New Defects reported by Coverity Scan for freerangerouting/frr
scan-admin at coverity.com
scan-admin at coverity.com
Thu Aug 31 15:56:01 UTC 2023
Hi,
Please find the latest report on new defect(s) introduced to freerangerouting/frr found with Coverity Scan.
28 new defect(s) introduced to freerangerouting/frr found with Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 20 of 28 defect(s)
** CID 1567740: (USE_AFTER_FREE)
/bgpd/bgp_route.c: 5774 in bgp_clear_adj_in()
________________________________________________________________________________________________________
*** CID 1567740: (USE_AFTER_FREE)
/bgpd/bgp_route.c: 5781 in bgp_clear_adj_in()
5775 ain = dest->adj_in;
5776
5777 while (ain) {
5778 ain_next = ain->next;
5779
5780 if (ain->peer == peer)
>>> CID 1567740: (USE_AFTER_FREE)
>>> Calling "bgp_adj_in_remove" dereferences freed pointer "dest".
5781 bgp_adj_in_remove(dest, ain);
5782
5783 ain = ain_next;
5784 }
5785 }
5786 }
/bgpd/bgp_route.c: 5774 in bgp_clear_adj_in()
5768
5769 table = peer->bgp->rib[afi][safi];
5770
5771 /* It is possible that we have multiple paths for a prefix from a peer
5772 * if that peer is using AddPath.
5773 */
>>> CID 1567740: (USE_AFTER_FREE)
>>> Passing freed pointer "dest" as an argument to "bgp_route_next".
5774 for (dest = bgp_table_top(table); dest; dest = bgp_route_next(dest)) {
5775 ain = dest->adj_in;
5776
5777 while (ain) {
5778 ain_next = ain->next;
5779
** CID 1567739: Memory - illegal accesses (USE_AFTER_FREE)
________________________________________________________________________________________________________
*** CID 1567739: Memory - illegal accesses (USE_AFTER_FREE)
/bgpd/bgp_evpn.c: 2206 in update_evpn_route()
2200 if (!new_is_sync && old_is_sync)
2201 evpn_zebra_uninstall(bgp, vpn, p, pi, true);
2202 }
2203 }
2204 bgp_path_info_unlock(pi);
2205
>>> CID 1567739: Memory - illegal accesses (USE_AFTER_FREE)
>>> Calling "bgp_dest_unlock_node" dereferences freed pointer "dest".
2206 bgp_dest_unlock_node(dest);
2207
2208 /* If this is a new route or some attribute has changed, export the
2209 * route to the global table. The route will be advertised to peers
2210 * from there. Note that this table is a 2-level tree (RD-level +
2211 * Prefix-level) similar to L3VPN routes.
** CID 1567738: Memory - illegal accesses (USE_AFTER_FREE)
/bgpd/bgp_evpn.c: 2052 in evpn_cleanup_local_non_best_route()
________________________________________________________________________________________________________
*** CID 1567738: Memory - illegal accesses (USE_AFTER_FREE)
/bgpd/bgp_evpn.c: 2052 in evpn_cleanup_local_non_best_route()
2046 dest);
2047
2048 evpn_delete_old_local_route(bgp, vpn, dest, local_pi, NULL);
2049 bgp_path_info_reap(dest, local_pi);
2050
2051 /* tell zebra to re-add the best remote path */
>>> CID 1567738: Memory - illegal accesses (USE_AFTER_FREE)
>>> Passing freed pointer "dest" as an argument to "evpn_zebra_reinstall_best_route".
2052 evpn_zebra_reinstall_best_route(bgp, vpn, dest);
2053 }
2054
2055 static inline bool bgp_evpn_route_add_l3_ecomm_ok(struct bgpevpn *vpn,
2056 const struct prefix_evpn *p,
2057 esi_t *esi)
** CID 1567737: Memory - illegal accesses (USE_AFTER_FREE)
________________________________________________________________________________________________________
*** CID 1567737: Memory - illegal accesses (USE_AFTER_FREE)
/bgpd/bgp_evpn.c: 2331 in delete_evpn_route()
2325
2326 /* Delete route entry in the VNI route table. This can just be removed.
