Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

37 new defect(s) introduced to Synchronet found with Coverity Scan.
24 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 20 of 37 defect(s)


** CID 433272: Code maintainability issues (UNUSED_VALUE)
/useredit.cpp: 1039 in sbbs_t::maindflts(user_t *)()


________________________________________________________________________________________________________
*** CID 433272: Code maintainability issues (UNUSED_VALUE)
/useredit.cpp: 1039 in sbbs_t::maindflts(user_t *)()
1033 putusermisc(user->number, user->misc); 1034 break;
1035 case 'W':
1036 if(!noyes(text[NewPasswordQ])) {
1037 bputs(text[CurrentPassword]); 1038 console|=CON_R_ECHOX;

CID 433272: Code maintainability issues (UNUSED_VALUE)
Assigning value from "(char)this->getstr(str, 40UL, 1L, NULL)" to "ch" here, but that stored value is overwritten before it can be used.

1039 ch=(char)getstr(str,LEN_PASS,K_UPPER);
1040 console&=~(CON_R_ECHOX|CON_L_ECHOX);
1041 if(sys_status&SS_ABORT)
1042 break;
1043 if(stricmp(str,user->pass)) { 1044 bputs(text[WrongPassword]);

** CID 433271: (RESOURCE_LEAK)
/scfglib2.c: 658 in read_chat_cfg()
/scfglib2.c: 759 in read_chat_cfg()
/scfglib2.c: 679 in read_chat_cfg()
/scfglib2.c: 687 in read_chat_cfg()
/scfglib2.c: 651 in read_chat_cfg()
/scfglib2.c: 718 in read_chat_cfg()
/scfglib2.c: 752 in read_chat_cfg()
/scfglib2.c: 725 in read_chat_cfg()


________________________________________________________________________________________________________
*** CID 433271: (RESOURCE_LEAK)
/scfglib2.c: 658 in read_chat_cfg()
652 } else
653 cfg->guru=NULL;
654
655 for(uint i=0; i<cfg->total_gurus; i++) {
656 const char* name = list[i];
657 if((cfg->guru[i]=(guru_t *)malloc(sizeof(guru_t)))==NULL)

CID 433271: (RESOURCE_LEAK)
Variable "sections" going out of scope leaks the storage it points to. 658 return allocerr(error, maxerrlen, fname, "guru", sizeof(guru_t));

659 str_list_t section = iniGetParsedSection(sections, name, /* cut: */TRUE);
660 memset(cfg->guru[i],0,sizeof(guru_t));
661
662 SAFECOPY(cfg->guru[i]->name, iniGetString(section, NULL, "name", name + 5, value));
663 SAFECOPY(cfg->guru[i]->code, name + 5);
/scfglib2.c: 759 in read_chat_cfg()
753 } else
754 cfg->page=NULL;
755
756 for(uint i=0; i<cfg->total_pages; i++) {
757 const char* name = list[i];
758 if((cfg->page[i]=(page_t *)malloc(sizeof(page_t)))==NULL)

CID 433271: (RESOURCE_LEAK)
Variable "sections" going out of scope leaks the storage it points to. 759 return allocerr(error, maxerrlen, fname, "page", sizeof(page_t));

760 str_list_t section = iniGetParsedSection(sections, name, /* cut: */TRUE);
761 memset(cfg->page[i],0,sizeof(page_t));
762
763 SAFECOPY(cfg->page[i]->cmd, iniGetString(section, NULL, "cmd", "", value));
764
/scfglib2.c: 679 in read_chat_cfg()
673
674 list = iniGetParsedSectionList(sections, "actions:");
675 cfg->total_actsets = (uint16_t)strListCount(list);
676
677 if(cfg->total_actsets) {
678 if((cfg->actset=(actset_t **)malloc(sizeof(actset_t *)*cfg->total_actsets))==NULL)

CID 433271: (RESOURCE_LEAK)
Variable "sections" going out of scope leaks the storage it points to. 679 return allocerr(error, maxerrlen, fname, "actsets", sizeof(actset_t *)*cfg->total_actsets);

680 } else
681 cfg->actset=NULL;
682
683 cfg->total_chatacts = 0;
684 for(uint i=0; i<cfg->total_actsets; i++) {
/scfglib2.c: 687 in read_chat_cfg()
681 cfg->actset=NULL;
682
683 cfg->total_chatacts = 0;
684 for(uint i=0; i<cfg->total_actsets; i++) {
685 const char* name = list[i];
686 if((cfg->actset[i]=(actset_t *)malloc(sizeof(actset_t)))==NULL)

CID 433271: (RESOURCE_LEAK)
Variable "sections" going out of scope leaks the storage it points to. 687 return allocerr(error, maxerrlen, fname, "actset", sizeof(actset_t));

688 str_list_t section = iniGetParsedSection(sections, name, /* cut: */TRUE);
689 SAFECOPY(cfg->actset[i]->name, name + 8);
690 str_list_t act_list = iniGetKeyList(section, NULL);
691 for(uint j = 0; act_list != NULL && act_list[j] != NULL; j++) {
692 chatact_t** np = realloc(cfg->chatact, sizeof(chatact_t *) * (cfg->total_chatacts + 1));
/scfglib2.c: 651 in read_chat_cfg()
645
646 str_list_t list = iniGetParsedSectionList(sections, "guru:"); 647 cfg->total_gurus = (uint16_t)strListCount(list);
648
649 if(cfg->total_gurus) {
650 if((cfg->guru=(guru_t **)malloc(sizeof(guru_t *)*cfg->total_gurus))==NULL)

CID 433271: (RESOURCE_LEAK)
Variable "sections" going out of scope leaks the storage it points to. 651 return allocerr(error, maxerrlen, fname, "gurus", sizeof(guru_t *)*cfg->total_gurus);

652 } else
653 cfg->guru=NULL;
654
655 for(uint i=0; i<cfg->total_gurus; i++) {
656 const char* name = list[i];
/scfglib2.c: 718 in read_chat_cfg()
712
713 list = iniGetParsedSectionList(sections, "chan:");
714 cfg->total_chans = (uint16_t)strListCount(list);
715
716 if(cfg->total_chans) {
717 if((cfg->chan=(chan_t **)malloc(sizeof(chan_t *)*cfg->total_chans))==NULL)

CID 433271: (RESOURCE_LEAK)
Variable "sections" going out of scope leaks the storage it points to. 718 return allocerr(error, maxerrlen, fname, "chans", sizeof(chan_t *)*cfg->total_chans);

719 } else
720 cfg->chan=NULL;
721
722 for(uint i=0; i<cfg->total_chans; i++) {
723 const char* name = list[i];
/scfglib2.c: 752 in read_chat_cfg()
746
747 list = iniGetParsedSectionList(sections, "pager:");
748 cfg->total_pages = (uint16_t)strListCount(list);
749
750 if(cfg->total_pages) {
751 if((cfg->page=(page_t **)malloc(sizeof(page_t *)*cfg->total_pages))==NULL)

CID 433271: (RESOURCE_LEAK)
Variable "sections" going out of scope leaks the storage it points to. 752 return allocerr(error, maxerrlen, fname, "pages", sizeof(page_t *)*cfg->total_pages);

753 } else
754 cfg->page=NULL;
755
756 for(uint i=0; i<cfg->total_pages; i++) {
757 const char* name = list[i];
/scfglib2.c: 725 in read_chat_cfg()
719 } else
720 cfg->chan=NULL;
721
722 for(uint i=0; i<cfg->total_chans; i++) {
723 const char* name = list[i];
724 if((cfg->chan[i]=(chan_t *)malloc(sizeof(chan_t)))==NULL)

CID 433271: (RESOURCE_LEAK)
Variable "sections" going out of scope leaks the storage it points to. 725 return allocerr(error, maxerrlen, fname, "chan", sizeof(chan_t));

726 str_list_t section = iniGetParsedSection(sections, name, /* cut: */TRUE);
727 memset(cfg->chan[i],0,sizeof(chan_t));
728
729 cfg->chan[i]->actset = getchatactset(cfg, iniGetString(section, NULL, "actions", "", value));
730 SAFECOPY(cfg->chan[i]->name, iniGetString(section, NULL, "name", "", value));

** CID 433270: Null pointer dereferences (FORWARD_NULL)
/scfglib1.c: 420 in read_msgs_cfg()


________________________________________________________________________________________________________
*** CID 433270: Null pointer dereferences (FORWARD_NULL)
/scfglib1.c: 420 in read_msgs_cfg()
414 continue;
415 *p = '\0';
416 char* code = p + 1;
417 int grpnum = getgrpnum_from_name(cfg, group);
418 if(!is_valid_grpnum(cfg, grpnum))
419 continue;

CID 433270: Null pointer dereferences (FORWARD_NULL)
Dereferencing null pointer "cfg->sub".

420 if((cfg->sub[i]=(sub_t *)malloc(sizeof(sub_t)))==NULL) 421 return allocerr(error, maxerrlen, fname, "sub", sizeof(sub_t));
422 section = iniGetParsedSection(sections, name, /* cut: */TRUE);
423 memset(cfg->sub[i],0,sizeof(sub_t));
424 SAFECOPY(cfg->sub[i]->code_suffix, code);
425

** CID 433269: Resource leaks (RESOURCE_LEAK)
/scfglib2.c: 117 in read_file_cfg()


________________________________________________________________________________________________________
*** CID 433269: Resource leaks (RESOURCE_LEAK)
/scfglib2.c: 117 in read_file_cfg()
111 return allocerr(error, maxerrlen, fname, "fcomps", sizeof(fcomp_t*)*cfg->total_fcomps);
112 } else
113 cfg->fcomp=NULL;
114
115 for(uint i=0; i<cfg->total_fcomps; i++) {
116 if((cfg->fcomp[i]=(fcomp_t *)malloc(sizeof(fcomp_t)))==NULL)

CID 433269: Resource leaks (RESOURCE_LEAK)
Variable "fcomp_list" going out of scope leaks the storage it points to.

117 return allocerr(error, maxerrlen, fname, "fcomp", sizeof(fcomp_t));
118 str_list_t section = iniGetParsedSection(sections, fcomp_list[i], /* cut: */TRUE);
119 memset(cfg->fcomp[i],0,sizeof(fcomp_t));
120 SAFECOPY(cfg->fcomp[i]->ext, iniGetString(section, NULL, "extension", "", value));
121 SAFECOPY(cfg->fcomp[i]->cmd, iniGetString(section, NULL, "cmd", "", value));
122 SAFECOPY(cfg->fcomp[i]->arstr, iniGetString(section, NULL, "ars", "", value));

** CID 433268: Resource leaks (RESOURCE_LEAK)
/scfglib2.c: 194 in read_file_cfg()


________________________________________________________________________________________________________
*** CID 433268: Resource leaks (RESOURCE_LEAK)
/scfglib2.c: 194 in read_file_cfg()
188 return allocerr(error, maxerrlen, fname, "dlevents", sizeof(dlevent_t*)*cfg->total_dlevents);
189 } else
190 cfg->dlevent=NULL;
191
192 for(uint i=0; i<cfg->total_dlevents; i++) {
193 if((cfg->dlevent[i]=(dlevent_t *)malloc(sizeof(dlevent_t)))==NULL)

CID 433268: Resource leaks (RESOURCE_LEAK)
Variable "dlevent_list" going out of scope leaks the storage it points to.

194 return allocerr(error, maxerrlen, fname, "dlevent", sizeof(dlevent_t));
195 str_list_t section = iniGetParsedSection(sections, dlevent_list[i], /* cut: */TRUE);
196 memset(cfg->dlevent[i],0,sizeof(dlevent_t));
197 SAFECOPY(cfg->dlevent[i]->ext, iniGetString(section, NULL, "extension", "", value));
198 SAFECOPY(cfg->dlevent[i]->cmd, iniGetString(section, NULL, "cmd", "", value));
199 SAFECOPY(cfg->dlevent[i]->workstr, iniGetString(section, NULL, "working", "", value));

** CID 433267: Control flow issues (DEADCODE)
/mqtt.c: 41 in mqtt_init()


________________________________________________________________________________________________________
*** CID 433267: Control flow issues (DEADCODE)
/mqtt.c: 41 in mqtt_init()
35 mqtt->host = host;
36 mqtt->server = server;
37 #ifdef USE_MOSQUITTO
38 return mosquitto_lib_init();
39 #endif
40 }

CID 433267: Control flow issues (DEADCODE)
Execution cannot reach this statement: "return 100;".

41 return MQTT_FAILURE;
42 }
43
44 static char* format_topic(struct mqtt* mqtt, enum topic_depth depth, char* str, size_t size, const char* sbuf)
45 {
46 switch(depth) {

** CID 433266: (RESOURCE_LEAK)
/scfglib1.c: 523 in read_msgs_cfg()
/scfglib1.c: 381 in read_msgs_cfg()
/scfglib1.c: 373 in read_msgs_cfg()


________________________________________________________________________________________________________
*** CID 433266: (RESOURCE_LEAK)
/scfglib1.c: 523 in read_msgs_cfg()
517 cfg->qhub=NULL;
518
519 cfg->total_qhubs = 0;
520 for(uint i=0; qhub_list[i] != NULL; i++) {
521 const char* name = qhub_list[i];
522 if((cfg->qhub[i]=(qhub_t *)malloc(sizeof(qhub_t)))==NULL)

CID 433266: (RESOURCE_LEAK)
Variable "sections" going out of scope leaks the storage it points to. 523 return allocerr(error, maxerrlen, fname, "qhub", sizeof(qhub_t));

524 section = iniGetParsedSection(sections, name, /* cut: */TRUE);
525 memset(cfg->qhub[i],0,sizeof(qhub_t));
526
527 SAFECOPY(cfg->qhub[i]->id, name + 5);
528 cfg->qhub[i]->time = iniGetShortInt(section, NULL, "time", 0);
/scfglib1.c: 381 in read_msgs_cfg()
375 cfg->grp=NULL;
376
377 for(uint i=0; i<cfg->total_grps; i++) {
378
379 const char* name = grp_list[i];
380 if((cfg->grp[i]=(grp_t *)malloc(sizeof(grp_t)))==NULL) >>> CID 433266: (RESOURCE_LEAK)

Variable "sections" going out of scope leaks the storage it points to. 381 return allocerr(error, maxerrlen, fname, "group", sizeof(grp_t));

382 section = iniGetParsedSection(sections, name, /* cut: */TRUE);
383 memset(cfg->grp[i],0,sizeof(grp_t));
384 SAFECOPY(cfg->grp[i]->sname, name + 4);
385 SAFECOPY(cfg->grp[i]->lname, iniGetString(section, NULL, "description", name + 4, value));
386 SAFECOPY(cfg->grp[i]->code_prefix, iniGetString(section, NULL, "code_prefix", "", value));
/scfglib1.c: 373 in read_msgs_cfg()
367
368 str_list_t grp_list = iniGetParsedSectionList(sections, "grp:");
369 cfg->total_grps = (uint16_t)strListCount(grp_list);
370
371 if(cfg->total_grps) {
372 if((cfg->grp=(grp_t **)malloc(sizeof(grp_t *)*cfg->total_grps))==NULL)

CID 433266: (RESOURCE_LEAK)
Variable "sections" going out of scope leaks the storage it points to. 373 return allocerr(error, maxerrlen, fname, "groups", sizeof(grp_t *)*cfg->total_grps);

374 } else
375 cfg->grp=NULL;
376
377 for(uint i=0; i<cfg->total_grps; i++) {
378

** CID 433265: (RESOURCE_LEAK)
/scfglib1.c: 381 in read_msgs_cfg()
/scfglib1.c: 373 in read_msgs_cfg()


________________________________________________________________________________________________________
*** CID 433265: (RESOURCE_LEAK)
/scfglib1.c: 381 in read_msgs_cfg()
375 cfg->grp=NULL;
376
377 for(uint i=0; i<cfg->total_grps; i++) {
378
379 const char* name = grp_list[i];
380 if((cfg->grp[i]=(grp_t *)malloc(sizeof(grp_t)))==NULL) >>> CID 433265: (RESOURCE_LEAK)

Variable "grp_list" going out of scope leaks the storage it points to. 381 return allocerr(error, maxerrlen, fname, "group", sizeof(grp_t));

382 section = iniGetParsedSection(sections, name, /* cut: */TRUE);
383 memset(cfg->grp[i],0,sizeof(grp_t));
384 SAFECOPY(cfg->grp[i]->sname, name + 4);
385 SAFECOPY(cfg->grp[i]->lname, iniGetString(section, NULL, "description", name + 4, value));
386 SAFECOPY(cfg->grp[i]->code_prefix, iniGetString(section, NULL, "code_prefix", "", value));
/scfglib1.c: 373 in read_msgs_cfg()
367
368 str_list_t grp_list = iniGetParsedSectionList(sections, "grp:");
369 cfg->total_grps = (uint16_t)strListCount(grp_list);
370
371 if(cfg->total_grps) {
372 if((cfg->grp=(grp_t **)malloc(sizeof(grp_t *)*cfg->total_grps))==NULL)

CID 433265: (RESOURCE_LEAK)
Variable "grp_list" going out of scope leaks the storage it points to. 373 return allocerr(error, maxerrlen, fname, "groups", sizeof(grp_t *)*cfg->total_grps);

374 } else
375 cfg->grp=NULL;
376
377 for(uint i=0; i<cfg->total_grps; i++) {
378

** CID 433264: Memory - corruptions (REVERSE_NEGATIVE)
/main.cpp: 2347 in output_thread(void *)()


________________________________________________________________________________________________________
*** CID 433264: Memory - corruptions (REVERSE_NEGATIVE)
/main.cpp: 2347 in output_thread(void *)()
2341 }
2342 }
2343 #endif
2344 sbbs->terminate_output_thread = false;
2345
2346 /* Note: do not terminate when online==FALSE, that is expected for the terminal server output_thread */

CID 433264: Memory - corruptions (REVERSE_NEGATIVE)
You might be using variable "sbbs->client_socket" before verifying that it is >= 0.

2347 while (sbbs->client_socket != INVALID_SOCKET && !terminate_server && !sbbs->terminate_output_thread) {
2348 /*
2349 * I'd like to check the linear buffer against the highwater
2350 * at this point, but it would get too clumsy imho - Deuce
2351 *
2352 * Actually, another option would just be to have the size

** CID 433263: (RESOURCE_LEAK)
/scfglib1.c: 548 in read_msgs_cfg()
/scfglib1.c: 523 in read_msgs_cfg()
/scfglib1.c: 515 in read_msgs_cfg()
/scfglib1.c: 546 in read_msgs_cfg()


________________________________________________________________________________________________________
*** CID 433263: (RESOURCE_LEAK)
/scfglib1.c: 548 in read_msgs_cfg()
542 if(k) {
543 if((cfg->qhub[i]->sub=(sub_t**)malloc(sizeof(sub_t*)*k))==NULL)
544 return allocerr(error, maxerrlen, fname, "qhub sub", sizeof(sub_t)*k);
545 if((cfg->qhub[i]->conf=(ushort *)malloc(sizeof(ushort)*k))==NULL)
546 return allocerr(error, maxerrlen, fname, "qhub conf", sizeof(ushort)*k);
547 if((cfg->qhub[i]->mode=(char *)malloc(sizeof(char)*k))==NULL)

CID 433263: (RESOURCE_LEAK)
Variable "qhub_list" going out of scope leaks the storage it points to. 548 return allocerr(error, maxerrlen, fname, "qhub mode", sizeof(uchar)*k);

549 }
550
551 for(uint j=0;j<k;j++) {
552 uint16_t confnum;
553 int subnum;
/scfglib1.c: 523 in read_msgs_cfg()
517 cfg->qhub=NULL;
518
519 cfg->total_qhubs = 0;
520 for(uint i=0; qhub_list[i] != NULL; i++) {
521 const char* name = qhub_list[i];
522 if((cfg->qhub[i]=(qhub_t *)malloc(sizeof(qhub_t)))==NULL)

CID 433263: (RESOURCE_LEAK)
Variable "qhub_list" going out of scope leaks the storage it points to. 523 return allocerr(error, maxerrlen, fname, "qhub", sizeof(qhub_t));

524 section = iniGetParsedSection(sections, name, /* cut: */TRUE);
525 memset(cfg->qhub[i],0,sizeof(qhub_t));
526
527 SAFECOPY(cfg->qhub[i]->id, name + 5);
528 cfg->qhub[i]->time = iniGetShortInt(section, NULL, "time", 0);
/scfglib1.c: 515 in read_msgs_cfg()
509 /**********/
510 str_list_t qhub_list = iniGetParsedSectionList(sections, "qhub:");
511 cfg->total_qhubs = (uint16_t)strListCount(qhub_list);
512
513 if(cfg->total_qhubs) {
514 if((cfg->qhub=(qhub_t **)malloc(sizeof(qhub_t *)*cfg->total_qhubs))==NULL)

CID 433263: (RESOURCE_LEAK)
Variable "qhub_list" going out of scope leaks the storage it points to. 515 return allocerr(error, maxerrlen, fname, "qhubs", sizeof(qhub_t*)*cfg->total_qhubs);

516 } else
517 cfg->qhub=NULL;
518
519 cfg->total_qhubs = 0;
520 for(uint i=0; qhub_list[i] != NULL; i++) {
/scfglib1.c: 546 in read_msgs_cfg()
540 str_list_t qsub_list = iniGetParsedSectionList(sections, str);
541 uint k = strListCount(qsub_list);
542 if(k) {
543 if((cfg->qhub[i]->sub=(sub_t**)malloc(sizeof(sub_t*)*k))==NULL)
544 return allocerr(error, maxerrlen, fname, "qhub sub", sizeof(sub_t)*k);
545 if((cfg->qhub[i]->conf=(ushort *)malloc(sizeof(ushort)*k))==NULL)

CID 433263: (RESOURCE_LEAK)
Variable "qhub_list" going out of scope leaks the storage it points to. 546 return allocerr(error, maxerrlen, fname, "qhub conf", sizeof(ushort)*k);

547 if((cfg->qhub[i]->mode=(char *)malloc(sizeof(char)*k))==NULL)
548 return allocerr(error, maxerrlen, fname, "qhub mode", sizeof(uchar)*k);
549 }
550
551 for(uint j=0;j<k;j++) {

** CID 433262: High impact quality (Y2K38_SAFETY)
/qwk.cpp: 1036 in sbbs_t::qwk_vote(char **, const char *, unsigned short, const char *, unsigned int, sbbs_t::msg_filters, int)()


________________________________________________________________________________________________________
*** CID 433262: High impact quality (Y2K38_SAFETY)
/qwk.cpp: 1036 in sbbs_t::qwk_vote(char **, const char *, unsigned short, const char *, unsigned int, sbbs_t::msg_filters, int)()
1030 smbmsg_t msg;
1031 ZERO_VAR(msg);
1032
1033 if((p=iniGetString(ini, section, "WhenWritten", NULL, NULL)) != NULL) {
1034 char zone[32];
1035 xpDateTime_t dt=isoDateTimeStr_parse(p);

CID 433262: High impact quality (Y2K38_SAFETY)
A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "xpDateTime_to_localtime(dt)" is cast to "uint32_t".

1036 msg.hdr.when_written.time=(uint32_t)xpDateTime_to_localtime(dt);
1037 msg.hdr.when_written.zone=dt.zone;
1038 sscanf(p,"%*s %s",zone);
1039 if(zone[0])
1040 msg.hdr.when_written.zone=(ushort)strtoul(zone,NULL,16);
1041 }

** CID 433261: (RESOURCE_LEAK)
/scfglib2.c: 245 in read_file_cfg()
/scfglib2.c: 252 in read_file_cfg()


________________________________________________________________________________________________________
*** CID 433261: (RESOURCE_LEAK)
/scfglib2.c: 245 in read_file_cfg()
239
240 str_list_t lib_list = iniGetParsedSectionList(sections, "lib:");
241 cfg->total_libs = (uint16_t)strListCount(lib_list);
242
243 if(cfg->total_libs) {
244 if((cfg->lib=(lib_t **)malloc(sizeof(lib_t *)*cfg->total_libs))==NULL)

CID 433261: (RESOURCE_LEAK)
Variable "lib_list" going out of scope leaks the storage it points to. 245 return allocerr(error, maxerrlen, fname, "libs", sizeof(lib_t *)*cfg->total_libs);

246 } else
247 cfg->lib=NULL;
248
249 for(uint i=0; i<cfg->total_libs; i++) {
250 char* name = lib_list[i];
/scfglib2.c: 252 in read_file_cfg()
246 } else
247 cfg->lib=NULL;
248
249 for(uint i=0; i<cfg->total_libs; i++) {
250 char* name = lib_list[i];
251 if((cfg->lib[i]=(lib_t *)malloc(sizeof(lib_t)))==NULL) >>> CID 433261: (RESOURCE_LEAK)

Variable "lib_list" going out of scope leaks the storage it points to. 252 return allocerr(error, maxerrlen, fname, "lib", sizeof(lib_t));

253 str_list_t section = iniGetParsedSection(sections, name, /* cut: */TRUE);
254 memset(cfg->lib[i],0,sizeof(lib_t));
255 cfg->lib[i]->offline_dir=INVALID_DIR;
256 SAFECOPY(cfg->lib[i]->sname, name + 4);
257 SAFECOPY(cfg->lib[i]->lname, iniGetString(section, NULL, "description", name + 4, value));

** CID 433260: (RESOURCE_LEAK)
/scfglib1.c: 546 in read_msgs_cfg()
/scfglib1.c: 548 in read_msgs_cfg()
/scfglib1.c: 544 in read_msgs_cfg()


________________________________________________________________________________________________________
*** CID 433260: (RESOURCE_LEAK)
/scfglib1.c: 546 in read_msgs_cfg()
540 str_list_t qsub_list = iniGetParsedSectionList(sections, str);
541 uint k = strListCount(qsub_list);
542 if(k) {
543 if((cfg->qhub[i]->sub=(sub_t**)malloc(sizeof(sub_t*)*k))==NULL)
544 return allocerr(error, maxerrlen, fname, "qhub sub", sizeof(sub_t)*k);
545 if((cfg->qhub[i]->conf=(ushort *)malloc(sizeof(ushort)*k))==NULL)

CID 433260: (RESOURCE_LEAK)
Variable "qsub_list" going out of scope leaks the storage it points to. 546 return allocerr(error, maxerrlen, fname, "qhub conf", sizeof(ushort)*k);

547 if((cfg->qhub[i]->mode=(char *)malloc(sizeof(char)*k))==NULL)
548 return allocerr(error, maxerrlen, fname, "qhub mode", sizeof(uchar)*k);
549 }
550
551 for(uint j=0;j<k;j++) {
/scfglib1.c: 548 in read_msgs_cfg()
542 if(k) {
543 if((cfg->qhub[i]->sub=(sub_t**)malloc(sizeof(sub_t*)*k))==NULL)
544 return allocerr(error, maxerrlen, fname, "qhub sub", sizeof(sub_t)*k);
545 if((cfg->qhub[i]->conf=(ushort *)malloc(sizeof(ushort)*k))==NULL)
546 return allocerr(error, maxerrlen, fname, "qhub conf", sizeof(ushort)*k);
547 if((cfg->qhub[i]->mode=(char *)malloc(sizeof(char)*k))==NULL)

CID 433260: (RESOURCE_LEAK)
Variable "qsub_list" going out of scope leaks the storage it points to. 548 return allocerr(error, maxerrlen, fname, "qhub mode", sizeof(uchar)*k);

549 }
550
551 for(uint j=0;j<k;j++) {
552 uint16_t confnum;
553 int subnum;
/scfglib1.c: 544 in read_msgs_cfg()
538 char str[128];
539 SAFEPRINTF(str, "qhubsub:%s:", cfg->qhub[i]->id);
540 str_list_t qsub_list = iniGetParsedSectionList(sections, str);
541 uint k = strListCount(qsub_list);
542 if(k) {
543 if((cfg->qhub[i]->sub=(sub_t**)malloc(sizeof(sub_t*)*k))==NULL)

CID 433260: (RESOURCE_LEAK)
Variable "qsub_list" going out of scope leaks the storage it points to. 544 return allocerr(error, maxerrlen, fname, "qhub sub", sizeof(sub_t)*k);

545 if((cfg->qhub[i]->conf=(ushort *)malloc(sizeof(ushort)*k))==NULL)
546 return allocerr(error, maxerrlen, fname, "qhub conf", sizeof(ushort)*k);
547 if((cfg->qhub[i]->mode=(char *)malloc(sizeof(char)*k))==NULL)
548 return allocerr(error, maxerrlen, fname, "qhub mode", sizeof(uchar)*k);
549 }

** CID 433259: Resource leaks (RESOURCE_LEAK)
/upgrade_to_v320.c: 463 in upgrade_users()


________________________________________________________________________________________________________
*** CID 433259: Resource leaks (RESOURCE_LEAK)
/upgrade_to_v320.c: 463 in upgrade_users()
457 return false;
458 }
459
460 int file = v31x_openuserdat(&scfg, /* for_modify */FALSE);
461 if(file == -1) {
462 perror("user.dat");

CID 433259: Resource leaks (RESOURCE_LEAK)
Variable "out" going out of scope leaks the storage it points to.

463 return false;
464 }
465 for(uint i = 1; i <= last; i++) {
466 user_t user;
467 ZERO_VAR(user);
468 user.number = i;

** CID 433258: (RESOURCE_LEAK)
/scfglib2.c: 481 in read_xtrn_cfg()
/scfglib2.c: 500 in read_xtrn_cfg()
/scfglib2.c: 462 in read_xtrn_cfg()
/scfglib2.c: 428 in read_xtrn_cfg()
/scfglib2.c: 541 in read_xtrn_cfg()
/scfglib2.c: 594 in read_xtrn_cfg()
/scfglib2.c: 534 in read_xtrn_cfg()
/scfglib2.c: 579 in read_xtrn_cfg()
/scfglib2.c: 455 in read_xtrn_cfg()
/scfglib2.c: 601 in read_xtrn_cfg()
/scfglib2.c: 421 in read_xtrn_cfg()
/scfglib2.c: 572 in read_xtrn_cfg()


________________________________________________________________________________________________________
*** CID 433258: (RESOURCE_LEAK)
/scfglib2.c: 481 in read_xtrn_cfg()
475
476 list = iniGetParsedSectionList(sections, "prog:");
477 cfg->total_xtrns = (uint16_t)strListCount(list);
478
479 if(cfg->total_xtrns) {
480 if((cfg->xtrn=(xtrn_t **)malloc(sizeof(xtrn_t *)*cfg->total_xtrns))==NULL)

CID 433258: (RESOURCE_LEAK)
Variable "list" going out of scope leaks the storage it points to.

