fcntl(t->u.fd, 4, flags | 0x800)" without checking return value. This library function may fail and return an error code.
71 fcntl(THREAD_FD(t), F_SETFL, flags | O_NONBLOCK);
72
73 FD_ZERO(&fds);
74 FD_SET(THREAD_FD(t), &fds);
75 snmp_read(&fds);
76
/lib/agentx.c: 79 in agentx_read()
73 FD_ZERO(&fds);
74 FD_SET(THREAD_FD(t), &fds);
75 snmp_read(&fds);
76
77 /* Reset the flag */
78 if (!nonblock)
>>> CID 1491104: (CHECKED_RETURN)
>>> Calling "fcntl(t->u.fd, 4, flags)" without checking return value. This library function may fail and return an error code.
79 fcntl(THREAD_FD(t), F_SETFL, flags);
80
81 netsnmp_check_outstanding_agent_requests();
82 agentx_events_update();
83 return 0;
84 }
** CID 1302522: (SIZEOF_MISMATCH)
/ospfd/ospf_snmp.c: 2002 in ospfVirtIfLookup()
/ospfd/ospf_snmp.c: 2009 in ospfVirtIfLookup()
/ospfd/ospf_snmp.c: 1985 in ospfVirtIfLookup()
________________________________________________________________________________________________________
*** CID 1302522: (SIZEOF_MISMATCH)
/ospfd/ospf_snmp.c: 2002 in ospfVirtIfLookup()
1996 len = IN_ADDR_SIZE;
1997 oid2in_addr(name + v->namelen, len, area_id);
1998
1999 len = *length - v->namelen - IN_ADDR_SIZE;
2000 if (len > IN_ADDR_SIZE)
2001 len = IN_ADDR_SIZE;
>>> CID 1302522: (SIZEOF_MISMATCH)
>>> Adding "4UL /* sizeof (struct in_addr) */" to pointer "name + v->namelen" of type "oid *" is suspicious because adding an integral value to this pointer automatically scales that value by the size, 8 bytes, of the pointed-to type, "oid". Most likely, "sizeof (struct in_addr)" is extraneous and should be replaced with 1.
2002 oid2in_addr(name + v->namelen + IN_ADDR_SIZE, len, neighbor);
2003
2004 vl_data = ospf_snmp_vl_lookup_next(area_id, neighbor, first);
2005
2006 if (vl_data) {
2007 *length = v->namelen + IN_ADDR_SIZE + IN_ADDR_SIZE;
/ospfd/ospf_snmp.c: 2009 in ospfVirtIfLookup()
2003
2004 vl_data = ospf_snmp_vl_lookup_next(area_id, neighbor, first);
2005
2006 if (vl_data) {
2007 *length = v->namelen + IN_ADDR_SIZE + IN_ADDR_SIZE;
2008 oid_copy_addr(name + v->namelen, area_id, IN_ADDR_SIZE);
>>> CID 1302522: (SIZEOF_MISMATCH)
>>> Adding "4UL /* sizeof (struct in_addr) */" to pointer "name + v->namelen" of type "oid *" is suspicious because adding an integral value to this pointer automatically scales that value by the size, 8 bytes, of the pointed-to type, "oid". Most likely, "sizeof (struct in_addr)" is extraneous and should be replaced with 1.
2009 oid_copy_addr(name + v->namelen + IN_ADDR_SIZE,
2010 neighbor, IN_ADDR_SIZE);
2011 return vl_data;
2012 }
2013 }
2014 return NULL;
/ospfd/ospf_snmp.c: 1985 in ospfVirtIfLookup()
1979
1980 if (exact) {
1981 if (*length != v->namelen + IN_ADDR_SIZE + IN_ADDR_SIZE)
1982 return NULL;
1983
1984 oid2in_addr(name + v->namelen, IN_ADDR_SIZE, area_id);
>>> CID 1302522: (SIZEOF_MISMATCH)
>>> Adding "4UL /* sizeof (struct in_addr) */" to pointer "name + v->namelen" of type "oid *" is suspicious because adding an integral value to this pointer automatically scales that value by the size, 8 bytes, of the pointed-to type, "oid". Most likely, "sizeof (struct in_addr)" is extraneous and should be replaced with 1.
