bgpd: fix static analyzer issues around bgp pointer

Some static analyzer issues can be observed in BGP code: > In file included from ./lib/zebra.h:13, > from lib/event.c:8: > ./lib/compiler.h:222:26: note: '#pragma message: Remove `clear thread cpu` command' > 222 | #define CPP_NOTICE(text) _Pragma(CPP_STR(message text)) > | ^~~~~~~ > lib/event.c:433:1: note: in expansion of macro 'CPP_NOTICE' > 433 | CPP_NOTICE("Remove `clear thread cpu` command") > | ^~~~~~~~~~ > bgpd/bgp_vty.c:1592:5: warning: Access to field 'as_pretty' results in a dereference of a null pointer (loaded from variable 'bgp') [core.NullDereference] > 1592 | bgp->as_pretty); > | ^~~~~~~~~~~~~~ > bgpd/bgp_vty.c:1599:5: warning: Access to field 'as_pretty' results in a dereference of a null pointer (loaded from variable 'bgp') [core.NullDereference] > 1599 | bgp->as_pretty); > | ^~~~~~~~~~~~~~ > bgpd/bgp_vty.c:1612:7: warning: Access to field 'flags' results in a dereference of a null pointer (loaded from variable 'bgp') [core.NullDereference] > 1612 | IS_BGP_INSTANCE_HIDDEN(bgp)) { > | ^~~~~~~~~~~~~~~~~~~~~~~~~~~ > ./bgpd/bgpd.h:2906:3: note: expanded from macro 'IS_BGP_INSTANCE_HIDDEN' > 2906 | (CHECK_FLAG(_bgp->flags, BGP_FLAG_INSTANCE_HIDDEN) && \ > | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > ./lib/zebra.h:274:31: note: expanded from macro 'CHECK_FLAG' > 274 | #define CHECK_FLAG(V,F) ((V) & (F)) > | ^~~ > bgpd/bgp_vty.c:1614:4: warning: Access to field 'flags' results in a dereference of a null pointer (loaded from variable 'bgp') [core.NullDereference] > 1614 | UNSET_FLAG(bgp->flags, BGP_FLAG_INSTANCE_HIDDEN); > | ^ ~~~ > ./lib/zebra.h:276:34: note: expanded from macro 'UNSET_FLAG' > 276 | #define UNSET_FLAG(V,F) (V) &= ~(F) > | ~ ^ > 4 warnings generated. > Static Analysis warning summary compared to base: Fix those issues by protecting the bgp pointer. Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
FRRouting · Jan 10, 2025 · 915d1cb · 915d1cb
1 parent c773891
commit 915d1cb
Showing 1 changed file with 9 additions and 7 deletions.
diff --git a/bgpd/bgp_vty.c b/bgpd/bgp_vty.c
@@ -1589,27 +1589,29 @@ DEFUN_NOSH (router_bgp,
 		switch (ret) {
 		case BGP_ERR_AS_MISMATCH:
 			vty_out(vty, "BGP is already running; AS is %s\n",
-				bgp->as_pretty);
+				bgp ? bgp->as_pretty : "unknown.");
 			return CMD_WARNING_CONFIG_FAILED;
 		case BGP_ERR_INSTANCE_MISMATCH:
 			vty_out(vty,
 				"BGP instance name and AS number mismatch\n");
-			vty_out(vty,
-				"BGP instance is already running; AS is %s\n",
-				bgp->as_pretty);
+			vty_out(vty, "BGP instance is already running; AS is %s\n",
+				bgp ? bgp->as_pretty : "unknown.");
 			return CMD_WARNING_CONFIG_FAILED;
 		}
 
+		if (!bgp) {
+			vty_out(vty, "BGP instance not found\n");
+			return CMD_WARNING_CONFIG_FAILED;
+		}
 		/*
 		 * If we just instantiated the default instance, complete
 		 * any pending VRF-VPN leaking that was configured via
 		 * earlier "router bgp X vrf FOO" blocks.
 		 */
-		if (bgp && inst_type == BGP_INSTANCE_TYPE_DEFAULT)
+		if (inst_type == BGP_INSTANCE_TYPE_DEFAULT)
 			vpn_leak_postchange_all();
 
-		if (inst_type == BGP_INSTANCE_TYPE_VRF ||
-		    IS_BGP_INSTANCE_HIDDEN(bgp)) {
+		if (inst_type == BGP_INSTANCE_TYPE_VRF || IS_BGP_INSTANCE_HIDDEN(bgp)) {
 			bgp_vpn_leak_export(bgp);
 			UNSET_FLAG(bgp->flags, BGP_FLAG_INSTANCE_HIDDEN);
 			UNSET_FLAG(bgp->flags, BGP_FLAG_DELETE_IN_PROGRESS);