481 return allocerr(error, maxerrlen, fname, "xtrns", sizeof(xtrn_t *)*cfg->total_xtrns);
482 } else
483 cfg->xtrn=NULL;
484
485 cfg->total_xtrns = 0;
486 for(uint i=0; list[i] != NULL; i++) {
/scfglib2.c: 500 in read_xtrn_cfg()
494 char* code = p + 1;
495 int secnum = getxtrnsec(cfg, sec);
496 if(!is_valid_xtrnsec(cfg, secnum))
497 continue;
498
499 if((cfg->xtrn[i]=(xtrn_t *)malloc(sizeof(xtrn_t)))==NULL)

CID 433258: (RESOURCE_LEAK)
Variable "list" going out of scope leaks the storage it points to.

500 return allocerr(error, maxerrlen, fname, "xtrn", sizeof(xtrn_t));
501 str_list_t section = iniGetParsedSection(sections, name, /* cut: */TRUE);
502 memset(cfg->xtrn[i],0,sizeof(xtrn_t));
503 cfg->xtrn[i]->sec = secnum;
504
505 SAFECOPY(cfg->xtrn[i]->name, iniGetString(section, NULL, "name", code, value));
/scfglib2.c: 462 in read_xtrn_cfg()
456 } else
457 cfg->xtrnsec=NULL;
458
459 for(uint i=0; i<cfg->total_xtrnsecs; i++) {
460 const char* name = list[i];
461 if((cfg->xtrnsec[i]=(xtrnsec_t *)malloc(sizeof(xtrnsec_t)))==NULL)

CID 433258: (RESOURCE_LEAK)
Variable "list" going out of scope leaks the storage it points to.

462 return allocerr(error, maxerrlen, fname, "xtrnsec", sizeof(xtrnsec_t));
463 str_list_t section = iniGetParsedSection(sections, name, /* cut: */TRUE);
464 memset(cfg->xtrnsec[i],0,sizeof(xtrnsec_t));
465 SAFECOPY(cfg->xtrnsec[i]->code, name + 4);
466 SAFECOPY(cfg->xtrnsec[i]->name, iniGetString(section, NULL, "name", name + 4, value));
467 SAFECOPY(cfg->xtrnsec[i]->arstr, iniGetString(section, NULL, "ars", "", value));
/scfglib2.c: 428 in read_xtrn_cfg()
422 } else
423 cfg->xedit=NULL;
424
425 for(uint i=0; i<cfg->total_xedits; i++) {
426 const char* name = list[i];
427 if((cfg->xedit[i]=(xedit_t *)malloc(sizeof(xedit_t)))==NULL)

CID 433258: (RESOURCE_LEAK)
Variable "list" going out of scope leaks the storage it points to.

428 return allocerr(error, maxerrlen, fname, "xedit", sizeof(xedit_t));
429 str_list_t section = iniGetParsedSection(sections, name, /* cut: */TRUE);
430 memset(cfg->xedit[i],0,sizeof(xedit_t));
431 SAFECOPY(cfg->xedit[i]->code, name + 7);
432 SAFECOPY(cfg->xedit[i]->name, iniGetString(section, NULL, "name", name + 7, value));
433 SAFECOPY(cfg->xedit[i]->rcmd, iniGetString(section, NULL, "cmd", "", value));
/scfglib2.c: 541 in read_xtrn_cfg()
535 } else
536 cfg->event=NULL;
537
538 for(uint i=0; i<cfg->total_events; i++) {
539 const char* name = list[i];
540 if((cfg->event[i]=(event_t *)malloc(sizeof(event_t)))==NULL)

CID 433258: (RESOURCE_LEAK)
Variable "list" going out of scope leaks the storage it points to.

541 return allocerr(error, maxerrlen, fname, "event", sizeof(event_t));
542 memset(cfg->event[i],0,sizeof(event_t));
543 str_list_t section = iniGetParsedSection(sections, name, /* cut: */TRUE);
544
545 SAFECOPY(cfg->event[i]->code, name + 6);
546 SAFECOPY(cfg->event[i]->cmd, iniGetString(section, NULL, "cmd", "", value));
/scfglib2.c: 594 in read_xtrn_cfg()
588
589 list = iniGetParsedSectionList(sections, "hotkey:");
590 cfg->total_hotkeys = (uint16_t)strListCount(list);
591
592 if(cfg->total_hotkeys) {
593 if((cfg->hotkey=(hotkey_t **)malloc(sizeof(hotkey_t *)*cfg->total_hotkeys))==NULL)

CID 433258: (RESOURCE_LEAK)
Variable "list" going out of scope leaks the storage it points to.

594 return allocerr(error, maxerrlen, fname, "hotkeys", sizeof(hotkey_t *)*cfg->total_hotkeys);
595 } else
596 cfg->hotkey=NULL;
597
598 for(uint i=0; i<cfg->total_hotkeys; i++) {
599 const char* section = list[i];
/scfglib2.c: 534 in read_xtrn_cfg()
528
529 list = iniGetParsedSectionList(sections, "event:");
530 cfg->total_events = (uint16_t)strListCount(list);
531
532 if(cfg->total_events) {
533 if((cfg->event=(event_t **)malloc(sizeof(event_t *)*cfg->total_events))==NULL)

CID 433258: (RESOURCE_LEAK)
Variable "list" going out of scope leaks the storage it points to.

534 return allocerr(error, maxerrlen, fname, "events", sizeof(event_t *)*cfg->total_events);
535 } else
536 cfg->event=NULL;
537
538 for(uint i=0; i<cfg->total_events; i++) {
539 const char* name = list[i];
/scfglib2.c: 579 in read_xtrn_cfg()
573 } else
574 cfg->natvpgm=NULL;
575
576 for(uint i=0; i<cfg->total_natvpgms; i++) {
577 const char* name = list[i];
578 if((cfg->natvpgm[i]=(natvpgm_t *)malloc(sizeof(natvpgm_t)))==NULL)

CID 433258: (RESOURCE_LEAK)
Variable "list" going out of scope leaks the storage it points to.

579 return allocerr(error, maxerrlen, fname, "natvpgm", sizeof(natvpgm_t));
580 memset(cfg->natvpgm[i],0,sizeof(natvpgm_t));
581 SAFECOPY(cfg->natvpgm[i]->name, name + 7);
582 }
583 iniFreeStringList(list);
584
/scfglib2.c: 455 in read_xtrn_cfg()
449 list = iniGetParsedSectionList(sections, "sec:");
450 cfg->total_xtrnsecs = (uint16_t)strListCount(list);
451
452 if(cfg->total_xtrnsecs) {
453 if((cfg->xtrnsec=(xtrnsec_t **)malloc(sizeof(xtrnsec_t *)*cfg->total_xtrnsecs))
454 ==NULL)

CID 433258: (RESOURCE_LEAK)
Variable "list" going out of scope leaks the storage it points to.

455 return allocerr(error, maxerrlen, fname, "xtrnsecs", sizeof(xtrnsec_t *)*cfg->total_xtrnsecs);
456 } else
457 cfg->xtrnsec=NULL;
458
459 for(uint i=0; i<cfg->total_xtrnsecs; i++) {
460 const char* name = list[i];
/scfglib2.c: 601 in read_xtrn_cfg()
595 } else
596 cfg->hotkey=NULL;
597
598 for(uint i=0; i<cfg->total_hotkeys; i++) {
599 const char* section = list[i];
600 if((cfg->hotkey[i]=(hotkey_t *)malloc(sizeof(hotkey_t)))==NULL)

CID 433258: (RESOURCE_LEAK)
Variable "list" going out of scope leaks the storage it points to.

601 return allocerr(error, maxerrlen, fname, "hotkey", sizeof(hotkey_t));
602 memset(cfg->hotkey[i],0,sizeof(hotkey_t));
603
604 cfg->hotkey[i]->key = atoi(list[i] + 7);
605 SAFECOPY(cfg->hotkey[i]->cmd, iniGetString(ini, section, "cmd", "", value));
606 }
/scfglib2.c: 421 in read_xtrn_cfg()
415
416 str_list_t list = iniGetParsedSectionList(sections, "editor:"); 417 cfg->total_xedits = (uint16_t)strListCount(list);
418
419 if(cfg->total_xedits) {
420 if((cfg->xedit=(xedit_t **)malloc(sizeof(xedit_t *)*cfg->total_xedits))==NULL)

CID 433258: (RESOURCE_LEAK)
Variable "list" going out of scope leaks the storage it points to.

421 return allocerr(error, maxerrlen, fname, "xedits", sizeof(xedit_t *)*cfg->total_xedits);
422 } else
423 cfg->xedit=NULL;
424
425 for(uint i=0; i<cfg->total_xedits; i++) {
426 const char* name = list[i];
/scfglib2.c: 572 in read_xtrn_cfg()
566
567 list = iniGetParsedSectionList(sections, "native:");
568 cfg->total_natvpgms = (uint16_t)strListCount(list);
569
570 if(cfg->total_natvpgms) {
571 if((cfg->natvpgm=(natvpgm_t **)malloc(sizeof(natvpgm_t *)*cfg->total_natvpgms))==NULL)

CID 433258: (RESOURCE_LEAK)
Variable "list" going out of scope leaks the storage it points to.

572 return allocerr(error, maxerrlen, fname, "natvpgms", sizeof(natvpgm_t *)*cfg->total_natvpgms);
573 } else
574 cfg->natvpgm=NULL;
575
576 for(uint i=0; i<cfg->total_natvpgms; i++) {
577 const char* name = list[i];

** CID 433257: Null pointer dereferences (FORWARD_NULL)
/scfglib2.c: 314 in read_file_cfg()


________________________________________________________________________________________________________
*** CID 433257: Null pointer dereferences (FORWARD_NULL)
/scfglib2.c: 314 in read_file_cfg()
308 *p = '\0';
309 char* code = p + 1;
310 int libnum = getlibnum_from_name(cfg, lib);
311 if(!is_valid_libnum(cfg, libnum))
312 continue;
313

CID 433257: Null pointer dereferences (FORWARD_NULL)
Dereferencing null pointer "cfg->dir".

314 if((cfg->dir[i]=(dir_t *)malloc(sizeof(dir_t)))==NULL) 315 return allocerr(error, maxerrlen, fname, "dir", sizeof(dir_t));
316 str_list_t section = iniGetParsedSection(sections, name, /* cut: */TRUE);
317 memset(cfg->dir[i],0,sizeof(dir_t));
318 SAFECOPY(cfg->dir[i]->code_suffix, code);
319

** CID 433256: Memory - corruptions (REVERSE_NEGATIVE)
/websrvr.c: 6401 in http_output_thread()


________________________________________________________________________________________________________
*** CID 433256: Memory - corruptions (REVERSE_NEGATIVE)
/websrvr.c: 6401 in http_output_thread()
6395 #endif
6396
6397 /*
6398 * Do *not* exit on terminate_server... wait for session thread 6399 * to close the socket and set it to INVALID_SOCKET
6400 */

CID 433256: Memory - corruptions (REVERSE_NEGATIVE)
You might be using variable "session->socket" before verifying that it is >= 0.

6401 while(session->socket!=INVALID_SOCKET) {
6402
6403 /* Wait for something to output in the RingBuffer */ 6404 if((avail=RingBufFull(obuf))==0) { /* empty */ 6405 if(WaitForEvent(obuf->data_event, 1000) != WAIT_OBJECT_0)
6406 continue;

** CID 433255: (RESOURCE_LEAK)
/scfglib2.c: 296 in read_file_cfg()
/scfglib2.c: 315 in read_file_cfg()


________________________________________________________________________________________________________
*** CID 433255: (RESOURCE_LEAK)
/scfglib2.c: 296 in read_file_cfg()
290 cfg->sysop_dir=cfg->user_dir=cfg->upload_dir=INVALID_DIR;
291 str_list_t dir_list = iniGetParsedSectionList(sections, "dir:");
292 cfg->total_dirs = (uint16_t)strListCount(dir_list);
293
294 if(cfg->total_dirs) {
295 if((cfg->dir=(dir_t **)malloc(sizeof(dir_t *)*(cfg->total_dirs+1)))==NULL)

CID 433255: (RESOURCE_LEAK)
Variable "dir_list" going out of scope leaks the storage it points to. 296 return allocerr(error, maxerrlen, fname, "dirs", sizeof(dir_t *)*(cfg->total_dirs+1));

297 } else
298 cfg->dir=NULL;
299
300 cfg->total_dirs = 0;
301 for(uint i=0; dir_list[i] != NULL; i++) {
/scfglib2.c: 315 in read_file_cfg()
309 char* code = p + 1;
310 int libnum = getlibnum_from_name(cfg, lib);
311 if(!is_valid_libnum(cfg, libnum))
312 continue;
313
314 if((cfg->dir[i]=(dir_t *)malloc(sizeof(dir_t)))==NULL) >>> CID 433255: (RESOURCE_LEAK)

Variable "dir_list" going out of scope leaks the storage it points to. 315 return allocerr(error, maxerrlen, fname, "dir", sizeof(dir_t));

316 str_list_t section = iniGetParsedSection(sections, name, /* cut: */TRUE);
317 memset(cfg->dir[i],0,sizeof(dir_t));
318 SAFECOPY(cfg->dir[i]->code_suffix, code);
319
320 cfg->dir[i]->dirnum = i;

** CID 433254: Resource leaks (RESOURCE_LEAK)
/scfglib2.c: 167 in read_file_cfg()


________________________________________________________________________________________________________
*** CID 433254: Resource leaks (RESOURCE_LEAK)
/scfglib2.c: 167 in read_file_cfg()
161 return allocerr(error, maxerrlen, fname, "ftests", sizeof(ftest_t*)*cfg->total_ftests);
162 } else
163 cfg->ftest=NULL;
164
165 for(uint i=0; i<cfg->total_ftests; i++) {
166 if((cfg->ftest[i]=(ftest_t *)malloc(sizeof(ftest_t)))==NULL)

CID 433254: Resource leaks (RESOURCE_LEAK)
Variable "ftest_list" going out of scope leaks the storage it points to.

167 return allocerr(error, maxerrlen, fname, "ftest", sizeof(ftest_t));
168 str_list_t section = iniGetParsedSection(sections, ftest_list[i], /* cut: */TRUE);
169 memset(cfg->ftest[i],0,sizeof(ftest_t));
170 SAFECOPY(cfg->ftest[i]->ext, iniGetString(section, NULL, "extension", "", value));
171 SAFECOPY(cfg->ftest[i]->cmd, iniGetString(section, NULL, "cmd", "", value));
172 SAFECOPY(cfg->ftest[i]->workstr, iniGetString(section, NULL, "working", "", value));

** CID 433253: High impact quality (Y2K38_SAFETY)
/data_ovl.cpp: 85 in sbbs_t::putuserdatetime(int, user_field, long)()


________________________________________________________________________________________________________
*** CID 433253: High impact quality (Y2K38_SAFETY)
/data_ovl.cpp: 85 in sbbs_t::putuserdatetime(int, user_field, long)()
79 }
80 return true;
81 }
82
83 bool sbbs_t::putuserdatetime(int usernumber, enum user_field fnum, time_t t)
84 {

CID 433253: High impact quality (Y2K38_SAFETY)
A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "t" is cast to "time32_t".

85 int result = ::putuserdatetime(&cfg, usernumber, fnum, (time32_t)t);
86 if(result != 0) {
87 errormsg(WHERE, ERR_WRITE, USER_DATA_FILENAME, result);
88 return false;
89 }
90 return true;


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yp-2FP9gGRhvFklLaQKuBylUrkMFB3WMR2p7qIYKYTZrh4BbWTBf-2B-2Fi5ZUVF-2Fo-2B6flxo-3DKDXB_g4j7BHlu96plUOfCQsO0yRjoWZCZl8YGnZ-2FUtT39hrDurF1YI6zrehre-2ByboPjRtzp0Uy9HxsPpEX6zuOHgkysGkYAIhBrTkr4fuqAJ-2FB9iKqhkl3PBoU8Vxw9H0mOzOUPRQ8hRzN0dT2QpcICdfJX0ngV6zwPKV-2B-2BuWPoh6viSCOhOEjV9OKJBVoKjy1pwkvK0uVxvk593QiNyE8GHMjw-3D-3D



---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

2 new defect(s) introduced to Synchronet found with Coverity Scan.
1 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 2 of 2 defect(s)


** CID 434885: Null pointer dereferences (FORWARD_NULL)
/services.c: 720 in js_client_update()


________________________________________________________________________________________________________
*** CID 434885: Null pointer dereferences (FORWARD_NULL)
/services.c: 720 in js_client_update()
714 inet_addrtop(&addr, client.addr, sizeof(client.addr)); 715 client.port=inet_addrport(&addr);
716 }
717
718 if(argc>1) {
719 JSVALUE_TO_MSTRING(cx, argv[1], cstr, NULL);

CID 434885: Null pointer dereferences (FORWARD_NULL)
Passing null pointer "cstr" to "strncpy", which dereferences it.

720 SAFECOPY(client.user, cstr);
721 }
722
723 if(argc>2)
724 JSVALUE_TO_STRBUF(cx, argv[2], client.host, sizeof(client.host), NULL);
725

** CID 434884: Null pointer dereferences (FORWARD_NULL)
/services.c: 666 in js_client_add()


________________________________________________________________________________________________________
*** CID 434884: Null pointer dereferences (FORWARD_NULL)
/services.c: 666 in js_client_add()
660 client.port=inet_addrport(&addr);
661 }
662
663 if(argc>1) {
664 JSVALUE_TO_MSTRING(cx, argv[1], cstr, NULL);
665 HANDLE_PENDING(cx, cstr);

CID 434884: Null pointer dereferences (FORWARD_NULL)
Passing null pointer "cstr" to "strncpy", which dereferences it.

666 SAFECOPY(client.user, cstr);
667 }
668
669 if(argc>2)
670 JSVALUE_TO_STRBUF(cx, argv[2], client.host, sizeof(client.host), NULL);
671


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yp-2FP9gGRhvFklLaQKuBylUrkMFB3WMR2p7qIYKYTZrh4BbWTBf-2B-2Fi5ZUVF-2Fo-2B6flxo-3DvLhJ_g4j7BHlu96plUOfCQsO0yRjoWZCZl8YGnZ-2FUtT39hrBNa4gwWWzuH4YpejndlE5gsky18iXCI4AkB01pepljfQqe7LF9jGy-2FPzogJNdd8GOgQ3TnLbTyrrZZkhw2xvoNM46EZwpq7pxgwtgEEnxcRLT7VMF9VB0-2Ff-2B2KirIMbgwvbghsG43LiLS-2FF-2BCh68FdiTiQ6aMChynPzZbnhEv4cw-3D-3D



---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

1 new defect(s) introduced to Synchronet found with Coverity Scan.
11 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 1 of 1 defect(s)


** CID 434888: Uninitialized variables (UNINIT)
/xtrn.cpp: 1370 in sbbs_t::external(const char *, long, const char *)()


________________________________________________________________________________________________________
*** CID 434888: Uninitialized variables (UNINIT)
/xtrn.cpp: 1370 in sbbs_t::external(const char *, long, const char *)()
1364 if(startup_dir!=NULL && startup_dir[0]) {
1365 SAFECOPY(str, startup_dir);
1366 *lastchar(str) = 0;
1367 SAFECOPY(gamedir, getfname(str));
1368 }
1369

CID 434888: Uninitialized variables (UNINIT)
Using uninitialized value "*gamedir".

1370 if(*gamedir == 0) {
1371 lprintf(LOG_ERR, "No startup directory configured for DOS command-line: %s", cmdline);
1372 fclose(dosemubatfp);
1373 return -1;
1374 }
1375


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yp-2FP9gGRhvFklLaQKuBylUrkMFB3WMR2p7qIYKYTZrh4BbWTBf-2B-2Fi5ZUVF-2Fo-2B6flxo-3Di5Wp_g4j7BHlu96plUOfCQsO0yRjoWZCZl8YGnZ-2FUtT39hrCu-2BeyEJW9rE8BW4LDJPQ2W2Wvs6n0p1O-2Fo9AM1iUao-2F2dlnwxD-2FRtUP2nmCEvhxiitStz1ds8-2B9EaUt0OTDXr5sDsyoKOngliXhJ9VISshWIOON7LUlF3dVpV2T8YLPOtt-2BDQXU15hmmSHz-2FmlMcFUnz-2Fr7tGDaZQcVs-2F9URbkGQ-3D-3D



---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

2 new defect(s) introduced to Synchronet found with Coverity Scan.


New defect(s) Reported-by: Coverity Scan
Showing 2 of 2 defect(s)


** CID 435652: High impact quality (Y2K38_SAFETY)
/logfile.cpp: 46 in hacklog()


________________________________________________________________________________________________________
*** CID 435652: High impact quality (Y2K38_SAFETY)
/logfile.cpp: 46 in hacklog()
40 return false;
41
42 inet_addrtop(addr, ip, sizeof(ip));
43 fprintf(fp,"SUSPECTED %s HACK ATTEMPT for user '%s' on %.24s%sUsing port %u at %s [%s]%s"
44 ,prot
45 ,user

CID 435652: High impact quality (Y2K38_SAFETY)
A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "now" is cast to "time32_t".

46 ,timestr(cfg, (time32_t)now, tstr)
47 ,log_line_ending
48 ,inet_addrport(addr)
49 ,host
50 ,ip
51 ,log_line_ending

** CID 435651: High impact quality (Y2K38_SAFETY)
/logfile.cpp: 102 in spamlog()


________________________________________________________________________________________________________
*** CID 435651: High impact quality (Y2K38_SAFETY)
/logfile.cpp: 102 in spamlog()
96 if(from==NULL)
97 from=host;
98
99 fprintf(fp, "SUSPECTED %s SPAM %s on %.24s%sHost: %s [%s]%sFrom: %.128s %s%s"
100 ,prot
101 ,action

CID 435651: High impact quality (Y2K38_SAFETY)
A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "now" is cast to "time32_t".

102 ,timestr(cfg, (time32_t)now, tstr)
103 ,log_line_ending
104 ,host
105 ,ip_addr
106 ,log_line_ending
107 ,from


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yp-2FP9gGRhvFklLaQKuBylUrkMFB3WMR2p7qIYKYTZrh4BbWTBf-2B-2Fi5ZUVF-2Fo-2B6flxo-3DrmwL_g4j7BHlu96plUOfCQsO0yRjoWZCZl8YGnZ-2FUtT39hrD1h-2BJFDuaPIzN3MjUxXvYYHQg-2Fq-2FfU-2Fa0iL0wmBIUr-2BFn-2Bh5d5qL-2FdY2FQedxymvZp-2Fl55lN-2BSO3rsaz-2BpIvPpEo8wZX8gGIoIufwknwcoNkG-2FC8e4PiByeZMHapM18xVRoUJvvlaXk0sHvmcwKAwJTorTghaXM6HlUMk6GBouCg-3D-3D



---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

1 new defect(s) introduced to Synchronet found with Coverity Scan.


New defect(s) Reported-by: Coverity Scan
Showing 1 of 1 defect(s)


** CID 436064: Error handling issues (CHECKED_RETURN)
/scfg/scfg.c: 2266 in bail()


________________________________________________________________________________________________________
*** CID 436064: Error handling issues (CHECKED_RETURN)
/scfg/scfg.c: 2266 in bail()
2260 if(code) {
2261 printf("\nHit enter to continue...");
2262 (void)getchar();
2263 }
2264 else if(forcesave) {
2265 load_main_cfg(&cfg, error, sizeof(error));

CID 436064: Error handling issues (CHECKED_RETURN)
Calling "load_msgs_cfg" without checking return value (as is done elsewhere 4 out of 5 times).

2266 load_msgs_cfg(&cfg, error, sizeof(error));
2267 load_file_cfg(&cfg, error, sizeof(error));
2268 load_chat_cfg(&cfg, error, sizeof(error));
2269 load_xtrn_cfg(&cfg, error, sizeof(error));
2270 cfg.new_install=new_install;
2271 save_main_cfg(&cfg,backup_level);


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yp-2FP9gGRhvFklLaQKuBylUrkMFB3WMR2p7qIYKYTZrh4BbWTBf-2B-2Fi5ZUVF-2Fo-2B6flxo-3DD5MO_g4j7BHlu96plUOfCQsO0yRjoWZCZl8YGnZ-2FUtT39hrDTaDtSmOw-2Bk-2F2GY9-2Fd2mdj1kV98qMuZQMWgSaq-2FKJTpW1JmDNOWTqgrbhAT5Uu1FeAUx9pihjmNzRCgsVATSDaJVNi1-2Fy70syPCKRY-2FmYivvscQV3ejVXXYul1-2BVLFI3iZ6Tr68ZR3M-2FuWbVS2FOTtToDy4GMZVGnWexi0ASRqfA-3D-3D



---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

21 new defect(s) introduced to Synchronet found with Coverity Scan.
16 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 20 of 21 defect(s)


** CID 436320: (SIGN_EXTENSION)
/writemsg.cpp: 679 in sbbs_t::writemsg(const char *, const char *, char *, int, unsigned int, const char *, const char *, const char **, const char **)()
/writemsg.cpp: 680 in sbbs_t::writemsg(const char *, const char *, char *, int, unsigned int, const char *, const char *, const char **, const char **)()
/writemsg.cpp: 657 in sbbs_t::writemsg(const char *, const char *, char *, int, unsigned int, const char *, const char *, const char **, const char **)()
/writemsg.cpp: 294 in sbbs_t::writemsg(const char *, const char *, char *, int, unsigned int, const char *, const char *, const char **, const char **)()
/writemsg.cpp: 656 in sbbs_t::writemsg(const char *, const char *, char *, int, unsigned int, const char *, const char *, const char **, const char **)()


________________________________________________________________________________________________________
*** CID 436320: (SIGN_EXTENSION)
/writemsg.cpp: 679 in sbbs_t::writemsg(const char *, const char *, char *, int, unsigned int, const char *, const char *, const char **, const char **)()
673 *editor = "Synchronet msgeditor " GIT_BRANCH "/" GIT_HASH;
674
675 buf[0]=0;
676 if(linesquoted || draft_restored) {
677 if((file=nopen(msgtmp,O_RDONLY))!=-1) {
678 length=(long)filelength(file);

CID 436320: (SIGN_EXTENSION)
Suspicious implicit sign extension: "this->cfg.level_linespermsg[useron_level]" with type "uint16_t" (16 bits, unsigned) is promoted in "this->cfg.level_linespermsg[useron_level] * (this->cols - 1) - 1" to type "int" (32 bits, signed), then sign-extended to type "long" (64 bits, signed). If "this->cfg.level_linespermsg[useron_level] * (this->cols - 1) - 1" is greater than 0x7FFFFFFF, the upper bits of the result will all be 1.

679 l=length>(cfg.level_linespermsg[useron_level]*MAX_LINE_LEN)-1
680 ? (cfg.level_linespermsg[useron_level]*MAX_LINE_LEN)-1 : length;
681 lread(file,buf,l);
682 buf[l]=0;
683 close(file);
684 // remove(msgtmp);
/writemsg.cpp: 680 in sbbs_t::writemsg(const char *, const char *, char *, int, unsigned int, const char *, const char *, const char **, const char **)()
674
675 buf[0]=0;
676 if(linesquoted || draft_restored) {
677 if((file=nopen(msgtmp,O_RDONLY))!=-1) {
678 length=(long)filelength(file);
679 l=length>(cfg.level_linespermsg[useron_level]*MAX_LINE_LEN)-1

CID 436320: (SIGN_EXTENSION)
Suspicious implicit sign extension: "this->cfg.level_linespermsg[useron_level]" with type "uint16_t" (16 bits, unsigned) is promoted in "this->cfg.level_linespermsg[useron_level] * (this->cols - 1) - 1" to type "int" (32 bits, signed), then sign-extended to type "long" (64 bits, signed). If "this->cfg.level_linespermsg[useron_level] * (this->cols - 1) - 1" is greater than 0x7FFFFFFF, the upper bits of the result will all be 1.

680 ? (cfg.level_linespermsg[useron_level]*MAX_LINE_LEN)-1 : length;
681 lread(file,buf,l);
682 buf[l]=0;
683 close(file);
684 // remove(msgtmp);
685 }
/writemsg.cpp: 657 in sbbs_t::writemsg(const char *, const char *, char *, int, unsigned int, const char *, const char *, const char **, const char **)()
651 free(buf);
652 return false;
653 }
654 l=strlen((char *)buf); /* reserve space for top and terminating null */
655 /* truncate if too big */
656 if(length>(long)((cfg.level_linespermsg[useron_level]*MAX_LINE_LEN)-(l+1))) {

CID 436320: (SIGN_EXTENSION)
Suspicious implicit sign extension: "this->cfg.level_linespermsg[useron_level]" with type "uint16_t" (16 bits, unsigned) is promoted in "this->cfg.level_linespermsg[useron_level] * (this->cols - 1)" to type "int" (32 bits, signed), then sign-extended to type "unsigned long" (64 bits, unsigned). If "this->cfg.level_linespermsg[useron_level] * (this->cols - 1)" is greater than 0x7FFFFFFF, the upper bits of the result will all be 1.

657 length=(cfg.level_linespermsg[useron_level]*MAX_LINE_LEN)-(l+1);
658 bputs(text[OutOfBytes]);
659 }
660 long rd = read(file,buf+l,length);
661 close(file);
662 if(rd != length) {
/writemsg.cpp: 294 in sbbs_t::writemsg(const char *, const char *, char *, int, unsigned int, const char *, const char *, const char **, const char **)()
288
289 useron_level=useron.level;
290
291 if(editor!=NULL)
292 *editor=NULL;
293

CID 436320: (SIGN_EXTENSION)
Suspicious implicit sign extension: "this->cfg.level_linespermsg[useron_level]" with type "uint16_t" (16 bits, unsigned) is promoted in "this->cfg.level_linespermsg[useron_level] * (this->cols - 1) + 1" to type "int" (32 bits, signed), then sign-extended to type "unsigned long" (64 bits, unsigned). If "this->cfg.level_linespermsg[useron_level] * (this->cols - 1) + 1" is greater than 0x7FFFFFFF, the upper bits of the result will all be 1.

294 if((buf=(char*)malloc((cfg.level_linespermsg[useron_level]*MAX_LINE_LEN) + 1))
295 ==NULL) {
296 errormsg(WHERE,ERR_ALLOC,fname
297 ,(cfg.level_linespermsg[useron_level]*MAX_LINE_LEN) +1);
298 return(false);
299 }
/writemsg.cpp: 656 in sbbs_t::writemsg(const char *, const char *, char *, int, unsigned int, const char *, const char *, const char **, const char **)()
650 errormsg(WHERE, ERR_LEN, msgtmp, length);
651 free(buf);
652 return false;
653 }
654 l=strlen((char *)buf); /* reserve space for top and terminating null */
655 /* truncate if too big */

CID 436320: (SIGN_EXTENSION)
Suspicious implicit sign extension: "this->cfg.level_linespermsg[useron_level]" with type "uint16_t" (16 bits, unsigned) is promoted in "this->cfg.level_linespermsg[useron_level] * (this->cols - 1)" to type "int" (32 bits, signed), then sign-extended to type "unsigned long" (64 bits, unsigned). If "this->cfg.level_linespermsg[useron_level] * (this->cols - 1)" is greater than 0x7FFFFFFF, the upper bits of the result will all be 1.

