New Defects reported by Coverity Scan for freerangerouting/frr
scan-admin at coverity.com
scan-admin at coverity.com
Tue Aug 15 13:55:13 UTC 2023
Hi,
Please find the latest report on new defect(s) introduced to freerangerouting/frr found with Coverity Scan.
9 new defect(s) introduced to freerangerouting/frr found with Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 9 of 9 defect(s)
** CID 1566848: (NULL_RETURNS)
/pbrd/pbr_vty.c: 830 in pbr_map_action_dst_port_magic()
/pbrd/pbr_vty.c: 825 in pbr_map_action_dst_port_magic()
________________________________________________________________________________________________________
*** CID 1566848: (NULL_RETURNS)
/pbrd/pbr_vty.c: 830 in pbr_map_action_dst_port_magic()
824 if (no) {
825 if (!CHECK_FLAG(pbrms->action_bm, PBR_ACTION_DST_PORT))
826 return CMD_SUCCESS;
827 UNSET_FLAG(pbrms->action_bm, PBR_ACTION_DST_PORT);
828 goto check;
829 }
>>> CID 1566848: (NULL_RETURNS)
>>> Dereferencing "pbrms", which is known to be "NULL".
830 if (CHECK_FLAG(pbrms->action_bm, PBR_ACTION_DST_PORT) &&
831 (pbrms->action_dst_port == port))
832 return CMD_SUCCESS;
833
834 SET_FLAG(pbrms->action_bm, PBR_ACTION_DST_PORT);
835 pbrms->action_dst_port = port;
/pbrd/pbr_vty.c: 825 in pbr_map_action_dst_port_magic()
819 "The Destination Port\n")
820 {
821 /* clang-format on */
822 struct pbr_map_sequence *pbrms = VTY_GET_CONTEXT(pbr_map_sequence);
823
824 if (no) {
>>> CID 1566848: (NULL_RETURNS)
>>> Dereferencing "pbrms", which is known to be "NULL".
825 if (!CHECK_FLAG(pbrms->action_bm, PBR_ACTION_DST_PORT))
826 return CMD_SUCCESS;
827 UNSET_FLAG(pbrms->action_bm, PBR_ACTION_DST_PORT);
828 goto check;
829 }
830 if (CHECK_FLAG(pbrms->action_bm, PBR_ACTION_DST_PORT) &&
** CID 1566847: (NULL_RETURNS)
/pbrd/pbr_vty.c: 800 in pbr_map_action_src_port_magic()
/pbrd/pbr_vty.c: 794 in pbr_map_action_src_port_magic()
________________________________________________________________________________________________________
*** CID 1566847: (NULL_RETURNS)
/pbrd/pbr_vty.c: 800 in pbr_map_action_src_port_magic()
794 if (!CHECK_FLAG(pbrms->action_bm, PBR_ACTION_SRC_PORT))
795 return CMD_SUCCESS;
796 UNSET_FLAG(pbrms->action_bm, PBR_ACTION_SRC_PORT);
797 goto check;
798 }
799
>>> CID 1566847: (NULL_RETURNS)
>>> Dereferencing "pbrms", which is known to be "NULL".
800 if (CHECK_FLAG(pbrms->action_bm, PBR_ACTION_SRC_PORT) &&
801 (pbrms->action_src_port == port))
802 return CMD_SUCCESS;
803
804 pbrms->action_src_port = port;
805 SET_FLAG(pbrms->action_bm, PBR_ACTION_SRC_PORT);
/pbrd/pbr_vty.c: 794 in pbr_map_action_src_port_magic()
788 "The Source Port\n")
789 {
790 /* clang-format on */
791 struct pbr_map_sequence *pbrms = VTY_GET_CONTEXT(pbr_map_sequence);
792
793 if (no) {
>>> CID 1566847: (NULL_RETURNS)
>>> Dereferencing "pbrms", which is known to be "NULL".