1985 oid2in_addr(name + v->namelen + IN_ADDR_SIZE, IN_ADDR_SIZE,
1986 neighbor);
1987
1988 return ospf_snmp_vl_lookup(area_id, neighbor);
1989 } else {
1990 first = 0;
** CID 1302521: (SIZEOF_MISMATCH)
/ospfd/ospf_snmp.c: 1043 in ospfLsdbLookup()
/ospfd/ospf_snmp.c: 961 in ospfLsdbLookup()
/ospfd/ospf_snmp.c: 1048 in ospfLsdbLookup()
/ospfd/ospf_snmp.c: 1018 in ospfLsdbLookup()
/ospfd/ospf_snmp.c: 953 in ospfLsdbLookup()
________________________________________________________________________________________________________
*** CID 1302521: (SIZEOF_MISMATCH)
/ospfd/ospf_snmp.c: 1043 in ospfLsdbLookup()
1037 /* Fill in length. */
1038 *length = v->namelen + OSPF_LSDB_ENTRY_OFFSET;
1039
1040 /* Fill in value. */
1041 offset = name + v->namelen;
1042 oid_copy_addr(offset, area_id, IN_ADDR_SIZE);
>>> CID 1302521: (SIZEOF_MISMATCH)
>>> Adding "4UL /* sizeof (struct in_addr) */" to pointer "offset" of type "oid *" is suspicious because adding an integral value to this pointer automatically scales that value by the size, 8 bytes, of the pointed-to type, "oid". Most likely, "sizeof (struct in_addr)" is extraneous and should be replaced with 1.
1043 offset += IN_ADDR_SIZE;
1044 *offset = lsa->data->type;
1045 offset++;
1046 oid_copy_addr(offset, &lsa->data->id,
1047 IN_ADDR_SIZE);
1048 offset += IN_ADDR_SIZE;
/ospfd/ospf_snmp.c: 961 in ospfLsdbLookup()
955 /* Type. */
956 *type = *offset;
957 offset++;
958
959 /* LS ID. */
960 oid2in_addr(offset, IN_ADDR_SIZE, ls_id);
>>> CID 1302521: (SIZEOF_MISMATCH)
>>> Adding "4UL /* sizeof (struct in_addr) */" to pointer "offset" of type "oid *" is suspicious because adding an integral value to this pointer automatically scales that value by the size, 8 bytes, of the pointed-to type, "oid". Most likely, "sizeof (struct in_addr)" is extraneous and should be replaced with 1.
961 offset += IN_ADDR_SIZE;
962
963 /* Router ID. */
964 oid2in_addr(offset, IN_ADDR_SIZE, router_id);
965
966 /* Lookup LSDB. */
/ospfd/ospf_snmp.c: 1048 in ospfLsdbLookup()
1042 oid_copy_addr(offset, area_id, IN_ADDR_SIZE);
1043 offset += IN_ADDR_SIZE;
1044 *offset = lsa->data->type;
1045 offset++;
1046 oid_copy_addr(offset, &lsa->data->id,
1047 IN_ADDR_SIZE);
>>> CID 1302521: (SIZEOF_MISMATCH)
>>> Adding "4UL /* sizeof (struct in_addr) */" to pointer "offset" of type "oid *" is suspicious because adding an integral value to this pointer automatically scales that value by the size, 8 bytes, of the pointed-to type, "oid". Most likely, "sizeof (struct in_addr)" is extraneous and should be replaced with 1.
1048 offset += IN_ADDR_SIZE;
1049 oid_copy_addr(offset, &lsa->data->adv_router,
1050 IN_ADDR_SIZE);
1051
1052 return lsa;
1053 }
/ospfd/ospf_snmp.c: 1018 in ospfLsdbLookup()
1012 len = IN_ADDR_SIZE;
1013
1014 oid2in_addr(offset, len, ls_id);
1015 }
1016
1017 /* Router ID. */
>>> CID 1302521: (SIZEOF_MISMATCH)
>>> Adding "4UL /* sizeof (struct in_addr) */" to pointer "offset" of type "oid *" is suspicious because adding an integral value to this pointer automatically scales that value by the size, 8 bytes, of the pointed-to type, "oid". Most likely, "sizeof (struct in_addr)" is extraneous and should be replaced with 1.