656 if(length>(long)((cfg.level_linespermsg[useron_level]*MAX_LINE_LEN)-(l+1))) {
657 length=(cfg.level_linespermsg[useron_level]*MAX_LINE_LEN)-(l+1);
658 bputs(text[OutOfBytes]);
659 }
660 long rd = read(file,buf+l,length);
661 close(file);

** CID 436319: High impact quality (Y2K38_SAFETY)
/qwktomsg.cpp: 49 in qwk_parse_header_list(sbbs_t *, unsigned int, smbmsg_t *, char ***, bool, bool)()


________________________________________________________________________________________________________
*** CID 436319: High impact quality (Y2K38_SAFETY)
/qwktomsg.cpp: 49 in qwk_parse_header_list(sbbs_t *, unsigned int, smbmsg_t *, char ***, bool, bool)()
43 msg->hdr.auxattr |= MSG_HFIELDS_UTF8;
44 }
45
46 if((p=iniPopKey(headers,ROOT_SECTION,"WhenWritten",value))!=NULL) {
47 xpDateTime_t dt=isoDateTimeStr_parse(p);
48

CID 436319: High impact quality (Y2K38_SAFETY)
A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "xpDateTime_to_localtime(dt)" is cast to "uint32_t".

49 msg->hdr.when_written.time=(uint32_t)xpDateTime_to_localtime(dt);
50 msg->hdr.when_written.zone=dt.zone;
51 sscanf(p,"%*s %s",zone);
52 if(zone[0])
53 msg->hdr.when_written.zone=(ushort)strtoul(zone,NULL,16);
54 }

** CID 436318: Error handling issues (CHECKED_RETURN)
/tmp_xfer.cpp: 88 in sbbs_t::create_filelist(const char *, int)()


________________________________________________________________________________________________________
*** CID 436318: Error handling issues (CHECKED_RETURN)
/tmp_xfer.cpp: 88 in sbbs_t::create_filelist(const char *, int)()
82 if(k)
83 bprintf(text[CreatedFileList],name);
84 else {
85 if(online == ON_REMOTE)
86 bputs(text[NoFiles]);
87 SAFEPRINTF2(str,"%s%s",cfg.temp_dir,name);

CID 436318: Error handling issues (CHECKED_RETURN)
Calling "remove(str)" without checking return value. This library function may fail and return an error code.

88 remove(str);
89 }
90 return(k);
91 }
92
93 /****************************************************************************/

** CID 436317: High impact quality (Y2K38_SAFETY)
/qwktomsg.cpp: 198 in sbbs_t::qwk_new_msg(unsigned int, smbmsg_t *, char *, int, char **, bool)()


________________________________________________________________________________________________________
*** CID 436317: High impact quality (Y2K38_SAFETY)
/qwktomsg.cpp: 198 in sbbs_t::qwk_new_msg(unsigned int, smbmsg_t *, char *, int, char **, bool)()
192 tm.tm_year=((hdrblk[14]&0xf)*10)+(hdrblk[15]&0xf);
193 if(tm.tm_year<Y2K_2DIGIT_WINDOW)
194 tm.tm_year+=100;
195 tm.tm_hour=((hdrblk[16]&0xf)*10)+(hdrblk[17]&0xf);
196 tm.tm_min=((hdrblk[19]&0xf)*10)+(hdrblk[20]&0xf);
197

CID 436317: High impact quality (Y2K38_SAFETY)
A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "sane_mktime(&tm)" is cast to "uint32_t".

198 msg->hdr.when_written.time=(uint32_t)sane_mktime(&tm); 199 }
200
201 if(msg->to==NULL)
202 smb_hfield_str(msg,RECIPIENT,strip_ctrl(to, to));
203

** CID 436316: Error handling issues (CHECKED_RETURN)
/netmail.cpp: 1382 in sbbs_t::qnetmail(const char *, const char *, int, smb_t *, smbmsg_t *)()


________________________________________________________________________________________________________
*** CID 436316: Error handling issues (CHECKED_RETURN)
/netmail.cpp: 1382 in sbbs_t::qnetmail(const char *, const char *, int, smb_t *, smbmsg_t *)()
1376 smb_close(&smb);
1377 smb_stack(&smb,SMB_STACK_POP);
1378 errormsg(WHERE,ERR_OPEN,msgpath,O_RDONLY|O_BINARY); 1379 return(false);
1380 }
1381

CID 436316: Error handling issues (CHECKED_RETURN)
Calling "fseeko(this->smb.sdt_fp, offset, 0)" without checking return value. This library function may fail and return an error code.

1382 fseeko(smb.sdt_fp,offset,SEEK_SET);
1383 xlat=XLAT_NONE;
1384 fwrite(&xlat,2,1,smb.sdt_fp);
1385 x=SDT_BLOCK_LEN-2; /* Don't read/write more than 255 */
1386 while(!feof(instream)) {
1387 memset(buf,0,x);

** CID 436315: Code maintainability issues (UNUSED_VALUE)
/str.cpp: 406 in sbbs_t::sof(char *, char *, int)()


________________________________________________________________________________________________________
*** CID 436315: Code maintainability issues (UNUSED_VALUE)
/str.cpp: 406 in sbbs_t::sof(char *, char *, int)()
400 max=max*10+(buf[++m]&0xf);
401 }
402 if(buf[m+1]=='.' && IS_DIGIT(buf[m+2])) {
403 m++;
404 min=buf[++m]&0xf;
405 if(IS_DIGIT(buf[m+1]))

CID 436315: Code maintainability issues (UNUSED_VALUE)
Assigning value from "min * 10 + (buf[++m] & 0xf)" to "min" here, but that stored value is overwritten before it can be used.

406 min=min*10+(buf[++m]&0xf);
407 }
408 if(buf[m+1]=='"') {
409 max=0;
410 m++;
411 while(buf[++m]!='"' && max<80)

** CID 436314: (RESOURCE_LEAK)
/xtrn.cpp: 1692 in sbbs_t::external(const char *, int, const char *)() /xtrn.cpp: 1692 in sbbs_t::external(const char *, int, const char *)()


________________________________________________________________________________________________________
*** CID 436314: (RESOURCE_LEAK)
/xtrn.cpp: 1692 in sbbs_t::external(const char *, int, const char *)()
1686 dup2(fd, STDOUT_FILENO);
1687 if(!(mode&EX_NOLOG))
1688 dup2(fd, STDERR_FILENO);
1689 if (fd > 2)
1690 close(fd);
1691 }

CID 436314: (RESOURCE_LEAK)
Handle variable "fd" going out of scope leaks the handle.

1692 }
1693
1694 if(mode&EX_BG) /* background execution, detach child */
1695 {
1696 lprintf(LOG_INFO,"Detaching external process"); 1697 daemon(TRUE,FALSE);
/xtrn.cpp: 1692 in sbbs_t::external(const char *, int, const char *)()
1686 dup2(fd, STDOUT_FILENO);
1687 if(!(mode&EX_NOLOG))
1688 dup2(fd, STDERR_FILENO);
1689 if (fd > 2)
1690 close(fd);
1691 }

CID 436314: (RESOURCE_LEAK)
Handle variable "fd" going out of scope leaks the handle.

1692 }
1693
1694 if(mode&EX_BG) /* background execution, detach child */
1695 {
1696 lprintf(LOG_INFO,"Detaching external process"); 1697 daemon(TRUE,FALSE);

** CID 436313: (OVERRUN)
/main.cpp: 4367 in node_thread(void *)()


________________________________________________________________________________________________________
*** CID 436313: (OVERRUN)
/main.cpp: 4383 in node_thread(void *)()
4377
4378 curshell=sbbs->useron.shell;
4379 sbbs->main_csi.ip=sbbs->main_csi.cs; 4380 sbbs->menu_dir[0]=0;
4381 sbbs->menu_file[0]=0;
4382 }

CID 436313: (OVERRUN)
Calling "exec" with "sbbs->main_csi.cs" and "sbbs->main_csi.length" is suspicious because of the very large index, 18446744073709551615. The index may be due to a negative parameter being interpreted as unsigned.

4383 if(sbbs->exec(&sbbs->main_csi))
4384 break;
4385 }
4386 listRemoveTaggedNode(&current_logins, sbbs->cfg.node_num, /* free_data */TRUE);
4387 }
4388
/main.cpp: 4367 in node_thread(void *)()
4361 close(file);
4362 sbbs->errormsg(WHERE,ERR_ALLOC,str,sbbs->main_csi.length);
4363 sbbs->hangup();
4364 break;
4365 }
4366

CID 436313: (OVERRUN)
Calling "read" with "sbbs->main_csi.cs" and "sbbs->main_csi.length" is suspicious because of the very large index, 18446744073709551615. The index may be due to a negative parameter being interpreted as unsigned. [Note: The source code implementation of the function has been overridden by a builtin model.]

4367 if(lread(file,sbbs->main_csi.cs,sbbs->main_csi.length)
4368 !=(int)sbbs->main_csi.length) { 4369 sbbs->errormsg(WHERE,ERR_READ,str,sbbs->main_csi.length);
4370 close(file);
4371 free(sbbs->main_csi.cs);
4372 sbbs->main_csi.cs=NULL;

** CID 436312: Error handling issues (CHECKED_RETURN)
/xtrn.cpp: 1750 in sbbs_t::external(const char *, int, const char *)()


________________________________________________________________________________________________________
*** CID 436312: Error handling issues (CHECKED_RETURN)
/xtrn.cpp: 1750 in sbbs_t::external(const char *, int, const char *)()
1744 write(in_pipe[1],buf,wr);
1745 }
1746
1747 bp=buf;
1748 i=0;
1749 if(mode&EX_NOLOG)

CID 436312: Error handling issues (CHECKED_RETURN)
Calling "poll(fds, 1UL, 1)" without checking return value. This library function may fail and return an error code. [Note: The source code implementation of the function has been overridden by a builtin model.]

1750 poll(fds, 1, 1);
1751 else {
1752 while (poll(fds, 2, 1) > 0 && (fds[1].revents)
1753 && (i < (int)sizeof(buf) - 1)) { 1754 if((rd=read(err_pipe[0],bp,1))>0) {
1755 i+=rd;

** CID 436311: (OVERRUN)
/exec.cpp: 812 in sbbs_t::exec_bin(const char *, csi_t *, const char *)()


________________________________________________________________________________________________________
*** CID 436311: (OVERRUN)
/exec.cpp: 812 in sbbs_t::exec_bin(const char *, csi_t *, const char *)()
806 }
807 if((bin.cs=(uchar *)malloc(bin.length))==NULL) {
808 close(file);
809 errormsg(WHERE,ERR_ALLOC,str,bin.length);
810 return(-1);
811 }

CID 436311: (OVERRUN)
Calling "read" with "bin.cs" and "bin.length" is suspicious because of the very large index, 18446744073709551615. The index may be due to a negative parameter being interpreted as unsigned. [Note: The source code implementation of the function has been overridden by a builtin model.]

812 if(lread(file,bin.cs,bin.length)!=(ssize_t)bin.length) {
813 close(file);
814 errormsg(WHERE,ERR_READ,str,bin.length);
815 free(bin.cs);
816 return(-1);
817 }
/exec.cpp: 825 in sbbs_t::exec_bin(const char *, csi_t *, const char *)()
819
820 bin.ip=bin.cs;
821 bin.rets=0;
822 bin.cmdrets=0;
823 bin.misc=0;
824

CID 436311: (OVERRUN)
Calling "exec" with "bin.cs" and "bin.length" is suspicious because of the very large index, 18446744073709551615. The index may be due to a negative parameter being interpreted as unsigned.

825 while(exec(&bin)==0)
826 if(!(bin.misc&CS_OFFLINE_EXEC)) {
827 checkline();
828 if(!online)
829 break;
830 }

** CID 436310: High impact quality (Y2K38_SAFETY)
/xtrn_sec.cpp: 1114 in sbbs_t::moduserdat(unsigned int)()


________________________________________________________________________________________________________
*** CID 436310: High impact quality (Y2K38_SAFETY)
/xtrn_sec.cpp: 1114 in sbbs_t::moduserdat(unsigned int)()
1108 useron.level=(uint8_t)i;
1109 putuserdec32(useron.number, USER_LEVEL, useron.level);
1110 }
1111 lseek(file,75,SEEK_CUR); /* read in expiration date */
1112 read(file,&i,2); /* convert from julian to unix */
1113 i = LE_INT(i);

CID 436310: High impact quality (Y2K38_SAFETY)
A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "juliantounix(i)" is cast to "time32_t".

1114 useron.expire=(time32_t)juliantounix(i);
1115 putuserdatetime(useron.number, USER_EXPIRE, useron.expire);
1116 }
1117 close(file);
1118 }
1119 return;

** CID 436309: Error handling issues (CHECKED_RETURN)
/qwk.cpp: 294 in sbbs_t::qwk_success(unsigned int, char, char)()


________________________________________________________________________________________________________
*** CID 436309: Error handling issues (CHECKED_RETURN)
/qwk.cpp: 294 in sbbs_t::qwk_success(unsigned int, char, char)()
288 SAFECOPY(str, "downloaded QWK packet");
289 logline("D-",str);
290 posts_read+=msgcnt;
291
292 sprintf(str,"%sfile/%04u.qwk",cfg.data_dir,useron.number);
293 if(fexistcase(str))

CID 436309: Error handling issues (CHECKED_RETURN)
Calling "remove(str)" without checking return value. This library function may fail and return an error code.

294 remove(str);
295
296 if(!bi) {
297 batch_download(-1);
298 delfiles(cfg.temp_dir,ALLFILES);
299 }

** CID 436308: (CHECKED_RETURN)
/pack_qwk.cpp: 619 in sbbs_t::pack_qwk(char *, unsigned int *, bool)() /pack_qwk.cpp: 745 in sbbs_t::pack_qwk(char *, unsigned int *, bool)() /pack_qwk.cpp: 733 in sbbs_t::pack_qwk(char *, unsigned int *, bool)()


________________________________________________________________________________________________________
*** CID 436308: (CHECKED_RETURN)
/pack_qwk.cpp: 619 in sbbs_t::pack_qwk(char *, unsigned int *, bool)()
613 fclose(voting);
614 }
615 if(personal) {
616 fclose(personal); /* close PERSONAL.NDX */
617 SAFEPRINTF(str,"%sPERSONAL.NDX",cfg.temp_dir);
618 if(!flength(str))

CID 436308: (CHECKED_RETURN)
Calling "remove(str)" without checking return value. This library function may fail and return an error code.

619 remove(str);
620 }
621 CRLF;
622
623 if(!prepack && online!=ON_LOCAL && ((sys_status&SS_ABORT) || !online)) {
624 bputs(text[Aborted]);
/pack_qwk.cpp: 745 in sbbs_t::pack_qwk(char *, unsigned int *, bool)()
739 if(file_count < 0)
740 lprintf(LOG_ERR, "libarchive error (%s) creating %s", error, packet);
741 else
742 lprintf(LOG_INFO, "libarchive created %s from %d files", packet, file_count);
743 }
744 if(flength(packet) < 1) {

CID 436308: (CHECKED_RETURN)
Calling "remove(packet)" without checking return value. This library function may fail and return an error code.

745 remove(packet);
746 if((i = external(cmdstr(temp_cmd(),packet,path,NULL), ex|EX_WILDCARD)) != 0)
747 errormsg(WHERE,ERR_EXEC,cmdstr(temp_cmd(),packet,path,NULL),i);
748 if(flength(packet) < 1) {
749 bputs(text[QWKCompressionFailed]);
750 return(false);
/pack_qwk.cpp: 733 in sbbs_t::pack_qwk(char *, unsigned int *, bool)()
727 }
728 }
729
730 /*******************/
731 /* Compress Packet */
732 /*******************/

CID 436308: (CHECKED_RETURN)
Calling "remove(packet)" without checking return value. This library function may fail and return an error code.

733 remove(packet);
734 SAFEPRINTF2(path,"%s%s",cfg.temp_dir,ALLFILES);
735 if(strListFind((str_list_t)supported_archive_formats, useron.tmpext, /* case_sensitive */FALSE) >= 0) {
736 str_list_t file_list = directory(path);
737 int file_count = create_archive(packet, useron.tmpext, /* with_path: */false, file_list, error, sizeof(error));
738 strListFree(&file_list);

** CID 436307: High impact quality (Y2K38_SAFETY)
/main.cpp: 4407 in node_thread(void *)()


________________________________________________________________________________________________________
*** CID 436307: High impact quality (Y2K38_SAFETY)
/main.cpp: 4407 in node_thread(void *)()
4401 time_t now = time(NULL);
4402 SAFEPRINTF(str, "%sclient.ini", sbbs->cfg.node_dir);
4403 FILE* fp = fopen(str, "at");
4404 if(fp != NULL) {
4405 fprintf(fp, "user=%u\n", sbbs->useron.number);
4406 fprintf(fp, "name=%s\n", sbbs->useron.alias);

CID 436307: High impact quality (Y2K38_SAFETY)
A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "now" is cast to "uint".

4407 fprintf(fp, "done=%u\n", (uint)now);
4408 fclose(fp);
4409 }
4410
4411 if(sbbs->sys_status&SS_DAILY) { // New day, run daily events/maintenance
4412 sbbs->daily_maint();

** CID 436306: High impact quality (Y2K38_SAFETY)
/atcodes.cpp: 1235 in sbbs_t::atcode(char *, char *, unsigned long, int *, bool, JSObject *)()


________________________________________________________________________________________________________
*** CID 436306: High impact quality (Y2K38_SAFETY)
/atcodes.cpp: 1235 in sbbs_t::atcode(char *, char *, unsigned long, int *, bool, JSObject *)()
1229 f = (float)useron.dls / useron.uls;
1230 safe_snprintf(str, maxlen, "%u", f ? (uint)(100 / f) : 0);
1231 return str;
1232 }
1233
1234 if(!strcmp(sp,"LASTNEW"))

CID 436306: High impact quality (Y2K38_SAFETY)
A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "this->ns_time" is cast to "time32_t".

1235 return(unixtodstr(&cfg,(time32_t)ns_time,str));
1236
1237 if(strncmp(sp, "LASTNEW:", 8) == 0) {
1238 sp += 8;
1239 c_unescape_str(sp);
1240 memset(&tm, 0, sizeof(tm));

** CID 436305: (Y2K38_SAFETY)
/pack_qwk.cpp: 128 in sbbs_t::pack_qwk(char *, unsigned int *, bool)() /pack_qwk.cpp: 598 in sbbs_t::pack_qwk(char *, unsigned int *, bool)() /pack_qwk.cpp: 603 in sbbs_t::pack_qwk(char *, unsigned int *, bool)()


________________________________________________________________________________________________________
*** CID 436305: (Y2K38_SAFETY)
/pack_qwk.cpp: 128 in sbbs_t::pack_qwk(char *, unsigned int *, bool)()
122 errormsg(WHERE,ERR_OPEN,str,0);
123 return(false);
124 }
125
126 now=time(NULL);
127 if(localtime_r(&now,&tm)==NULL) {

CID 436305: (Y2K38_SAFETY)
A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "this->now" is cast to "uint".

128 errormsg(WHERE, ERR_CHK, "time", (uint)now); 129 return(false);
130 }
131
132 fprintf(stream,"%s\r\n%s\r\n%s\r\n%s, Sysop\r\n0000,%s\r\n"
133 "%02u-%02u-%u,%02u:%02u:%02u\r\n" /pack_qwk.cpp: 598 in sbbs_t::pack_qwk(char *, unsigned int *, bool)()
592 byte_estimate_to_str(ftell(qwk), tmp, sizeof(tmp), 1024, 1);
593 if(online == ON_REMOTE)
594 bprintf("\r\n\r\n\1n\1hPacked %u messages (%s bytes) in %u seconds "
595 "(%lu messages/second)."
596 ,(*msgcnt)+mailmsgs
597 ,tmp

CID 436305: (Y2K38_SAFETY)
A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "elapsed" is cast to "uint".

598 ,(uint)elapsed
599 ,((*msgcnt)+mailmsgs) / elapsed);
600 lprintf(LOG_INFO, "packed %u messages (%s bytes) in %u seconds (%u msgs/sec)"
601 ,(*msgcnt)+mailmsgs
602 ,tmp
603 ,(uint)elapsed
/pack_qwk.cpp: 603 in sbbs_t::pack_qwk(char *, unsigned int *, bool)()
597 ,tmp
598 ,(uint)elapsed
599 ,((*msgcnt)+mailmsgs) / elapsed);
600 lprintf(LOG_INFO, "packed %u messages (%s bytes) in %u seconds (%u msgs/sec)"
601 ,(*msgcnt)+mailmsgs
602 ,tmp

CID 436305: (Y2K38_SAFETY)
A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "elapsed" is cast to "uint".

603 ,(uint)elapsed
604 ,(uint)(((*msgcnt)+mailmsgs)/elapsed));
605 }
606
607 BOOL voting_data = FALSE;
608 fclose(qwk); /* close MESSAGE.DAT */

** CID 436304: Error handling issues (CHECKED_RETURN)
/writemsg.cpp: 242 in sbbs_t::process_edited_file(const char *, const char *, int, unsigned int *, unsigned int)()


________________________________________________________________________________________________________
*** CID 436304: Error handling issues (CHECKED_RETURN)
/writemsg.cpp: 242 in sbbs_t::process_edited_file(const char *, const char *, int, unsigned int *, unsigned int)()
236 if((fp=fopen(src,"rb"))==NULL) {
237 free(buf);
238 return -3;
239 }
240
241 memset(buf,0,len+1);

CID 436304: Error handling issues (CHECKED_RETURN)
"fread(void * restrict, size_t, size_t, FILE * restrict)" returns the number of bytes read, but it is ignored.

242 fread(buf,len,sizeof(char),fp);
243 fclose(fp);
244
245 if((fp=fopen(dest,"wb"))!=NULL) {
246 len=process_edited_text(buf, fp, mode, lines, maxlines);
247 fclose(fp);

** CID 436303: Uninitialized variables (UNINIT)


________________________________________________________________________________________________________
*** CID 436303: Uninitialized variables (UNINIT)
/readmsgs.cpp: 218 in sbbs_t::loadposts(unsigned int *, unsigned int, unsigned int, int, unsigned int *, unsigned int *)()
212 if(idx.to!=namecrc && idx.from!=namecrc
213 && idx.to!=aliascrc && idx.from!=aliascrc
214 && (useron.number!=1 || idx.to!=sysop)) 215 continue;
216 msg.idx=idx;
217 if(!smb_lockmsghdr(&smb,&msg)) {

CID 436303: Uninitialized variables (UNINIT)
Using uninitialized value "msg.idx_offset" when calling "smb_getmsghdr".

218 if(!smb_getmsghdr(&smb,&msg)) {
219 if(stricmp(msg.to,useron.alias) 220 && stricmp(msg.from,useron.alias)
221 && stricmp(msg.to,useron.name)
222 && stricmp(msg.from,useron.name)
223 && (useron.number!=1 || stricmp(msg.to,"sysop")

** CID 436302: Memory - illegal accesses (STRING_NULL)
/telgate.cpp: 194 in sbbs_t::telnet_gate(char *, unsigned int, unsigned int, char *, char *, char *)()


________________________________________________________________________________________________________
*** CID 436302: Memory - illegal accesses (STRING_NULL)
/telgate.cpp: 194 in sbbs_t::telnet_gate(char *, unsigned int, unsigned int, char *, char *, char *)()
188 l=K_CHAT;
189 if(!(mode&TG_ECHO))
190 l|=K_NOECHO;
191 rd=getstr((char*)buf,sizeof(buf)-1,l);
192 if(!rd)
193 continue;

CID 436302: Memory - illegal accesses (STRING_NULL)
Passing unterminated string "buf" to "strlen", which expects a null-terminated string.

194 SAFECAT(buf,crlf);
195 rd+=2;
196 gotline=true;
197 }
198 if((mode&TG_CRLF) && buf[rd-1]=='\r') 199 buf[rd++]='\n';

** CID 436301: Insecure data handling (TAINTED_SCALAR)


________________________________________________________________________________________________________
*** CID 436301: Insecure data handling (TAINTED_SCALAR)
/writemsg.cpp: 752 in sbbs_t::writemsg(const char *, const char *, char *, int, unsigned int, const char *, const char *, const char **, const char **)()
746 while(!feof(tag)) {
747 if(!fgets(str,sizeof(str),tag)) 748 break;
749 truncsp(str);
750 if(utf8) {
751 char buf[sizeof(str)*4];

CID 436301: Insecure data handling (TAINTED_SCALAR)
Passing tainted expression "str" to "cp437_to_utf8_str", which uses it as an offset.

752 cp437_to_utf8_str(str, buf, sizeof(buf) - 1, /* minval: */'\x02');
753 l+=fprintf(stream,"%s\r\n", buf);
754 } else
755 l+=fprintf(stream,"%s\r\n",str);
756 lines++; /* line counter */
757 }


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yp-2FP9gGRhvFklLaQKuBylUrkMFB3WMR2p7qIYKYTZrh4BbWTBf-2B-2Fi5ZUVF-2Fo-2B6flxo-3Drgn4_g4j7BHlu96plUOfCQsO0yRjoWZCZl8YGnZ-2FUtT39hrBgI3c58nn-2BM3pe4vcfOmT008rEPNCgcySL-2BxLmEpv67QM-2F5FYfBWKXdLuapzG8Uw08lzNE-2FII55Z3TUX6jcFlwAq3AECQ-2BNvq5LcItSQXmz87wTP5IweENV-2Fec52OWXZ5z-2Bkfj7gccdDWHh5Lsy5qHClX0MJc5hcJeyhGduvOrMQ-3D-3D



---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

1 new defect(s) introduced to Synchronet found with Coverity Scan.


New defect(s) Reported-by: Coverity Scan
Showing 1 of 1 defect(s)


** CID 436563: High impact quality (Y2K38_SAFETY) /tmp/sbbs-Feb-21-2023/src/smblib/smblib.c: 2033 in smb_create()


________________________________________________________________________________________________________
*** CID 436563: High impact quality (Y2K38_SAFETY) /tmp/sbbs-Feb-21-2023/src/smblib/smblib.c: 2033 in smb_create()
2027 rewind(smb->sid_fp);
2028 if(chsize(fileno(smb->sid_fp),0L) != 0)
2029 return SMB_ERR_TRUNCATE;
2030
2031 SAFEPRINTF(str,"%s.ini",smb->file);
2032 if((fp = fopen(str, "w")) != NULL) {

CID 436563: High impact quality (Y2K38_SAFETY)
A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "time(NULL)" is cast to "int".

2033 fprintf(fp, "Created = 0x%x\n", (int)time(NULL));
2034 fclose(fp);
2035 }
2036 SAFEPRINTF(str,"%s.sda",smb->file);
2037 (void)remove(str); /* if it exists, delete it */
2038 SAFEPRINTF(str,"%s.sha",smb->file);


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yp-2FP9gGRhvFklLaQKuBylUrkMFB3WMR2p7qIYKYTZrh4BbWTBf-2B-2Fi5ZUVF-2Fo-2B6flxo-3D6NZ4_g4j7BHlu96plUOfCQsO0yRjoWZCZl8YGnZ-2FUtT39hrB-2BSws-2BCbxlcVNPlCMlu3BJhlBm9ihxGUC5HVYM0IVOs04Kz9bZ0eoogx9vF3V4RK7H-2FAqguVEOaGqUDhn-2BkizHNIhtSAreEeh-2FFRCp4Cd-2BnjQP8DEfNeZ9f9ZPjHBz4mF3SSPlmrjqNIqJn1YzLbAFkkez3JgMfD0h7jKBCjInFw-3D-3D



---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

2 new defect(s) introduced to Synchronet found with Coverity Scan.
1 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 2 of 2 defect(s)


** CID 446269: Error handling issues (CHECKED_RETURN)
/download.cpp: 118 in sbbs_t::protocol(prot_t *, XFER_TYPE, const char *, const char *, bool, bool, long *)()


________________________________________________________________________________________________________
*** CID 446269: Error handling issues (CHECKED_RETURN)
/download.cpp: 118 in sbbs_t::protocol(prot_t *, XFER_TYPE, const char *, const char *, bool, bool, long *)()
112 char msg[256];
113 int i;
114 long ex_mode;
115 FILE* stream;
116
117 SAFEPRINTF(protlog,"%sPROTOCOL.LOG",cfg.node_dir);

CID 446269: Error handling issues (CHECKED_RETURN)
Calling "remove(protlog)" without checking return value. This library function may fail and return an error code.

118 remove(protlog); /* Deletes the protocol log */
119 autohang=false;
120 if(autohangup) {
121 if(useron.misc&AUTOHANG)
122 autohang=true;
123 else if(text[HangUpAfterXferQ][0])

** CID 446268: High impact quality (Y2K38_SAFETY)
/download.cpp: 75 in sbbs_t::notdownloaded(long, long)()


________________________________________________________________________________________________________
*** CID 446268: High impact quality (Y2K38_SAFETY)
/download.cpp: 75 in sbbs_t::notdownloaded(long, long)()
69 /****************************************************************************/
70 void sbbs_t::notdownloaded(off_t size, time_t elapsed)
71 {
72 char str[256],tmp2[256];
73 char tmp[512];
74

CID 446268: High impact quality (Y2K38_SAFETY)
A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "elapsed" is cast to "uint".