2327 */
2328 delete_evpn_route_entry(bgp, afi, safi, dest, &pi);
2329 if (pi) {
2330 bgp_path_info_reap(dest, pi);
>>> CID 1567737: Memory - illegal accesses (USE_AFTER_FREE)
>>> Calling "evpn_route_select_install" dereferences freed pointer "dest".
2331 evpn_route_select_install(bgp, vpn, dest);
2332 }
2333 bgp_dest_unlock_node(dest);
2334
2335 return 0;
2336 }
** CID 1567736: (USE_AFTER_FREE)
/bgpd/bgp_evpn.c: 2601 in delete_vni_type2_routes()
/bgpd/bgp_evpn.c: 2605 in delete_vni_type2_routes()
________________________________________________________________________________________________________
*** CID 1567736: (USE_AFTER_FREE)
/bgpd/bgp_evpn.c: 2601 in delete_vni_type2_routes()
2595 struct bgp_dest *dest;
2596
2597 /* Next, walk this VNI's MAC & IP route table and delete local type-2
2598 * routes.
2599 */
2600 for (dest = bgp_table_top(vpn->mac_table); dest;
>>> CID 1567736: (USE_AFTER_FREE)
>>> Passing freed pointer "dest" as an argument to "bgp_route_next".
2601 dest = bgp_route_next(dest))
2602 delete_vni_type2_route(bgp, dest);
2603
2604 for (dest = bgp_table_top(vpn->ip_table); dest;
2605 dest = bgp_route_next(dest))
2606 delete_vni_type2_route(bgp, dest);
/bgpd/bgp_evpn.c: 2605 in delete_vni_type2_routes()
2599 */
2600 for (dest = bgp_table_top(vpn->mac_table); dest;
2601 dest = bgp_route_next(dest))
2602 delete_vni_type2_route(bgp, dest);
2603
2604 for (dest = bgp_table_top(vpn->ip_table); dest;
>>> CID 1567736: (USE_AFTER_FREE)
>>> Passing freed pointer "dest" as an argument to "bgp_route_next".
2605 dest = bgp_route_next(dest))
2606 delete_vni_type2_route(bgp, dest);
2607 }
2608
2609 /*
2610 * Delete all type-2 (MACIP) local routes for this VNI - from the global
** CID 1567735: Memory - illegal accesses (USE_AFTER_FREE)
________________________________________________________________________________________________________
*** CID 1567735: Memory - illegal accesses (USE_AFTER_FREE)
/bgpd/bgp_evpn_mh.c: 517 in bgp_evpn_mh_route_delete()
511 * Delete route entry in the ESI or VNI routing table.
512 * This can just be removed.
513 */
514 delete_evpn_route_entry(bgp, afi, safi, dest, &pi);
515 if (pi)
516 bgp_path_info_reap(dest, pi);
>>> CID 1567735: Memory - illegal accesses (USE_AFTER_FREE)
>>> Calling "bgp_dest_unlock_node" dereferences freed pointer "dest".
517 bgp_dest_unlock_node(dest);
518 return 0;
519 }
520
521 /*
522 * This function is called when the VNI RD changes.
** CID 1567734: (USE_AFTER_FREE)
/bgpd/bgp_evpn_mh.c: 325 in bgp_evpn_es_route_del_all()
/bgpd/bgp_evpn_mh.c: 322 in bgp_evpn_es_route_del_all()
________________________________________________________________________________________________________
*** CID 1567734: (USE_AFTER_FREE)
/bgpd/bgp_evpn_mh.c: 325 in bgp_evpn_es_route_del_all()
319
320 /* Walk this ES's routing table and delete all routes. */
321 for (dest = bgp_table_top(es->route_table); dest;
322 dest = bgp_route_next(dest)) {
323 for (pi = bgp_dest_get_bgp_path_info(dest);
324 (pi != NULL) && (nextpi = pi->next, 1); pi = nextpi) {
>>> CID 1567734: (USE_AFTER_FREE)
>>> Passing freed pointer "dest" as an argument to "bgp_path_info_delete".
