New Defects reported by Coverity Scan for freerangerouting/frr

scan-admin at coverity.com scan-admin at coverity.com
Fri Jun 5 12:56:06 UTC 2020 

Hi,

Please find the latest report on new defect(s) introduced to freerangerouting/frr found with Coverity Scan.

3 new defect(s) introduced to freerangerouting/frr found with Coverity Scan.


New defect(s) Reported-by: Coverity Scan
Showing 3 of 3 defect(s)


** CID 1495426:  Null pointer dereferences  (REVERSE_INULL)
/zebra/zebra_mpls.c: 1354 in nhlfe_backup_add()


________________________________________________________________________________________________________
*** CID 1495426:  Null pointer dereferences  (REVERSE_INULL)
/zebra/zebra_mpls.c: 1354 in nhlfe_backup_add()
1348     	nhlfe = nhlfe_alloc(lsp, lsp_type, gtype, gate, ifindex, num_labels,
1349     			    labels);
1350     
1351     	SET_FLAG(nhlfe->flags, NHLFE_FLAG_IS_BACKUP);
1352     
1353     	/* Enqueue to LSP, at tail of list. */
>>>     CID 1495426:  Null pointer dereferences  (REVERSE_INULL)
>>>     Null-checking "nhlfe" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
1354     	if (nhlfe)
1355     		nhlfe_list_add_tail(&lsp->backup_nhlfe_list, nhlfe);
1356     
1357     	return nhlfe;
1358     }
1359     

** CID 1495425:  Memory - corruptions  (OVERRUN)
/zebra/zebra_mpls.c: 1570 in nhlfe_print()


________________________________________________________________________________________________________
*** CID 1495425:  Memory - corruptions  (OVERRUN)
/zebra/zebra_mpls.c: 1570 in nhlfe_print()
1564     			vty_out(vty, " dev %s",
1565     				ifindex2ifname(nexthop->ifindex,
1566     					       nexthop->vrf_id));
1567     		break;
1568     	case NEXTHOP_TYPE_IPV6:
1569     	case NEXTHOP_TYPE_IPV6_IFINDEX:
>>>     CID 1495425:  Memory - corruptions  (OVERRUN)
>>>     Overrunning array "buf" of 1024 bytes by passing it to a function which accesses it at byte offset 8191 using argument "8192U".
1570     		vty_out(vty, "  via %s",
1571     			inet_ntop(AF_INET6, &nexthop->gate.ipv6, buf, BUFSIZ));
1572     		if (nexthop->ifindex)
1573     			vty_out(vty, " dev %s",
1574     				ifindex2ifname(nexthop->ifindex,
1575     					       nexthop->vrf_id));

** CID 1495424:  Error handling issues  (CHECKED_RETURN)
/zebra/zebra_rnh.c: 1050 in send_client()


________________________________________________________________________________________________________
*** CID 1495424:  Error handling issues  (CHECKED_RETURN)
/zebra/zebra_rnh.c: 1050 in send_client()
1044     		num = 0;
1045     		nump = stream_get_endp(s);
1046     		stream_putc(s, 0);
1047     		for (ALL_NEXTHOPS(re->nhe->nhg, nh))
1048     			if (rnh_nexthop_valid(re, nh)) {
1049     				zapi_nexthop_from_nexthop(&znh, nh);
>>>     CID 1495424:  Error handling issues  (CHECKED_RETURN)
>>>     Calling "zapi_nexthop_encode" without checking return value (as is done elsewhere 4 out of 5 times).
1050     				zapi_nexthop_encode(s, &znh, 0 /* flags */);
1051     				num++;
1052     			}
1053     		stream_putc_at(s, nump, num);
1054     	} else {
1055     		stream_putc(s, 0); // type


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u2389337.ct.sendgrid.net/ls/click?upn=nJaKvJSIH-2FPAfmty-2BK5tYpPklAc1eEA-2F1zfUjH6teEwtXAn74UdOrNjckt5W0LJ0CDxXoQFnSJSV51LhpQIExOPuUyDQ-2BIaYqt88E1d5-2F-2Fc-3Dsmgs_O0IDF7c8sUs2B6kWTeWwAJZqriD5fgsfL8PAN30oQTzDsVJk-2B0j5UL-2Bzr1foc3BY5BwfkOT08woQC5X4WQbedXWJ3iWef1bwPPYZOEfTtG4AWVfQJABjZz8ChNC0eMr6Fem1UAYIO8KSrb2KHXBR5G2HAFuQFqgF7y2nFGogaQXAws0hgyb6OKl1z7MEXPAgW-2BrmzjJdJSzHGHs1mI6b9Q-3D-3D

More information about the dev mailing list