75 SAFEPRINTF2(str,"Estimated Time: %s Transfer Time: %s"
76 ,sectostr(cur_cps ? (uint)(size/cur_cps) : 0,tmp)
77 ,sectostr((uint)(elapsed),tmp2));
78 logline(nulstr,str);
79 if(cfg.leech_pct && cur_cps /* leech detection */
80 && elapsed>=cfg.leech_sec


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yp-2FP9gGRhvFklLaQKuBylUrkMFB3WMR2p7qIYKYTZrh4BbWTBf-2B-2Fi5ZUVF-2Fo-2B6flxo-3D0CIb_g4j7BHlu96plUOfCQsO0yRjoWZCZl8YGnZ-2FUtT39hrDsLibgv2fl5LZs5fAQNGsZiCzF58zgFnZOT-2BlAwIBwcfoIFtkbk55EV3j6VxmkZw2I9Fj-2BLI35zSUrIN0KShaRGuiHzricb5Wsx-2BB-2BhnhGtOrWPGOz2109TMcJgLBqc5aFWaJOutaTnzR1bYeWA4E8s00cQ8HSd2ZyQUokgP9TtQ-3D-3D



---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

3 new defect(s) introduced to Synchronet found with Coverity Scan.
3 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 3 of 3 defect(s)


** CID 451020: Resource leaks (RESOURCE_LEAK)
/pack_qwk.cpp: 130 in sbbs_t::pack_qwk(char *, unsigned int *, bool)()


________________________________________________________________________________________________________
*** CID 451020: Resource leaks (RESOURCE_LEAK)
/pack_qwk.cpp: 130 in sbbs_t::pack_qwk(char *, unsigned int *, bool)()
124 return(false);
125 }
126
127 now=time(NULL);
128 if(localtime_r(&now,&tm)==NULL) {
129 errormsg(WHERE, ERR_CHK, "time", (uint)now); >>> CID 451020: Resource leaks (RESOURCE_LEAK)

Variable "stream" going out of scope leaks the storage it points to. 130 return(false);

131 }
132
133 fprintf(stream,"%s\r\n%s\r\n%s\r\n%s, Sysop\r\n0000,%s\r\n"
134 "%02u-%02u-%u,%02u:%02u:%02u\r\n"
135 ,cfg.sys_name

** CID 451019: (NEGATIVE_RETURNS)


________________________________________________________________________________________________________
*** CID 451019: (NEGATIVE_RETURNS)
/main.cpp: 3434 in sbbs_t::init()()
3428 }
3429
3430 /* Shared NODE files */
3431 SAFEPRINTF2(str,"%s%s",cfg.ctrl_dir,"node.dab");
3432 pthread_mutex_lock(&nodefile_mutex);
3433 if((nodefile=nopen(str,O_DENYNONE|O_RDWR|O_CREAT))==-1) {

CID 451019: (NEGATIVE_RETURNS)
"this->client_socket" is passed to a parameter that cannot be negative. 3434 errormsg(WHERE, ERR_OPEN, str, cfg.node_num);

3435 pthread_mutex_unlock(&nodefile_mutex);
3436 return(false);
3437 }
3438 memset(&node,0,sizeof(node_t)); /* write NULL to node struct */
3439 node.status=NODE_OFFLINE;
/main.cpp: 3443 in sbbs_t::init()()
3437 }
3438 memset(&node,0,sizeof(node_t)); /* write NULL to node struct */
3439 node.status=NODE_OFFLINE;
3440 while(filelength(nodefile)<(int)(cfg.sys_nodes*sizeof(node_t))) {
3441 lseek(nodefile,0L,SEEK_END);
3442 if(write(nodefile,&node,sizeof(node_t))!=sizeof(node_t)) {

CID 451019: (NEGATIVE_RETURNS)
"this->client_socket" is passed to a parameter that cannot be negative. 3443 errormsg(WHERE,ERR_WRITE,str,sizeof(node_t)); 3444 break;

3445 }
3446 }
3447 if(chsize(nodefile, (off_t)(cfg.sys_nodes*sizeof(node_t))) != 0)
3448 errormsg(WHERE, ERR_LEN, str, cfg.sys_nodes*sizeof(node_t));

** CID 451018: (LOCK)
/xtrn_sec.cpp: 1437 in sbbs_t::exec_xtrn(unsigned int, bool)()
/xtrn_sec.cpp: 1437 in sbbs_t::exec_xtrn(unsigned int, bool)()


________________________________________________________________________________________________________
*** CID 451018: (LOCK)
/xtrn_sec.cpp: 1437 in sbbs_t::exec_xtrn(unsigned int, bool)()
1431 ,cfg.xtrn[xtrnnum]->path);
1432 end=time(NULL);
1433
1434 if(cfg.xtrn[xtrnnum]->misc&FREETIME)
1435 starttime+=end-start;
1436 if(cfg.xtrn[xtrnnum]->clean[0]) {

CID 451018: (LOCK)
"external" locks "this->input_thread_mutex" while it is locked.

1437 external(cmdstr(cfg.xtrn[xtrnnum]->clean, drop_file, startup_dir, NULL, mode)
1438 ,mode&~(EX_STDIN|EX_CONIO), cfg.xtrn[xtrnnum]->path);
1439 }
1440 max_socket_inactivity = startup->max_session_inactivity;
1441 /* Re-open the logfile */
1442 if(logfile_fp==NULL) {
/xtrn_sec.cpp: 1437 in sbbs_t::exec_xtrn(unsigned int, bool)()
1431 ,cfg.xtrn[xtrnnum]->path);
1432 end=time(NULL);
1433
1434 if(cfg.xtrn[xtrnnum]->misc&FREETIME)
1435 starttime+=end-start;
1436 if(cfg.xtrn[xtrnnum]->clean[0]) {

CID 451018: (LOCK)
"external" unlocks "this->input_thread_mutex" while it is unlocked. 1437 external(cmdstr(cfg.xtrn[xtrnnum]->clean, drop_file, startup_dir, NULL, mode)

1438 ,mode&~(EX_STDIN|EX_CONIO), cfg.xtrn[xtrnnum]->path);
1439 }
1440 max_socket_inactivity = startup->max_session_inactivity;
1441 /* Re-open the logfile */
1442 if(logfile_fp==NULL) {


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yp-2FP9gGRhvFklLaQKuBylUrkMFB3WMR2p7qIYKYTZrh4BbWTBf-2B-2Fi5ZUVF-2Fo-2B6flxo-3DwQj4_g4j7BHlu96plUOfCQsO0yRjoWZCZl8YGnZ-2FUtT39hrDdlFiTOYvOJ3q-2BXCmV5b82oIz6FZIN1OLfaOQTbpP8Gh-2F1BFBTVkQlZPmP-2FlpwdRVEElckq3ePaiX56HFlC4oTk3mo4UgkSGq0kVxPTfv2czS2IOfkwROgSnRu-2B3z34jIHguj-2BgdMQEhL57e4KO1qNvBjyCV-2FH1A5pF0aNBb218Q-3D-3D



---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

2 new defect(s) introduced to Synchronet found with Coverity Scan.


New defect(s) Reported-by: Coverity Scan
Showing 2 of 2 defect(s)


** CID 451057: Uninitialized variables (UNINIT) /tmp/sbbs-Mar-26-2023/src/uifc/uifcx.c: 218 in ulist()


________________________________________________________________________________________________________
*** CID 451057: Uninitialized variables (UNINIT) /tmp/sbbs-Mar-26-2023/src/uifc/uifcx.c: 218 in ulist()
212 cur = &tmpcur;
213
214 for(opts=0;opts<MAX_OPTS;opts++)
215 if(option[opts]==NULL || option[opts][0]==0)
216 break;
217

CID 451057: Uninitialized variables (UNINIT)
Using uninitialized value "*cur".

218 if((*cur)>=opts)
219 (*cur)=opts-1; /* returned after scrolled */ 220
221 if((*cur)<0)
222 (*cur)=0;
223

** CID 451056: Error handling issues (CHECKED_RETURN)
/umonitor/umonitor.c: 872 in main()


________________________________________________________________________________________________________
*** CID 451056: Error handling issues (CHECKED_RETURN)
/umonitor/umonitor.c: 872 in main()
866 );
867
868 /* close .ini file here */
869 if(fp!=NULL)
870 fclose(fp);
871

CID 451056: Error handling issues (CHECKED_RETURN)
Calling "chdir" without checking return value (as is done elsewhere 18 out of 21 times).

872 chdir(bbs_startup.ctrl_dir);
873
874 /* Read .cfg files here */
875 memset(&cfg,0,sizeof(cfg));
876 cfg.size=sizeof(cfg);
877 SAFECOPY(cfg.ctrl_dir,bbs_startup.ctrl_dir);


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yp-2FP9gGRhvFklLaQKuBylUrkMFB3WMR2p7qIYKYTZrh4BbWTBf-2B-2Fi5ZUVF-2Fo-2B6flxo-3DQ4kK_g4j7BHlu96plUOfCQsO0yRjoWZCZl8YGnZ-2FUtT39hrDg36x62girPn1zYBhcccXwhYdDfdMRepLksuDfaAvd4bat4-2FUDdrJDqZKFgkT5rhTEpd1i-2F-2F-2Bt12VuLwisIe8fgC5UgDGF2gzRbivh2YT2HQfxF8BKGqVwBOdsLqq8RDB0gsCQJzB5reNTbkfkMIUprGduJhT4EnW8bblt9BSyQw-3D-3D



---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

1 new defect(s) introduced to Synchronet found with Coverity Scan.
4 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 1 of 1 defect(s)


** CID 451084: Error handling issues (CHECKED_RETURN)
/scfg/scfg.c: 2498 in bail()


________________________________________________________________________________________________________
*** CID 451084: Error handling issues (CHECKED_RETURN)
/scfg/scfg.c: 2498 in bail()
2492 ,&web_startup
2493 ,&run_mail
2494 ,&mail_startup
2495 ,&run_services
2496 ,&services_startup
2497 );

CID 451084: Error handling issues (CHECKED_RETURN)
Calling "sbbs_write_ini" without checking return value (as is done elsewhere 6 out of 7 times).

2498 sbbs_write_ini(
2499 fp
2500 ,&cfg
2501 ,&global_startup
2502 ,run_bbs
2503 ,&bbs_startup


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yp-2FP9gGRhvFklLaQKuBylUrkMFB3WMR2p7qIYKYTZrh4BbWTBf-2B-2Fi5ZUVF-2Fo-2B6flxo-3DnMb9_g4j7BHlu96plUOfCQsO0yRjoWZCZl8YGnZ-2FUtT39hrD976-2FEjTE38STs1icREVMHniwNML6xZBdisRM-2BSa9a9nOxrT2-2FUUbpxDSqWvLS9bN6TGb-2FePVmC2NMTMzChJMlqHPiU-2Bv9-2FtIhNAHUUgzS1WPYTXv043GMHq3ZP4-2FQ5jrThKDjIa1z5hefsmxu160ET8xl2XIZjs04KQ8YG62aAw-3D-3D



---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

1 new defect(s) introduced to Synchronet found with Coverity Scan.


New defect(s) Reported-by: Coverity Scan
Showing 1 of 1 defect(s)


** CID 451182: Null pointer dereferences (NULL_RETURNS)


________________________________________________________________________________________________________
*** CID 451182: Null pointer dereferences (NULL_RETURNS)
/scfg/scfgnode.c: 50 in adjust_last_node()
44 uint last_node = iniGetUInteger(ini, section, key, cfg.sys_nodes);
45 char prompt[128];
46 SAFEPRINTF(prompt, "Update Terminal Server 'LastNode' value to %u", cfg.sys_nodes);
47 if(last_node < cfg.sys_nodes && uifc.confirm(prompt)) {
48 fp = iniOpenFile(ini_fname, /* modify */true);
49 iniSetUInteger(&ini, section, key, cfg.sys_nodes, NULL);

CID 451182: Null pointer dereferences (NULL_RETURNS)
Dereferencing a pointer that might be "NULL" "fp" when calling "iniWriteFile".

50 iniWriteFile(fp, ini);
51 iniCloseFile(fp);
52 }
53 iniFreeStringList(ini);
54 }
55


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yp-2FP9gGRhvFklLaQKuBylUrkMFB3WMR2p7qIYKYTZrh4BbWTBf-2B-2Fi5ZUVF-2Fo-2B6flxo-3DpuyQ_g4j7BHlu96plUOfCQsO0yRjoWZCZl8YGnZ-2FUtT39hrAa7nggF92-2FRxsLcvm87CK4-2Bto78Azi3yyX9qWek6JmUtnehJGAtrvzJBvO1d9nD-2Bg0GKKa4GqYzEva6Siznl2xJXy-2FjPn1uZ-2BKvYX68NoiQd5tzVJKUFlPrALUGvlehbzHDUYDbzILFgmSfjOdYWlAKHa0sR-2FUDtT5FufQM-2BrMyA-3D-3D



---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

2 new defect(s) introduced to Synchronet found with Coverity Scan.
1 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 2 of 2 defect(s)


** CID 452331: Incorrect expression (SIZEOF_MISMATCH)
/writemsg.cpp: 936 in sbbs_t::msgeditor(char *, const char *, char *, unsigned int, unsigned int)()


________________________________________________________________________________________________________
*** CID 452331: Incorrect expression (SIZEOF_MISMATCH)
/writemsg.cpp: 936 in sbbs_t::msgeditor(char *, const char *, char *, unsigned int, unsigned int)()
930 }
931
932 rioctl(IOCM|ABORT);
933 rioctl(IOCS|ABORT);
934
935 if((str = strListDivide(NULL, buf, "\n")) == NULL) {

CID 452331: Incorrect expression (SIZEOF_MISMATCH)
Passing argument "getfname("writemsg.cpp")" of type "char *" and argument "8UL /* sizeof (char *) */ * (maxlines + 1)" to function "errormsg" is suspicious.

936 errormsg(WHERE,ERR_ALLOC,"msgeditor",sizeof(char *)*(maxlines+1));
937 return(0);
938 }
939 lines = strListCount(str);
940 while(lines > maxlines)
941 free(str[--lines]);

** CID 452330: Control flow issues (NO_EFFECT)
/writemsg.cpp: 966 in sbbs_t::msgeditor(char *, const char *, char *, unsigned int, unsigned int)()


________________________________________________________________________________________________________
*** CID 452330: Control flow issues (NO_EFFECT)
/writemsg.cpp: 966 in sbbs_t::msgeditor(char *, const char *, char *, unsigned int, unsigned int)()
960 cleartoeol(); /* delete to end of line */
961 CRLF;
962 }
963 sync();
964 rioctl(IOSM|ABORT);
965 while(online) {

CID 452330: Control flow issues (NO_EFFECT)
This less-than-zero comparison of an unsigned value is never true. "line < 0U".

966 if(line < 0)
967 line = 0;
968 if((int)line>(int)maxlines-10) {
969 if(line >= maxlines)
970 bprintf(text[NoMoreLines],line);
971 else


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yp-2FP9gGRhvFklLaQKuBylUrkMFB3WMR2p7qIYKYTZrh4BbWTBf-2B-2Fi5ZUVF-2Fo-2B6flxo-3DXYWj_g4j7BHlu96plUOfCQsO0yRjoWZCZl8YGnZ-2FUtT39hrCe3xJD-2By2cfraguiJlF6Q3ggv-2BQewqXHCAM-2Fbq0fOod1rV0SghwSJAQLLY7JR2Xg22UoJpTPmAA7i9XkIaQJXzZ-2BbJXoY-2BCdAkcnvE60sKg-2BPS6l7v-2FKFZFOwbcriVbnnje-2BbNcxdGeVrvLCQd8h-2BSecIZPgzSL8PiXCCNGI8f5Q-3D-3D



---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

1 new defect(s) introduced to Synchronet found with Coverity Scan.
3 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 1 of 1 defect(s)


** CID 452566: Concurrent data access violations (MISSING_LOCK) /tmp/sbbs-Apr-22-2023/src/conio/sdl_con.c: 636 in setup_surfaces_locked()


________________________________________________________________________________________________________
*** CID 452566: Concurrent data access violations (MISSING_LOCK) /tmp/sbbs-Apr-22-2023/src/conio/sdl_con.c: 636 in setup_surfaces_locked()
630 sdl.SetHint(SDL_HINT_RENDER_SCALE_QUALITY, internal_scaling ? "0" : "2");
631
632 if (win == NULL) {
633 // SDL2: This is slow sometimes... not sure why.
634 if (sdl.CreateWindowAndRenderer(vs->winwidth, vs->winheight, flags, &win, &renderer) == 0) {
635 sdl.GetWindowSize(win, &idealw, &idealh);

CID 452566: Concurrent data access violations (MISSING_LOCK)
Accessing "vs->winwidth" without holding lock "vstatlock". Elsewhere, "video_stats.winwidth" is accessed with "vstatlock" held 6 out of 9 times (1 of these accesses strongly imply that it is necessary).

636 vs->winwidth = idealw;
637 vs->winheight = idealh;
638 sdl.RenderClear(renderer);
639 if (internal_scaling)
640 newtexture = sdl.CreateTexture(renderer, SDL_PIXELFORMAT_ARGB8888, SDL_TEXTUREACCESS_STREAMING, idealw, idealh);
641 else


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yp-2FP9gGRhvFklLaQKuBylUrkMFB3WMR2p7qIYKYTZrh4BbWTBf-2B-2Fi5ZUVF-2Fo-2B6flxo-3DN0Qc_g4j7BHlu96plUOfCQsO0yRjoWZCZl8YGnZ-2FUtT39hrDLFN7DabHG6aWM4wdfcqyFofwc0J38vQSMkCa4C-2Fn1N6Wj9IncPgqMVdR4cE24U-2FJpH1QYRv5aOH5-2FuiKTSVbfEwso1DL4WyWml5jydp92Rz-2B7A9cEiM6tQVeXRTuV4CWEOD86K4lmM1ZvAA4wQOq8iO6E2w2DDJuKvkIRCppQ5A-3D-3D



---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

7 new defect(s) introduced to Synchronet found with Coverity Scan.
2 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 7 of 7 defect(s)


** CID 452578: Concurrent data access violations (ATOMICITY) /tmp/sbbs-Apr-24-2023/src/conio/bitmap_con.c: 288 in bitmap_vmem_puttext_locked()


________________________________________________________________________________________________________
*** CID 452578: Concurrent data access violations (ATOMICITY) /tmp/sbbs-Apr-24-2023/src/conio/bitmap_con.c: 288 in bitmap_vmem_puttext_locked()
282 for(x=sx-1;x<ex;x++) {
283 memcpy(&vmem_ptr->vmem[y*cio_textinfo.screenwidth+x], fill++, sizeof(*fill));
284 bitmap_draw_one_char(x+1, y+1);
285 }
286 }
287 pthread_mutex_lock(&vstatlock);

CID 452578: Concurrent data access violations (ATOMICITY)
Using an unreliable value of "vmem_ptr" inside the second locked section. If the data that "vmem_ptr" depends on was changed by another thread, this use might be incorrect.

288 release_vmem(vmem_ptr);
289 pthread_mutex_unlock(&vstatlock);
290 return(1);
291 }
292
293 static void

** CID 452577: Concurrent data access violations (ATOMICITY) /tmp/sbbs-Apr-24-2023/src/conio/bitmap_con.c: 850 in update_from_vmem()


________________________________________________________________________________________________________
*** CID 452577: Concurrent data access violations (ATOMICITY) /tmp/sbbs-Apr-24-2023/src/conio/bitmap_con.c: 850 in update_from_vmem()
844 bitmap_draw_one_char(x+1,y+1);
845 }
846 pos++;
847 }
848 }
849 pthread_mutex_lock(&vstatlock);

CID 452577: Concurrent data access violations (ATOMICITY)
Using an unreliable value of "vmem_ptr" inside the second locked section. If the data that "vmem_ptr" depends on was changed by another thread, this use might be incorrect.

850 release_vmem(vmem_ptr);
851 pthread_mutex_unlock(&vstatlock);
852
853 vs = vstat;
854
855 return(0);

** CID 452576: Concurrent data access violations (ATOMICITY) /tmp/sbbs-Apr-24-2023/src/conio/bitmap_con.c: 1239 in bitmap_movetext()


________________________________________________________________________________________________________
*** CID 452576: Concurrent data access violations (ATOMICITY) /tmp/sbbs-Apr-24-2023/src/conio/bitmap_con.c: 1239 in bitmap_movetext()
1233 }
1234
1235 bitmap_movetext_screen(&screena, x, y, tox, toy, direction, height, width);
1236 bitmap_movetext_screen(&screenb, x, y, tox, toy, direction, height, width);
1237
1238 pthread_mutex_lock(&vstatlock);

CID 452576: Concurrent data access violations (ATOMICITY)
Using an unreliable value of "vmem_ptr" inside the second locked section. If the data that "vmem_ptr" depends on was changed by another thread, this use might be incorrect.

1239 release_vmem(vmem_ptr);
1240 pthread_mutex_unlock(&vstatlock);
1241 pthread_mutex_unlock(&blinker_lock);
1242
1243 return(1);
1244 }

** CID 452575: Concurrent data access violations (ATOMICITY) /tmp/sbbs-Apr-24-2023/src/conio/bitmap_con.c: 1264 in bitmap_clreol()


________________________________________________________________________________________________________
*** CID 452575: Concurrent data access violations (ATOMICITY) /tmp/sbbs-Apr-24-2023/src/conio/bitmap_con.c: 1264 in bitmap_clreol()
1258 pthread_mutex_unlock(&vstatlock);
1259 for(x=cio_textinfo.curx+cio_textinfo.winleft-2; x<cio_textinfo.winright; x++) {
1260 set_vmem_cell(vmem_ptr, pos+x, fill, ciolib_fg, ciolib_bg);
1261 bitmap_draw_one_char(x+1, row);
1262 }
1263 pthread_mutex_lock(&vstatlock);

CID 452575: Concurrent data access violations (ATOMICITY)
Using an unreliable value of "vmem_ptr" inside the second locked section. If the data that "vmem_ptr" depends on was changed by another thread, this use might be incorrect.

1264 release_vmem(vmem_ptr);
1265 pthread_mutex_unlock(&vstatlock);
1266 pthread_mutex_unlock(&blinker_lock);
1267 }
1268
1269 void bitmap_clrscr(void)

** CID 452574: Concurrent data access violations (ATOMICITY) /tmp/sbbs-Apr-24-2023/src/conio/bitmap_con.c: 1289 in bitmap_clrscr()


________________________________________________________________________________________________________
*** CID 452574: Concurrent data access violations (ATOMICITY) /tmp/sbbs-Apr-24-2023/src/conio/bitmap_con.c: 1289 in bitmap_clrscr()
1283 for(x=cio_textinfo.winleft-1; x<cio_textinfo.winright && x < cols; x++) {
1284 set_vmem_cell(vmem_ptr, y*cio_textinfo.screenwidth+x, fill, ciolib_fg, ciolib_bg);
1285 bitmap_draw_one_char(x+1, y+1);
1286 }
1287 }
1288 pthread_mutex_lock(&vstatlock);

CID 452574: Concurrent data access violations (ATOMICITY)
Using an unreliable value of "vmem_ptr" inside the second locked section. If the data that "vmem_ptr" depends on was changed by another thread, this use might be incorrect.

1289 release_vmem(vmem_ptr);
1290 pthread_mutex_unlock(&vstatlock);
1291 pthread_mutex_unlock(&blinker_lock);
1292 }
1293
1294 void bitmap_getcustomcursor(int *s, int *e, int *r, int *b, int *v)

** CID 452573: Concurrent data access violations (ATOMICITY) /tmp/sbbs-Apr-24-2023/src/conio/bitmap_con.c: 882 in bitmap_puttext()


________________________________________________________________________________________________________
*** CID 452573: Concurrent data access violations (ATOMICITY) /tmp/sbbs-Apr-24-2023/src/conio/bitmap_con.c: 882 in bitmap_puttext()
876 for(x=sx-1;x<ex;x++) {
877 set_vmem_cell(vmem_ptr, y*cio_textinfo.screenwidth+x, *(buf++), 0x00ffffff, 0x00ffffff);
878 bitmap_draw_one_char(x+1, y+1);
879 }
880 }
881 pthread_mutex_lock(&vstatlock);

CID 452573: Concurrent data access violations (ATOMICITY)
Using an unreliable value of "vmem_ptr" inside the second locked section. If the data that "vmem_ptr" depends on was changed by another thread, this use might be incorrect.

882 release_vmem(vmem_ptr);
883 pthread_mutex_unlock(&vstatlock);
884 pthread_mutex_unlock(&blinker_lock);
885 return ret;
886 }
887

** CID 452572: Concurrent data access violations (ATOMICITY) /tmp/sbbs-Apr-24-2023/src/conio/bitmap_con.c: 931 in bitmap_vmem_gettext()


________________________________________________________________________________________________________
*** CID 452572: Concurrent data access violations (ATOMICITY) /tmp/sbbs-Apr-24-2023/src/conio/bitmap_con.c: 931 in bitmap_vmem_gettext()
925 pthread_mutex_unlock(&vstatlock);
926 for(y=sy-1;y<ey;y++) {
927 for(x=sx-1;x<ex;x++)
928 memcpy(fill++, &vmem_ptr->vmem[y*cio_textinfo.screenwidth+x], sizeof(*fill));
929 }
930 pthread_mutex_lock(&vstatlock);

CID 452572: Concurrent data access violations (ATOMICITY)
Using an unreliable value of "vmem_ptr" inside the second locked section. If the data that "vmem_ptr" depends on was changed by another thread, this use might be incorrect.

931 release_vmem(vmem_ptr);
932 pthread_mutex_unlock(&vstatlock);
933 pthread_mutex_unlock(&blinker_lock);
934 return(1);
935 }
936


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yp-2FP9gGRhvFklLaQKuBylUrkMFB3WMR2p7qIYKYTZrh4BbWTBf-2B-2Fi5ZUVF-2Fo-2B6flxo-3Dr6L5_g4j7BHlu96plUOfCQsO0yRjoWZCZl8YGnZ-2FUtT39hrCXbrQFMtiQ7qKe-2BTRon-2FCE8v1liTsiFwBEYDEbQeWWd5eZFVeKpMGKUHmhD6LW8krne8DUx7vgGCgrnLZMbGKkkWrW3z-2FgyVLPDteaRWQpPZNj5xcazMwdijg8SS9WNZMtlsLir5gcOguFdBqjgvNYLOs-2BIw-2BtaMoNy3gAeALwzA-3D-3D



---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

2 new defect(s) introduced to Synchronet found with Coverity Scan.
1 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 2 of 2 defect(s)


** CID 452582: (ATOMICITY)
/tmp/sbbs-Apr-25-2023/src/conio/bitmap_con.c: 562 in bitmap_draw_one_char() /tmp/sbbs-Apr-25-2023/src/conio/bitmap_con.c: 647 in bitmap_draw_one_char() /tmp/sbbs-Apr-25-2023/src/conio/bitmap_con.c: 584 in bitmap_draw_one_char()


________________________________________________________________________________________________________
*** CID 452582: (ATOMICITY)
/tmp/sbbs-Apr-25-2023/src/conio/bitmap_con.c: 562 in bitmap_draw_one_char()
556 break;
557 case 16:
558 this_font = (unsigned char *)conio_fontdata[vmem_ptr->vmem[vmo].font].eight_by_sixteen;
559 break;
560 default:
561 pthread_mutex_lock(&vstatlock); >>> CID 452582: (ATOMICITY)

Using an unreliable value of "vmem_ptr" inside the second locked section. If the data that "vmem_ptr" depends on was changed by another thread, this use might be incorrect.

562 release_vmem(vmem_ptr);
563 pthread_mutex_unlock(&vstatlock);
564 return(-1);
565 }
566 }
567 }
/tmp/sbbs-Apr-25-2023/src/conio/bitmap_con.c: 647 in bitmap_draw_one_char()
641 if (x & 0x07)
642 fontoffset++;
643 pixeloffset += rsz;
644 }
645 pthread_mutex_unlock(&screenlock);
646 pthread_mutex_lock(&vstatlock);

CID 452582: (ATOMICITY)
Using an unreliable value of "vmem_ptr" inside the second locked section. If the data that "vmem_ptr" depends on was changed by another thread, this use might be incorrect.

647 release_vmem(vmem_ptr);
648 pthread_mutex_unlock(&vstatlock);
649
650 return(0);
651 }
652
/tmp/sbbs-Apr-25-2023/src/conio/bitmap_con.c: 584 in bitmap_draw_one_char()
578 return(-1);
579 }
580
581 if((!screena.rect) || (!screenb.rect)) {
582 pthread_mutex_unlock(&screenlock);
583 pthread_mutex_lock(&vstatlock);

CID 452582: (ATOMICITY)
Using an unreliable value of "vmem_ptr" inside the second locked section. If the data that "vmem_ptr" depends on was changed by another thread, this use might be incorrect.

584 release_vmem(vmem_ptr);
585 pthread_mutex_unlock(&vstatlock);
586 return(-1);
587 }
588
589 pixeloffset = PIXEL_OFFSET(screena, xoffset, yoffset);

** CID 452581: Program hangs (ORDER_REVERSAL)


________________________________________________________________________________________________________
*** CID 452581: Program hangs (ORDER_REVERSAL) /tmp/sbbs-Apr-25-2023/src/conio/bitmap_con.c: 1608 in bitmap_replace_font() 1602 conio_fontdata[id].desc=name;
1603 break;
1604 default:
1605 free(name);
1606 free(data);
1607 }

CID 452581: Program hangs (ORDER_REVERSAL)
Calling "request_redraw" acquires lock "vstatlock" while holding lock "screenlock" (count: 1 / 2).

1608 request_redraw();
1609 pthread_mutex_unlock(&screenlock);
1610 }
1611
1612 int bitmap_setpalette(uint32_t index, uint16_t r, uint16_t g, uint16_t b)
1613 {


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yp-2FP9gGRhvFklLaQKuBylUrkMFB3WMR2p7qIYKYTZrh4BbWTBf-2B-2Fi5ZUVF-2Fo-2B6flxo-3DUSpV_g4j7BHlu96plUOfCQsO0yRjoWZCZl8YGnZ-2FUtT39hrDmDz-2FisU4CybMTa4AFdNqjWoDadrImI2uOf58ArG-2FffJ7seqZM-2Bl84or1w-2BzxkvZYcPQITxGrgDJGv16GZTsMIutD2gv437SrvMcUM-2F5l3-2BKCAbVD4eiDR8izGVmzfzthTmQymbENGNMMEUITS2aGvAfi-2BZKEdNWTnMrEIlvUiBQ-3D-3D



---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

1 new defect(s) introduced to Synchronet found with Coverity Scan.
2 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 1 of 1 defect(s)


** CID 453600: (NULL_RETURNS)
/tmp/sbbs-May-06-2023/src/conio/genmap.c: 88 in main() /tmp/sbbs-May-06-2023/src/conio/genmap.c: 89 in main() /tmp/sbbs-May-06-2023/src/conio/genmap.c: 69 in main() /tmp/sbbs-May-06-2023/src/conio/genmap.c: 78 in main()


________________________________________________________________________________________________________
*** CID 453600: (NULL_RETURNS)
/tmp/sbbs-May-06-2023/src/conio/genmap.c: 88 in main()
82 "#include <inttypes.h>\n"
83 "\n"
84 "extern const uint32_t r2y[16777216];\n"
85 "extern const uint32_t y2r[16777216];\n"
86 "\n"
87 "#endif\n");

CID 453600: (NULL_RETURNS)
Dereferencing a pointer that might be "NULL" "r" when calling "fwrite". 88 fwrite(r2y, 4, 1 << 24, r);

89 fwrite(y2r, 4, 1 << 24, y);
90 fclose(s);
91 fclose(h);
92 fclose(r);
93 fclose(y);
94 return 0;
/tmp/sbbs-May-06-2023/src/conio/genmap.c: 89 in main()
83 "\n"
84 "extern const uint32_t r2y[16777216];\n"
85 "extern const uint32_t y2r[16777216];\n"
86 "\n"
87 "#endif\n");
88 fwrite(r2y, 4, 1 << 24, r);

CID 453600: (NULL_RETURNS)
Dereferencing a pointer that might be "NULL" "y" when calling "fwrite". 89 fwrite(y2r, 4, 1 << 24, y);

90 fclose(s);
91 fclose(h);
92 fclose(r);
93 fclose(y);
94 return 0;
/tmp/sbbs-May-06-2023/src/conio/genmap.c: 69 in main()
63 char *mangle = "";
64
65 init_r2y();
66 if (argc > 1 && strcmp(argv[1], "win32") == 0)
67 mangle = "_";
68

CID 453600: (NULL_RETURNS)
Dereferencing a pointer that might be "NULL" "s" when calling "fprintf". [Note: The source code implementation of the function has been overridden by a builtin model.]

