From c01d03a6587b18722e5a7381084591e01eca64b5 Mon Sep 17 00:00:00 2001 From: Quentin Young Date: Tue, 20 Dec 2016 03:12:32 +0000 Subject: [PATCH] bgpd, lib: fix a few scan-build catches Fixes a couple null pointer derefs and uninit'd values. Signed-off-by: Quentin Young --- bgpd/bgp_route.c | 2 +- lib/command.c | 3 +++ lib/command_match.c | 2 +- lib/routemap.c | 23 ++++++++++++----------- 4 files changed, 17 insertions(+), 13 deletions(-) diff --git a/bgpd/bgp_route.c b/bgpd/bgp_route.c index cfc4ec3407..67ea4db2d1 100644 --- a/bgpd/bgp_route.c +++ b/bgpd/bgp_route.c @@ -9497,7 +9497,7 @@ DEFUN (show_ip_bgp_instance_neighbor_advertised_route, char *vrf = NULL; char *rmap_name = NULL; char *peerstr = NULL; - int rcvd; + int rcvd = 0; struct peer *peer; diff --git a/lib/command.c b/lib/command.c index ca0d0c001b..3cce4584e9 100644 --- a/lib/command.c +++ b/lib/command.c @@ -304,6 +304,9 @@ cmd_concat_strvec (vector v) if (vector_slot (v, i)) strsize += strlen ((char *) vector_slot (v, i)) + 1; + if (strsize == 0) + return XSTRDUP (MTYPE_TMP, ""); + char *concatenated = calloc (sizeof (char), strsize); for (unsigned int i = 0; i < vector_active (v); i++) { diff --git a/lib/command_match.c b/lib/command_match.c index 62905a4f7f..d228563240 100644 --- a/lib/command_match.c +++ b/lib/command_match.c @@ -482,7 +482,7 @@ add_nexthops (struct list *list, struct graph_node *node, child = vector_slot (node->to, i); size_t j; struct cmd_token *token = child->data; - if (!token->allowrepeat) + if (!token->allowrepeat && stack) { for (j = 0; j < stackpos; j++) if (child == stack[j]) diff --git a/lib/routemap.c b/lib/routemap.c index 5f2b2c0dfb..ce84942545 100644 --- a/lib/routemap.c +++ b/lib/routemap.c @@ -989,9 +989,11 @@ vty_show_route_map_entry (struct vty *vty, struct route_map *map) /* Print the name of the protocol */ if (zlog_default) + { vty_out (vty, "%s", zlog_proto_names[zlog_default->protocol]); - if (zlog_default->instance) - vty_out (vty, " %d", zlog_default->instance); + if (zlog_default->instance) + vty_out (vty, " %d", zlog_default->instance); + } vty_out (vty, ":%s", VTY_NEWLINE); for (index = map->head; index; index = index->next) @@ -2766,17 +2768,16 @@ DEFUN (rmap_call, struct route_map_index *index = VTY_GET_CONTEXT (route_map_index); const char *rmap = argv[idx_word]->arg; - if (index) + assert(index); + + if (index->nextrm) { - if (index->nextrm) - { - route_map_upd8_dependency (RMAP_EVENT_CALL_DELETED, - index->nextrm, - index->map->name); - XFREE (MTYPE_ROUTE_MAP_NAME, index->nextrm); - } - index->nextrm = XSTRDUP (MTYPE_ROUTE_MAP_NAME, rmap); + route_map_upd8_dependency (RMAP_EVENT_CALL_DELETED, + index->nextrm, + index->map->name); + XFREE (MTYPE_ROUTE_MAP_NAME, index->nextrm); } + index->nextrm = XSTRDUP (MTYPE_ROUTE_MAP_NAME, rmap); /* Execute event hook. */ route_map_upd8_dependency (RMAP_EVENT_CALL_ADDED,