325 bgp_path_info_delete(dest, pi);
326 bgp_path_info_reap(dest, pi);
327 }
328 }
329 }
330
/bgpd/bgp_evpn_mh.c: 322 in bgp_evpn_es_route_del_all()
316 /* de-activate the ES */
317 bgp_evpn_local_es_down(bgp, es);
318 bgp_evpn_local_type1_evi_route_del(bgp, es);
319
320 /* Walk this ES's routing table and delete all routes. */
321 for (dest = bgp_table_top(es->route_table); dest;
>>> CID 1567734: (USE_AFTER_FREE)
>>> Passing freed pointer "dest" as an argument to "bgp_route_next".
322 dest = bgp_route_next(dest)) {
323 for (pi = bgp_dest_get_bgp_path_info(dest);
324 (pi != NULL) && (nextpi = pi->next, 1); pi = nextpi) {
325 bgp_path_info_delete(dest, pi);
326 bgp_path_info_reap(dest, pi);
327 }
** CID 1567733: (USE_AFTER_FREE)
/bgpd/bgp_route.c: 6024 in bgp_cleanup_routes()
/bgpd/bgp_route.c: 6035 in bgp_cleanup_routes()
________________________________________________________________________________________________________
*** CID 1567733: (USE_AFTER_FREE)
/bgpd/bgp_route.c: 6024 in bgp_cleanup_routes()
6018 * VPN and ENCAP and EVPN tables are two-level (RD is top level)
6019 */
6020 if (afi != AFI_L2VPN) {
6021 safi_t safi;
6022 safi = SAFI_MPLS_VPN;
6023 for (dest = bgp_table_top(bgp->rib[afi][safi]); dest;
>>> CID 1567733: (USE_AFTER_FREE)
>>> Passing freed pointer "dest" as an argument to "bgp_route_next".
6024 dest = bgp_route_next(dest)) {
6025 table = bgp_dest_get_bgp_table_info(dest);
6026 if (table != NULL) {
6027 bgp_cleanup_table(bgp, table, safi);
6028 bgp_table_finish(&table);
6029 bgp_dest_set_bgp_table_info(dest, NULL);
/bgpd/bgp_route.c: 6035 in bgp_cleanup_routes()
6029 bgp_dest_set_bgp_table_info(dest, NULL);
6030 bgp_dest_unlock_node(dest);
6031 }
6032 }
6033 safi = SAFI_ENCAP;
6034 for (dest = bgp_table_top(bgp->rib[afi][safi]); dest;
>>> CID 1567733: (USE_AFTER_FREE)
>>> Passing freed pointer "dest" as an argument to "bgp_route_next".
6035 dest = bgp_route_next(dest)) {
6036 table = bgp_dest_get_bgp_table_info(dest);
6037 if (table != NULL) {
6038 bgp_cleanup_table(bgp, table, safi);
6039 bgp_table_finish(&table);
6040 bgp_dest_set_bgp_table_info(dest, NULL);
** CID 1567732: Memory - illegal accesses (USE_AFTER_FREE)
________________________________________________________________________________________________________
*** CID 1567732: Memory - illegal accesses (USE_AFTER_FREE)
/bgpd/bgp_nexthop.c: 487 in bgp_connected_delete()
481 bc->refcnt--;
482 if (bc->refcnt == 0) {
483 XFREE(MTYPE_BGP_CONN, bc);
484 bgp_dest_set_bgp_connected_ref_info(dest, NULL);
485 }
486 bgp_dest_unlock_node(dest);
>>> CID 1567732: Memory - illegal accesses (USE_AFTER_FREE)
>>> Calling "bgp_dest_unlock_node" dereferences freed pointer "dest".