69 fprintf(s,
70 ".section .rodata\n"
71 ".global %sr2y\n"
72 ".global %sy2r\n"
73 ".align 4\n"
74 "%sr2y:\n"
/tmp/sbbs-May-06-2023/src/conio/genmap.c: 78 in main()
72 ".global %sy2r\n"
73 ".align 4\n"
74 "%sr2y:\n"
75 " .incbin \"r2y.bin\"\n"
76 "%sy2r:\n"
77 " .incbin \"y2r.bin\"\n", mangle, mangle, mangle, mangle);

CID 453600: (NULL_RETURNS)
Dereferencing a pointer that might be "NULL" "h" when calling "fprintf". [Note: The source code implementation of the function has been overridden by a builtin model.]

78 fprintf(h,
79 "#ifndef RGBMAP_H\n"
80 "#define RGBMAP_H\n"
81 "\n"
82 "#include <inttypes.h>\n"
83 "\n"


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yp-2FP9gGRhvFklLaQKuBylUrkMFB3WMR2p7qIYKYTZrh4BbWTBf-2B-2Fi5ZUVF-2Fo-2B6flxo-3D2OWw_g4j7BHlu96plUOfCQsO0yRjoWZCZl8YGnZ-2FUtT39hrA5TNjzrU6Rq5Mo9xdbzDwsTpy-2Bb09EocMoAjAvUXI0dqN9FjhoAs2WQX-2BupKjspvk11pluxiTxKgTDHQAhwzsXbwAERPEnGsAxkUULs14dstkoKyyk63U-2FI43vTGDPDLB-2BN8f1fqC8LeCf2cycw746w3RIwm3fIqgqrnx-2F8Y8WZA-3D-3D



---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

3 new defect(s) introduced to Synchronet found with Coverity Scan.


New defect(s) Reported-by: Coverity Scan
Showing 3 of 3 defect(s)


** CID 453850: Memory - corruptions (OVERRUN)


________________________________________________________________________________________________________
*** CID 453850: Memory - corruptions (OVERRUN)
/main.cpp: 2135 in input_thread(void *)()
2129 else
2130 wrbuf=telnet_interpret(sbbs, inbuf, rd, telbuf, wr);
2131 if(wr > (int)sizeof(telbuf))
2132 lprintf(LOG_ERR,"!TELBUF OVERFLOW (%d>%d)",wr,(int)sizeof(telbuf));
2133
2134 if(!(sbbs->console & CON_RAW_IN))

CID 453850: Memory - corruptions (OVERRUN)
Overrunning buffer pointed to by "wrbuf" of 4000 bytes by passing it to a function which accesses it at byte offset 4000 using argument "wr" (which evaluates to 4001).

2135 sbbs->translate_input(wrbuf, wr);
2136
2137 if(sbbs->passthru_socket_active == true) {
2138 BOOL writable = FALSE;
2139 if(socket_check(sbbs->passthru_socket, NULL, &writable, 1000) && writable)
2140 (void)sendsocket(sbbs->passthru_socket, (char*)wrbuf, wr);

** CID 453849: (STRING_SIZE)
/tmp/sbbs-May-07-2023/src/conio/genmap.c: 72 in main() /tmp/sbbs-May-07-2023/src/conio/genmap.c: 74 in main() /tmp/sbbs-May-07-2023/src/conio/genmap.c: 68 in main() /tmp/sbbs-May-07-2023/src/conio/genmap.c: 70 in main()


________________________________________________________________________________________________________
*** CID 453849: (STRING_SIZE)
/tmp/sbbs-May-07-2023/src/conio/genmap.c: 72 in main()
66 return EXIT_FAILURE;
67 }
68 sprintf(path, "%s/rgbmap.s", argv[2]);
69 s = fopen(path, "w");
70 sprintf(path, "%s/rgbmap.h", argv[2]);
71 h = fopen(path, "w");

CID 453849: (STRING_SIZE)
Passing string "argv[2]" of unknown size to "sprintf".

72 sprintf(path, "%s/r2y.bin", argv[2]);
73 r = fopen(path, "wb");
74 sprintf(path, "%s/y2r.bin", argv[2]);
75 y = fopen(path, "wb");
76 init_r2y();
77 if (argc > 1 && strcmp(argv[1], "win32") == 0) /tmp/sbbs-May-07-2023/src/conio/genmap.c: 74 in main()
68 sprintf(path, "%s/rgbmap.s", argv[2]);
69 s = fopen(path, "w");
70 sprintf(path, "%s/rgbmap.h", argv[2]);
71 h = fopen(path, "w");
72 sprintf(path, "%s/r2y.bin", argv[2]);
73 r = fopen(path, "wb");

CID 453849: (STRING_SIZE)
Passing string "argv[2]" of unknown size to "sprintf".

74 sprintf(path, "%s/y2r.bin", argv[2]);
75 y = fopen(path, "wb");
76 init_r2y();
77 if (argc > 1 && strcmp(argv[1], "win32") == 0)
78 mangle = "_";
79
/tmp/sbbs-May-07-2023/src/conio/genmap.c: 68 in main()
62 char *mangle = "";
63
64 if (argc != 3) {
65 fprintf(stderr, "Usage: %s <os> <path>\n", argv[0]);
66 return EXIT_FAILURE;
67 }

CID 453849: (STRING_SIZE)
Passing string "argv[2]" of unknown size to "sprintf".

68 sprintf(path, "%s/rgbmap.s", argv[2]);
69 s = fopen(path, "w");
70 sprintf(path, "%s/rgbmap.h", argv[2]);
71 h = fopen(path, "w");
72 sprintf(path, "%s/r2y.bin", argv[2]);
73 r = fopen(path, "wb");
/tmp/sbbs-May-07-2023/src/conio/genmap.c: 70 in main()
64 if (argc != 3) {
65 fprintf(stderr, "Usage: %s <os> <path>\n", argv[0]);
66 return EXIT_FAILURE;
67 }
68 sprintf(path, "%s/rgbmap.s", argv[2]);
69 s = fopen(path, "w");

CID 453849: (STRING_SIZE)
Passing string "argv[2]" of unknown size to "sprintf".

70 sprintf(path, "%s/rgbmap.h", argv[2]);
71 h = fopen(path, "w");
72 sprintf(path, "%s/r2y.bin", argv[2]);
73 r = fopen(path, "wb");
74 sprintf(path, "%s/y2r.bin", argv[2]);
75 y = fopen(path, "wb");

** CID 453848: Concurrent data access violations (MISSING_LOCK) /tmp/sbbs-May-07-2023/src/conio/x_events.c: 562 in video_init()


________________________________________________________________________________________________________
*** CID 453848: Concurrent data access violations (MISSING_LOCK) /tmp/sbbs-May-07-2023/src/conio/x_events.c: 562 in video_init()
556 if (x_cvstat.scaling < 1 || vstat.scaling < 1)
557 x_cvstat.scaling = vstat.scaling = 1;
558 pthread_mutex_unlock(&vstatlock);
559 /* Initialize mode 3 (text, 80x25, 16 colors) */
560 if(load_vmode(&vstat, ciolib_initial_mode))
561 return(-1);

CID 453848: Concurrent data access violations (MISSING_LOCK)
Accessing "x_cvstat" without holding lock "vstatlock". Elsewhere, "x_cvstat" is accessed with "vstatlock" held 3 out of 4 times (1 of these accesses strongly imply that it is necessary).

562 x_cvstat = vstat;
563 if(init_window())
564 return(-1);
565 bitmap_drv_init(x11_drawrect, x11_flush);
566 pthread_mutex_lock(&vstatlock);
567 bitmap_drv_init_mode(vstat.mode, NULL, NULL, 0, 0);


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yp-2FP9gGRhvFklLaQKuBylUrkMFB3WMR2p7qIYKYTZrh4BbWTBf-2B-2Fi5ZUVF-2Fo-2B6flxo-3DHCK2_g4j7BHlu96plUOfCQsO0yRjoWZCZl8YGnZ-2FUtT39hrCrnxZlR95qbad06mHzW16hipyALzV0mFuj3ay6pFxYR0eStfRzX4PFZA0tGWVeDEIjb6ggx0scvHBcaLMTSmWKTHh-2BY-2F-2FJXVJUS-2FMWWRke5EcHM57k-2F70xISfOM2XGn-2F4aK35uR43soY3XaxM-2BxoxpO-2BmFSex4uKhKezwAhOx42w-3D-3D



---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

3 new defect(s) introduced to Synchronet found with Coverity Scan.
4 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 3 of 3 defect(s)


** CID 454698: Incorrect expression (IDENTICAL_BRANCHES) /tmp/sbbs-May-12-2023/src/conio/x_events.c: 336 in map_window()


________________________________________________________________________________________________________
*** CID 454698: Incorrect expression (IDENTICAL_BRANCHES) /tmp/sbbs-May-12-2023/src/conio/x_events.c: 336 in map_window()
330 }
331
332 bitmap_get_scaled_win_size(x_cvstat.scaling, &sh->base_width, &sh->base_height, 0, 0);
333 bitmap_get_scaled_win_size(1.0, &sh->min_width, &sh->min_height, 0, 0);
334 pthread_mutex_unlock(&vstatlock);
335

CID 454698: Incorrect expression (IDENTICAL_BRANCHES)
The same code is executed regardless of whether "x_cvstat.aspect_width != 0 && x_cvstat.aspect_height != 0" is true, because the 'then' and 'else' branches are identical. Should one of the branches be modified, or the entire 'if' statement replaced?

336 if (x_cvstat.aspect_width != 0 && x_cvstat.aspect_height != 0) {
337 sh->min_aspect.x = sh->max_aspect.x = sh->min_width; 338 sh->min_aspect.y = sh->max_aspect.y = sh->min_height; 339 }
340 else {
341 sh->min_aspect.x = sh->max_aspect.x = sh->min_width;

** CID 454697: Program hangs (LOCK) /tmp/sbbs-May-12-2023/src/conio/x_events.c: 565 in video_init()


________________________________________________________________________________________________________
*** CID 454697: Program hangs (LOCK) /tmp/sbbs-May-12-2023/src/conio/x_events.c: 565 in video_init()
559 if (ciolib_initial_scaling != 0.0)
560 x_cvstat.scaling = vstat.scaling = ciolib_initial_scaling;
561 if (x_cvstat.scaling < 1.0 || vstat.scaling < 1.0)
562 x_cvstat.scaling = vstat.scaling = 1;
563 /* Initialize mode 3 (text, 80x25, 16 colors) */
564 if(load_vmode(&vstat, ciolib_initial_mode))

CID 454697: Program hangs (LOCK)
Returning without unlocking "vstatlock".

565 return(-1);
566 x_cvstat = vstat;
567 pthread_mutex_unlock(&vstatlock);
568 if(init_window())
569 return(-1);
570 bitmap_drv_init(x11_drawrect, x11_flush);

** CID 454696: Control flow issues (UNREACHABLE) /tmp/sbbs-May-12-2023/src/conio/sdl_con.c: 346 in window_can_scale_internally()


________________________________________________________________________________________________________
*** CID 454696: Control flow issues (UNREACHABLE) /tmp/sbbs-May-12-2023/src/conio/sdl_con.c: 346 in window_can_scale_internally() 340 {
341 double ival;
342 double fval = modf(vstat.scaling, &ival);
343
344 // TODO: Add toggle for software scaling
345 return true;

CID 454696: Control flow issues (UNREACHABLE)
This code cannot be reached: "if (fval == 0.)

return true;".
346 if (fval == 0.0)
347 return true;
348 return false;
349 }
350
351 static int sdl_init_mode(int mode, bool init)


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yp-2FP9gGRhvFklLaQKuBylUrkMFB3WMR2p7qIYKYTZrh4BbWTBf-2B-2Fi5ZUVF-2Fo-2B6flxo-3DX8P7_g4j7BHlu96plUOfCQsO0yRjoWZCZl8YGnZ-2FUtT39hrCo7meCvjTSwgjNWxh8U4aDHxfQHmMxsciENSIBRXp67uLEWOz8jwu3lZFR4uCjFHkbCONAY52JqWDBe66S35SQOx1f4wXv2LsZa7IQA5vCXFuyr8zmKHpG3m8Wuig8iyc7ux-2BQD0YVshzWBetWEqE7uzFZr9D2LkWv7T-2FSd8bmyg-3D-3D



---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

7 new defect(s) introduced to Synchronet found with Coverity Scan.


New defect(s) Reported-by: Coverity Scan
Showing 7 of 7 defect(s)


** CID 462165: Null pointer dereferences (FORWARD_NULL) /tmp/sbbs-Jun-03-2023/src/conio/x_events.c: 904 in local_draw_rect()


________________________________________________________________________________________________________
*** CID 462165: Null pointer dereferences (FORWARD_NULL) /tmp/sbbs-Jun-03-2023/src/conio/x_events.c: 904 in local_draw_rect()
898 x11.XFillRectangle(dpy, win, gc, 0, yoff, xoff, yoff + xim->height);
899 x11.XFillRectangle(dpy, win, gc, xoff+xim->width, yoff, w, yoff + xim->height);
900 x11.XFillRectangle(dpy, win, gc, 0, yoff + xim->height, w, h);
901 }
902 if (x_internal_scaling || xrender_found == false) {
903 if (last == NULL)

CID 462165: Null pointer dereferences (FORWARD_NULL)
Dereferencing null pointer "source".

904 x11.XPutImage(dpy, win, gc, xim, 0, 0, xoff, yoff, source->w, source->h);
905 else {
906 release_buffer(last);
907 last = NULL;
908 }
909 }

** CID 462164: Concurrent data access violations (MISSING_LOCK) /tmp/sbbs-Jun-03-2023/src/conio/sdl_con.c: 448 in internal_setwinsize()


________________________________________________________________________________________________________
*** CID 462164: Concurrent data access violations (MISSING_LOCK) /tmp/sbbs-Jun-03-2023/src/conio/sdl_con.c: 448 in internal_setwinsize()
442 pthread_mutex_lock(&win_mutex);
443 sdl.GetWindowSize(win, &w, &h);
444 pthread_mutex_unlock(&win_mutex);
445 if (w != vs->winwidth || h != vs->winheight)
446 changed = true;
447 pthread_mutex_unlock(&vstatlock);

CID 462164: Concurrent data access violations (MISSING_LOCK)
Accessing "vstat.scaling" without holding lock "vstatlock". Elsewhere, "video_stats.scaling" is accessed with "vstatlock" held 13 out of 18 times (1 of these accesses strongly imply that it is necessary).

448 vstat.scaling = sdl_getscaling();
449 }
450 if (changed)
451 setup_surfaces(vs);
452 }
453

** CID 462163: Concurrent data access violations (MISSING_LOCK) /tmp/sbbs-Jun-03-2023/src/conio/sdl_con.c: 408 in update_cvstat()


________________________________________________________________________________________________________
*** CID 462163: Concurrent data access violations (MISSING_LOCK) /tmp/sbbs-Jun-03-2023/src/conio/sdl_con.c: 408 in update_cvstat()
402 }
403
404 static void
405 update_cvstat(struct video_stats *vs)
406 {
407 if (vs != NULL && vs != &vstat) {

CID 462163: Concurrent data access violations (MISSING_LOCK)
Accessing "vstat.scaling" without holding lock "vstatlock". Elsewhere, "video_stats.scaling" is accessed with "vstatlock" held 13 out of 18 times (1 of these accesses strongly imply that it is necessary).

408 vstat.scaling = sdl_getscaling();
409 pthread_mutex_lock(&vstatlock);
410 *vs = vstat;
411 pthread_mutex_unlock(&vstatlock);
412 }
413 }

** CID 462162: Concurrent data access violations (MISSING_LOCK) /tmp/sbbs-Jun-03-2023/src/conio/sdl_con.c: 657 in setup_surfaces()


________________________________________________________________________________________________________
*** CID 462162: Concurrent data access violations (MISSING_LOCK) /tmp/sbbs-Jun-03-2023/src/conio/sdl_con.c: 657 in setup_surfaces()
651 else if(sdl_init_good) {
652 ev.type=SDL_QUIT;
653 sdl_exitcode=1;
654 sdl.PeepEvents(&ev, 1, SDL_ADDEVENT, SDL_FIRSTEVENT, SDL_LASTEVENT);
655 }
656 pthread_mutex_unlock(&win_mutex);

CID 462162: Concurrent data access violations (MISSING_LOCK)
Accessing "vstat.scaling" without holding lock "vstatlock". Elsewhere, "video_stats.scaling" is accessed with "vstatlock" held 13 out of 18 times (1 of these accesses strongly imply that it is necessary).

657 vstat.scaling = sdl_getscaling();
658 }
659
660 /* Called from event thread only */
661 static void sdl_add_key(unsigned int keyval, struct video_stats *vs) 662 {

** CID 462161: Null pointer dereferences (FORWARD_NULL) /tmp/sbbs-Jun-03-2023/src/conio/x_cio.c: 511 in x_init()


________________________________________________________________________________________________________
*** CID 462161: Null pointer dereferences (FORWARD_NULL) /tmp/sbbs-Jun-03-2023/src/conio/x_cio.c: 511 in x_init()
505 xp_dlclose(dl);
506 return(-1);
507 }
508 #ifdef WITH_XRENDER
509 xrender_found = true;
510 if ((dl2 = xp_dlopen(libnames2,RTLD_LAZY,7)) == NULL) {

CID 462161: Null pointer dereferences (FORWARD_NULL)
Passing null pointer "dl2" to "dlclose", which dereferences it.

511 xp_dlclose(dl2);
512 xrender_found = false;
513 }
514 if (xrender_found && ((x11.XRenderFindStandardFormat = xp_dlsym(dl2, XRenderFindStandardFormat)) == NULL)) {
515 xp_dlclose(dl);
516 xrender_found = false;

** CID 462160: Null pointer dereferences (REVERSE_INULL) /tmp/sbbs-Jun-03-2023/src/conio/x_events.c: 589 in init_window()


________________________________________________________________________________________________________
*** CID 462160: Null pointer dereferences (REVERSE_INULL) /tmp/sbbs-Jun-03-2023/src/conio/x_events.c: 589 in init_window()
583 if (classhints) {
584 classhints->res_name = (char *)ciolib_initial_program_name;
585 classhints->res_class = (char *)ciolib_initial_program_class;
586 }
587 wmhints=x11.XAllocWMHints();
588 wmhints->flags = 0;

CID 462160: Null pointer dereferences (REVERSE_INULL)
Null-checking "wmhints" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.

589 if(wmhints) {
590 wmhints->initial_state=NormalState;
591 wmhints->flags |= (StateHint | InputHint);
592 wmhints->input = True;
593 set_icon(ciolib_initial_icon, ciolib_initial_icon_width, wmhints);
594 x11.XSetWMProperties(dpy, win, NULL, NULL, 0, 0, NULL, wmhints, classhints);

** CID 462159: (RESOURCE_LEAK)
/tmp/sbbs-Jun-03-2023/src/conio/x_cio.c: 591 in x_init() /tmp/sbbs-Jun-03-2023/src/conio/x_cio.c: 552 in x_init() /tmp/sbbs-Jun-03-2023/src/conio/x_cio.c: 552 in x_init() /tmp/sbbs-Jun-03-2023/src/conio/x_cio.c: 557 in x_init() /tmp/sbbs-Jun-03-2023/src/conio/x_cio.c: 552 in x_init() /tmp/sbbs-Jun-03-2023/src/conio/x_cio.c: 563 in x_init() /tmp/sbbs-Jun-03-2023/src/conio/x_cio.c: 570 in x_init()


________________________________________________________________________________________________________
*** CID 462159: (RESOURCE_LEAK)
/tmp/sbbs-Jun-03-2023/src/conio/x_cio.c: 591 in x_init()
585 xp_dlclose(dl);
586 sem_destroy(&pastebuf_set);
587 sem_destroy(&pastebuf_used);
588 sem_destroy(&init_complete);
589 sem_destroy(&mode_set);
590 pthread_mutex_destroy(&copybuf_mutex);

CID 462159: (RESOURCE_LEAK)
Variable "dl2" going out of scope leaks the storage it points to.

591 return(-1);
592 }
593 _beginthread(x11_mouse_thread,1<<16,NULL);
594 cio_api.options |= CONIO_OPT_SET_TITLE | CONIO_OPT_SET_NAME | CONIO_OPT_SET_ICON;
595 return(0);
596 }
/tmp/sbbs-Jun-03-2023/src/conio/x_cio.c: 552 in x_init()
546 #endif
547 setlocale(LC_ALL, "");
548 x11.XSetLocaleModifiers("@im=none");
549
550 if(sem_init(&pastebuf_set, 0, 0)) {
551 xp_dlclose(dl);

CID 462159: (RESOURCE_LEAK)
Variable "dl2" going out of scope leaks the storage it points to.

552 return(-1);
553 }
554 if(sem_init(&pastebuf_used, 0, 0)) {
555 xp_dlclose(dl);
556 sem_destroy(&pastebuf_set);
557 return(-1);
/tmp/sbbs-Jun-03-2023/src/conio/x_cio.c: 552 in x_init()
546 #endif
547 setlocale(LC_ALL, "");
548 x11.XSetLocaleModifiers("@im=none");
549
550 if(sem_init(&pastebuf_set, 0, 0)) {
551 xp_dlclose(dl);

CID 462159: (RESOURCE_LEAK)
Variable "dl2" going out of scope leaks the storage it points to.

552 return(-1);
553 }
554 if(sem_init(&pastebuf_used, 0, 0)) {
555 xp_dlclose(dl);
556 sem_destroy(&pastebuf_set);
557 return(-1);
/tmp/sbbs-Jun-03-2023/src/conio/x_cio.c: 557 in x_init()
551 xp_dlclose(dl);
552 return(-1);
553 }
554 if(sem_init(&pastebuf_used, 0, 0)) {
555 xp_dlclose(dl);
556 sem_destroy(&pastebuf_set);

CID 462159: (RESOURCE_LEAK)
Variable "dl2" going out of scope leaks the storage it points to.

557 return(-1);
558 }
559 if(sem_init(&init_complete, 0, 0)) {
560 xp_dlclose(dl);
561 sem_destroy(&pastebuf_set);
562 sem_destroy(&pastebuf_used); /tmp/sbbs-Jun-03-2023/src/conio/x_cio.c: 552 in x_init()
546 #endif
547 setlocale(LC_ALL, "");
548 x11.XSetLocaleModifiers("@im=none");
549
550 if(sem_init(&pastebuf_set, 0, 0)) {
551 xp_dlclose(dl);

CID 462159: (RESOURCE_LEAK)
Variable "dl2" going out of scope leaks the storage it points to.

552 return(-1);
553 }
554 if(sem_init(&pastebuf_used, 0, 0)) {
555 xp_dlclose(dl);
556 sem_destroy(&pastebuf_set);
557 return(-1);
/tmp/sbbs-Jun-03-2023/src/conio/x_cio.c: 563 in x_init()
557 return(-1);
558 }
559 if(sem_init(&init_complete, 0, 0)) {
560 xp_dlclose(dl);
561 sem_destroy(&pastebuf_set);
562 sem_destroy(&pastebuf_used);

CID 462159: (RESOURCE_LEAK)
Variable "dl2" going out of scope leaks the storage it points to.

563 return(-1);
564 }
565 if(sem_init(&mode_set, 0, 0)) {
566 xp_dlclose(dl);
567 sem_destroy(&pastebuf_set);
568 sem_destroy(&pastebuf_used); /tmp/sbbs-Jun-03-2023/src/conio/x_cio.c: 570 in x_init()
564 }
565 if(sem_init(&mode_set, 0, 0)) {
566 xp_dlclose(dl);
567 sem_destroy(&pastebuf_set);
568 sem_destroy(&pastebuf_used);
569 sem_destroy(&init_complete);

CID 462159: (RESOURCE_LEAK)
Variable "dl2" going out of scope leaks the storage it points to.

570 return(-1);
571 }
572
573 if(pthread_mutex_init(&copybuf_mutex, 0)) {
574 xp_dlclose(dl);
575 sem_destroy(&pastebuf_set);


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yp-2FP9gGRhvFklLaQKuBylUrkMFB3WMR2p7qIYKYTZrh4BbWTBf-2B-2Fi5ZUVF-2Fo-2B6flxo-3DIG4__g4j7BHlu96plUOfCQsO0yRjoWZCZl8YGnZ-2FUtT39hrBPyDfdctenEpBqzGZNVHs42ttgLTzzOGVhZnCvXDhpCF9jzW-2Bs67lHgn4mRJqKpKp0lKywESuC-2B8aPwq-2BHoGo6NvVv2XtDxVwk0ttDNXD70ZWDHBkynCZQ-2FnfDOJmi8gjr3lodcSxrI82eFAdcseucYkY4oNbs56dG5-2FpY2OKpzQ-3D-3D



---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

6 new defect(s) introduced to Synchronet found with Coverity Scan.
9 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 6 of 6 defect(s)


** CID 462184: (RESOURCE_LEAK)
/smbutil.c: 1166 in packmsgs()
/smbutil.c: 1161 in packmsgs()
/smbutil.c: 1249 in packmsgs()


________________________________________________________________________________________________________
*** CID 462184: (RESOURCE_LEAK)
/smbutil.c: 1166 in packmsgs()
1160 if(fread(&hdr,1,sizeof(smbhdr_t),smb.shd_fp) < 1)
1161 return;
1162 fwrite(&hdr,1,sizeof(smbhdr_t),tmp_shd);
1163 fwrite(&(smb.status),1,sizeof(smbstatus_t),tmp_shd);
1164 for(l=sizeof(smbhdr_t)+sizeof(smbstatus_t);l<smb.status.header_offset;l++) {
1165 if(fread(&ch,1,1,smb.shd_fp) < 1) /* copy additional base header records */

CID 462184: (RESOURCE_LEAK)
Variable "datoffset" going out of scope leaks the storage it points to. 1166 return;

1167 fwrite(&ch,1,1,tmp_shd);
1168 }
1169 total=0;
1170 for(l=0;l<smb.status.total_msgs;l++) {
1171 ZERO_VAR(msg);
/smbutil.c: 1161 in packmsgs()
1155 fclose(tmp_sid);
1156 fprintf(errfp,"\n%s!Error allocating memory\n",beep); 1157 return;
1158 }
1159 fseek(smb.shd_fp,0L,SEEK_SET);
1160 if(fread(&hdr,1,sizeof(smbhdr_t),smb.shd_fp) < 1)

CID 462184: (RESOURCE_LEAK)
Variable "datoffset" going out of scope leaks the storage it points to. 1161 return;

1162 fwrite(&hdr,1,sizeof(smbhdr_t),tmp_shd);
1163 fwrite(&(smb.status),1,sizeof(smbstatus_t),tmp_shd);
1164 for(l=sizeof(smbhdr_t)+sizeof(smbstatus_t);l<smb.status.header_offset;l++) {
1165 if(fread(&ch,1,1,smb.shd_fp) < 1) /* copy additional base header records */
1166 return;
/smbutil.c: 1249 in packmsgs()
1243
1244 /* Actually copy the data */
1245
1246 n=smb_datblocks(m);
1247 for(m=0;m<n;m++) {
1248 if(fread(buf,1,SDT_BLOCK_LEN,smb.sdt_fp) < 1)

CID 462184: (RESOURCE_LEAK)
Variable "datoffset" going out of scope leaks the storage it points to. 1249 return;

1250 if(!m && *(ushort *)buf!=XLAT_NONE && *(ushort *)buf!=XLAT_LZH) {
1251 printf("\nUnsupported translation type (%04X)\n"
1252 ,*(ushort *)buf);
1253 break;
1254 }

** CID 462183: Null pointer dereferences (FORWARD_NULL) /tmp/sbbs-Jun-04-2023/src/conio/x_cio.c: 564 in x_init()


________________________________________________________________________________________________________
*** CID 462183: Null pointer dereferences (FORWARD_NULL) /tmp/sbbs-Jun-04-2023/src/conio/x_cio.c: 564 in x_init()
558 xrender_found = false;
559 }
560 #endif
561 #ifdef WITH_XINERAMA
562 xinerama_found = true;
563 if ((dl3 = xp_dlopen(libnames3,RTLD_LAZY,1)) == NULL) {

CID 462183: Null pointer dereferences (FORWARD_NULL)
Passing null pointer "dl3" to "dlclose", which dereferences it.

564 xp_dlclose(dl3);
565 xinerama_found = false;
566 }
567 if (xinerama_found && ((x11.XineramaQueryVersion = xp_dlsym(dl3, XineramaQueryVersion)) == NULL)) {
568 xp_dlclose(dl3);
569 xinerama_found = false;

** CID 462182: (RESOURCE_LEAK)
/tmp/sbbs-Jun-04-2023/src/conio/x_cio.c: 619 in x_init() /tmp/sbbs-Jun-04-2023/src/conio/x_cio.c: 608 in x_init() /tmp/sbbs-Jun-04-2023/src/conio/x_cio.c: 613 in x_init() /tmp/sbbs-Jun-04-2023/src/conio/x_cio.c: 626 in x_init() /tmp/sbbs-Jun-04-2023/src/conio/x_cio.c: 647 in x_init()


________________________________________________________________________________________________________
*** CID 462182: (RESOURCE_LEAK)
/tmp/sbbs-Jun-04-2023/src/conio/x_cio.c: 619 in x_init()
613 return(-1);
614 }
615 if(sem_init(&init_complete, 0, 0)) {
616 xp_dlclose(dl);
617 sem_destroy(&pastebuf_set);
618 sem_destroy(&pastebuf_used);

CID 462182: (RESOURCE_LEAK)
Variable "dl4" going out of scope leaks the storage it points to.

619 return(-1);
620 }
621 if(sem_init(&mode_set, 0, 0)) {
622 xp_dlclose(dl);
623 sem_destroy(&pastebuf_set);
624 sem_destroy(&pastebuf_used); /tmp/sbbs-Jun-04-2023/src/conio/x_cio.c: 608 in x_init()
602 #endif
603 setlocale(LC_ALL, "");
604 x11.XSetLocaleModifiers("@im=none");
605
606 if(sem_init(&pastebuf_set, 0, 0)) {
607 xp_dlclose(dl);

CID 462182: (RESOURCE_LEAK)
Variable "dl4" going out of scope leaks the storage it points to.

608 return(-1);
609 }
610 if(sem_init(&pastebuf_used, 0, 0)) {
611 xp_dlclose(dl);
612 sem_destroy(&pastebuf_set);
613 return(-1);
/tmp/sbbs-Jun-04-2023/src/conio/x_cio.c: 613 in x_init()
607 xp_dlclose(dl);
608 return(-1);
609 }
610 if(sem_init(&pastebuf_used, 0, 0)) {
611 xp_dlclose(dl);
612 sem_destroy(&pastebuf_set);

CID 462182: (RESOURCE_LEAK)
Variable "dl4" going out of scope leaks the storage it points to.

