From a8e4ddd408bd6bd689bc88551a2a461cc81b432a Mon Sep 17 00:00:00 2001 From: Quentin Young Date: Sun, 18 Dec 2016 05:39:21 +0000 Subject: [PATCH 1/2] lib: Initialize ->allowrepeat Signed-off-by: Quentin Young --- lib/command.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/lib/command.c b/lib/command.c index a93f3a55e802..7ad4441bb21d 100644 --- a/lib/command.c +++ b/lib/command.c @@ -2404,12 +2404,13 @@ cmd_init (int terminal) struct cmd_token * new_cmd_token (enum cmd_token_type type, u_char attr, char *text, char *desc) { - struct cmd_token *token = XMALLOC (MTYPE_CMD_TOKENS, sizeof (struct cmd_token)); + struct cmd_token *token = XCALLOC (MTYPE_CMD_TOKENS, sizeof (struct cmd_token)); token->type = type; token->attr = attr; token->text = text; token->desc = desc; token->arg = NULL; + token->allowrepeat = false; return token; } From 470c5250c6416acd4d31e5305c23baee22558c24 Mon Sep 17 00:00:00 2001 From: Quentin Young Date: Tue, 20 Dec 2016 03:12:32 +0000 Subject: [PATCH 2/2] bgpd, lib: fix a few scan-build catches Fixes a couple null pointer derefs and uninit'd values. Signed-off-by: Quentin Young --- bgpd/bgp_route.c | 2 +- lib/command.c | 3 +++ lib/command_match.c | 2 +- lib/routemap.c | 23 ++++++++++++----------- 4 files changed, 17 insertions(+), 13 deletions(-) diff --git a/bgpd/bgp_route.c b/bgpd/bgp_route.c index cfc4ec34077f..67ea4db2d19d 100644 --- a/bgpd/bgp_route.c +++ b/bgpd/bgp_route.c @@ -9497,7 +9497,7 @@ DEFUN (show_ip_bgp_instance_neighbor_advertised_route, char *vrf = NULL; char *rmap_name = NULL; char *peerstr = NULL; - int rcvd; + int rcvd = 0; struct peer *peer; diff --git a/lib/command.c b/lib/command.c index 7ad4441bb21d..93b76f76def1 100644 --- a/lib/command.c +++ b/lib/command.c @@ -304,6 +304,9 @@ cmd_concat_strvec (vector v) if (vector_slot (v, i)) strsize += strlen ((char *) vector_slot (v, i)) + 1; + if (strsize == 0) + return XSTRDUP (MTYPE_TMP, ""); + char *concatenated = calloc (sizeof (char), strsize); for (unsigned int i = 0; i < vector_active (v); i++) { diff --git a/lib/command_match.c b/lib/command_match.c index 62905a4f7f87..d22856324007 100644 --- a/lib/command_match.c +++ b/lib/command_match.c @@ -482,7 +482,7 @@ add_nexthops (struct list *list, struct graph_node *node, child = vector_slot (node->to, i); size_t j; struct cmd_token *token = child->data; - if (!token->allowrepeat) + if (!token->allowrepeat && stack) { for (j = 0; j < stackpos; j++) if (child == stack[j]) diff --git a/lib/routemap.c b/lib/routemap.c index 5f2b2c0dfbb2..ce8494254533 100644 --- a/lib/routemap.c +++ b/lib/routemap.c @@ -989,9 +989,11 @@ vty_show_route_map_entry (struct vty *vty, struct route_map *map) /* Print the name of the protocol */ if (zlog_default) + { vty_out (vty, "%s", zlog_proto_names[zlog_default->protocol]); - if (zlog_default->instance) - vty_out (vty, " %d", zlog_default->instance); + if (zlog_default->instance) + vty_out (vty, " %d", zlog_default->instance); + } vty_out (vty, ":%s", VTY_NEWLINE); for (index = map->head; index; index = index->next) @@ -2766,17 +2768,16 @@ DEFUN (rmap_call, struct route_map_index *index = VTY_GET_CONTEXT (route_map_index); const char *rmap = argv[idx_word]->arg; - if (index) + assert(index); + + if (index->nextrm) { - if (index->nextrm) - { - route_map_upd8_dependency (RMAP_EVENT_CALL_DELETED, - index->nextrm, - index->map->name); - XFREE (MTYPE_ROUTE_MAP_NAME, index->nextrm); - } - index->nextrm = XSTRDUP (MTYPE_ROUTE_MAP_NAME, rmap); + route_map_upd8_dependency (RMAP_EVENT_CALL_DELETED, + index->nextrm, + index->map->name); + XFREE (MTYPE_ROUTE_MAP_NAME, index->nextrm); } + index->nextrm = XSTRDUP (MTYPE_ROUTE_MAP_NAME, rmap); /* Execute event hook. */ route_map_upd8_dependency (RMAP_EVENT_CALL_ADDED,