New Defects reported by Coverity Scan for freerangerouting/frr

scan-admin at coverity.com scan-admin at coverity.com
Wed Aug 28 23:34:22 UTC 2024 

Hi,

Please find the latest report on new defect(s) introduced to freerangerouting/frr found with Coverity Scan.

4 new defect(s) introduced to freerangerouting/frr found with Coverity Scan.
2 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 4 of 4 defect(s)


** CID 1599394:  Concurrent data access violations  (MISSING_LOCK)
/bgpd/bgp_io.c: 82 in bgp_reads_on()


________________________________________________________________________________________________________
*** CID 1599394:  Concurrent data access violations  (MISSING_LOCK)
/bgpd/bgp_io.c: 82 in bgp_reads_on()
76     void bgp_reads_on(struct peer_connection *connection)
77     {
78     	struct frr_pthread *fpt = bgp_pth_io;
79     	assert(fpt->running);
80     
81     	assert(connection->status != Deleted);
>>>     CID 1599394:  Concurrent data access violations  (MISSING_LOCK)
>>>     Accessing "connection->ibuf" without holding lock "peer_connection.io_mtx". Elsewhere, "peer_connection.ibuf" is written to with "peer_connection.io_mtx" held 5 out of 5 times.
82     	assert(connection->ibuf);
83     	assert(connection->fd);
84     	assert(connection->ibuf_work);
85     	assert(connection->obuf);
86     	assert(!connection->t_connect_check_r);
87     	assert(!connection->t_connect_check_w);

** CID 1599393:  Concurrent data access violations  (MISSING_LOCK)
/bgpd/bgp_io.c: 53 in bgp_writes_on()


________________________________________________________________________________________________________
*** CID 1599393:  Concurrent data access violations  (MISSING_LOCK)
/bgpd/bgp_io.c: 53 in bgp_writes_on()
47     	struct frr_pthread *fpt = bgp_pth_io;
48     
49     	assert(fpt->running);
50     
51     	assert(connection->status != Deleted);
52     	assert(connection->obuf);
>>>     CID 1599393:  Concurrent data access violations  (MISSING_LOCK)
>>>     Accessing "connection->ibuf" without holding lock "peer_connection.io_mtx". Elsewhere, "peer_connection.ibuf" is written to with "peer_connection.io_mtx" held 5 out of 5 times.
53     	assert(connection->ibuf);
54     	assert(connection->ibuf_work);
55     	assert(!connection->t_connect_check_r);
56     	assert(!connection->t_connect_check_w);
57     	assert(connection->fd);
58     

** CID 1599392:  Concurrent data access violations  (MISSING_LOCK)
/bgpd/bgp_fsm.c: 524 in bgp_holdtime_timer()


________________________________________________________________________________________________________
*** CID 1599392:  Concurrent data access violations  (MISSING_LOCK)
/bgpd/bgp_fsm.c: 524 in bgp_holdtime_timer()
518     	 * events on the peer.  If we have incoming
519     	 * data on the peers inq, let's give the system a chance
520     	 * to handle that data.  This can be especially true
521     	 * for systems where we are heavily loaded for one
522     	 * reason or another.
523     	 */
>>>     CID 1599392:  Concurrent data access violations  (MISSING_LOCK)
>>>     Accessing "connection->ibuf" without holding lock "peer_connection.io_mtx". Elsewhere, "peer_connection.ibuf" is written to with "peer_connection.io_mtx" held 5 out of 5 times.
524     	inq_count = atomic_load_explicit(&connection->ibuf->count,
525     					 memory_order_relaxed);
526     	if (inq_count)
527     		BGP_TIMER_ON(connection->t_holdtime, bgp_holdtime_timer,
528     			     peer->v_holdtime);
529     

** CID 1599391:  Null pointer dereferences  (FORWARD_NULL)
/zebra/zebra_rib.c: 4416 in rib_add_multipath()


________________________________________________________________________________________________________
*** CID 1599391:  Null pointer dereferences  (FORWARD_NULL)
/zebra/zebra_rib.c: 4416 in rib_add_multipath()
4410     						     ZEBRA_IFA_NOPREFIXROUTE)) {
4411     				zebra_nhg_free(n);
4412     				zebra_rib_route_entry_free(re);
4413     				return -1;
4414     			}
4415     
>>>     CID 1599391:  Null pointer dereferences  (FORWARD_NULL)
>>>     Dereferencing null pointer "ng".
4416     			if (ifp->ifindex == ng->nexthop->ifindex)
4417     				re->type = ZEBRA_ROUTE_CONNECT;
4418     		}
4419     	}
4420     
4421     	ret = rib_add_multipath_nhe(afi, safi, p, src_p, re, n, startup);


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=u001.AxU2LYlgjL6eX23u9ErQy-2BKADyCpvUKOL6EWmZljiu4jkWudbux5UNqYsSt9ZXO3s9m3KMDrlSX-2Bp41IzjejfmdC2hinnLY-2BZ6PvlTenLZs-3Dt_yf_t0zeZlCsA34Fiw17aIfmh-2F3kFs1q7rysihvAefHXY79JThV6b2DE9AR6-2BKYeJ2CnXYQ0pVR0Es3L7E3ZQJFS0fgjFBlOTaY0UvWRfNAJ4ISPcALc5b-2F0-2FzlLoAu9IXTz4aAASS5cl7ozMaslwSX85-2F4CYJPYUT1vw2oSDhH4ASgpTnBM-2FYkK6TLWIMP1FGLCZ46JwYw4HXTi8wjy8-2FtEWw-3D-3D

More information about the dev mailing list