487 bgp_dest_unlock_node(dest);
488 }
489
490 static void bgp_connected_cleanup(struct route_table *table,
491 struct route_node *rn)
492 {
** CID 1567731: Memory - illegal accesses (USE_AFTER_FREE)
/bgpd/bgp_route.c: 5101 in bgp_withdraw()
________________________________________________________________________________________________________
*** CID 1567731: Memory - illegal accesses (USE_AFTER_FREE)
/bgpd/bgp_route.c: 5101 in bgp_withdraw()
5095 }
5096 bgp_dest_unlock_node(dest);
5097 return;
5098 }
5099
5100 /* Lookup withdrawn route. */
>>> CID 1567731: Memory - illegal accesses (USE_AFTER_FREE)
>>> Passing freed pointer "dest" as an argument to "bgp_dest_get_bgp_path_info".
5101 for (pi = bgp_dest_get_bgp_path_info(dest); pi; pi = pi->next)
5102 if (pi->peer == peer && pi->type == type
5103 && pi->sub_type == sub_type
5104 && pi->addpath_rx_id == addpath_id)
5105 break;
5106
** CID 1567730: (USE_AFTER_FREE)
/bgpd/bgp_evpn.c: 2637 in delete_all_vni_routes()
/bgpd/bgp_evpn.c: 2633 in delete_all_vni_routes()
/bgpd/bgp_evpn.c: 2646 in delete_all_vni_routes()
/bgpd/bgp_evpn.c: 2643 in delete_all_vni_routes()
________________________________________________________________________________________________________
*** CID 1567730: (USE_AFTER_FREE)
/bgpd/bgp_evpn.c: 2637 in delete_all_vni_routes()
2631 /* Walk this VNI's MAC & IP route table and delete all routes. */
2632 for (dest = bgp_table_top(vpn->mac_table); dest;
2633 dest = bgp_route_next(dest)) {
2634 for (pi = bgp_dest_get_bgp_path_info(dest);
2635 (pi != NULL) && (nextpi = pi->next, 1); pi = nextpi) {
2636 bgp_evpn_remote_ip_hash_del(vpn, pi);
>>> CID 1567730: (USE_AFTER_FREE)
>>> Passing freed pointer "dest" as an argument to "bgp_path_info_delete".
2637 bgp_path_info_delete(dest, pi);
2638 bgp_path_info_reap(dest, pi);
2639 }
2640 }
2641
2642 for (dest = bgp_table_top(vpn->ip_table); dest;
/bgpd/bgp_evpn.c: 2633 in delete_all_vni_routes()
2627 {
2628 struct bgp_dest *dest;
2629 struct bgp_path_info *pi, *nextpi;
2630
2631 /* Walk this VNI's MAC & IP route table and delete all routes. */
2632 for (dest = bgp_table_top(vpn->mac_table); dest;
>>> CID 1567730: (USE_AFTER_FREE)
>>> Passing freed pointer "dest" as an argument to "bgp_route_next".
2633 dest = bgp_route_next(dest)) {
2634 for (pi = bgp_dest_get_bgp_path_info(dest);
2635 (pi != NULL) && (nextpi = pi->next, 1); pi = nextpi) {
2636 bgp_evpn_remote_ip_hash_del(vpn, pi);
2637 bgp_path_info_delete(dest, pi);
2638 bgp_path_info_reap(dest, pi);
/bgpd/bgp_evpn.c: 2646 in delete_all_vni_routes()
2640 }
2641
2642 for (dest = bgp_table_top(vpn->ip_table); dest;
2643 dest = bgp_route_next(dest)) {
2644 for (pi = bgp_dest_get_bgp_path_info(dest);
2645 (pi != NULL) && (nextpi = pi->next, 1); pi = nextpi) {
>>> CID 1567730: (USE_AFTER_FREE)
>>> Passing freed pointer "dest" as an argument to "bgp_path_info_delete".
2646 bgp_path_info_delete(dest, pi);
2647 bgp_path_info_reap(dest, pi);
2648 }
2649 }
2650 }
2651
/bgpd/bgp_evpn.c: 2643 in delete_all_vni_routes()
2637 bgp_path_info_delete(dest, pi);
2638 bgp_path_info_reap(dest, pi);
2639 }
2640 }
2641
2642 for (dest = bgp_table_top(vpn->ip_table); dest;
>>> CID 1567730: (USE_AFTER_FREE)
>>> Passing freed pointer "dest" as an argument to "bgp_route_next".