1018 offset += IN_ADDR_SIZE;
1019 offsetlen -= IN_ADDR_SIZE;
1020 len = offsetlen;
1021
1022 if (len <= 0)
1023 router_id_next = 1;
/ospfd/ospf_snmp.c: 953 in ospfLsdbLookup()
947
948 /* Lookup area first. */
949 oid2in_addr(offset, IN_ADDR_SIZE, area_id);
950 area = ospf_area_lookup_by_area_id(ospf, *area_id);
951 if (!area)
952 return NULL;
>>> CID 1302521: (SIZEOF_MISMATCH)
>>> Adding "4UL /* sizeof (struct in_addr) */" to pointer "offset" of type "oid *" is suspicious because adding an integral value to this pointer automatically scales that value by the size, 8 bytes, of the pointed-to type, "oid". Most likely, "sizeof (struct in_addr)" is extraneous and should be replaced with 1.
953 offset += IN_ADDR_SIZE;
954
955 /* Type. */
956 *type = *offset;
957 offset++;
958
** CID 1302520: Incorrect expression (SIZEOF_MISMATCH)
/ospfd/ospf_snmp.c: 1814 in ospfIfMetricLookup()
________________________________________________________________________________________________________
*** CID 1302520: Incorrect expression (SIZEOF_MISMATCH)
/ospfd/ospf_snmp.c: 1814 in ospfIfMetricLookup()
1808 oi = ospf_snmp_if_lookup_next(ifaddr, ifindex, ifaddr_next,
1809 ifindex_next);
1810 if (oi) {
1811 *length = v->namelen + IN_ADDR_SIZE + 1 + 1;
1812 offset = name + v->namelen;
1813 oid_copy_addr(offset, ifaddr, IN_ADDR_SIZE);
>>> CID 1302520: Incorrect expression (SIZEOF_MISMATCH)
>>> Adding "4UL /* sizeof (struct in_addr) */" to pointer "offset" of type "oid *" is suspicious because adding an integral value to this pointer automatically scales that value by the size, 8 bytes, of the pointed-to type, "oid". Most likely, "sizeof (struct in_addr)" is extraneous and should be replaced with 1.
1814 offset += IN_ADDR_SIZE;
1815 *offset = *ifindex;
1816 offset++;
1817 *offset = OSPF_SNMP_METRIC_VALUE;
1818 return oi;
1819 }
** CID 1302519: (SIZEOF_MISMATCH)
/ospfd/ospf_snmp.c: 2441 in ospfExtLsdbLookup()
/ospfd/ospf_snmp.c: 2390 in ospfExtLsdbLookup()
/ospfd/ospf_snmp.c: 2418 in ospfExtLsdbLookup()
________________________________________________________________________________________________________
*** CID 1302519: (SIZEOF_MISMATCH)
/ospfd/ospf_snmp.c: 2441 in ospfExtLsdbLookup()
2435 /* Fill in value. */
2436 offset = name + v->namelen;
2437
2438 *offset = OSPF_AS_EXTERNAL_LSA;
2439 offset++;
2440 oid_copy_addr(offset, &lsa->data->id, IN_ADDR_SIZE);
>>> CID 1302519: (SIZEOF_MISMATCH)
>>> Adding "4UL /* sizeof (struct in_addr) */" to pointer "offset" of type "oid *" is suspicious because adding an integral value to this pointer automatically scales that value by the size, 8 bytes, of the pointed-to type, "oid". Most likely, "sizeof (struct in_addr)" is extraneous and should be replaced with 1.
2441 offset += IN_ADDR_SIZE;
2442 oid_copy_addr(offset, &lsa->data->adv_router,
2443 IN_ADDR_SIZE);
2444
2445 return lsa;
2446 }
/ospfd/ospf_snmp.c: 2390 in ospfExtLsdbLookup()
2384
2385 if (lsa_type != *type)
2386 return NULL;
2387
2388 /* LS ID. */
2389 oid2in_addr(offset, IN_ADDR_SIZE, ls_id);
>>> CID 1302519: (SIZEOF_MISMATCH)
>>> Adding "4UL /* sizeof (struct in_addr) */" to pointer "offset" of type "oid *" is suspicious because adding an integral value to this pointer automatically scales that value by the size, 8 bytes, of the pointed-to type, "oid". Most likely, "sizeof (struct in_addr)" is extraneous and should be replaced with 1.
