New Defects reported by Coverity Scan for freerangerouting/frr

scan-admin at coverity.com scan-admin at coverity.com
Tue Mar 17 11:08:18 EDT 2020 

Hi,

Please find the latest report on new defect(s) introduced to freerangerouting/frr found with Coverity Scan.

2 new defect(s) introduced to freerangerouting/frr found with Coverity Scan.
35 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 2 of 2 defect(s)


** CID 1491755:  Memory - illegal accesses  (USE_AFTER_FREE)
/pimd/pim_vxlan.c: 792 in pim_vxlan_sg_del()


________________________________________________________________________________________________________
*** CID 1491755:  Memory - illegal accesses  (USE_AFTER_FREE)
/pimd/pim_vxlan.c: 792 in pim_vxlan_sg_del()
786     
787     	vxlan_sg = pim_vxlan_sg_find(pim, sg);
788     	if (!vxlan_sg)
789     		return;
790     
791     	pim_vxlan_sg_del_item(vxlan_sg);
>>>     CID 1491755:  Memory - illegal accesses  (USE_AFTER_FREE)
>>>     Passing freed pointer "vxlan_sg" as an argument to "hash_release".
792     	hash_release(pim->vxlan.sg_hash, vxlan_sg);
793     }
794     
795     /******************************* MLAG handling *******************************/
796     bool pim_vxlan_do_mlag_reg(void)
797     {

** CID 1491754:  Null pointer dereferences  (REVERSE_INULL)
/lib/mlag.c: 90 in mlag_lib_decode_mlag_hdr()


________________________________________________________________________________________________________
*** CID 1491754:  Null pointer dereferences  (REVERSE_INULL)
/lib/mlag.c: 90 in mlag_lib_decode_mlag_hdr()
84     int mlag_lib_decode_mlag_hdr(struct stream *s, struct mlag_msg *msg,
85     			     size_t *length)
86     {
87     #define LIB_MLAG_HDR_LENGTH 8
88     	*length = stream_get_endp(s);
89     
>>>     CID 1491754:  Null pointer dereferences  (REVERSE_INULL)
>>>     Null-checking "s" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
90     	if (s == NULL || msg == NULL || *length < LIB_MLAG_HDR_LENGTH)
91     		return -1;
92     
93     	*length -= LIB_MLAG_HDR_LENGTH;
94     
95     	STREAM_GETL(s, msg->msg_type);


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u2389337.ct.sendgrid.net/ls/click?upn=nJaKvJSIH-2FPAfmty-2BK5tYpPklAc1eEA-2F1zfUjH6teEwtXAn74UdOrNjckt5W0LJ0CDxXoQFnSJSV51LhpQIExOPuUyDQ-2BIaYqt88E1d5-2F-2Fc-3D-Kv8_O0IDF7c8sUs2B6kWTeWwAJZqriD5fgsfL8PAN30oQTwpH-2FcMfIJmeR3U2olIDR3HxZhBTkbB-2B1kA16nWvEiPSUixxtxczwXSTIzosiXAlAe68zOYoZFy961-2FNmpZhDpfUDKYwbOQXYL80pghQmyCy8Q1R-2B0fvRIunXOujjDUGOt1Ui2nQ1ZBqVEjYxP8ElbMmGx8PAvuCuiq2Fay-2B5RCQiiPWkJaensIBwxKGCvM5ks-3D

More information about the dev mailing list