New Defects reported by Coverity Scan for freerangerouting/frr

scan-admin at coverity.com scan-admin at coverity.com
Mon Jul 5 09:17:59 UTC 2021 

Hi,

Please find the latest report on new defect(s) introduced to freerangerouting/frr found with Coverity Scan.

4 new defect(s) introduced to freerangerouting/frr found with Coverity Scan.


New defect(s) Reported-by: Coverity Scan
Showing 4 of 4 defect(s)


** CID 1505711:  Memory - illegal accesses  (OVERRUN)


________________________________________________________________________________________________________
*** CID 1505711:  Memory - illegal accesses  (OVERRUN)
/bgpd/bgp_routemap.c: 384 in route_match_script()
378     			      status_nomatch = LUA_RM_NOMATCH,
379     			      status_match = LUA_RM_MATCH,
380     			      status_match_and_change = LUA_RM_MATCH_AND_CHANGE;
381     
382     	struct attr newattr = *path->attr;
383     
>>>     CID 1505711:  Memory - illegal accesses  (OVERRUN)
>>>     Overrunning array of 4 bytes at byte offset 7 by dereferencing pointer "(long long *)&lrm_status".
384     	int result = frrscript_call(
385     		fs, ("RM_FAILURE", (long long *)&lrm_status),
386     		("RM_NOMATCH", (long long *)&status_nomatch),
387     		("RM_MATCH", (long long *)&status_match),
388     		("RM_MATCH_AND_CHANGE", (long long *)&status_match_and_change),
389     		("action", (long long *)&lrm_status), ("prefix", prefix),

** CID 1505710:  Memory - illegal accesses  (OVERRUN)


________________________________________________________________________________________________________
*** CID 1505710:  Memory - illegal accesses  (OVERRUN)
/bgpd/bgp_routemap.c: 384 in route_match_script()
378     			      status_nomatch = LUA_RM_NOMATCH,
379     			      status_match = LUA_RM_MATCH,
380     			      status_match_and_change = LUA_RM_MATCH_AND_CHANGE;
381     
382     	struct attr newattr = *path->attr;
383     
>>>     CID 1505710:  Memory - illegal accesses  (OVERRUN)
>>>     Overrunning array of 4 bytes at byte offset 7 by dereferencing pointer "(long long *)&status_nomatch".
384     	int result = frrscript_call(
385     		fs, ("RM_FAILURE", (long long *)&lrm_status),
386     		("RM_NOMATCH", (long long *)&status_nomatch),
387     		("RM_MATCH", (long long *)&status_match),
388     		("RM_MATCH_AND_CHANGE", (long long *)&status_match_and_change),
389     		("action", (long long *)&lrm_status), ("prefix", prefix),

** CID 1505709:  Memory - illegal accesses  (OVERRUN)


________________________________________________________________________________________________________
*** CID 1505709:  Memory - illegal accesses  (OVERRUN)
/bgpd/bgp_routemap.c: 384 in route_match_script()
378     			      status_nomatch = LUA_RM_NOMATCH,
379     			      status_match = LUA_RM_MATCH,
380     			      status_match_and_change = LUA_RM_MATCH_AND_CHANGE;
381     
382     	struct attr newattr = *path->attr;
383     
>>>     CID 1505709:  Memory - illegal accesses  (OVERRUN)
>>>     Overrunning array of 4 bytes at byte offset 7 by dereferencing pointer "(long long *)&status_match_and_change".
384     	int result = frrscript_call(
385     		fs, ("RM_FAILURE", (long long *)&lrm_status),
386     		("RM_NOMATCH", (long long *)&status_nomatch),
387     		("RM_MATCH", (long long *)&status_match),
388     		("RM_MATCH_AND_CHANGE", (long long *)&status_match_and_change),
389     		("action", (long long *)&lrm_status), ("prefix", prefix),

** CID 1505708:  Memory - illegal accesses  (OVERRUN)


________________________________________________________________________________________________________
*** CID 1505708:  Memory - illegal accesses  (OVERRUN)
/bgpd/bgp_routemap.c: 384 in route_match_script()
378     			      status_nomatch = LUA_RM_NOMATCH,
379     			      status_match = LUA_RM_MATCH,
380     			      status_match_and_change = LUA_RM_MATCH_AND_CHANGE;
381     
382     	struct attr newattr = *path->attr;
383     
>>>     CID 1505708:  Memory - illegal accesses  (OVERRUN)
>>>     Overrunning array of 4 bytes at byte offset 7 by dereferencing pointer "(long long *)&status_match".
384     	int result = frrscript_call(
385     		fs, ("RM_FAILURE", (long long *)&lrm_status),
386     		("RM_NOMATCH", (long long *)&status_nomatch),
387     		("RM_MATCH", (long long *)&status_match),
388     		("RM_MATCH_AND_CHANGE", (long long *)&status_match_and_change),
389     		("action", (long long *)&lrm_status), ("prefix", prefix),


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yrtN2DGUU98GYhjd55wXsXtw53zRK70R0agdV-2Fb7c45-2BkxBoZjryQtr5SpUD80NNfE-3Dvkp2_O0IDF7c8sUs2B6kWTeWwAJZqriD5fgsfL8PAN30oQTym0TuIVGxgIAgFksLcQAebIjmoJI59kwHlqa-2BKISlflzwtwwMLO-2F7nMrWnw8DD7dTbX97TR68OrBaQh-2BlrUYdJu35Hk0zwhaJio9zsg1-2B-2BDjk0-2BG3Oo92VGs-2F2aAwQwCEIwLB5YxfDr2FrvzH4EaqjtlwwC4W4xzadUo3NUtD-2Fqg-3D-3D

More information about the dev mailing list