2390 offset += IN_ADDR_SIZE;
2391
2392 /* Router ID. */
2393 oid2in_addr(offset, IN_ADDR_SIZE, router_id);
2394
2395 return ospf_lsdb_lookup_by_id(ospf->lsdb, *type, *ls_id,
/ospfd/ospf_snmp.c: 2418 in ospfExtLsdbLookup()
2412 len = offsetlen;
2413 if (len > IN_ADDR_SIZE)
2414 len = IN_ADDR_SIZE;
2415
2416 oid2in_addr(offset, len, ls_id);
2417
>>> CID 1302519: (SIZEOF_MISMATCH)
>>> Adding "4UL /* sizeof (struct in_addr) */" to pointer "offset" of type "oid *" is suspicious because adding an integral value to this pointer automatically scales that value by the size, 8 bytes, of the pointed-to type, "oid". Most likely, "sizeof (struct in_addr)" is extraneous and should be replaced with 1.
2418 offset += IN_ADDR_SIZE;
2419 offsetlen -= IN_ADDR_SIZE;
2420
2421 /* Router ID. */
2422 len = offsetlen;
2423 if (len > IN_ADDR_SIZE)
** CID 1302518: (SIZEOF_MISMATCH)
/bgpd/bgp_snmp.c: 736 in bgp4PathAttrLookup()
/bgpd/bgp_snmp.c: 702 in bgp4PathAttrLookup()
/bgpd/bgp_snmp.c: 793 in bgp4PathAttrLookup()
________________________________________________________________________________________________________
*** CID 1302518: (SIZEOF_MISMATCH)
/bgpd/bgp_snmp.c: 736 in bgp4PathAttrLookup()
730 else {
731 if (len > IN_ADDR_SIZE)
732 len = IN_ADDR_SIZE;
733
734 oid2in_addr(offset, len, &addr->prefix);
735
>>> CID 1302518: (SIZEOF_MISMATCH)
>>> Adding "4UL /* sizeof (struct in_addr) */" to pointer "offset" of type "oid *" is suspicious because adding an integral value to this pointer automatically scales that value by the size, 8 bytes, of the pointed-to type, "oid". Most likely, "sizeof (struct in_addr)" is extraneous and should be replaced with 1.
736 offset += IN_ADDR_SIZE;
737 offsetlen -= IN_ADDR_SIZE;
738
739 if (offsetlen > 0)
740 addr->prefixlen = *offset;
741 else
/bgpd/bgp_snmp.c: 702 in bgp4PathAttrLookup()
696 if (*length - v->namelen != BGP_PATHATTR_ENTRY_OFFSET)
697 return NULL;
698
699 /* Set OID offset for prefix. */
700 offset = name + v->namelen;
701 oid2in_addr(offset, IN_ADDR_SIZE, &addr->prefix);
>>> CID 1302518: (SIZEOF_MISMATCH)
>>> Adding "4UL /* sizeof (struct in_addr) */" to pointer "offset" of type "oid *" is suspicious because adding an integral value to this pointer automatically scales that value by the size, 8 bytes, of the pointed-to type, "oid". Most likely, "sizeof (struct in_addr)" is extraneous and should be replaced with 1.
702 offset += IN_ADDR_SIZE;
703
704 /* Prefix length. */
705 addr->prefixlen = *offset;
706 offset++;
707
/bgpd/bgp_snmp.c: 793 in bgp4PathAttrLookup()
787 *length =
788 v->namelen + BGP_PATHATTR_ENTRY_OFFSET;
789
790 offset = name + v->namelen;
791 oid_copy_addr(offset, &rn->p.u.prefix4,
792 IN_ADDR_SIZE);
>>> CID 1302518: (SIZEOF_MISMATCH)
>>> Adding "4UL /* sizeof (struct in_addr) */" to pointer "offset" of type "oid *" is suspicious because adding an integral value to this pointer automatically scales that value by the size, 8 bytes, of the pointed-to type, "oid". Most likely, "sizeof (struct in_addr)" is extraneous and should be replaced with 1.