794 if (!CHECK_FLAG(pbrms->action_bm, PBR_ACTION_SRC_PORT))
795 return CMD_SUCCESS;
796 UNSET_FLAG(pbrms->action_bm, PBR_ACTION_SRC_PORT);
797 goto check;
798 }
799
** CID 1566846: Null pointer dereferences (REVERSE_INULL)
/pbrd/pbr_vty.c: 455 in pbr_map_match_dscp_magic()
________________________________________________________________________________________________________
*** CID 1566846: Null pointer dereferences (REVERSE_INULL)
/pbrd/pbr_vty.c: 455 in pbr_map_match_dscp_magic()
449 if (*pend)
450 raw_dscp = pbr_map_decode_dscp_enum(dscp);
451 else
452 raw_dscp = ul_dscp << 2;
453 if (raw_dscp > PBR_DSFIELD_DSCP) {
454 vty_out(vty, "Invalid dscp value: %s%s\n", dscp,
>>> CID 1566846: Null pointer dereferences (REVERSE_INULL)
>>> Null-checking "pend" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
455 (pend ? "" : " (numeric value must be in range 0-63)"));
456 return CMD_WARNING_CONFIG_FAILED;
457 }
458
459 if (CHECK_FLAG(pbrms->filter_bm, PBR_FILTER_DSCP) &&
460 (((pbrms->dsfield & PBR_DSFIELD_DSCP) >> 2) == raw_dscp)) {
** CID 1566845: Null pointer dereferences (FORWARD_NULL)
________________________________________________________________________________________________________
*** CID 1566845: Null pointer dereferences (FORWARD_NULL)
/pbrd/pbr_vty_clippy.c: 1512 in pbr_map_vrf()
1506 #if 0 /* anything that can fail? */
1507 if (_failcnt)
1508 return CMD_WARNING;
1509 #endif
1510 #endif
1511
>>> CID 1566845: Null pointer dereferences (FORWARD_NULL)
>>> Passing null pointer "vrf_name" to "pbr_map_vrf_magic", which dereferences it.
1512 return pbr_map_vrf_magic(self, vty, argc, argv, vrf_name);
1513 }
1514
1515 /* no_pbr_map_vrf => "no set vrf [<NAME$vrf_name|unchanged>]" */
1516 DEFUN_CMD_FUNC_DECL(no_pbr_map_vrf)
1517 #define funcdecl_no_pbr_map_vrf static int no_pbr_map_vrf_magic(\
** CID 1566844: (NULL_RETURNS)
/pbrd/pbr_vty.c: 902 in pbr_map_action_ecn_magic()
/pbrd/pbr_vty.c: 907 in pbr_map_action_ecn_magic()
________________________________________________________________________________________________________
*** CID 1566844: (NULL_RETURNS)
/pbrd/pbr_vty.c: 902 in pbr_map_action_ecn_magic()
896 "Explicit Congestion Notification value\n")
897 {
898 /* clang-format on */
899 struct pbr_map_sequence *pbrms = VTY_GET_CONTEXT(pbr_map_sequence);
900
901 if (no) {
>>> CID 1566844: (NULL_RETURNS)
>>> Dereferencing "pbrms", which is known to be "NULL".
902 if (!CHECK_FLAG(pbrms->action_bm, PBR_ACTION_ECN))
903 return CMD_SUCCESS;
904 UNSET_FLAG(pbrms->action_bm, PBR_ACTION_ECN);
905 goto check;
906 }
907 if (CHECK_FLAG(pbrms->action_bm, PBR_ACTION_ECN) &&
/pbrd/pbr_vty.c: 907 in pbr_map_action_ecn_magic()
901 if (no) {
902 if (!CHECK_FLAG(pbrms->action_bm, PBR_ACTION_ECN))
903 return CMD_SUCCESS;
904 UNSET_FLAG(pbrms->action_bm, PBR_ACTION_ECN);
905 goto check;
906 }
>>> CID 1566844: (NULL_RETURNS)
>>> Dereferencing "pbrms", which is known to be "NULL".
907 if (CHECK_FLAG(pbrms->action_bm, PBR_ACTION_ECN) &&
908 (pbrms->action_ecn == ecn)) {
909 return CMD_SUCCESS;
910 }
911 SET_FLAG(pbrms->action_bm, PBR_ACTION_ECN);
912 pbrms->action_ecn = ecn;
** CID 1566843: Uninitialized variables (UNINIT)
/bgpd/bgp_route.c: 6754 in bgp_static_set()
________________________________________________________________________________________________________
*** CID 1566843: Uninitialized variables (UNINIT)
/bgpd/bgp_route.c: 6754 in bgp_static_set()
6748 bgp_static->backdoor = backdoor;
6749 bgp_static->valid = 0;
6750 bgp_static->igpmetric = 0;
6751 bgp_static->igpnexthop.s_addr = INADDR_ANY;
6752 bgp_static->label_index = label_index;
6753 bgp_static->label = label;
>>> CID 1566843: Uninitialized variables (UNINIT)
>>> Using uninitialized value "prd".