613 return(-1);
614 }
615 if(sem_init(&init_complete, 0, 0)) {
616 xp_dlclose(dl);
617 sem_destroy(&pastebuf_set);
618 sem_destroy(&pastebuf_used); /tmp/sbbs-Jun-04-2023/src/conio/x_cio.c: 626 in x_init()
620 }
621 if(sem_init(&mode_set, 0, 0)) {
622 xp_dlclose(dl);
623 sem_destroy(&pastebuf_set);
624 sem_destroy(&pastebuf_used);
625 sem_destroy(&init_complete);

CID 462182: (RESOURCE_LEAK)
Variable "dl4" going out of scope leaks the storage it points to.

626 return(-1);
627 }
628
629 if(pthread_mutex_init(&copybuf_mutex, 0)) {
630 xp_dlclose(dl);
631 sem_destroy(&pastebuf_set); /tmp/sbbs-Jun-04-2023/src/conio/x_cio.c: 647 in x_init()
641 xp_dlclose(dl);
642 sem_destroy(&pastebuf_set);
643 sem_destroy(&pastebuf_used);
644 sem_destroy(&init_complete);
645 sem_destroy(&mode_set);
646 pthread_mutex_destroy(&copybuf_mutex);

CID 462182: (RESOURCE_LEAK)
Variable "dl4" going out of scope leaks the storage it points to.

647 return(-1);
648 }
649 _beginthread(x11_mouse_thread,1<<16,NULL);
650 cio_api.options |= CONIO_OPT_SET_TITLE | CONIO_OPT_SET_NAME | CONIO_OPT_SET_ICON;
651 return(0);
652 }

** CID 462181: Resource leaks (RESOURCE_LEAK) /tmp/sbbs-Jun-04-2023/src/conio/x_cio.c: 608 in x_init()


________________________________________________________________________________________________________
*** CID 462181: Resource leaks (RESOURCE_LEAK) /tmp/sbbs-Jun-04-2023/src/conio/x_cio.c: 608 in x_init()
602 #endif
603 setlocale(LC_ALL, "");
604 x11.XSetLocaleModifiers("@im=none");
605
606 if(sem_init(&pastebuf_set, 0, 0)) {
607 xp_dlclose(dl);

CID 462181: Resource leaks (RESOURCE_LEAK)
Variable "dl3" going out of scope leaks the storage it points to.

608 return(-1);
609 }
610 if(sem_init(&pastebuf_used, 0, 0)) {
611 xp_dlclose(dl);
612 sem_destroy(&pastebuf_set);
613 return(-1);

** CID 462180: Null pointer dereferences (FORWARD_NULL) /tmp/sbbs-Jun-04-2023/src/conio/x_cio.c: 579 in x_init()


________________________________________________________________________________________________________
*** CID 462180: Null pointer dereferences (FORWARD_NULL) /tmp/sbbs-Jun-04-2023/src/conio/x_cio.c: 579 in x_init()
573 xinerama_found = false;
574 }
575 #endif
576 #ifdef WITH_XRANDR
577 xrandr_found = true;
578 if ((dl4 = xp_dlopen(libnames4,RTLD_LAZY,2)) == NULL) {

CID 462180: Null pointer dereferences (FORWARD_NULL)
Passing null pointer "dl4" to "dlclose", which dereferences it.

579 xp_dlclose(dl4);
580 xrandr_found = false;
581 }
582 if (xinerama_found && ((x11.XRRQueryVersion = xp_dlsym(dl4, XRRQueryVersion)) == NULL)) {
583 xp_dlclose(dl4);
584 xrandr_found = false;

** CID 462179: Control flow issues (DEADCODE) /tmp/sbbs-Jun-04-2023/src/conio/x_events.c: 304 in fullscreen_geometry()


________________________________________________________________________________________________________
*** CID 462179: Control flow issues (DEADCODE) /tmp/sbbs-Jun-04-2023/src/conio/x_events.c: 304 in fullscreen_geometry()
298 *height = xrrci->height;
299 if (xrrci != NULL)
300 x11.XRRFreeCrtcInfo(xrrci);
301 return true;
302 }
303 if (xrrci != NULL)

CID 462179: Control flow issues (DEADCODE)
Execution cannot reach this statement: "x11.XRRFreeCrtcInfo(xrrci);". 304 x11.XRRFreeCrtcInfo(xrrci);

305 }
306 #endif
307 #ifdef WITH_XINERAMA
308 if (xinerama_found) {
309 // NOTE: Xinerama is limited to a short for the entire screen dimensions.


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yp-2FP9gGRhvFklLaQKuBylUrkMFB3WMR2p7qIYKYTZrh4BbWTBf-2B-2Fi5ZUVF-2Fo-2B6flxo-3DlE0W_g4j7BHlu96plUOfCQsO0yRjoWZCZl8YGnZ-2FUtT39hrCCsYoL8-2BRAB8pSd-2BoykiJD4ftNgwReCmSBDHZUsIOaydl7n91VpHFpH-2B-2B6udD22Zx0rJjM18W-2BwzJlbPPHAhfNuJskDA1GbbK5bVcFums-2B-2FM-2F0YW6XnLxiKz5gFyKgOgNGYfroq20XOP9rDSr4aT-2Fr9-2BqXnGFlm6brcyj727rBsg-3D-3D



---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

6 new defect(s) introduced to Synchronet found with Coverity Scan.
38 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 6 of 6 defect(s)


** CID 462239: (CHECKED_RETURN) /tmp/sbbs-Jun-06-2023/3rdp/src/mozjs/js-1.8.5/js/src/ctypes/libffi/src/closures.c: 428 in dlmmap_locked()
/tmp/sbbs-Jun-06-2023/3rdp/src/mozjs/js-1.8.5/js/src/ctypes/libffi/src/closures.c: 416 in dlmmap_locked()


________________________________________________________________________________________________________
*** CID 462239: (CHECKED_RETURN) /tmp/sbbs-Jun-06-2023/3rdp/src/mozjs/js-1.8.5/js/src/ctypes/libffi/src/closures.c: 428 in dlmmap_locked()
422
423 start = mmap (start, length, prot, flags, execfd, offset);
424
425 if (start == MFAIL)
426 {
427 munmap (ptr, length);

CID 462239: (CHECKED_RETURN)
Calling "ftruncate" without checking return value (as is done elsewhere 45 out of 52 times).

428 ftruncate (execfd, offset);
429 return start;
430 }
431
432 mmap_exec_offset ((char *)start, length) = (char*)ptr - (char*)start; 433 /tmp/sbbs-Jun-06-2023/3rdp/src/mozjs/js-1.8.5/js/src/ctypes/libffi/src/closures.c: 416 in dlmmap_locked()
410 {
411 if (!offset)
412 {
413 close (execfd);
414 goto retry_open;
415 }

CID 462239: (CHECKED_RETURN)
Calling "ftruncate" without checking return value (as is done elsewhere 45 out of 52 times).

416 ftruncate (execfd, offset);
417 return MFAIL;
418 }
419 else if (!offset
420 && open_temp_exec_file_opts[open_temp_exec_file_opts_idx].repeat)
421 open_temp_exec_file_opts_next ();

** CID 462238: (RESOURCE_LEAK)
/writemsg.cpp: 1731 in sbbs_t::editmsg(smb_t *, smbmsg_t *)()
/writemsg.cpp: 1717 in sbbs_t::editmsg(smb_t *, smbmsg_t *)()


________________________________________________________________________________________________________
*** CID 462238: (RESOURCE_LEAK)
/writemsg.cpp: 1731 in sbbs_t::editmsg(smb_t *, smbmsg_t *)()
1725 if(j>1 && (j!=x || feof(instream)) && buf[j-1]==LF && buf[j-2]==CR)
1726 buf[j-1]=buf[j-2]=0; /* Convert to NULL */ 1727 if(fwrite(buf,j,1,smb->sdt_fp) != 1) {
1728 errormsg(WHERE, ERR_WRITE, smb->file, j);
1729 smb_unlocksmbhdr(smb);
1730 smb_freemsgdat(smb,offset,length,1);

CID 462238: (RESOURCE_LEAK)
Variable "instream" going out of scope leaks the storage it points to. 1731 return false;

1732 }
1733 x=SDT_BLOCK_LEN;
1734 }
1735 fflush(smb->sdt_fp);
1736 fclose(instream);
/writemsg.cpp: 1717 in sbbs_t::editmsg(smb_t *, smbmsg_t *)()
1711 fseeko(smb->sdt_fp,offset,SEEK_SET);
1712 xlat=XLAT_NONE;
1713 if(fwrite(&xlat,2,1,smb->sdt_fp) != 1) {
1714 errormsg(WHERE, ERR_WRITE, smb->file, 2);
1715 smb_unlocksmbhdr(smb);
1716 smb_freemsgdat(smb,offset,length,1);

CID 462238: (RESOURCE_LEAK)
Variable "instream" going out of scope leaks the storage it points to. 1717 return false;

1718 }
1719 x=SDT_BLOCK_LEN-2; /* Don't read/write more than 255 */
1720 while(!feof(instream)) {
1721 memset(buf,0,x);
1722 j=fread(buf,1,x,instream);

** CID 462237: Resource leaks (RESOURCE_LEAK)
/writemsg.cpp: 244 in sbbs_t::process_edited_file(const char *, const char *, int, unsigned int *, unsigned int)()


________________________________________________________________________________________________________
*** CID 462237: Resource leaks (RESOURCE_LEAK)
/writemsg.cpp: 244 in sbbs_t::process_edited_file(const char *, const char *, int, unsigned int *, unsigned int)()
238 }
239
240 memset(buf,0,len+1);
241 int rd = fread(buf,len,1,fp);
242 fclose(fp);
243 if(rd != 1)

CID 462237: Resource leaks (RESOURCE_LEAK)
Variable "buf" going out of scope leaks the storage it points to.

244 return -4;
245
246 if((fp=fopen(dest,"wb"))!=NULL) {
247 len=process_edited_text(buf, fp, mode, lines, maxlines);
248 fclose(fp);
249 }

** CID 462236: Null pointer dereferences (FORWARD_NULL) /tmp/sbbs-Jun-06-2023/src/conio/x_cio.c: 588 in x_initciolib()


________________________________________________________________________________________________________
*** CID 462236: Null pointer dereferences (FORWARD_NULL) /tmp/sbbs-Jun-06-2023/src/conio/x_cio.c: 588 in x_initciolib()
582 }
583 #endif
584 #ifdef WITH_XRANDR
585 xrandr_found = true;
586 if ((dl4 = xp_dlopen(libnames4,RTLD_LAZY,2)) == NULL)
587 xrandr_found = false;

CID 462236: Null pointer dereferences (FORWARD_NULL)
Passing null pointer "dl4" to "dlsym", which dereferences it.

588 if (xinerama_found && ((x11.XRRQueryVersion = xp_dlsym(dl4, XRRQueryVersion)) == NULL)) {
589 xp_dlclose(dl4);
590 xrandr_found = false;
591 }
592 if (xinerama_found && ((x11.XRRGetScreenResources = xp_dlsym(dl4, XRRGetScreenResources)) == NULL)) {
593 xp_dlclose(dl4);

** CID 462235: Resource leaks (RESOURCE_LEAK)
/fmsgdump.c: 114 in msgdump()


________________________________________________________________________________________________________
*** CID 462235: Resource leaks (RESOURCE_LEAK)
/fmsgdump.c: 114 in msgdump()
108 fprintf(stderr, "!MALLOC failure\n");
109 return __COUNTER__;
110 }
111 fseek(fp, sizeof(hdr), SEEK_SET);
112 if(fread(body, len, 1, fp) != 1) {
113 perror("reading body text");

CID 462235: Resource leaks (RESOURCE_LEAK)
Variable "body" going out of scope leaks the storage it points to.

114 return __COUNTER__;
115 }
116 fprintf(bodyfp, "\n-start of message text-\n");
117 char* p = body;
118 while(*p && p < body + len) {
119 if((p == body || *(p - 1) == '\r') && *p == 1) {

** CID 462234: Resource leaks (RESOURCE_LEAK)
/netmail.cpp: 303 in sbbs_t::netmail(const char *, const char *, int, smb_t *, smbmsg_t *, char **)()


________________________________________________________________________________________________________
*** CID 462234: Resource leaks (RESOURCE_LEAK)
/netmail.cpp: 303 in sbbs_t::netmail(const char *, const char *, int, smb_t *, smbmsg_t *, char **)()
297 errormsg(WHERE,ERR_ALLOC,str,length);
298 return(false);
299 }
300 if(read(file,buf,length) != length) {
301 close(file);
302 errormsg(WHERE, ERR_READ, str, length);

CID 462234: Resource leaks (RESOURCE_LEAK)
Variable "buf" going out of scope leaks the storage it points to.

303 return false;
304 }
305 close(file);
306
307 smb_net_type_t nettype = NET_FIDO;
308 smb_hfield_str(&msg,SENDER, from);


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yp-2FP9gGRhvFklLaQKuBylUrkMFB3WMR2p7qIYKYTZrh4BbWTBf-2B-2Fi5ZUVF-2Fo-2B6flxo-3DcBRy_g4j7BHlu96plUOfCQsO0yRjoWZCZl8YGnZ-2FUtT39hrB-2FxlaM9N-2BytN4abAlhxBOfL2Gc48Kht9DWsIw0TGq4KCIUCjvrRsYhjbSc3n6GrPlyk6u8jzpB0aqRS4dcNK81E-2FeN0SyAuTTv987PncAi-2FzopZuXT78jKuoT04lLRnCeEbfBKD6ahQnLeiOpkIZgmfmv57IglbC4RNT9dRkvaUQ-3D-3D



---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

14 new defect(s) introduced to Synchronet found with Coverity Scan.
28 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 14 of 14 defect(s)


** CID 462300: Control flow issues (MISSING_BREAK) /tmp/sbbs-Jun-09-2023/src/conio/cterm.c: 3525 in do_ansi()


________________________________________________________________________________________________________
*** CID 462300: Control flow issues (MISSING_BREAK) /tmp/sbbs-Jun-09-2023/src/conio/cterm.c: 3525 in do_ansi()
3519 case 'e': /* Line Position Forward */
3520 seq_default(seq, 0, 1);
3521 if (seq->param_int[0] < 1)
3522 break; 3523 adjust_currpos(cterm, 0, seq->param_int[0], 0);
3524 break;

CID 462300: Control flow issues (MISSING_BREAK)
The case for value "'a'" is not terminated by a "break" statement.

3525 case 'a': /* Character Position Forward */
3526 clear_lcf(cterm);
3527 case 'C': /* Cursor Right */
3528 seq_default(seq, 0, 1);
3529 if (seq->param_int[0] < 1)
3530 break;

** CID 462299: Control flow issues (MISSING_BREAK) /tmp/sbbs-Jun-09-2023/src/conio/cterm.c: 3533 in do_ansi()


________________________________________________________________________________________________________
*** CID 462299: Control flow issues (MISSING_BREAK) /tmp/sbbs-Jun-09-2023/src/conio/cterm.c: 3533 in do_ansi()
3527 case 'C': /* Cursor Right */
3528 seq_default(seq, 0, 1);
3529 if (seq->param_int[0] < 1)
3530 break; 3531 adjust_currpos(cterm, seq->param_int[0], 0, 0);
3532 break;

CID 462299: Control flow issues (MISSING_BREAK)
The case for value "'j'" is not terminated by a "break" statement.

3533 case 'j': /* Character Position Backward */
3534 clear_lcf(cterm);
3535 case 'D': /* Cursor Left */
3536 seq_default(seq, 0, 1);
3537 if (seq->param_int[0] < 1)
3538 break;

** CID 462298: (NEGATIVE_RETURNS)


________________________________________________________________________________________________________
*** CID 462298: (NEGATIVE_RETURNS)
/exec.cpp: 1892 in sbbs_t::exec(csi_t *)()
1886 }
1887 else
1888 csi->logic=LOGIC_FALSE;
1889 return(0);
1890
1891 case CS_SELECT_EDITOR:

CID 462298: (NEGATIVE_RETURNS)
"this->curdirnum" is passed to a parameter that cannot be negative. 1892 csi->logic=select_editor() ? LOGIC_TRUE:LOGIC_FALSE;

1893 return(0);
1894 case CS_SET_EDITOR:
1895 csi->logic=LOGIC_TRUE;
1896 for(i=0;i<cfg.total_xedits;i++)
1897 if(!stricmp(csi->str,cfg.xedit[i]->code)
/exec.cpp: 1880 in sbbs_t::exec(csi_t *)()
1874 case CS_SELECT_SHELL:
1875 csi->logic=select_shell() ? LOGIC_TRUE:LOGIC_FALSE;
1876 return(0);
1877 case CS_SET_SHELL:
1878 csi->logic=LOGIC_TRUE;
1879 for(i=0;i<cfg.total_shells;i++)

CID 462298: (NEGATIVE_RETURNS)
"this->curdirnum" is passed to a parameter that cannot be negative. 1880 if(!stricmp(csi->str,cfg.shell[i]->code)

1881 && chk_ar(cfg.shell[i]->ar,&useron,&client))
1882 break;
1883 if(i<cfg.total_shells) {
1884 useron.shell=i;
1885 putuserstr(useron.number, USER_SHELL, cfg.shell[i]->code);
/exec.cpp: 1181 in sbbs_t::exec(csi_t *)()
1175 now=time(NULL);
1176
1177 if(csi->ip>=csi->cs+csi->length)
1178 return(1);
1179
1180 if(*csi->ip>=CS_FUNCTIONS)

CID 462298: (NEGATIVE_RETURNS)
"this->curdirnum" is passed to a parameter that cannot be negative. 1181 return(exec_function(csi));

1182
1183 /**********************************************/
1184 /* Miscellaneous variable length instructions */
1185 /**********************************************/
1186
/exec.cpp: 1499 in sbbs_t::exec(csi_t *)()
1493
1494 if(*csi->ip>=CS_TWO_BYTE) {
1495 switch(*(csi->ip++)) {
1496 case CS_TWO_MORE_BYTES:
1497 switch(*(csi->ip++)) {
1498 case CS_USER_EVENT:

CID 462298: (NEGATIVE_RETURNS)
"this->curdirnum" is passed to a parameter that cannot be negative. 1499 user_event((user_event_t)*(csi->ip++));

1500 return(0);
1501 }
1502 errormsg(WHERE,ERR_CHK,"shell instruction",*(csi->ip-1));
1503 return(0);
1504 case CS_SETLOGIC:
/exec.cpp: 1181 in sbbs_t::exec(csi_t *)()
1175 now=time(NULL);
1176
1177 if(csi->ip>=csi->cs+csi->length)
1178 return(1);
1179
1180 if(*csi->ip>=CS_FUNCTIONS)

CID 462298: (NEGATIVE_RETURNS)
"this->cursubnum" is passed to a parameter that cannot be negative. 1181 return(exec_function(csi));

1182
1183 /**********************************************/
1184 /* Miscellaneous variable length instructions */
1185 /**********************************************/
1186
/exec.cpp: 1761 in sbbs_t::exec(csi_t *)()
1755 if(logon())
1756 csi->logic=LOGIC_TRUE; 1757 else
1758 csi->logic=LOGIC_FALSE; 1759 return(0);
1760 case CS_LOGOUT:

CID 462298: (NEGATIVE_RETURNS)
"this->curdirnum" is passed to a parameter that cannot be negative. 1761 logout();

1762 return(0);
1763 case CS_EXIT:
1764 return(1);
1765 case CS_LOOP_BEGIN:
1766 if(csi->loops<MAX_LOOPDEPTH) /exec.cpp: 1538 in sbbs_t::exec(csi_t *)()
1532 thisnode.status=*csi->ip++; 1533 putnodedat(cfg.node_num,&thisnode);
1534 } else
1535 csi->ip++;
1536 return(0);
1537 case CS_MULTINODE_CHAT:

CID 462298: (NEGATIVE_RETURNS)
"this->curdirnum" is passed to a parameter that cannot be negative. 1538 multinodechat(*csi->ip++);

1539 return(0);
1540 case CS_GETSTR:
1541 csi->logic=LOGIC_TRUE;
1542 getstr(csi->str,*csi->ip++,0);
1543 if(sys_status&SS_ABORT) {
/exec.cpp: 1875 in sbbs_t::exec(csi_t *)()
1869 saveline();
1870 return(0);
1871 case CS_RESTORELINE:
1872 restoreline();
1873 return(0);
1874 case CS_SELECT_SHELL:

CID 462298: (NEGATIVE_RETURNS)
"this->curdirnum" is passed to a parameter that cannot be negative. 1875 csi->logic=select_shell() ? LOGIC_TRUE:LOGIC_FALSE;

1876 return(0);
1877 case CS_SET_SHELL:
1878 csi->logic=LOGIC_TRUE;
1879 for(i=0;i<cfg.total_shells;i++)
1880 if(!stricmp(csi->str,cfg.shell[i]->code)
/exec.cpp: 1897 in sbbs_t::exec(csi_t *)()
1891 case CS_SELECT_EDITOR:
1892 csi->logic=select_editor() ? LOGIC_TRUE:LOGIC_FALSE;
1893 return(0);
1894 case CS_SET_EDITOR:
1895 csi->logic=LOGIC_TRUE;
1896 for(i=0;i<cfg.total_xedits;i++)

CID 462298: (NEGATIVE_RETURNS)
"this->curdirnum" is passed to a parameter that cannot be negative. 1897 if(!stricmp(csi->str,cfg.xedit[i]->code)

1898 && chk_ar(cfg.xedit[i]->ar,&useron,&client))
1899 break;
1900 if(i<cfg.total_xedits) {
1901 useron.xedit=i+1;
1902 putuserstr(useron.number, USER_XEDIT, cfg.xedit[i]->code);

** CID 462297: Uninitialized variables (UNINIT)


________________________________________________________________________________________________________
*** CID 462297: Uninitialized variables (UNINIT)
/readmsgs.cpp: 218 in sbbs_t::loadposts(unsigned int *, int, unsigned int, int, unsigned int *, unsigned int *)()
212 if(idx.to!=namecrc && idx.from!=namecrc
213 && idx.to!=aliascrc && idx.from!=aliascrc
214 && (useron.number!=1 || idx.to!=sysop)) 215 continue;
216 msg.idx=idx;
217 if(!smb_lockmsghdr(&smb,&msg)) {

CID 462297: Uninitialized variables (UNINIT)
Using uninitialized value "msg.idx_offset" when calling "smb_getmsghdr".

218 if(!smb_getmsghdr(&smb,&msg)) {
219 if(stricmp(msg.to,useron.alias) 220 && stricmp(msg.from,useron.alias)
221 && stricmp(msg.to,useron.name)
222 && stricmp(msg.from,useron.name)
223 && (useron.number!=1 || stricmp(msg.to,"sysop")

** CID 462296: Integer handling issues (SIGN_EXTENSION)
/writemsg.cpp: 296 in sbbs_t::writemsg(const char *, const char *, char *, int, int, const char *, const char *, const char **, const char **)()


________________________________________________________________________________________________________
*** CID 462296: Integer handling issues (SIGN_EXTENSION)
/writemsg.cpp: 296 in sbbs_t::writemsg(const char *, const char *, char *, int, int, const char *, const char *, const char **, const char **)()
290
291 useron_level=useron.level;
292
293 if(editor!=NULL)
294 *editor=NULL;
295

CID 462296: Integer handling issues (SIGN_EXTENSION)
Suspicious implicit sign extension: "this->cfg.level_linespermsg[useron_level]" with type "uint16_t" (16 bits, unsigned) is promoted in "this->cfg.level_linespermsg[useron_level] * (this->cols - 1 + 2) + 1" to type "int" (32 bits, signed), then sign-extended to type "unsigned long" (64 bits, unsigned). If "this->cfg.level_linespermsg[useron_level] * (this->cols - 1 + 2) + 1" is greater than 0x7FFFFFFF, the upper bits of the result will all be 1.

296 if((buf=(char*)malloc((cfg.level_linespermsg[useron_level]*MAX_LINE_LEN) + 1))
297 ==NULL) {
298 errormsg(WHERE,ERR_ALLOC,fname
299 ,(cfg.level_linespermsg[useron_level]*MAX_LINE_LEN) +1);
300 return(false);
301 }

** CID 462295: Control flow issues (MISSING_BREAK) /tmp/sbbs-Jun-09-2023/src/conio/cterm.c: 3509 in do_ansi()


________________________________________________________________________________________________________
*** CID 462295: Control flow issues (MISSING_BREAK) /tmp/sbbs-Jun-09-2023/src/conio/cterm.c: 3509 in do_ansi()
3503 seq->param_int[0] = cterm->width - j;
3504 MOVETEXT(col, row, max_col - seq->param_int[0], row, col + seq->param_int[0], row);
3505 for(l=0; l < seq->param_int[0]; l++)
3506 PUTCH(' ');
3507 cterm_gotoxy(cterm, i, j);
3508 break;

CID 462295: Control flow issues (MISSING_BREAK)
The case for value "'A'" is not terminated by a "break" statement.

3509 case 'A': /* Cursor Up */
3510 clear_lcf(cterm);
3511 case 'k': /* Line Position Backward */
3512 seq_default(seq, 0, 1);
3513 if (seq->param_int[0] < 1)
3514 break;

** CID 462294: Integer handling issues (NEGATIVE_RETURNS)


________________________________________________________________________________________________________
*** CID 462294: Integer handling issues (NEGATIVE_RETURNS)
/netmail.cpp: 1038 in sbbs_t::inetmail(const char *, const char *, int, smb_t *, smbmsg_t *, char **)()
1032 if(remsg != NULL && resmb != NULL && !(mode&WM_QUOTE)) {
1033 if(quotemsg(resmb, remsg, /* include tails: */true)) 1034 mode |= WM_QUOTE;
1035 }
1036
1037 SAFEPRINTF(msgpath,"%snetmail.msg",cfg.node_dir);

CID 462294: Integer handling issues (NEGATIVE_RETURNS)
A negative constant "-1" is passed as an argument to a parameter that cannot be negative.

1038 if(!writemsg(msgpath,nulstr,title,WM_NETMAIL|mode,INVALID_SUB, to_list, /* from: */your_addr, &editor, &charset)) {
1039 strListFree(&rcpt_list);
1040 bputs(text[Aborted]);
1041 return(false);
1042 }
1043

** CID 462293: Integer handling issues (NEGATIVE_RETURNS)


________________________________________________________________________________________________________
*** CID 462293: Integer handling issues (NEGATIVE_RETURNS)
/netmail.cpp: 200 in sbbs_t::netmail(const char *, const char *, int, smb_t *, smbmsg_t *, char **)()
194 if(remsg != NULL && resmb != NULL && !(mode&WM_QUOTE)) {
195 if(quotemsg(resmb, remsg, /* include tails: */true)) 196 mode |= WM_QUOTE;
197 }
198
199 msg_tmp_fname(useron.xedit, msgpath, sizeof(msgpath));

CID 462293: Integer handling issues (NEGATIVE_RETURNS)
A negative constant "-1" is passed as an argument to a parameter that cannot be negative.

200 if(!writemsg(msgpath,nulstr,subj,WM_NETMAIL|mode,INVALID_SUB, to, from, &editor, &charset)) {
201 bputs(text[Aborted]);
202 return(false);
203 }
204
205 if(mode&WM_FILE) {

** CID 462292: (NULL_RETURNS)
/execmisc.cpp: 526 in sbbs_t::exec_misc(csi_t *, const char *)()
/execmisc.cpp: 526 in sbbs_t::exec_misc(csi_t *, const char *)()


________________________________________________________________________________________________________
*** CID 462292: (NULL_RETURNS)
/execmisc.cpp: 526 in sbbs_t::exec_misc(csi_t *, const char *)()
520 if(*pp1!=csi->str && (!*pp1 || i==MAX_SYSVARS)) {
521 if(*pp1)
522 *pp1=(char *)realloc(*pp1,strlen(*pp1)+strlen(*pp2)+1);
523 else
524 *pp1=(char *)realloc(*pp1,strlen(*pp2)+1);
525 }

CID 462292: (NULL_RETURNS)
Dereferencing a pointer that might be "nullptr" "*pp1" when calling "strcat". [Note: The source code implementation of the function has been overridden by a builtin model.]

526 strcat(*pp1,*pp2);
527 return(0);
528 case FORMAT_STR_VAR:
529 pp=getstrvar(csi,*(int32_t *)csi->ip);
530 csi->ip+=4; /* Skip variable name */
531 p=format_string(this, csi); /execmisc.cpp: 526 in sbbs_t::exec_misc(csi_t *, const char *)()
520 if(*pp1!=csi->str && (!*pp1 || i==MAX_SYSVARS)) {
521 if(*pp1)
522 *pp1=(char *)realloc(*pp1,strlen(*pp1)+strlen(*pp2)+1);
523 else
524 *pp1=(char *)realloc(*pp1,strlen(*pp2)+1);
525 }

CID 462292: (NULL_RETURNS)
Dereferencing a pointer that might be "nullptr" "*pp1" when calling "strcat". [Note: The source code implementation of the function has been overridden by a builtin model.]

526 strcat(*pp1,*pp2);
527 return(0);
528 case FORMAT_STR_VAR:
529 pp=getstrvar(csi,*(int32_t *)csi->ip);
530 csi->ip+=4; /* Skip variable name */
531 p=format_string(this, csi);

** CID 462291: Control flow issues (MISSING_BREAK) /tmp/sbbs-Jun-09-2023/src/conio/cterm.c: 3517 in do_ansi()


________________________________________________________________________________________________________
*** CID 462291: Control flow issues (MISSING_BREAK) /tmp/sbbs-Jun-09-2023/src/conio/cterm.c: 3517 in do_ansi()
3511 case 'k': /* Line Position Backward */
3512 seq_default(seq, 0, 1);
3513 if (seq->param_int[0] < 1)
3514 break; 3515 adjust_currpos(cterm, 0, 0 - seq->param_int[0], 0);
3516 break;

CID 462291: Control flow issues (MISSING_BREAK)
The case for value "'B'" is not terminated by a "break" statement.

3517 case 'B': /* Cursor Down */
3518 clear_lcf(cterm);
3519 case 'e': /* Line Position Forward */
3520 seq_default(seq, 0, 1);
3521 if (seq->param_int[0] < 1)
3522 break;

** CID 462290: Integer handling issues (NEGATIVE_RETURNS)


________________________________________________________________________________________________________
*** CID 462290: Integer handling issues (NEGATIVE_RETURNS)
/netmail.cpp: 1316 in sbbs_t::qnetmail(const char *, const char *, int, smb_t *, smbmsg_t *)()
1310 if(remsg != NULL && resmb != NULL && !(mode&WM_QUOTE)) {
1311 if(quotemsg(resmb, remsg, /* include tails: */true)) 1312 mode |= WM_QUOTE;
1313 }
1314
1315 SAFEPRINTF(msgpath,"%snetmail.msg",cfg.node_dir);

CID 462290: Integer handling issues (NEGATIVE_RETURNS)
A negative constant "-1" is passed as an argument to a parameter that cannot be negative.