793 offset += IN_ADDR_SIZE;
794 *offset = rn->p.prefixlen;
795 offset++;
796 oid_copy_addr(offset,
797 &min->peer->su.sin.sin_addr,
798 IN_ADDR_SIZE);
** CID 1302517: Incorrect expression (SIZEOF_MISMATCH)
/ospfd/ospf_snmp.c: 1649 in ospfIfLookup()
________________________________________________________________________________________________________
*** CID 1302517: Incorrect expression (SIZEOF_MISMATCH)
/ospfd/ospf_snmp.c: 1649 in ospfIfLookup()
1643 oi = ospf_snmp_if_lookup_next(ifaddr, ifindex, ifaddr_next,
1644 ifindex_next);
1645 if (oi) {
1646 *length = v->namelen + IN_ADDR_SIZE + 1;
1647 offset = name + v->namelen;
1648 oid_copy_addr(offset, ifaddr, IN_ADDR_SIZE);
>>> CID 1302517: Incorrect expression (SIZEOF_MISMATCH)
>>> Adding "4UL /* sizeof (struct in_addr) */" to pointer "offset" of type "oid *" is suspicious because adding an integral value to this pointer automatically scales that value by the size, 8 bytes, of the pointed-to type, "oid". Most likely, "sizeof (struct in_addr)" is extraneous and should be replaced with 1.
1649 offset += IN_ADDR_SIZE;
1650 *offset = *ifindex;
1651 return oi;
1652 }
1653 }
1654 return NULL;
** CID 1302516: (SIZEOF_MISMATCH)
/ospfd/ospf_snmp.c: 1192 in ospfAreaRangeLookup()
/ospfd/ospf_snmp.c: 1214 in ospfAreaRangeLookup()
/ospfd/ospf_snmp.c: 1163 in ospfAreaRangeLookup()
________________________________________________________________________________________________________
*** CID 1302516: (SIZEOF_MISMATCH)
/ospfd/ospf_snmp.c: 1192 in ospfAreaRangeLookup()
1186 len == 0 ? 1 : 0);
1187
1188 if (area == NULL)
1189 return NULL;
1190
1191 do {
>>> CID 1302516: (SIZEOF_MISMATCH)
>>> Adding "4UL /* sizeof (struct in_addr) */" to pointer "offset" of type "oid *" is suspicious because adding an integral value to this pointer automatically scales that value by the size, 8 bytes, of the pointed-to type, "oid". Most likely, "sizeof (struct in_addr)" is extraneous and should be replaced with 1.
1192 offset += IN_ADDR_SIZE;
1193 offsetlen -= IN_ADDR_SIZE;
1194 len = offsetlen;
1195
1196 if (len < 0)
1197 len = 0;
/ospfd/ospf_snmp.c: 1214 in ospfAreaRangeLookup()
1208 *length = v->namelen + IN_ADDR_SIZE
1209 + IN_ADDR_SIZE;
1210
1211 /* Fill in value. */
1212 offset = name + v->namelen;
1213 oid_copy_addr(offset, area_id, IN_ADDR_SIZE);
>>> CID 1302516: (SIZEOF_MISMATCH)
>>> Adding "4UL /* sizeof (struct in_addr) */" to pointer "offset" of type "oid *" is suspicious because adding an integral value to this pointer automatically scales that value by the size, 8 bytes, of the pointed-to type, "oid". Most likely, "sizeof (struct in_addr)" is extraneous and should be replaced with 1.