2643 dest = bgp_route_next(dest)) {
2644 for (pi = bgp_dest_get_bgp_path_info(dest);
2645 (pi != NULL) && (nextpi = pi->next, 1); pi = nextpi) {
2646 bgp_path_info_delete(dest, pi);
2647 bgp_path_info_reap(dest, pi);
2648 }
** CID 1567729: Memory - corruptions (USE_AFTER_FREE)
/bgpd/bgp_route.c: 3509 in bgp_process_main_one()
________________________________________________________________________________________________________
*** CID 1567729: Memory - corruptions (USE_AFTER_FREE)
/bgpd/bgp_route.c: 3509 in bgp_process_main_one()
3503 bgp_zebra_clear_route_change_flags(dest);
3504
3505 /* Reap old select bgp_path_info, if it has been removed */
3506 if (old_select && CHECK_FLAG(old_select->flags, BGP_PATH_REMOVED))
3507 bgp_path_info_reap(dest, old_select);
3508
>>> CID 1567729: Memory - corruptions (USE_AFTER_FREE)
>>> Dereferencing freed pointer "dest".
3509 UNSET_FLAG(dest->flags, BGP_NODE_PROCESS_SCHEDULED);
3510 return;
3511 }
3512
3513 /* Process the routes with the flag BGP_NODE_SELECT_DEFER set */
3514 void bgp_best_path_select_defer(struct bgp *bgp, afi_t afi, safi_t safi)
** CID 1567728: Memory - illegal accesses (USE_AFTER_FREE)
________________________________________________________________________________________________________
*** CID 1567728: Memory - illegal accesses (USE_AFTER_FREE)
/bgpd/bgp_route.c: 15036 in bgp_distance_unset()
15030
15031 XFREE(MTYPE_AS_LIST, bdistance->access_list);
15032 bgp_distance_free(bdistance);
15033
15034 bgp_dest_set_bgp_path_info(dest, NULL);
15035 bgp_dest_unlock_node(dest);
>>> CID 1567728: Memory - illegal accesses (USE_AFTER_FREE)
>>> Calling "bgp_dest_unlock_node" dereferences freed pointer "dest".
15036 bgp_dest_unlock_node(dest);
15037
15038 return CMD_SUCCESS;
15039 }
15040
15041 /* Apply BGP information to distance method. */
** CID 1567727: Memory - illegal accesses (USE_AFTER_FREE)
/bgpd/bgp_route.c: 12146 in bgp_show_route_in_table()
________________________________________________________________________________________________________
*** CID 1567727: Memory - illegal accesses (USE_AFTER_FREE)
/bgpd/bgp_route.c: 12146 in bgp_show_route_in_table()
12140 if (!longest_pfx)
12141 continue;
12142
12143 if (prefix_check && !is_exact_pfxlen_match)
12144 continue;
12145
>>> CID 1567727: Memory - illegal accesses (USE_AFTER_FREE)
>>> Using freed pointer "longest_pfx".
12146 rm = longest_pfx;
12147 bgp_dest_lock_node(rm);
12148
12149 bgp_show_path_info((struct prefix_rd *)dest_p, rm, vty,
12150 bgp, afi, safi, json, pathtype,
12151 &display, rpki_target_state);
** CID 1567726: (USE_AFTER_FREE)
/bgpd/bgp_label.c: 201 in bgp_reg_for_label_callback()
/bgpd/bgp_label.c: 209 in bgp_reg_for_label_callback()
/bgpd/bgp_label.c: 217 in bgp_reg_for_label_callback()
________________________________________________________________________________________________________
*** CID 1567726: (USE_AFTER_FREE)
/bgpd/bgp_label.c: 201 in bgp_reg_for_label_callback()
195 return -1;
196 }
197
198 bgp_dest_unlock_node(dest);
199
200 if (BGP_DEBUG(labelpool, LABELPOOL))
>>> CID 1567726: (USE_AFTER_FREE)
>>> Passing freed pointer "dest" as an argument to "bgp_dest_to_rnode".
