New Defects reported by Coverity Scan for freerangerouting/frr

Thu Jan 11 00:21:21 UTC 2024

Hi,

Please find the latest report on new defect(s) introduced to freerangerouting/frr found with Coverity Scan.

4 new defect(s) introduced to freerangerouting/frr found with Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 4 of 4 defect(s)

** CID 1575507:  Null pointer dereferences  (REVERSE_INULL)
/lib/yang.c: 1146 in yang_lyd_trim_xpath()

________________________________________________________________________________________________________
*** CID 1575507:  Null pointer dereferences  (REVERSE_INULL)
/lib/yang.c: 1146 in yang_lyd_trim_xpath()
1140     		if (remove[i] == *root)
1141     			*root = (*root)->next;
1142     		lyd_free_tree(remove[i]);
1143     	}
1144     	darr_free(remove);
1145     
>>>     CID 1575507:  Null pointer dereferences  (REVERSE_INULL)
>>>     Null-checking "set" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
1146     	if (set)
1147     		ly_set_free(set, NULL);
1148     
1149     	return LY_SUCCESS;
1150     #endif
1151     }

** CID 1575506:  Integer handling issues  (CONSTANT_EXPRESSION_RESULT)
/lib/yang.c: 279 in yang_resolve_snode_xpath()

________________________________________________________________________________________________________
*** CID 1575506:  Integer handling issues  (CONSTANT_EXPRESSION_RESULT)
/lib/yang.c: 279 in yang_resolve_snode_xpath()
273     	if (!set->count) {
274     		ly_set_free(set, NULL);
275     		return LY_ENOTFOUND;
276     	}
277     
278     	*simple = false;
>>>     CID 1575506:  Integer handling issues  (CONSTANT_EXPRESSION_RESULT)
>>>     "(int)(set->count - 1) <= 2147483647" is always true regardless of the values of its operands. This occurs as the logical second operand of "&&".
279     	darr_ensure_i(*snodes, set->count - 1);
280     	memcpy(*snodes, set->snodes, set->count * sizeof(set->snodes[0]));
281     	ly_set_free(set, NULL);
282     	return LY_SUCCESS;
283     }
284     

** CID 1575505:  Integer handling issues  (CONSTANT_EXPRESSION_RESULT)
/lib/northbound.c: 184 in nb_nodes_find()

________________________________________________________________________________________________________
*** CID 1575505:  Integer handling issues  (CONSTANT_EXPRESSION_RESULT)
/lib/northbound.c: 184 in nb_nodes_find()
178     	uint i;
179     
180     	err = yang_resolve_snode_xpath(ly_native_ctx, xpath, &snodes, &simple);
181     	if (err)
182     		return NULL;
183     
>>>     CID 1575505:  Integer handling issues  (CONSTANT_EXPRESSION_RESULT)
>>>     "(int)(((snodes == NULL) ? 0 : (ssize_t)((struct darr_metadata *)snodes - 1)->len) - 1) <= 2147483647" is always true regardless of the values of its operands. This occurs as the logical second operand of "&&".
184     	darr_ensure_i(nb_nodes, darr_lasti(snodes));
185     	darr_foreach_i (snodes, i)
186     		nb_nodes[i] = snodes[i]->priv;
187     	darr_free(snodes);
188     	return nb_nodes;
189     }

** CID 1575504:  Insecure data handling  (TAINTED_SCALAR)

________________________________________________________________________________________________________
*** CID 1575504:  Insecure data handling  (TAINTED_SCALAR)
/mgmtd/mgmt_fe_adapter.c: 1103 in fe_adapter_send_tree_data()
1097     
1098     	if (!tree) {
1099     		empty = yang_dnode_new(ly_native_ctx, false);
1100     		tree = empty;
1101     	}
1102     
>>>     CID 1575504:  Insecure data handling  (TAINTED_SCALAR)
>>>     Passing tainted expression "*buf" to "yang_print_tree_append", which uses it as an offset.
1103     	ret = yang_print_tree_append(&buf, tree, result_type,
1104     				     (LYD_PRINT_WD_EXPLICIT |
1105     				      LYD_PRINT_WITHSIBLINGS));
1106     	/* buf may have been reallocated and moved */
1107     	msg = (typeof(msg))buf;
1108     	(void)msg; /* suppress clang-SA unused warning on safety code */

________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yrtN2DGUU98GYhjd55wXsXtw53zRK70R0agdV-2Fb7c45-2BoAJF92cCodBN9BBnDbw-2FFg-3DwdmU_O0IDF7c8sUs2B6kWTeWwAJZqriD5fgsfL8PAN30oQTzG-2F7JPFiBrq9HbP102Q9wde2Xcw56Xc0te8tRnildhYyry9nxPf7ezvbdZy-2FcAhxZpLdiLVwovV2AOULlSphVbAlV2k4B87D90FJ8xPPOeYJ4u0iX8nLcFivXH8UYSZ9BezYNG1QIiISZXgdEjveHjnP22C-2BPQsu3hWtNhC0Z8-2BA-3D-3D