6754 bgp_static->prd = prd;
6755
6756 if (rmap) {
6757 XFREE(MTYPE_ROUTE_MAP_NAME,
6758 bgp_static->rmap.name);
6759 route_map_counter_decrement(
** CID 1566842: Null pointer dereferences (REVERSE_INULL)
/pbrd/pbr_vty.c: 874 in pbr_map_action_dscp_magic()
________________________________________________________________________________________________________
*** CID 1566842: Null pointer dereferences (REVERSE_INULL)
/pbrd/pbr_vty.c: 874 in pbr_map_action_dscp_magic()
868 raw_dscp = pbr_map_decode_dscp_enum(dscp);
869 else
870 raw_dscp = ul_dscp << 2;
871
872 if (raw_dscp > PBR_DSFIELD_DSCP) {
873 vty_out(vty, "Invalid dscp value: %s%s\n", dscp,
>>> CID 1566842: Null pointer dereferences (REVERSE_INULL)
>>> Null-checking "pend" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
874 (pend ? "" : " (numeric value must be in range 0-63)"));
875 return CMD_WARNING_CONFIG_FAILED;
876 }
877 if (CHECK_FLAG(pbrms->action_bm, PBR_ACTION_DSCP) &&
878 (pbrms->action_dscp == raw_dscp)) {
879 return CMD_SUCCESS;
** CID 1566841: (NULL_RETURNS)
/pbrd/pbr_vty.c: 877 in pbr_map_action_dscp_magic()
/pbrd/pbr_vty.c: 855 in pbr_map_action_dscp_magic()
________________________________________________________________________________________________________
*** CID 1566841: (NULL_RETURNS)
/pbrd/pbr_vty.c: 877 in pbr_map_action_dscp_magic()
871
872 if (raw_dscp > PBR_DSFIELD_DSCP) {
873 vty_out(vty, "Invalid dscp value: %s%s\n", dscp,
874 (pend ? "" : " (numeric value must be in range 0-63)"));
875 return CMD_WARNING_CONFIG_FAILED;
876 }
>>> CID 1566841: (NULL_RETURNS)
>>> Dereferencing "pbrms", which is known to be "NULL".
877 if (CHECK_FLAG(pbrms->action_bm, PBR_ACTION_DSCP) &&
878 (pbrms->action_dscp == raw_dscp)) {
879 return CMD_SUCCESS;
880 }
881 SET_FLAG(pbrms->action_bm, PBR_ACTION_DSCP);
882 pbrms->action_dscp = raw_dscp;
/pbrd/pbr_vty.c: 855 in pbr_map_action_dscp_magic()
849 "DSCP numeric value (0-63) or standard codepoint name\n")
850 {
851 /* clang-format on */
852 struct pbr_map_sequence *pbrms = VTY_GET_CONTEXT(pbr_map_sequence);
853
854 if (no) {
>>> CID 1566841: (NULL_RETURNS)
>>> Dereferencing "pbrms", which is known to be "NULL".
855 if (!CHECK_FLAG(pbrms->action_bm, PBR_ACTION_DSCP))
856 return CMD_SUCCESS;
857 UNSET_FLAG(pbrms->action_bm, PBR_ACTION_DSCP);
858 goto check;
859 }
860
** CID 1566840: Incorrect expression (UNUSED_VALUE)
/pbrd/pbr_zebra.c: 571 in pbr_encode_pbr_map_sequence()
________________________________________________________________________________________________________
*** CID 1566840: Incorrect expression (UNUSED_VALUE)
/pbrd/pbr_zebra.c: 571 in pbr_encode_pbr_map_sequence()
565 r.filter.ip_proto = pbrms->ip_proto;
566
567 r.filter.filter_bm = pbrms->filter_bm;
568
569 /* actions */
570
>>> CID 1566840: Incorrect expression (UNUSED_VALUE)
>>> Assigning value "1U" to "r.action.flags" here, but that stored value is overwritten before it can be used.
571 SET_FLAG(r.action.flags, PBR_ACTION_TABLE); /* always valid */
572
573 /*
574 * PBR should maintain its own set of action flags that we
575 * can copy here instead of trying to infer from magic values.
576 */
________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yrtN2DGUU98GYhjd55wXsXtw53zRK70R0agdV-2Fb7c45-2BkxBoZjryQtr5SpUD80NNfE-3DqwMQ_O0IDF7c8sUs2B6kWTeWwAJZqriD5fgsfL8PAN30oQTx2EHabMlidl7fyWI0KlR45YFV2XaAI79g7epfO3qF1Z6tHZnIEnDo-2FaiABCbNPPQMOA8NPWB-2BJO1xKWWXJuoxITR-2BnjBy85SH-2Fvpgdqv-2BmHMXyuKadmhlsh3ivUDI8dVSuSY-2BvSZGE-2FsaimBIyi02ek6T4yerwmXfd9b-2BCxxFd3Q-3D-3D
More information about the dev
mailing list