201 zlog_debug("%s: FEC %pRN label=%u, allocated=%d", __func__,
202 bgp_dest_to_rnode(dest), new_label, allocated);
203
204 if (!allocated) {
205 /*
206 * previously-allocated label is now invalid, set to implicit
/bgpd/bgp_label.c: 209 in bgp_reg_for_label_callback()
203
204 if (!allocated) {
205 /*
206 * previously-allocated label is now invalid, set to implicit
207 * null until new label arrives
208 */
>>> CID 1567726: (USE_AFTER_FREE)
>>> Dereferencing freed pointer "dest".
209 if (CHECK_FLAG(dest->flags, BGP_NODE_REGISTERED_FOR_LABEL)) {
210 UNSET_FLAG(dest->flags, BGP_NODE_LABEL_REQUESTED);
211 dest->local_label = mpls_lse_encode(
212 MPLS_LABEL_IMPLICIT_NULL, 0, 0, 1);
213 bgp_set_valid_label(&dest->local_label);
214 }
/bgpd/bgp_label.c: 217 in bgp_reg_for_label_callback()
211 dest->local_label = mpls_lse_encode(
212 MPLS_LABEL_IMPLICIT_NULL, 0, 0, 1);
213 bgp_set_valid_label(&dest->local_label);
214 }
215 }
216
>>> CID 1567726: (USE_AFTER_FREE)
>>> Dereferencing freed pointer "dest".
217 dest->local_label = mpls_lse_encode(new_label, 0, 0, 1);
218 bgp_set_valid_label(&dest->local_label);
219
220 /*
221 * Get back to registering the FEC
222 */
** CID 1567725: Memory - illegal accesses (USE_AFTER_FREE)
/bgpd/bgp_route.c: 6862 in bgp_static_delete()
________________________________________________________________________________________________________
*** CID 1567725: Memory - illegal accesses (USE_AFTER_FREE)
/bgpd/bgp_route.c: 6862 in bgp_static_delete()
6856
6857 if ((safi == SAFI_MPLS_VPN) || (safi == SAFI_ENCAP)
6858 || (safi == SAFI_EVPN)) {
6859 table = bgp_dest_get_bgp_table_info(dest);
6860
6861 for (rm = bgp_table_top(table); rm;
>>> CID 1567725: Memory - illegal accesses (USE_AFTER_FREE)
>>> Passing freed pointer "rm" as an argument to "bgp_route_next".
6862 rm = bgp_route_next(rm)) {
6863 bgp_static =
6864 bgp_dest_get_bgp_static_info(
6865 rm);
6866 if (!bgp_static)
6867 continue;
** CID 1567724: (USE_AFTER_FREE)
/bgpd/bgp_route.c: 5980 in bgp_cleanup_table()
/bgpd/bgp_route.c: 5982 in bgp_cleanup_table()
________________________________________________________________________________________________________
*** CID 1567724: (USE_AFTER_FREE)
/bgpd/bgp_route.c: 5980 in bgp_cleanup_table()
5974 safi_t safi)
5975 {
5976 struct bgp_dest *dest;
5977 struct bgp_path_info *pi;
5978 struct bgp_path_info *next;
5979
>>> CID 1567724: (USE_AFTER_FREE)
>>> Passing freed pointer "dest" as an argument to "bgp_route_next".
5980 for (dest = bgp_table_top(table); dest; dest = bgp_route_next(dest))
5981 for (pi = bgp_dest_get_bgp_path_info(dest); pi; pi = next) {
5982 const struct prefix *p = bgp_dest_get_prefix(dest);
5983
5984 next = pi->next;
5985
/bgpd/bgp_route.c: 5982 in bgp_cleanup_table()
5976 struct bgp_dest *dest;
5977 struct bgp_path_info *pi;
5978 struct bgp_path_info *next;
5979
5980 for (dest = bgp_table_top(table); dest; dest = bgp_route_next(dest))
5981 for (pi = bgp_dest_get_bgp_path_info(dest); pi; pi = next) {
>>> CID 1567724: (USE_AFTER_FREE)
>>> Passing freed pointer "dest" as an argument to "bgp_dest_get_prefix".
