New Defects reported by Coverity Scan for freerangerouting/frr

scan-admin at coverity.com scan-admin at coverity.com
Fri Mar 11 15:15:38 UTC 2022 

Hi,

Please find the latest report on new defect(s) introduced to freerangerouting/frr found with Coverity Scan.

4 new defect(s) introduced to freerangerouting/frr found with Coverity Scan.
6 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 4 of 4 defect(s)


** CID 1515041:  Null pointer dereferences  (NULL_RETURNS)


________________________________________________________________________________________________________
*** CID 1515041:  Null pointer dereferences  (NULL_RETURNS)
/pimd/pim_cmd_common.c: 592 in pim_process_no_rp_cmd()
586     		vty_out(vty, "%% Unable to find specified RP\n");
587     		return NB_OK;
588     	}
589     
590     	group_dnode = yang_dnode_get(vty->candidate_config->dnode, group_xpath);
591     
>>>     CID 1515041:  Null pointer dereferences  (NULL_RETURNS)
>>>     Dereferencing a pointer that might be "NULL" "group_dnode" when calling "yang_is_last_list_dnode".
592     	if (yang_is_last_list_dnode(group_dnode))
593     		nb_cli_enqueue_change(vty, rp_xpath, NB_OP_DESTROY, NULL);
594     	else
595     		nb_cli_enqueue_change(vty, group_list_xpath, NB_OP_DESTROY,
596     				      group_str);
597     

** CID 1515040:  Concurrent data access violations  (MISSING_LOCK)
/lib/northbound_grpc.cpp: 1281 in grpc_pthread_start(void *)()


________________________________________________________________________________________________________
*** CID 1515040:  Concurrent data access violations  (MISSING_LOCK)
/lib/northbound_grpc.cpp: 1281 in grpc_pthread_start(void *)()
1275     		GRPC_ARG_HTTP2_MIN_RECV_PING_INTERVAL_WITHOUT_DATA_MS, 5000);
1276     	std::unique_ptr<grpc::ServerCompletionQueue> cq =
1277     		builder.AddCompletionQueue();
1278     	std::unique_ptr<grpc::Server> server = builder.BuildAndStart();
1279     	s_server = server.get();
1280     
>>>     CID 1515040:  Concurrent data access violations  (MISSING_LOCK)
>>>     Accessing "grpc_running" without holding lock "s_server_lock". Elsewhere, "grpc_running" is accessed with "s_server_lock" held 2 out of 3 times (2 of these accesses strongly imply that it is necessary).
1281     	grpc_running = true;
1282     
1283     	/* Schedule all RPC handlers */
1284     	REQUEST_NEWRPC(GetCapabilities, NULL);
1285     	REQUEST_NEWRPC(CreateCandidate, &candidates);
1286     	REQUEST_NEWRPC(DeleteCandidate, &candidates);

** CID 1515039:  Insecure data handling  (TAINTED_SCALAR)


________________________________________________________________________________________________________
*** CID 1515039:  Insecure data handling  (TAINTED_SCALAR)
/vtysh/vtysh.c: 3704 in vtysh_log_read()
3698     				"%d log messages from %s lost (vtysh reading too slowly)\n",
3699     				lost_msgs, vclient->name);
3700     		}
3701     	}
3702     
3703     	text = buf.text + sizeof(buf.hdr.argpos[0]) * buf.hdr.n_argpos;
>>>     CID 1515039:  Insecure data handling  (TAINTED_SCALAR)
>>>     Passing tainted expression "buf.hdr.n_argpos" to "vtysh_log_print", which uses it as a loop boundary.
3704     	vtysh_log_print(vclient, &buf.hdr, text);
3705     
3706     	if (stderr_stdout_same)
3707     		rl_forced_update_display();
3708     
3709     	return;

** CID 1515038:  Memory - illegal accesses  (WRAPPER_ESCAPE)
/lib/northbound_grpc.cpp: 1279 in grpc_pthread_start(void *)()


________________________________________________________________________________________________________
*** CID 1515038:  Memory - illegal accesses  (WRAPPER_ESCAPE)
/lib/northbound_grpc.cpp: 1279 in grpc_pthread_start(void *)()
1273     	builder.RegisterService(&service);
1274     	builder.AddChannelArgument(
1275     		GRPC_ARG_HTTP2_MIN_RECV_PING_INTERVAL_WITHOUT_DATA_MS, 5000);
1276     	std::unique_ptr<grpc::ServerCompletionQueue> cq =
1277     		builder.AddCompletionQueue();
1278     	std::unique_ptr<grpc::Server> server = builder.BuildAndStart();
>>>     CID 1515038:  Memory - illegal accesses  (WRAPPER_ESCAPE)
>>>     The internal representation of local "server" escapes into "s_server", but is destroyed when it exits scope.
1279     	s_server = server.get();
1280     
1281     	grpc_running = true;
1282     
1283     	/* Schedule all RPC handlers */
1284     	REQUEST_NEWRPC(GetCapabilities, NULL);


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yrtN2DGUU98GYhjd55wXsXtw53zRK70R0agdV-2Fb7c45-2BkxBoZjryQtr5SpUD80NNfE-3D7KL1_O0IDF7c8sUs2B6kWTeWwAJZqriD5fgsfL8PAN30oQTyDOaIfTv9Qv9-2FM8RaGHfxrls1tu-2Byw7OybRqlMVYG92mq4ONKv9LmN1Bt4hH7jQ9tWWCHgNSqdNy6UIQ58DbGt9xLScPduMC-2B-2B6j0OSNFF2-2BR-2BRrTl-2FqH8L-2Bq1lTUFuHWM2QCo8a77Wgx1mCVnTxroeyZsu-2FnXHk6eYCC6ox29Gw-3D-3D

More information about the dev mailing list