New Defects reported by Coverity Scan for freerangerouting/frr

scan-admin at coverity.com scan-admin at coverity.com
Wed Sep 13 19:17:53 UTC 2023 

Hi,

Please find the latest report on new defect(s) introduced to freerangerouting/frr found with Coverity Scan.

6 new defect(s) introduced to freerangerouting/frr found with Coverity Scan.
26 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 6 of 6 defect(s)


** CID 1568134:  Null pointer dereferences  (NULL_RETURNS)
/isisd/isis_zebra.c: 1146 in isis_zebra_process_srv6_locator_chunk()


________________________________________________________________________________________________________
*** CID 1568134:  Null pointer dereferences  (NULL_RETURNS)
/isisd/isis_zebra.c: 1146 in isis_zebra_process_srv6_locator_chunk()
1140     		"prefix %pFX, block_len %u, node_len %u, func_len %u, arg_len %u",
1141     		chunk->locator_name, &chunk->prefix, chunk->block_bits_length,
1142     		chunk->node_bits_length, chunk->function_bits_length,
1143     		chunk->argument_bits_length);
1144     
1145     	/* Walk through all areas of the ISIS instance */
>>>     CID 1568134:  Null pointer dereferences  (NULL_RETURNS)
>>>     Dereferencing "isis", which is known to be "NULL".
1146     	for (ALL_LIST_ELEMENTS_RO(isis->area_list, node, area)) {
1147     		if (strncmp(area->srv6db.config.srv6_locator_name,
1148     			    chunk->locator_name,
1149     			    sizeof(area->srv6db.config.srv6_locator_name)) != 0)
1150     			continue;
1151     

** CID 1568133:  Null pointer dereferences  (REVERSE_INULL)
/isisd/isis_zebra.c: 1077 in isis_zebra_srv6_adj_sid_uninstall()


________________________________________________________________________________________________________
*** CID 1568133:  Null pointer dereferences  (REVERSE_INULL)
/isisd/isis_zebra.c: 1077 in isis_zebra_srv6_adj_sid_uninstall()
1071     	enum seg6local_action_t action = ZEBRA_SEG6_LOCAL_ACTION_UNSPEC;
1072     	struct interface *ifp;
1073     	uint16_t prefixlen = IPV6_MAX_BITLEN;
1074     	struct isis_circuit *circuit = sra->adj->circuit;
1075     	struct isis_area *area = circuit->area;
1076     
>>>     CID 1568133:  Null pointer dereferences  (REVERSE_INULL)
>>>     Null-checking "sra" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
1077     	if (!sra)
1078     		return;
1079     
1080     	switch (sra->behavior) {
1081     	case SRV6_ENDPOINT_BEHAVIOR_END_X:
1082     		prefixlen = IPV6_MAX_BITLEN;

** CID 1568132:  Null pointer dereferences  (REVERSE_INULL)
/isisd/isis_zebra.c: 1023 in isis_zebra_srv6_adj_sid_install()


________________________________________________________________________________________________________
*** CID 1568132:  Null pointer dereferences  (REVERSE_INULL)
/isisd/isis_zebra.c: 1023 in isis_zebra_srv6_adj_sid_install()
1017     	struct seg6local_context ctx = {};
1018     	uint16_t prefixlen = IPV6_MAX_BITLEN;
1019     	struct interface *ifp;
1020     	struct isis_circuit *circuit = sra->adj->circuit;
1021     	struct isis_area *area = circuit->area;
1022     
>>>     CID 1568132:  Null pointer dereferences  (REVERSE_INULL)
>>>     Null-checking "sra" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
1023     	if (!sra)
1024     		return;
1025     
1026     	sr_debug("ISIS-SRv6 (%s): setting adjacency SID %pI6", area->area_tag,
1027     		 &sra->sid);
1028     

** CID 1568131:  Possible Control flow issues  (DEADCODE)
/bgpd/bgp_route.c: 1503 in bgp_evpn_path_info_cmp()


________________________________________________________________________________________________________
*** CID 1568131:  Possible Control flow issues  (DEADCODE)
/bgpd/bgp_route.c: 1503 in bgp_evpn_path_info_cmp()
1497     {
1498     	enum bgp_path_selection_reason reason;
1499     	char pfx_buf[PREFIX2STR_BUFFER] = {};
1500     	bool debug = false;
1501     
1502     	if (debug)
>>>     CID 1568131:  Possible Control flow issues  (DEADCODE)
>>>     Execution cannot reach this statement: "prefix2str(union prefixcons...".
1503     		prefix2str(bgp_dest_get_prefix(new->net), pfx_buf,
1504     			   sizeof(pfx_buf));
1505     
1506     	return bgp_path_info_cmp(bgp, new, exist, paths_eq, NULL, debug,
1507     				 pfx_buf, AFI_L2VPN, SAFI_EVPN, &reason);
1508     }

** CID 1568130:  Integer handling issues  (BAD_SHIFT)
/lib/event.c: 105 in cpu_records_add()


________________________________________________________________________________________________________
*** CID 1568130:  Integer handling issues  (BAD_SHIFT)
/lib/event.c: 105 in cpu_records_add()
99     static int cpu_record_hash_cmp(const struct cpu_event_history *a,
100     			       const struct cpu_event_history *b)
101     {
102     	return numcmp((uintptr_t)a->func, (uintptr_t)b->func);
103     }
104     
>>>     CID 1568130:  Integer handling issues  (BAD_SHIFT)
>>>     In expression "hval >> 33 - h->hh.tabshift", right shifting by more than 31 bits has undefined behavior.  The shift amount, "33 - h->hh.tabshift", is 33.
105     DECLARE_HASH(cpu_records, struct cpu_event_history, item, cpu_record_hash_cmp,
106     	     cpu_record_hash_key);
107     
108     static struct cpu_event_history *cpu_records_get(struct event_loop *loop,
109     						 void (*func)(struct event *e),
110     						 const char *funcname)

** CID 1568129:  Null pointer dereferences  (REVERSE_INULL)
/isisd/isis_tlvs.c: 2813 in unpack_item_srv6_end_sid()


________________________________________________________________________________________________________
*** CID 1568129:  Null pointer dereferences  (REVERSE_INULL)
/isisd/isis_tlvs.c: 2813 in unpack_item_srv6_end_sid()
2807     		sid->subsubtlvs = NULL;
2808     	}
2809     
2810     	append_item(&subtlvs->srv6_end_sids, (struct isis_item *)sid);
2811     	return 0;
2812     out:
>>>     CID 1568129:  Null pointer dereferences  (REVERSE_INULL)
>>>     Null-checking "sid" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
2813     	if (sid)
2814     		free_item_srv6_end_sid((struct isis_item *)sid);
2815     	return 1;
2816     }
2817     
2818     /* Functions related to TLVs 1 Area Addresses */


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yrtN2DGUU98GYhjd55wXsXtw53zRK70R0agdV-2Fb7c45-2BkxBoZjryQtr5SpUD80NNfE-3D3VkS_O0IDF7c8sUs2B6kWTeWwAJZqriD5fgsfL8PAN30oQTyUrMcFFK-2BKDSzjtDCIzPVHgu594vh3ciD3sr1mbI2bDkXLTifiPF80Gmd6WShcccJhKjQH58ciIbAZAMLNHafPvjhtdTfYj2bE2rWoST6Ee2-2BJxehePNGrz-2B92-2BNQvMxHggjtiGw4cSUPl9EmreWRPpUoHd82hrmhr9X7k0Yn35Q-3D-3D

More information about the dev mailing list