5982 const struct prefix *p = bgp_dest_get_prefix(dest);
5983
5984 next = pi->next;
5985
5986 /* Unimport EVPN routes from VRFs */
5987 if (safi == SAFI_EVPN)
** CID 1567723: Memory - illegal accesses (USE_AFTER_FREE)
________________________________________________________________________________________________________
*** CID 1567723: Memory - illegal accesses (USE_AFTER_FREE)
/bgpd/bgp_advertise.c: 215 in bgp_adj_in_unset()
209 return false;
210
211 while (adj) {
212 adj_next = adj->next;
213
214 if (adj->peer == peer && adj->addpath_rx_id == addpath_id)
>>> CID 1567723: Memory - illegal accesses (USE_AFTER_FREE)
>>> Calling "bgp_adj_in_remove" dereferences freed pointer "dest".
215 bgp_adj_in_remove(dest, adj);
216
217 adj = adj_next;
218 }
219
220 return true;
** CID 1567722: Memory - illegal accesses (USE_AFTER_FREE)
________________________________________________________________________________________________________
*** CID 1567722: Memory - illegal accesses (USE_AFTER_FREE)
/bgpd/bgp_route.c: 6703 in bgp_static_set()
6697 /* Clear configuration. */
6698 bgp_static_free(bgp_static);
6699 }
6700
6701 bgp_dest_set_bgp_static_info(dest, NULL);
6702 bgp_dest_unlock_node(dest);
>>> CID 1567722: Memory - illegal accesses (USE_AFTER_FREE)
>>> Calling "bgp_dest_unlock_node" dereferences freed pointer "dest".
6703 bgp_dest_unlock_node(dest);
6704 } else {
6705 dest = bgp_node_get(table, &p);
6706
6707 bgp_static = bgp_dest_get_bgp_static_info(dest);
6708 if (bgp_static) {
** CID 1567721: Memory - illegal accesses (USE_AFTER_FREE)
/bgpd/bgp_evpn.c: 3017 in install_evpn_route_entry_in_vrf()
________________________________________________________________________________________________________
*** CID 1567721: Memory - illegal accesses (USE_AFTER_FREE)
/bgpd/bgp_evpn.c: 3017 in install_evpn_route_entry_in_vrf()
3011 /* Process for route leaking. */
3012 vpn_leak_from_vrf_update(bgp_get_default(), bgp_vrf, pi);
3013
3014 bgp_dest_unlock_node(dest);
3015
3016 if (bgp_debug_zebra(NULL))
>>> CID 1567721: Memory - illegal accesses (USE_AFTER_FREE)
>>> Passing freed pointer "dest" as an argument to "bgp_dest_get_lock_count".
3017 zlog_debug("... %s pi dest %p (l %d) pi %p (l %d, f 0x%x)",
3018 new_pi ? "new" : "update", dest,
3019 bgp_dest_get_lock_count(dest), pi, pi->lock,
3020 pi->flags);
3021
3022 return ret;
________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yrtN2DGUU98GYhjd55wXsXtw53zRK70R0agdV-2Fb7c45-2BkxBoZjryQtr5SpUD80NNfE-3D0fe3_O0IDF7c8sUs2B6kWTeWwAJZqriD5fgsfL8PAN30oQTwNPZbn6-2ByHS9PBMYM9K-2FV-2BXx1cVRbFmyPqRSCt1T4zHd5KPd01ft28hWtWTGWaTakF205gyuKKCyruUe3MtykZRSgdlWRkvld-2BGhPxda15CQyxDTMtMJlsGVOFtFw7cNsOGVf-2FpUX7FPQsImpQixqGMp3cIWUpSVI-2FS1UJ9p-2Bft7zoZCKf5wyNijNUlTN3z-2FU-3D
More information about the dev
mailing list