1316 if(!writemsg(msgpath,nulstr,title, (mode|WM_QWKNET|WM_NETMAIL) ,INVALID_SUB,to,/* from: */useron.alias, &editor, &charset)) {
1317 bputs(text[Aborted]);
1318 return(false);
1319 }
1320
1321 if((i=smb_stack(&smb,SMB_STACK_PUSH))!=SMB_SUCCESS) {

** CID 462289: Integer handling issues (NEGATIVE_RETURNS)


________________________________________________________________________________________________________
*** CID 462289: Integer handling issues (NEGATIVE_RETURNS)
/bulkmail.cpp: 53 in sbbs_t::bulkmail(unsigned char *)()
47 && !noyes(text[AnonymousQ])) {
48 msg.hdr.attr|=MSG_ANONYMOUS;
49 wm_mode|=WM_ANON;
50 }
51
52 msg_tmp_fname(useron.xedit, msgpath, sizeof(msgpath));

CID 462289: Integer handling issues (NEGATIVE_RETURNS)
A negative constant "-1" is passed as an argument to a parameter that cannot be negative.

53 if(!writemsg(msgpath,nulstr,title,wm_mode,INVALID_SUB,"Bulk Mailing"
54 ,/* From: */useron.alias
55 ,&editor
56 ,&charset)) {
57 bputs(text[Aborted]);
58 return(false);

** CID 462288: High impact quality (Y2K38_SAFETY)
/upload.cpp: 351 in sbbs_t::upload(int)()


________________________________________________________________________________________________________
*** CID 462288: High impact quality (Y2K38_SAFETY)
/upload.cpp: 351 in sbbs_t::upload(int)()
345 SAFEPRINTF(descbeg,text[Rated],toupper(ch));
346 }
347 if(cfg.dir[dirnum]->misc&DIR_ULDATE) {
348 now=time(NULL);
349 if(descbeg[0])
350 strcat(descbeg," ");

CID 462288: High impact quality (Y2K38_SAFETY)
A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "this->now" is cast to "time32_t".

351 SAFEPRINTF(str,"%s ",unixtodstr(&cfg,(time32_t)now,tmp));
352 strcat(descbeg,str);
353 }
354 if(cfg.dir[dirnum]->misc&DIR_MULT) {
355 sync();
356 if(!noyes(text[MultipleDiskQ])) {

** CID 462287: Insecure data handling (TAINTED_SCALAR)


________________________________________________________________________________________________________
*** CID 462287: Insecure data handling (TAINTED_SCALAR)
/writemsg.cpp: 762 in sbbs_t::writemsg(const char *, const char *, char *, int, int, const char *, const char *, const char **, const char **)()
756 while(!feof(tag)) {
757 if(!fgets(str,sizeof(str),tag)) 758 break;
759 truncsp(str);
760 if(utf8) {
761 char buf[sizeof(str)*4];

CID 462287: Insecure data handling (TAINTED_SCALAR)
Passing tainted expression "str" to "cp437_to_utf8_str", which uses it as an offset.

762 cp437_to_utf8_str(str, buf, sizeof(buf) - 1, /* minval: */'\x02');
763 l+=fprintf(stream,"%s\r\n", buf);
764 } else
765 l+=fprintf(stream,"%s\r\n",str);
766 lines++; /* line counter */
767 }


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yp-2FP9gGRhvFklLaQKuBylUrkMFB3WMR2p7qIYKYTZrh4BbWTBf-2B-2Fi5ZUVF-2Fo-2B6flxo-3DtLKg_g4j7BHlu96plUOfCQsO0yRjoWZCZl8YGnZ-2FUtT39hrAqovISQpoxJCpfGf5WxBSwicKqoI1-2FF-2FaRmTPl-2BdVuGdSUZJZL-2FtmrL2VG6EaSuRynvnKTam4RxYwMKuXCyGzW07U-2FihjT83mqDNq6SOIYF1Sr-2FPyTE6vlrslg0L6d5zkvnLZ7buAIgjMdQW0NPYYLOxV54tcIwBqmxUNrcgSYSA-3D-3D



---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

1 new defect(s) introduced to Synchronet found with Coverity Scan.


New defect(s) Reported-by: Coverity Scan
Showing 1 of 1 defect(s)


** CID 462777: Error handling issues (CHECKED_RETURN)
/sbbsecho.c: 1796 in alter_areas()


________________________________________________________________________________________________________
*** CID 462777: Error handling issues (CHECKED_RETURN)
/sbbsecho.c: 1796 in alter_areas()
1790 chmod(outpath, st.st_mode);
1791 if(cfg.areafile_backups == 0 || !backup(cfg.areafile, cfg.areafile_backups, /* ren: */TRUE))
1792 delfile(cfg.areafile, __LINE__); /* Delete AREAS.BBS */
1793 if(rename(outpath,cfg.areafile)) /* Rename new AREAS.BBS file */
1794 lprintf(LOG_ERR,"ERROR line %d renaming %s to %s",__LINE__,outpath,cfg.areafile);
1795 }

CID 462777: Error handling issues (CHECKED_RETURN)
Calling "remove(outpath)" without checking return value. This library function may fail and return an error code.

1796 remove(outpath); // expected to fail (file does not exist) much of the time
1797 }
1798
1799 bool add_sub_to_arealist(sub_t* sub, fidoaddr_t uplink)
1800 {
1801 FILE* fp = NULL;


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yp-2FP9gGRhvFklLaQKuBylUrkMFB3WMR2p7qIYKYTZrh4BbWTBf-2B-2Fi5ZUVF-2Fo-2B6flxo-3D9Jsa_g4j7BHlu96plUOfCQsO0yRjoWZCZl8YGnZ-2FUtT39hrBb4277PBgEvmZlC-2F75f6Wn0OW7OlFk2c1B-2BHtshOYvFkBSQP9EqEdk2ezaBaEw-2BucLGwfFouHIfPe-2Fyudqe7-2BvtImpG7nG3GNHNovDhmEdP7PSdTfD3wACCQeKNpizxWyAzNP4xAGsoa5IGtqS3OShzACd7MFIxkk2Y7iSTOvrLw-3D-3D



---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

2 new defect(s) introduced to Synchronet found with Coverity Scan.
2 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 2 of 2 defect(s)


** CID 465170: Resource leaks (RESOURCE_LEAK)
/scfg/scfg.c: 2447 in new_item()


________________________________________________________________________________________________________
*** CID 465170: Resource leaks (RESOURCE_LEAK)
/scfg/scfg.c: 2447 in new_item()
2441 void** p;
2442 void* item;
2443
2444 if((item = calloc(size, 1)) == NULL)
2445 return NULL;
2446 if((p = realloc(list, size * ((*total) + 1))) == NULL)

CID 465170: Resource leaks (RESOURCE_LEAK)
Variable "item" going out of scope leaks the storage it points to.

2447 return NULL;
2448 list = p;
2449 for(int i = *total; i > index; --i)
2450 list[i] = list[i - 1];
2451 list[index] = item;
2452 ++(*total);

** CID 465169: (SIZEOF_MISMATCH)
/scfg/scfgxfr1.c: 544 in xfer_opts()
/scfg/scfgxfr1.c: 698 in xfer_opts()
/scfg/scfgxfr1.c: 1124 in xfer_opts()
/scfg/scfgxfr1.c: 844 in xfer_opts()
/scfg/scfgxfr1.c: 412 in xfer_opts()
/scfg/scfgxfr1.c: 982 in xfer_opts()


________________________________________________________________________________________________________
*** CID 465169: (SIZEOF_MISMATCH)
/scfg/scfgxfr1.c: 544 in xfer_opts()
538 }
539 if(msk == MSK_COPY) {
540 savftest=*cfg.ftest[i]; 541 continue;
542 }
543 if(msk == MSK_PASTE) {

CID 465169: (SIZEOF_MISMATCH)
Passing argument "240UL /* sizeof (ftest_t) */" to function "new_item" and then casting the return value to "ftest_t **" is suspicious.

544 if((cfg.ftest = (ftest_t**)new_item(cfg.ftest, sizeof(ftest_t), i, &cfg.total_ftests)) == NULL) {
545 errormsg(WHERE, ERR_ALLOC, "ftests", sizeof(ftest_t) * (cfg.total_ftests + 1));
546 cfg.total_ftests = 0;
547 bail(1);
548 }
549 *cfg.ftest[i]=savftest; /scfg/scfgxfr1.c: 698 in xfer_opts()
692 }
693 if(msk == MSK_COPY) {
694 savdlevent=*cfg.dlevent[i];
695 continue;
696 }
697 if(msk == MSK_PASTE) {

CID 465169: (SIZEOF_MISMATCH)
Passing argument "240UL /* sizeof (dlevent_t) */" to function "new_item" and then casting the return value to "dlevent_t **" is suspicious.

698 if((cfg.dlevent = (dlevent_t**)new_item(cfg.dlevent, sizeof(dlevent_t), i, &cfg.total_dlevents)) == NULL) {
699 errormsg(WHERE, ERR_ALLOC, "dlevents", sizeof(dlevent_t) * (cfg.total_dlevents + 1));
700 cfg.total_dlevents = 0;
701 bail(1);
702 }
703 *cfg.dlevent[i]=savdlevent;
/scfg/scfgxfr1.c: 1124 in xfer_opts()
1118 }
1119 if(msk == MSK_COPY) {
1120 savprot=*cfg.prot[i]; 1121 continue;
1122 }
1123 if(msk == MSK_PASTE) {

CID 465169: (SIZEOF_MISMATCH)
Passing argument "720UL /* sizeof (prot_t) */" to function "new_item" and then casting the return value to "prot_t **" is suspicious.

1124 if((cfg.prot = (prot_t**)new_item(cfg.prot, sizeof(prot_t), i, &cfg.total_prots)) == NULL) {
1125 errormsg(WHERE, ERR_ALLOC, "prots", sizeof(prot_t) * (cfg.total_prots + 1));
1126 cfg.total_prots=0;
1127 bail(1);
1128 }
1129 *cfg.prot[i]=savprot; /scfg/scfgxfr1.c: 844 in xfer_opts()
838 }
839 if(msk == MSK_COPY) {
840 savfextr=*cfg.fextr[i]; 841 continue;
842 }
843 if(msk == MSK_PASTE) {

CID 465169: (SIZEOF_MISMATCH)
Passing argument "199UL /* sizeof (fextr_t) */" to function "new_item" and then casting the return value to "fextr_t **" is suspicious.

844 if((cfg.fextr = (fextr_t**)new_item(cfg.fextr, sizeof(fextr_t), i, &cfg.total_fextrs)) == NULL) {
845 errormsg(WHERE, ERR_ALLOC, "fextrs", sizeof(fextr_t) * (cfg.total_fextrs + 1));
846 cfg.total_fextrs = 0;
847 bail(1);
848 }
849 *cfg.fextr[i]=savfextr; /scfg/scfgxfr1.c: 412 in xfer_opts()
406 }
407 if(msk == MSK_COPY) {
408 savfview=*cfg.fview[i]; 409 continue;
410 }
411 if(msk == MSK_PASTE) {

CID 465169: (SIZEOF_MISMATCH)
Passing argument "199UL /* sizeof (fview_t) */" to function "new_item" and then casting the return value to "fview_t **" is suspicious.

412 if((cfg.fview = (fview_t**)new_item(cfg.fview, sizeof(fview_t), i, &cfg.total_fviews)) == NULL) {
413 errormsg(WHERE, ERR_ALLOC, "fviews", sizeof(fview_t) * (cfg.total_fviews + 1));
414 cfg.total_fviews = 0;
415 bail(1);
416 }
417 *cfg.fview[i]=savfview; /scfg/scfgxfr1.c: 982 in xfer_opts()
976 }
977 if(msk == MSK_COPY) {
978 savfcomp=*cfg.fcomp[i]; 979 continue;
980 }
981 if(msk == MSK_PASTE) {

CID 465169: (SIZEOF_MISMATCH)
Passing argument "199UL /* sizeof (fcomp_t) */" to function "new_item" and then casting the return value to "fcomp_t **" is suspicious.

982 if((cfg.fcomp = (fcomp_t**)new_item(cfg.fcomp, sizeof(fcomp_t), i, &cfg.total_fcomps)) == NULL) {
983 errormsg(WHERE, ERR_ALLOC, "fcomps", sizeof(fcomp_t) * (cfg.total_fcomps + 1));
984 cfg.total_fcomps = 0;
985 bail(1);
986 }
987 *cfg.fcomp[i]=savfcomp;


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yp-2FP9gGRhvFklLaQKuBylUrkMFB3WMR2p7qIYKYTZrh4BbWTBf-2B-2Fi5ZUVF-2Fo-2B6flxo-3D5wZ8_g4j7BHlu96plUOfCQsO0yRjoWZCZl8YGnZ-2FUtT39hrCnsQIL3fFmuqL7faauDZIkRsjaF7SdWuX9-2F6F0cLhQPK2eigoJW5CI-2BTBbzcwuB-2Fnb9gU96N518jXtyrLldNWW25I5ASjWizI9KxhCsvWXL8lcGsg-2BB04X9jrEFEkrP4hbjq1CPbLr3dEPsMh2-2BJD6OG7PFXOCZ8vIf02fm0mzeA-3D-3D



---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

1 new defect(s) introduced to Synchronet found with Coverity Scan.
3 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 1 of 1 defect(s)


** CID 465835: High impact quality (Y2K38_SAFETY)
/atcodes.cpp: 1344 in sbbs_t::atcode(const char *, char *, unsigned long, int *, bool, JSObject *)()


________________________________________________________________________________________________________
*** CID 465835: High impact quality (Y2K38_SAFETY)
/atcodes.cpp: 1344 in sbbs_t::atcode(const char *, char *, unsigned long, int *, bool, JSObject *)()
1338 f = (float)useron.dls / useron.uls;
1339 safe_snprintf(str, maxlen, "%u", f ? (uint)(100 / f) : 0);
1340 return str;
1341 }
1342
1343 if(!strcmp(sp,"LASTNEW"))

CID 465835: High impact quality (Y2K38_SAFETY)
A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "this->ns_time" is cast to "time32_t".

1344 return(unixtodstr(&cfg,(time32_t)ns_time,str));
1345
1346 if(strncmp(sp, "LASTNEW:", 8) == 0) {
1347 SAFECOPY(tmp, sp + 8);
1348 c_unescape_str(tmp);
1349 memset(&tm, 0, sizeof(tm));


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yp-2FP9gGRhvFklLaQKuBylUrkMFB3WMR2p7qIYKYTZrh4BbWTBf-2B-2Fi5ZUVF-2Fo-2B6flxo-3DUPeu_g4j7BHlu96plUOfCQsO0yRjoWZCZl8YGnZ-2FUtT39hrC3rkJOOdMBm7nMBMgGcmpBP39czlPogoepUuUAf0jPqohwQMNy1ulVEkqUkOGShQTw40WBv406LhOm367tfkxK7FUNIoQlZBuwZ1omfunbNxXxVCmVw8GO3npVkZ3YxshRBZDZsP1O5VMLZ6DNCGvJ679Mp4a2XGGuVrVV7McBrQ-3D-3D



---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

39 new defect(s) introduced to Synchronet found with Coverity Scan.
12 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 20 of 39 defect(s)


** CID 469141: Data race undermines locking (LOCK_EVASION)
/answer.cpp: 450 in sbbs_t::answer()()


________________________________________________________________________________________________________
*** CID 469141: Data race undermines locking (LOCK_EVASION)
/answer.cpp: 450 in sbbs_t::answer()()
444 if(telnet_cols >= TERM_COLS_MIN && telnet_cols <= TERM_COLS_MAX)
445 cols = telnet_cols;
446 if(telnet_rows >= TERM_ROWS_MIN && telnet_rows <= TERM_ROWS_MAX)
447 rows = telnet_rows;
448 } else {
449 lprintf(LOG_NOTICE, "no Telnet commands received, reverting to Raw TCP mode");

CID 469141: Data race undermines locking (LOCK_EVASION)
Thread1 sets "telnet_mode" to a new value. Now the two threads have an inconsistent view of "telnet_mode" and updates to fields correlated with "telnet_mode" may be lost.

450 telnet_mode |= TELNET_MODE_OFF;
451 client.protocol = "Raw";
452 client_on(client_socket, &client,/* update: */true);
453 SAFECOPY(connection, client.protocol);
454 node_connection = NODE_CONNECTION_RAW;
455 }

** CID 469140: Error handling issues (CHECKED_RETURN)
/mqtt.c: 521 in mqtt_message_received()


________________________________________________________________________________________________________
*** CID 469140: Error handling issues (CHECKED_RETURN)
/mqtt.c: 521 in mqtt_message_received()
515 if(bbs_startup->node_inbuf != NULL && bbs_startup->node_inbuf[i - 1] != NULL)
516 RingBufWrite(bbs_startup->node_inbuf[i - 1], msg->payload, msg->payloadlen);
517 return;
518 }
519 for(int i = bbs_startup->first_node; i <= bbs_startup->last_node; i++) {
520 if(strcmp(msg->topic, mqtt_topic(mqtt, TOPIC_BBS, topic, sizeof(topic), "node/%d/msg", i)) == 0) {

CID 469140: Error handling issues (CHECKED_RETURN)
Calling "putnmsg" without checking return value (as is done elsewhere 4 out of 5 times).

521 putnmsg(mqtt->cfg, i, msg->payload); 522 return;
523 }
524 if(strcmp(msg->topic, mqtt_topic(mqtt, TOPIC_BBS, topic, sizeof(topic), "node/%d/set/status", i)) == 0) {
525 set_node_status(mqtt->cfg, i, mqtt_message_value(msg, 0));
526 return;

** CID 469139: Resource leaks (RESOURCE_LEAK) /tmp/sbbs-Nov-22-2023/3rdp/src/mozjs/js-1.8.5/js/src/jscntxt.h: 1376 in JSRuntime::realloc(void *, unsigned long, unsigned long, JSContext *)()


________________________________________________________________________________________________________
*** CID 469139: Resource leaks (RESOURCE_LEAK) /tmp/sbbs-Nov-22-2023/3rdp/src/mozjs/js-1.8.5/js/src/jscntxt.h: 1376 in JSRuntime::realloc(void *, unsigned long, unsigned long, JSContext *)()
1370 }
1371
1372 void* realloc(void* p, size_t oldBytes, size_t newBytes, JSContext *cx = NULL) {
1373 JS_ASSERT(oldBytes < newBytes);
1374 updateMallocCounter(newBytes - oldBytes);
1375 void *p2 = ::js_realloc(p, newBytes);

CID 469139: Resource leaks (RESOURCE_LEAK)
Failing to save or free storage allocated by "this->onOutOfMemory(p, newBytes, cx)" leaks it.

1376 return JS_LIKELY(!!p2) ? p2 : onOutOfMemory(p, newBytes, cx); 1377 }
1378
1379 void* realloc(void* p, size_t bytes, JSContext *cx = NULL) {
1380 /*
1381 * For compatibility we do not account for realloc that increases

** CID 469138: Uninitialized variables (UNINIT)
/getkey.cpp: 354 in sbbs_t::getkeys(const char *, unsigned int, int)()


________________________________________________________________________________________________________
*** CID 469138: Uninitialized variables (UNINIT)
/getkey.cpp: 354 in sbbs_t::getkeys(const char *, unsigned int, int)()
348 attr(LIGHTGRAY);
349 CRLF;
350 }
351 lncntr=0;
352 return(-1);
353 }

CID 469138: Uninitialized variables (UNINIT)
Using uninitialized value "*str" when calling "strchr". [Note: The source code implementation of the function has been overridden by a builtin model.]

354 if(ch && !n && ((keys == NULL && !IS_DIGIT(ch)) || (strchr(str,ch)))) { /* return character if in string */
355 if(ch > ' ') {
356 if(!(mode&K_NOECHO))
357 outchar(ch);
358 if(useron.misc&COLDKEYS) {
359 while(online && !(sys_status&SS_ABORT)) {

** CID 469137: Concurrent data access violations (MISSING_LOCK) /tmp/sbbs-Nov-22-2023/3rdp/src/mozjs/js-1.8.5/js/src/ctypes/libffi/src/dlmalloc.c: 3549 in sys_alloc()


________________________________________________________________________________________________________
*** CID 469137: Concurrent data access violations (MISSING_LOCK) /tmp/sbbs-Nov-22-2023/3rdp/src/mozjs/js-1.8.5/js/src/ctypes/libffi/src/dlmalloc.c: 3549 in sys_alloc()
3543 m->max_footprint = m->footprint;
3544
3545 if (!is_initialized(m)) { /* first-time initialization */
3546 m->seg.base = m->least_addr = tbase;
3547 m->seg.size = tsize;
3548 set_segment_flags(&m->seg, mmap_flag);

CID 469137: Concurrent data access violations (MISSING_LOCK)
Accessing "mparams.magic" without holding lock "magic_init_mutex". Elsewhere, "malloc_params.magic" is written to with "magic_init_mutex" held 1 out of 1 times.

3549 m->magic = mparams.magic;
3550 init_bins(m);
3551 if (is_global(m))
3552 init_top(m, (mchunkptr)tbase, tsize - TOP_FOOT_SIZE);
3553 else {
3554 /* Offset top by embedded malloc_state */

** CID 469136: Program hangs (LOCK)
/js_console.cpp: 2175 in js_lock_input(JSContext *, unsigned int, unsigned long *)()


________________________________________________________________________________________________________
*** CID 469136: Program hangs (LOCK)
/js_console.cpp: 2175 in js_lock_input(JSContext *, unsigned int, unsigned long *)()
2169 pthread_mutex_lock(&sbbs->input_thread_mutex);
2170 } else {
2171 pthread_mutex_unlock(&sbbs->input_thread_mutex);
2172 }
2173 JS_RESUMEREQUEST(cx, rc);
2174

CID 469136: Program hangs (LOCK)
Returning without unlocking "sbbs->input_thread_mutex".

2175 return(JS_TRUE);
2176 }
2177
2178 static JSBool
2179 js_telnet_cmd(JSContext *cx, uintN argc, jsval *arglist)
2180 {

** CID 469135: Concurrent data access violations (MISSING_LOCK)
/js_rtpool.c: 35 in jsrt_GetNew()


________________________________________________________________________________________________________
*** CID 469135: Concurrent data access violations (MISSING_LOCK) /js_rtpool.c: 35 in jsrt_GetNew()
29 {
30 JSRuntime *ret;
31
32 if(!initialized) {
33 initialized=TRUE;
34 pthread_mutex_init(&jsrt_mutex, NULL);

CID 469135: Concurrent data access violations (MISSING_LOCK)
Accessing "rt_list" without holding lock "jsrt_mutex". Elsewhere, "rt_list" is written to with "jsrt_mutex" held 4 out of 5 times.

35 listInit(&rt_list, 0);
36 _beginthread(trigger_thread, TRIGGER_THREAD_STACK_SIZE, NULL); 37 }
38 pthread_mutex_lock(&jsrt_mutex);
39 ret=JS_NewRuntime(maxbytes);
40 listPushNode(&rt_list, ret);

** CID 469134: Program hangs (LOCK)
/writemsg.cpp: 1274 in sbbs_t::editfile(char *, unsigned int)()


________________________________________________________________________________________________________
*** CID 469134: Program hangs (LOCK)
/writemsg.cpp: 1274 in sbbs_t::editfile(char *, unsigned int)()
1268 if(cfg.xedit[useron_xedit-1]->misc&WWIVCOLOR) 1269 mode|=EX_WWIV;
1270 }
1271 CLS;
1272 rioctl(IOCM|PAUSE|ABORT);
1273 if(external(cmdstr(cfg.xedit[useron_xedit-1]->rcmd,msgtmp,nulstr,NULL,mode), mode, cfg.node_dir)!=0)

CID 469134: Program hangs (LOCK)
Returning without unlocking "this->input_thread_mutex".

1274 return false;
1275 l=process_edited_file(msgtmp, path, /* mode: */WM_EDIT, &lines,maxlines);
1276 if(l>0) {
1277 SAFEPRINTF3(str,"created or edited file: %s (%ld bytes, %u lines)"
1278 ,path, l, lines);
1279 logline(LOG_NOTICE,nulstr,str);

** CID 469133: Memory - corruptions (OVERRUN)


________________________________________________________________________________________________________
*** CID 469133: Memory - corruptions (OVERRUN) /tmp/sbbs-Nov-22-2023/3rdp/src/mozjs/js-1.8.5/js/src/jsobjinlines.h: 952 in js::NewNativeClassInstance(JSContext *, js::Class *, JSObject *, JSObject *)()
946 }
947
948 static inline JSObject *
949 NewNativeClassInstance(JSContext *cx, Class *clasp, JSObject *proto, JSObject *parent)
950 {
951 gc::FinalizeKind kind = gc::GetGCObjectKind(JSCLASS_RESERVED_SLOTS(clasp));

CID 469133: Memory - corruptions (OVERRUN)
Overrunning callee's array of size 11 by passing argument "kind" (which evaluates to 11) in call to "NewNativeClassInstance".

952 return NewNativeClassInstance(cx, clasp, proto, parent, kind);
953 }
954
955 bool
956 FindClassPrototype(JSContext *cx, JSObject *scope, JSProtoKey protoKey, JSObject **protop,
957 Class *clasp);

** CID 469132: Concurrent data access violations (MISSING_LOCK) /tmp/sbbs-Nov-22-2023/src/conio/sdl_con.c: 692 in sdl_add_key()


________________________________________________________________________________________________________
*** CID 469132: Concurrent data access violations (MISSING_LOCK) /tmp/sbbs-Nov-22-2023/src/conio/sdl_con.c: 692 in sdl_add_key()
686 static void sdl_add_key(unsigned int keyval, struct video_stats *vs) 687 {
688 if(keyval==0xa600 && vs != NULL) {
689 fullscreen=!fullscreen;
690 cio_api.mode=fullscreen?CIOLIB_MODE_SDL_FULLSCREEN:CIOLIB_MODE_SDL;
691 update_cvstat(vs);

CID 469132: Concurrent data access violations (MISSING_LOCK)
Accessing "win" without holding lock "win_mutex". Elsewhere, "win" is written to with "win_mutex" held 1 out of 1 times.

692 sdl.SetWindowFullscreen(win, fullscreen ? SDL_WINDOW_FULLSCREEN_DESKTOP : 0);
693 if (!fullscreen) {
694 int w, h;
695
696 // Get current window size
697 sdl.GetWindowSize(win, &w, &h);

** CID 469131: Concurrent data access violations (MISSING_LOCK)
/exec.cpp: 848 in sbbs_t::skipto(csi_t *, unsigned char)()


________________________________________________________________________________________________________
*** CID 469131: Concurrent data access violations (MISSING_LOCK)
/exec.cpp: 848 in sbbs_t::skipto(csi_t *, unsigned char)()
842 /* Skcsi->ip to a specific instruction */
843 /****************************************************************************/
844 void sbbs_t::skipto(csi_t *csi, uchar inst)
845 {
846 int i,j;
847

CID 469131: Concurrent data access violations (MISSING_LOCK)
Accessing "csi->cs" without holding lock "sbbs_t.input_thread_mutex". Elsewhere, "csi_t.cs" is written to with "sbbs_t.input_thread_mutex" held 3 out of 3 times.

848 while(csi->ip<csi->cs+csi->length && ((inst&0x80) || *csi->ip!=inst)) {
849
850 if(*csi->ip==CS_IF_TRUE || *csi->ip==CS_IF_FALSE
851 || (*csi->ip>=CS_IF_GREATER && *csi->ip<=CS_IF_LESS_OR_EQUAL)) {
852 csi->ip++;
853 skipto(csi,CS_ENDIF);

** CID 469130: Program hangs (LOCK)
/writemsg.cpp: 628 in sbbs_t::writemsg(const char *, const char *, char *, int, int, const char *, const char *, const char **, const char **)()


________________________________________________________________________________________________________
*** CID 469130: Program hangs (LOCK)
/writemsg.cpp: 628 in sbbs_t::writemsg(const char *, const char *, char *, int, int, const char *, const char *, const char **, const char **)()
622 lprintf(LOG_ERR, "ERROR %d (%s) saving draft message: %s", errno, strerror(errno), draft);
623 }
624
625 if(result != EXIT_SUCCESS || !fexistcase(msgtmp) || !online
626 || (linesquoted && qlen==flength(msgtmp) && qtime==fdate(msgtmp))) {
627 free(buf);

CID 469130: Program hangs (LOCK)
Returning without unlocking "this->input_thread_mutex".

628 return(false);
629 }
630 SAFEPRINTF(str,"%sRESULT.ED",cfg.node_dir);
631 if(!(mode&(WM_EXTDESC|WM_FILE))
632 && fexistcase(str)) {
633 if((fp=fopen(str,"r")) != NULL) {

** CID 469129: Data race undermines locking (LOCK_EVASION)
/main.cpp: 3908 in sbbs_t::hangup()()


________________________________________________________________________________________________________
*** CID 469129: Data race undermines locking (LOCK_EVASION)
/main.cpp: 3908 in sbbs_t::hangup()()
3902 if(client_socket!=INVALID_SOCKET) {
3903 mswait(1000); /* Give socket output buffer time to flush */
3904 client_off(client_socket);
3905 if(ssh_mode) {
3906 pthread_mutex_lock(&ssh_mutex);
3907 ssh_session_destroy(client_socket, ssh_session, __LINE__);

CID 469129: Data race undermines locking (LOCK_EVASION)
Thread1 sets "ssh_mode" to a new value. Now the two threads have an inconsistent view of "ssh_mode" and updates to fields correlated with "ssh_mode" may be lost.

3908 ssh_mode = false;
3909 pthread_mutex_unlock(&ssh_mutex);
3910 }
3911 close_socket(client_socket);
3912 client_socket=INVALID_SOCKET;
3913 }

** CID 469128: Code maintainability issues (UNUSED_VALUE)
/scfg/scfgchat.c: 716 in guru_cfg()


________________________________________________________________________________________________________
*** CID 469128: Code maintainability issues (UNUSED_VALUE)
/scfg/scfgchat.c: 716 in guru_cfg()
710 *cfg.guru[i]=savguru;
711 uifc.changes=1;
712 continue;
713 }
714 if (msk != 0)
715 continue;

CID 469128: Code maintainability issues (UNUSED_VALUE)
Assigning value "0" to "j" here, but that stored value is overwritten before it can be used.