1214 offset += IN_ADDR_SIZE;
1215 oid_copy_addr(offset, range_net, IN_ADDR_SIZE);
1216
1217 return range;
1218 }
1219 } while ((area = ospf_area_lookup_next(ospf, area_id, 0))
/ospfd/ospf_snmp.c: 1163 in ospfAreaRangeLookup()
1157 oid2in_addr(offset, IN_ADDR_SIZE, area_id);
1158
1159 area = ospf_area_lookup_by_area_id(ospf, *area_id);
1160 if (!area)
1161 return NULL;
1162
>>> CID 1302516: (SIZEOF_MISMATCH)
>>> Adding "4UL /* sizeof (struct in_addr) */" to pointer "offset" of type "oid *" is suspicious because adding an integral value to this pointer automatically scales that value by the size, 8 bytes, of the pointed-to type, "oid". Most likely, "sizeof (struct in_addr)" is extraneous and should be replaced with 1.
1163 offset += IN_ADDR_SIZE;
1164
1165 /* Lookup area range. */
1166 oid2in_addr(offset, IN_ADDR_SIZE, range_net);
1167 p.prefix = *range_net;
1168
** CID 1302506: Null pointer dereferences (NULL_RETURNS)
/ospfd/ospf_snmp.c: 812 in ospfStubAreaLookup()
________________________________________________________________________________________________________
*** CID 1302506: Null pointer dereferences (NULL_RETURNS)
/ospfd/ospf_snmp.c: 812 in ospfStubAreaLookup()
806 return NULL;
807
808 oid2in_addr(name + v->namelen, sizeof(struct in_addr), addr);
809
810 area = ospf_area_lookup_by_area_id(ospf, *addr);
811
>>> CID 1302506: Null pointer dereferences (NULL_RETURNS)
>>> Dereferencing "area", which is known to be "NULL".
812 if (area->external_routing == OSPF_AREA_STUB)
813 return area;
814 else
815 return NULL;
816 } else {
817 len = *length - v->namelen;
** CID 1302468: Memory - corruptions (ARRAY_VS_SINGLETON)
________________________________________________________________________________________________________
*** CID 1302468: Memory - corruptions (ARRAY_VS_SINGLETON)
/zebra/zebra_snmp.c: 371 in get_fwtable_route_node()
365 /* For exact: search matching entry in rib table. */
366
367 if (exact) {
368 if (policy) /* Not supported (yet?) */
369 return;
370 for (*np = route_top(table); *np; *np = route_next(*np)) {
>>> CID 1302468: Memory - corruptions (ARRAY_VS_SINGLETON)
>>> Passing "&(*np)->p.u.prefix" to function "in_addr_cmp" which uses it as an array. This might corrupt or misinterpret adjacent memory locations.
371 if (!in_addr_cmp(&(*np)->p.u.prefix,
372 (uint8_t *)&dest)) {
373 RNODE_FOREACH_RE (*np, *re) {
374 if (!in_addr_cmp((uint8_t *)&(*re)->nhe
375 ->nhg->nexthop
376 ->gate.ipv4,
** CID 1302467: (ARRAY_VS_SINGLETON)
________________________________________________________________________________________________________
*** CID 1302467: (ARRAY_VS_SINGLETON)
/zebra/zebra_snmp.c: 269 in check_replace()
263 if (!*np) {
264 *np = np2;
265 *re = re2;
266 return;
267 }
268
>>> CID 1302467: (ARRAY_VS_SINGLETON)
>>> Passing "&np2->p.u.prefix" to function "in_addr_cmp" which uses it as an array. This might corrupt or misinterpret adjacent memory locations.
269 if (in_addr_cmp(&(*np)->p.u.prefix, &np2->p.u.prefix) < 0)
270 return;
271 if (in_addr_cmp(&(*np)->p.u.prefix, &np2->p.u.prefix) > 0) {
272 *np = np2;
273 *re = re2;
274 return;
/zebra/zebra_snmp.c: 271 in check_replace()
265 *re = re2;
266 return;
267 }
268
269 if (in_addr_cmp(&(*np)->p.u.prefix, &np2->p.u.prefix) < 0)
270 return;
>>> CID 1302467: (ARRAY_VS_SINGLETON)
>>> Passing "&np2->p.u.prefix" to function "in_addr_cmp" which uses it as an array. This might corrupt or misinterpret adjacent memory locations.
