New Defects reported by Coverity Scan for freerangerouting/frr

scan-admin at coverity.com scan-admin at coverity.com
Fri Sep 22 14:04:02 UTC 2023 

Hi,

Please find the latest report on new defect(s) introduced to freerangerouting/frr found with Coverity Scan.

2 new defect(s) introduced to freerangerouting/frr found with Coverity Scan.
105 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 2 of 2 defect(s)


** CID 1568249:  Null pointer dereferences  (FORWARD_NULL)


________________________________________________________________________________________________________
*** CID 1568249:  Null pointer dereferences  (FORWARD_NULL)
/isisd/isis_route.c: 966 in isis_route_switchover_nexthop()
960     			continue;
961     
962     		srcdest_rnode_prefixes(rnode, (const struct prefix **)&prefix,
963     				       (const struct prefix **)&src_p);
964     
965     		/* Switchover route. */
>>>     CID 1568249:  Null pointer dereferences  (FORWARD_NULL)
>>>     Passing null pointer "area" to "isis_route_remove_previous_sid", which dereferences it.
966     		isis_route_remove_previous_sid(area, prefix, rinfo);
967     		UNSET_FLAG(rinfo->flag, ISIS_ROUTE_FLAG_ZEBRA_SYNCED);
968     		isis_route_update(area, prefix, src_p, rinfo->backup);
969     
970     		isis_route_info_delete(rinfo);
971     
972     		rnode->info = NULL;
973     		route_unlock_node(rnode);
974     	}

** CID 1568248:  API usage errors  (USE_AFTER_FREE)
/pimd/pim_ssmpingd.c: 188 in ssmpingd_socket()


________________________________________________________________________________________________________
*** CID 1568248:  API usage errors  (USE_AFTER_FREE)
/pimd/pim_ssmpingd.c: 188 in ssmpingd_socket()
182     	set_nonblocking(fd);
183     	sockopt_reuseaddr(fd);
184     
185     	ret = ssmpingd_setsockopt(fd, addr, mttl);
186     	if (ret) {
187     		zlog_warn("ssmpingd_setsockopt failed");
>>>     CID 1568248:  API usage errors  (USE_AFTER_FREE)
>>>     Calling "close(int)" closes handle "fd" which has already been closed.
188     		close(fd);
189     		return -1;
190     	}
191     
192     	return fd;
193     }


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yrtN2DGUU98GYhjd55wXsXtw53zRK70R0agdV-2Fb7c45-2BkxBoZjryQtr5SpUD80NNfE-3DWqiI_O0IDF7c8sUs2B6kWTeWwAJZqriD5fgsfL8PAN30oQTziLZzpmCgGV1TdCsv9QT8EcxEYkIgYkmjluIMPQU-2FIUtX5-2Blj7kRl8sZAGM1v9a4-2FbqW4pbFGk-2B-2B3ndV23PVAB9DFG38PVQFNiEX5EgLcH273-2FKCcq-2BEZTh1XWl2F-2FFUCoLvS4-2FzHgFq565cmXXYMihjdsGIG75fp-2FnxM3Xtpgeg-3D-3D

More information about the dev mailing list