271 if (in_addr_cmp(&(*np)->p.u.prefix, &np2->p.u.prefix) > 0) {
272 *np = np2;
273 *re = re2;
274 return;
275 }
276
** CID 1302466: (ARRAY_VS_SINGLETON)
________________________________________________________________________________________________________
*** CID 1302466: (ARRAY_VS_SINGLETON)
/zebra/zebra_snmp.c: 392 in get_fwtable_route_node()
386
387 /* Search next best entry */
388
389 for (np2 = route_top(table); np2; np2 = route_next(np2)) {
390
391 /* Check destination first */
>>> CID 1302466: (ARRAY_VS_SINGLETON)
>>> Passing "&np2->p.u.prefix" to function "in_addr_cmp" which uses it as an array. This might corrupt or misinterpret adjacent memory locations.
392 if (in_addr_cmp(&np2->p.u.prefix, (uint8_t *)&dest) > 0)
393 RNODE_FOREACH_RE (np2, re2) {
394 check_replace(np2, re2, np, re);
395 }
396
397 if (in_addr_cmp(&np2->p.u.prefix, (uint8_t *)&dest)
/zebra/zebra_snmp.c: 397 in get_fwtable_route_node()
391 /* Check destination first */
392 if (in_addr_cmp(&np2->p.u.prefix, (uint8_t *)&dest) > 0)
393 RNODE_FOREACH_RE (np2, re2) {
394 check_replace(np2, re2, np, re);
395 }
396
>>> CID 1302466: (ARRAY_VS_SINGLETON)
>>> Passing "&np2->p.u.prefix" to function "in_addr_cmp" which uses it as an array. This might corrupt or misinterpret adjacent memory locations.
397 if (in_addr_cmp(&np2->p.u.prefix, (uint8_t *)&dest)
398 == 0) { /* have to look at each re individually */
399 RNODE_FOREACH_RE (np2, re2) {
400 int proto2, policy2;
401
402 proto2 = proto_trans(re2->type);
** CID 1302465: (ARRAY_VS_SINGLETON)
________________________________________________________________________________________________________
*** CID 1302465: (ARRAY_VS_SINGLETON)
/zebra/zebra_snmp.c: 271 in check_replace()
265 *re = re2;
266 return;
267 }
268
269 if (in_addr_cmp(&(*np)->p.u.prefix, &np2->p.u.prefix) < 0)
270 return;
>>> CID 1302465: (ARRAY_VS_SINGLETON)
>>> Passing "&(*np)->p.u.prefix" to function "in_addr_cmp" which uses it as an array. This might corrupt or misinterpret adjacent memory locations.
271 if (in_addr_cmp(&(*np)->p.u.prefix, &np2->p.u.prefix) > 0) {
272 *np = np2;
273 *re = re2;
274 return;
275 }
276
/zebra/zebra_snmp.c: 269 in check_replace()
263 if (!*np) {
264 *np = np2;
265 *re = re2;
266 return;
267 }
268
>>> CID 1302465: (ARRAY_VS_SINGLETON)
>>> Passing "&(*np)->p.u.prefix" to function "in_addr_cmp" which uses it as an array. This might corrupt or misinterpret adjacent memory locations.
269 if (in_addr_cmp(&(*np)->p.u.prefix, &np2->p.u.prefix) < 0)
270 return;
271 if (in_addr_cmp(&(*np)->p.u.prefix, &np2->p.u.prefix) > 0) {
272 *np = np2;
273 *re = re2;
274 return;
________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRa7dJ8klHLUFWVd2fqpS-2B-2FHaN43B-2FQ11ntcKmbKat2WeDU1AdI-2FBBrnda9ub5tlg3U-3D_d-2Fi2nRutHp-2FDWtw8JRg-2Bc1m9CS4-2B5uVbodfDyLsp-2FJnDGkvDPSXiKx6ma8me4TSUIY31qHn30nO9jypaJ9xlBJm5UXLhTHT2S5NjR6PWxsoGWgQb8N5-2BD1IKnbkPY-2BPv2M-2B5NoLNo1sQ5l-2B4jtpZt2Zk0y2NTZpIbajI3Nzt5cUHaRLIpsDGdh4LhpRzwyg94rqfEk82J5Mu9pJsVh2cqvPkSj9qO3r6pnq-2BIrERg5s-3D
More information about the dev
mailing list