716 j=0;
717 done=0;
718 while(!done) {
719 k=0;
720 snprintf(opt[k++],MAX_OPLN,"%-27.27s%s","Guru Name",cfg.guru[i]->name);
721 snprintf(opt[k++],MAX_OPLN,"%-27.27s%s","Guru Internal Code",cfg.guru[i]->code);

** CID 469127: Code maintainability issues (UNUSED_VALUE)
/scfg/scfgchat.c: 873 in actsets_cfg()


________________________________________________________________________________________________________
*** CID 469127: Code maintainability issues (UNUSED_VALUE)
/scfg/scfgchat.c: 873 in actsets_cfg()
867 uifc.changes=1;
868 continue;
869 }
870 if (msk != 0)
871 continue;
872

CID 469127: Code maintainability issues (UNUSED_VALUE)
Assigning value "0" to "j" here, but that stored value is overwritten before it can be used.

873 j=0;
874 done=0;
875 while(!done) {
876 k=0;
877 snprintf(opt[k++],MAX_OPLN,"%-27.27s%s","Action Set Name",cfg.actset[i]->name);
878 snprintf(opt[k++],MAX_OPLN,"%-27.27s","Configure Chat Actions...");

** CID 469126: Data race undermines locking (LOCK_EVASION) /tmp/sbbs-Nov-22-2023/src/conio/sdl_con.c: 1196 in sdl_video_event_thread()


________________________________________________________________________________________________________
*** CID 469126: Data race undermines locking (LOCK_EVASION) /tmp/sbbs-Nov-22-2023/src/conio/sdl_con.c: 1196 in sdl_video_event_thread() 1190 break;
1191 case SDL_USEREVENT_INIT:
1192 if(!sdl_init_good) { 1193 if(sdl.WasInit(SDL_INIT_VIDEO)==SDL_INIT_VIDEO) {
1194 pthread_mutex_lock(&win_mutex);
1195 _beginthread(sdl_mouse_thread, 0, NULL);

CID 469126: Data race undermines locking (LOCK_EVASION)
Thread1 sets "sdl_init_good" to a new value. Now the two threads have an inconsistent view of "sdl_init_good" and updates to fields correlated with "sdl_init_good" may be lost.

1196 sdl_init_good=1;
1197 pthread_mutex_unlock(&win_mutex);
1198 }
1199 }
1200 sdl_ufunc_retval=0; 1201 sem_post(&sdl_ufunc_ret);

** CID 469125: Program hangs (LOCK)
/js_console.cpp: 2149 in js_do_lock_input()


________________________________________________________________________________________________________
*** CID 469125: Program hangs (LOCK)
/js_console.cpp: 2149 in js_do_lock_input()
2143
2144 if(lock) {
2145 pthread_mutex_lock(&sbbs->input_thread_mutex);
2146 } else {
2147 pthread_mutex_unlock(&sbbs->input_thread_mutex);
2148 }

CID 469125: Program hangs (LOCK)
Returning without unlocking "sbbs->input_thread_mutex".

2149 }
2150
2151 static JSBool
2152 js_lock_input(JSContext *cx, uintN argc, jsval *arglist)
2153 {
2154 jsval *argv=JS_ARGV(cx, arglist);

** CID 469124: Resource leaks (RESOURCE_LEAK) /tmp/sbbs-Nov-22-2023/3rdp/src/mozjs/js-1.8.5/js/src/jscntxt.h: 1387 in JSRuntime::realloc(void *, unsigned long, JSContext *)()


________________________________________________________________________________________________________
*** CID 469124: Resource leaks (RESOURCE_LEAK) /tmp/sbbs-Nov-22-2023/3rdp/src/mozjs/js-1.8.5/js/src/jscntxt.h: 1387 in JSRuntime::realloc(void *, unsigned long, JSContext *)()
1381 * For compatibility we do not account for realloc that increases
1382 * previously allocated memory.
1383 */
1384 if (!p)
1385 updateMallocCounter(bytes);
1386 void *p2 = ::js_realloc(p, bytes);

CID 469124: Resource leaks (RESOURCE_LEAK)
Failing to save or free storage allocated by "this->onOutOfMemory(p, bytes, cx)" leaks it.

1387 return JS_LIKELY(!!p2) ? p2 : onOutOfMemory(p, bytes, cx); 1388 }
1389
1390 void free(void* p) { ::js_free(p); }
1391
1392 bool isGCMallocLimitReached() const { return gcMallocBytes <= 0; }

** CID 469123: Memory - corruptions (USE_AFTER_FREE) /tmp/sbbs-Nov-22-2023/3rdp/src/mozjs/js-1.8.5/js/src/ctypes/libffi/src/dlmalloc.c: 3642 in release_unused_segments()


________________________________________________________________________________________________________
*** CID 469123: Memory - corruptions (USE_AFTER_FREE) /tmp/sbbs-Nov-22-2023/3rdp/src/mozjs/js-1.8.5/js/src/ctypes/libffi/src/dlmalloc.c: 3642 in release_unused_segments()
3636 m->footprint -= size;
3637 /* unlink obsoleted record */
3638 sp = pred;
3639 sp->next = next;
3640 }
3641 else { /* back out if cannot unmap */

CID 469123: Memory - corruptions (USE_AFTER_FREE)
Dereferencing freed pointer "tp".

3642 insert_large_chunk(m, tp, psize);
3643 }
3644 }
3645 }
3646 pred = sp;
3647 sp = next;

** CID 469122: Concurrent data access violations (MISSING_LOCK) /tmp/sbbs-Nov-22-2023/src/conio/bitmap_con.c: 1945 in bitmap_drv_init()


________________________________________________________________________________________________________
*** CID 469122: Concurrent data access violations (MISSING_LOCK) /tmp/sbbs-Nov-22-2023/src/conio/bitmap_con.c: 1945 in bitmap_drv_init()
1939 }
1940 pthread_mutex_unlock(&screenlock);
1941 pthread_mutex_unlock(&vstatlock);
1942
1943 callbacks.drawrect=drawrect_cb;
1944 callbacks.flush=flush_cb;

CID 469122: Concurrent data access violations (MISSING_LOCK)
Accessing "callbacks.rects" without holding lock "bitmap_callbacks.lock". Elsewhere, "bitmap_callbacks.rects" is written to with "bitmap_callbacks.lock" held 2 out of 3 times.

1945 callbacks.rects = 0;
1946 bitmap_initialized=1;
1947 _beginthread(blinker_thread,0,NULL);
1948
1949 return(0);
1950 }


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yp-2FP9gGRhvFklLaQKuBylUrkMFB3WMR2p7qIYKYTZrh4E6fW2ok94RcmG1J20ETIf4-3DezJc_g4j7BHlu96plUOfCQsO0yRjoWZCZl8YGnZ-2FUtT39hrDT3F0wM8qs717Yj7QnFBvYyAUS7vXZd5Pzj9EaE-2FCuUUR9NEokXV0L9QGkQnwKG-2F4JnYcm1wvoWK2grpdczQI6n7wuX-2Bi09RPQD8-2Fo5FYqgA3L383Nxk-2F3tA3xct0exbA8dNWXjcBJFMBco67mM0qFopWSHsWYNweS2rfwVJx4JQ-3D-3D



---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

1 new defect(s) introduced to Synchronet found with Coverity Scan.
11 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 1 of 1 defect(s)


** CID 469167: (SLEEP)


________________________________________________________________________________________________________
*** CID 469167: (SLEEP)
/main.cpp: 2494 in output_thread(void *)()
2488 */
2489 size_t sendbytes = buftop-bufbot;
2490 if (sendbytes > 0x2000)
2491 sendbytes = 0x2000;
2492 if(cryptStatusError((err=cryptPushData(sbbs->ssh_session, (char*)buf+bufbot, buftop-bufbot, &i)))) {
2493 /* Handle the SSH error here... */

CID 469167: (SLEEP)
Call to "lprintf" might sleep while holding lock "sbbs->ssh_mutex". 2494 GCESSTR(err, node, sbbs->ssh_session, "pushing data");

2495 ssh_errors++;
2496 sbbs->online=FALSE;
2497 i=buftop-bufbot; // Pretend we sent it all
2498 }
2499 else {
/main.cpp: 2479 in output_thread(void *)()
2473 }
2474 if(!sbbs->ssh_mode) {
2475 pthread_mutex_unlock(&sbbs->ssh_mutex); 2476 continue;
2477 }
2478 if (cryptStatusError((err=cryptSetAttribute(sbbs->ssh_session, CRYPT_SESSINFO_SSH_CHANNEL, sbbs->session_channel)))) {

CID 469167: (SLEEP)
Call to "lprintf" might sleep while holding lock "sbbs->ssh_mutex". 2479 GCESSTR(err, node, sbbs->ssh_session, "setting channel");

2480 ssh_errors++;
2481 sbbs->online=FALSE;
2482 i=buftop-bufbot; // Pretend we sent it all
2483 }
2484 else {


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yp-2FP9gGRhvFklLaQKuBylUrkMFB3WMR2p7qIYKYTZrh4E6fW2ok94RcmG1J20ETIf4-3D5OUN_g4j7BHlu96plUOfCQsO0yRjoWZCZl8YGnZ-2FUtT39hrAWre6lEuRZshFB9v23oRHfb6cJViSmU6jeWo6H6qjr2TD-2FKFU3E7Wk43r5o6gE3xpEUu2LCxXDEO7eIcPPMxFL1Nq6AhOVschJGcr-2Bj9V3IL2-2BV5MIEfM79IRScL2ukizExtyrX8BpZAnSaCd3CJdrnZtJg68NUadTHcpkaQqA0A-3D-3D



---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

5 new defect(s) introduced to Synchronet found with Coverity Scan.
5 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 5 of 5 defect(s)


** CID 470390: Program hangs (LOCK)
/viewfile.cpp: 111 in sbbs_t::viewfile(const char *)()


________________________________________________________________________________________________________
*** CID 470390: Program hangs (LOCK)
/viewfile.cpp: 111 in sbbs_t::viewfile(const char *)()
105 if(i >= cfg.total_fviews) {
106 bprintf(text[NonviewableFile], getfname(path));
107 return false;
108 }
109 if((i=external(cmdstr(viewcmd, path, path, NULL), EX_STDIO|EX_SH))!=0) {
110 errormsg(WHERE,ERR_EXEC,viewcmd,i); /* must have EX_SH to ^C */

CID 470390: Program hangs (LOCK)
Returning without unlocking "this->input_thread_mutex".

111 return false;
112 }
113 return true;
114 }
115
116 /****************************************************************************/

** CID 470389: (SLEEP)


________________________________________________________________________________________________________
*** CID 470389: (SLEEP)
/upload.cpp: 84 in sbbs_t::uploadfile(smbmsg_t *)()
78 safe_snprintf(str,sizeof(str),"attempted to upload %s to %s %s (%s error code %d)"
79 ,f->name
80 ,cfg.lib[cfg.dir[f->dir]->lib]->sname,cfg.dir[f->dir]->sname,cfg.ftest[i]->ext
81 ,result);
82 logline(LOG_NOTICE,"U!",str);
83 bprintf(text[FileHadErrors],f->name,cfg.ftest[i]->ext);

CID 470389: (SLEEP)
Call to "yesno" might sleep while holding lock "this->input_thread_mutex".

84 if(!SYSOP || yesno(text[DeleteFileQ]))
85 remove(path);
86 return false;
87 }
88 SAFEPRINTF(str,"%ssbbsfile.nam",cfg.node_dir);
89 if((stream=fopen(str,"r"))!=NULL) {
/upload.cpp: 76 in sbbs_t::uploadfile(smbmsg_t *)()
70 if(f->desc != NULL)
71 fprintf(stream, "%s", f->desc);
72 fclose(stream);
73 }
74 // Note: str (%s) is path/to/sbbsfile.des (used to be the description itself)
75 int result = external(cmdstr(cfg.ftest[i]->cmd, path, str, NULL), EX_OFFLINE);

CID 470389: (SLEEP)
Call to "clearline" might sleep while holding lock "this->input_thread_mutex".

76 clearline();
77 if(result != 0) {
78 safe_snprintf(str,sizeof(str),"attempted to upload %s to %s %s (%s error code %d)"
79 ,f->name
80 ,cfg.lib[cfg.dir[f->dir]->lib]->sname,cfg.dir[f->dir]->sname,cfg.ftest[i]->ext
81 ,result);

** CID 470388: Program hangs (SLEEP)


________________________________________________________________________________________________________
*** CID 470388: Program hangs (SLEEP)
/inkey.cpp: 203 in sbbs_t::handle_ctrlkey(char, int)()
197 }
198 js_execfile(cmdstr(cfg.hotkey[i]->cmd+1,nulstr,nulstr,tmp), /* startup_dir: */NULL, /* scope: */js_hotkey_glob, js_hotkey_cx, js_hotkey_glob);
199 } else
200 external(cmdstr(cfg.hotkey[i]->cmd,nulstr,nulstr,tmp),0);
201 if(!(sys_status&SS_SPLITP)) {
202 CRLF;

CID 470388: Program hangs (SLEEP)
Call to "restoreline" might sleep while holding lock "this->input_thread_mutex".

203 restoreline();
204 }
205 lncntr=0;
206 hotkey_inside &= ~(1<<ch);
207 return(0);
208 }

** CID 470387: Program hangs (LOCK)
/chat.cpp: 654 in sbbs_t::sysop_page()()


________________________________________________________________________________________________________
*** CID 470387: Program hangs (LOCK)
/chat.cpp: 654 in sbbs_t::sysop_page()()
648 ,sys_status&SS_SYSPAGE ? text[On] : text[Off]);
649 nosound();
650 }
651 if(!(sys_status&SS_SYSPAGE))
652 remove(syspage_semfile);
653

CID 470387: Program hangs (LOCK)
Returning without unlocking "this->input_thread_mutex".

654 return(true);
655 }
656
657 bprintf(text[SysopIsNotAvailable],cfg.sys_op);
658
659 return(false);

** CID 470386: Program hangs (LOCK)
/upload.cpp: 86 in sbbs_t::uploadfile(smbmsg_t *)()


________________________________________________________________________________________________________
*** CID 470386: Program hangs (LOCK)
/upload.cpp: 86 in sbbs_t::uploadfile(smbmsg_t *)()
80 ,cfg.lib[cfg.dir[f->dir]->lib]->sname,cfg.dir[f->dir]->sname,cfg.ftest[i]->ext
81 ,result);
82 logline(LOG_NOTICE,"U!",str);
83 bprintf(text[FileHadErrors],f->name,cfg.ftest[i]->ext);
84 if(!SYSOP || yesno(text[DeleteFileQ]))
85 remove(path);

CID 470386: Program hangs (LOCK)
Returning without unlocking "this->input_thread_mutex".

86 return false;
87 }
88 SAFEPRINTF(str,"%ssbbsfile.nam",cfg.node_dir);
89 if((stream=fopen(str,"r"))!=NULL) {
90 if(fgets(str, sizeof(str), stream)) {
91 truncsp(str);


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yp-2FP9gGRhvFklLaQKuBylUrkMFB3WMR2p7qIYKYTZrh4E6fW2ok94RcmG1J20ETIf4-3DH5pk_g4j7BHlu96plUOfCQsO0yRjoWZCZl8YGnZ-2FUtT39hrA21pPFXGEfXQOHUavDSOcBiYGiM9SWkNBClk7lfGbusFiEUl9SxTFTJ4pQ4-2BlyM1UpLT55ROOl-2F1zOiBksbquFQPYPy5IMrVblt0Rt7EqhjGmGGXslDjsDDEmF37IS-2FgX2UOIpLYk00zJWe4Ps-2Bw7o9YA3yT5trQhVa4wKyo5Ljw-3D-3D



---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

1 new defect(s) introduced to Synchronet found with Coverity Scan.


New defect(s) Reported-by: Coverity Scan
Showing 1 of 1 defect(s)


** CID 470457: Incorrect expression (SIZEOF_MISMATCH)
/umonitor/chat.c: 201 in chat()


________________________________________________________________________________________________________
*** CID 470457: Incorrect expression (SIZEOF_MISMATCH)
/umonitor/chat.c: 201 in chat()
195 in=-1;
196 }
197
198 utime(inpath,NULL);
199 _setcursortype(_NORMALCURSOR);
200 while(1) {

CID 470457: Incorrect expression (SIZEOF_MISMATCH)
Passing argument "&ch" of type "int *" and argument "1UL" to function "read" is suspicious because "sizeof (int) /*4*/" is expected.

201 switch(read(in,&ch,1)) {
202 case -1:
203 close(in);
204 in=-1;
205 break;
206


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yp-2FP9gGRhvFklLaQKuBylUrkMFB3WMR2p7qIYKYTZrh4E6fW2ok94RcmG1J20ETIf4-3Dn7r8_g4j7BHlu96plUOfCQsO0yRjoWZCZl8YGnZ-2FUtT39hrC64hJyXzK3aRg-2FOh461xBPdPC3vMQG8wDm6SWRjPpByDWCbozrDoO3h7iN9haQ83FqvIEsneqqmYW1iHtvLfyFr9U7fTJVs-2FgzA-2B3NTVwG-2FkEOdCKTFxrJHyVvcaeKfjx-2FNRzmWtNl3SJh8ILqS8rD31VNGhVX-2F4wDJ-2F-2FhL0JK9w-3D-3D



---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

5 new defect(s) introduced to Synchronet found with Coverity Scan.
6 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 5 of 5 defect(s)


** CID 470557: Resource leaks (RESOURCE_LEAK)
/mailsrvr.c: 3122 in smtp_client_thread()


________________________________________________________________________________________________________
*** CID 470557: Resource leaks (RESOURCE_LEAK)
/mailsrvr.c: 3122 in smtp_client_thread()
3116 }
3117
3118 BOOL* mailproc_to_match = calloc(sizeof(*mailproc_to_match), mailproc_count);
3119 if(mailproc_to_match == NULL) {
3120 lprintf(LOG_CRIT,"%04d %s !ERROR allocating memory for mailproc_to_match", socket, client.protocol);
3121 sockprintf(socket,client.protocol,session,smtp_error, "malloc failure");

CID 470557: Resource leaks (RESOURCE_LEAK)
Variable "spy" going out of scope leaks the storage it points to.

3122 return false;
3123 }
3124
3125 /* SMTP session active: */
3126
3127 sockprintf(socket,client.protocol,session,"220 %s Synchronet %s Server %s%c-%s Ready"

** CID 470556: (DC.WEAK_CRYPTO)
/mailsrvr.c: 1157 in pop3_client_thread()
/mailsrvr.c: 1159 in pop3_client_thread()


________________________________________________________________________________________________________
*** CID 470556: (DC.WEAK_CRYPTO)
/mailsrvr.c: 1157 in pop3_client_thread()
1151 memset(&smb,0,sizeof(smb));
1152 memset(&msg,0,sizeof(msg));
1153 memset(&user,0,sizeof(user));
1154 password[0]=0;
1155
1156 srand((unsigned int)(time(NULL) ^ (time_t)GetCurrentThreadId())); /* seed random number generator */

CID 470556: (DC.WEAK_CRYPTO)
"rand" should not be used for security-related applications, because linear congruential algorithms are too easy to break.

1157 rand(); /* throw-away first result */
1158 safe_snprintf(challenge,sizeof(challenge),"<%x%x%lx%lx@%.128s>"
1159 ,rand(),socket,(ulong)time(NULL),(ulong)clock(), server_host_name());
1160
1161 sockprintf(socket,client.protocol,session,"+OK Synchronet %s Server %s%c-%s Ready %s"
1162 ,client.protocol, VERSION, REVISION, PLATFORM_DESC, challenge);
/mailsrvr.c: 1159 in pop3_client_thread()
1153 memset(&user,0,sizeof(user));
1154 password[0]=0;
1155
1156 srand((unsigned int)(time(NULL) ^ (time_t)GetCurrentThreadId())); /* seed random number generator */
1157 rand(); /* throw-away first result */
1158 safe_snprintf(challenge,sizeof(challenge),"<%x%x%lx%lx@%.128s>"

CID 470556: (DC.WEAK_CRYPTO)
"rand" should not be used for security-related applications, because linear congruential algorithms are too easy to break.

1159 ,rand(),socket,(ulong)time(NULL),(ulong)clock(), server_host_name());
1160
1161 sockprintf(socket,client.protocol,session,"+OK Synchronet %s Server %s%c-%s Ready %s"
1162 ,client.protocol, VERSION, REVISION, PLATFORM_DESC, challenge);
1163
1164 /* Requires USER or APOP command first */

** CID 470555: Error handling issues (CHECKED_RETURN)
/mailsrvr.c: 1089 in pop3_client_thread()


________________________________________________________________________________________________________
*** CID 470555: Error handling issues (CHECKED_RETURN)
/mailsrvr.c: 1089 in pop3_client_thread()
1083 if ((stat=cryptSetAttribute(session, CRYPT_SESSINFO_PRIVATEKEY, scfg.tls_certificate)) != CRYPT_OK) {
1084 unlock_ssl_cert();
1085 GCESH(stat, client.protocol, socket, host_ip, session, "setting private key");
1086 return false;
1087 }
1088 nodelay = TRUE;

CID 470555: Error handling issues (CHECKED_RETURN)
Calling "setsockopt(socket, IPPROTO_TCP, 1, (char *)&nodelay, 4U)" without checking return value. This library function may fail and return an error code.

1089 setsockopt(socket,IPPROTO_TCP,TCP_NODELAY,(char*)&nodelay,sizeof(nodelay));
1090 nb=0;
1091 ioctlsocket(socket,FIONBIO,&nb);
1092 if ((stat = cryptSetAttribute(session, CRYPT_SESSINFO_NETWORKSOCKET, socket)) != CRYPT_OK) {
1093 unlock_ssl_cert();
1094 GCESH(stat, client.protocol, socket, host_ip, session, "setting session socket");

** CID 470554: Resource leaks (RESOURCE_LEAK)
/mailsrvr.c: 3122 in smtp_client_thread()


________________________________________________________________________________________________________
*** CID 470554: Resource leaks (RESOURCE_LEAK)
/mailsrvr.c: 3122 in smtp_client_thread()
3116 }
3117
3118 BOOL* mailproc_to_match = calloc(sizeof(*mailproc_to_match), mailproc_count);
3119 if(mailproc_to_match == NULL) {
3120 lprintf(LOG_CRIT,"%04d %s !ERROR allocating memory for mailproc_to_match", socket, client.protocol);
3121 sockprintf(socket,client.protocol,session,smtp_error, "malloc failure");

CID 470554: Resource leaks (RESOURCE_LEAK)
Variable "rcptlst" going out of scope leaks the storage it points to. 3122 return false;

3123 }
3124
3125 /* SMTP session active: */
3126
3127 sockprintf(socket,client.protocol,session,"220 %s Synchronet %s Server %s%c-%s Ready"

** CID 470553: (DC.WEAK_CRYPTO)
/mailsrvr.c: 4204 in smtp_client_thread()
/mailsrvr.c: 3078 in smtp_client_thread()
/mailsrvr.c: 3079 in smtp_client_thread()


________________________________________________________________________________________________________
*** CID 470553: (DC.WEAK_CRYPTO)
/mailsrvr.c: 4204 in smtp_client_thread()
4198 }
4199 if(!stricmp(buf,"AUTH CRAM-MD5")) {
4200 ZERO_VAR(relay_user);
4201 listRemoveTaggedNode(&current_logins, socket, /* free_data */TRUE);
4202
4203 safe_snprintf(challenge,sizeof(challenge),"<%x%x%lx%lx@%s>"

CID 470553: (DC.WEAK_CRYPTO)
"rand" should not be used for security-related applications, because linear congruential algorithms are too easy to break.

4204 ,rand(),socket,(ulong)time(NULL),(ulong)clock(),server_host_name());
4205 #if 0
4206 lprintf(LOG_DEBUG,"%04d SMTP CRAM-MD5 challenge: %s"
4207 ,socket,challenge);
4208 #endif
4209 b64_encode(str,sizeof(str),challenge,strlen(challenge));
/mailsrvr.c: 3078 in smtp_client_thread()
3072 }
3073 SAFEPRINTF(spam.file,"%sspam",scfg.data_dir);
3074 spam.retry_time=scfg.smb_retry_time;
3075 spam.subnum=INVALID_SUB;
3076
3077 srand((unsigned int)(time(NULL) ^ (time_t)GetCurrentThreadId())); /* seed random number generator */

CID 470553: (DC.WEAK_CRYPTO)
"rand" should not be used for security-related applications, because linear congruential algorithms are too easy to break.

3078 rand(); /* throw-away first result */
3079 SAFEPRINTF4(session_id,"%x%x%x%lx",getpid(),socket,rand(),(long)clock());
3080 lprintf(LOG_DEBUG,"%04d %s [%s] Session ID=%s", socket, client.protocol, host_ip, session_id);
3081 SAFEPRINTF3(msgtxt_fname,"%sSBBS_%s.%s.msg", scfg.temp_dir, client.protocol, session_id);
3082 SAFEPRINTF3(newtxt_fname,"%sSBBS_%s.%s.new", scfg.temp_dir, client.protocol, session_id);
3083 SAFEPRINTF3(logtxt_fname,"%sSBBS_%s.%s.log", scfg.temp_dir, client.protocol, session_id);
/mailsrvr.c: 3079 in smtp_client_thread()
3073 SAFEPRINTF(spam.file,"%sspam",scfg.data_dir);
3074 spam.retry_time=scfg.smb_retry_time;
3075 spam.subnum=INVALID_SUB;
3076
3077 srand((unsigned int)(time(NULL) ^ (time_t)GetCurrentThreadId())); /* seed random number generator */
3078 rand(); /* throw-away first result */

CID 470553: (DC.WEAK_CRYPTO)
"rand" should not be used for security-related applications, because linear congruential algorithms are too easy to break.

3079 SAFEPRINTF4(session_id,"%x%x%x%lx",getpid(),socket,rand(),(long)clock());
3080 lprintf(LOG_DEBUG,"%04d %s [%s] Session ID=%s", socket, client.protocol, host_ip, session_id);
3081 SAFEPRINTF3(msgtxt_fname,"%sSBBS_%s.%s.msg", scfg.temp_dir, client.protocol, session_id);
3082 SAFEPRINTF3(newtxt_fname,"%sSBBS_%s.%s.new", scfg.temp_dir, client.protocol, session_id);
3083 SAFEPRINTF3(logtxt_fname,"%sSBBS_%s.%s.log", scfg.temp_dir, client.protocol, session_id);
3084 SAFEPRINTF3(rcptlst_fname,"%sSBBS_%s.%s.lst", scfg.temp_dir, client.protocol, session_id);


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yp-2FP9gGRhvFklLaQKuBylUrkMFB3WMR2p7qIYKYTZrh4E6fW2ok94RcmG1J20ETIf4-3DMQd3_g4j7BHlu96plUOfCQsO0yRjoWZCZl8YGnZ-2FUtT39hrCHTmGHVnVaZLqSbII6djd5LCfNN4WsVVM-2FraC40TFEmwnFiU15BSJwMmbqsO51yAB8H1Xj6zJDPHok6MSfH6DLipAvEvqiECGEj92Ja08CPuUfomEyNGrm6oICWjy04z9LEXD-2FV3t10gYjDHAgXUzBxC2US2YfoE3y-2FXo4-2F5AMeg-3D-3D



---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

1 new defect(s) introduced to Synchronet found with Coverity Scan.


New defect(s) Reported-by: Coverity Scan
Showing 1 of 1 defect(s)


** CID 470929: Error handling issues (CHECKED_RETURN)
/js_system.c: 1474 in js_filter_ip()


________________________________________________________________________________________________________
*** CID 470929: Error handling issues (CHECKED_RETURN)
/js_system.c: 1474 in js_filter_ip()
1468 js_system_private_t* sys;
1469 if((sys = (js_system_private_t*)js_GetClassPrivate(cx,obj,&js_system_class))==NULL)
1470 return JS_FALSE;
1471
1472 for(i=0; i<argc && fname == NULL; i++) {
1473 if(JSVAL_IS_NUMBER(argv[i])) {

CID 470929: Error handling issues (CHECKED_RETURN)
Calling "JS_ValueToInt32" without checking return value (as is done elsewhere 261 out of 293 times).

1474 JS_ValueToInt32(cx, argv[i], &duration);
1475 continue;
1476 }
1477 if(!JSVAL_IS_STRING(argv[i]))
1478 continue;
1479 JSVALUE_TO_MSTRING(cx, argv[i], p, NULL);


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yp-2FP9gGRhvFklLaQKuBylUrkMFB3WMR2p7qIYKYTZrh4E6fW2ok94RcmG1J20ETIf4-3Dx5vI_g4j7BHlu96plUOfCQsO0yRjoWZCZl8YGnZ-2FUtT39hrD-2FFZVvmg9UFbNVSslGQHixwK2gY0JhpVYuBk-2BPEk2wVNUawfpNFUquIquIwrbnMLyXyOL-2Bbdyy88jhCHaZkpnLltM6SvZPalWR8uvzHGJLXvipDKrDTZ6KfbbjJDM-2B9TK-2Bfg-2Bntn7n3JXz8-2BbuvXtlotoQiRFNfFKyqSao3USU5A-3D-3D



---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

1 new defect(s) introduced to Synchronet found with Coverity Scan.
1 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 1 of 1 defect(s)


** CID 471381: Null pointer dereferences (NULL_RETURNS)
/ssl.c: 412 in get_ssl_cert()


________________________________________________________________________________________________________
*** CID 471381: Null pointer dereferences (NULL_RETURNS)
/ssl.c: 412 in get_ssl_cert()
406
407 if(!do_cryptInit())
408 return -1;
409 ssl_sync(cfg);
410 lock_ssl_cert_write();
411 cert_entry = malloc(sizeof(*cert_entry));

CID 471381: Null pointer dereferences (NULL_RETURNS)
Dereferencing "cert_entry", which is known to be "NULL".

412 cert_entry->sess = -1;
413 cert_entry->epoch = cert_epoch;
414 cert_entry->next = NULL;
415
416 /* Get the certificate... first try loading it from a file... */
417 if(cryptStatusOK(cryptKeysetOpen(&ssl_keyset, CRYPT_UNUSED, CRYPT_KEYSET_FILE, cert_path, CRYPT_KEYOPT_READONLY))) {


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yp-2FP9gGRhvFklLaQKuBylUrkMFB3WMR2p7qIYKYTZrh4E6fW2ok94RcmG1J20ETIf4-3DNVYG_g4j7BHlu96plUOfCQsO0yRjoWZCZl8YGnZ-2FUtT39hrAIQBrbLtBWXBu7NOIgqUVW-2FO9u7UhLy-2BFNLgqIU41zpqPfBM73Awa3dQxk3-2F184GO6VUS7KkG6sPhNBuQiQ4Keqf56uFZ5RoDxe4X35uihMatLZZvu1DTj5op2mLHIzl6CugzzedJw-2FjcHjqyoRYDdN5cjuB-2Bi1UXQGnATKvNQkg-3D-3D



---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

1 new defect(s) introduced to Synchronet found with Coverity Scan.
3 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 1 of 1 defect(s)


** CID 471656: Memory - corruptions (OVERRUN)


________________________________________________________________________________________________________
*** CID 471656: Memory - corruptions (OVERRUN) /tmp/sbbs-Dec-26-2023/src/smblib/smbfile.c: 367 in smb_addfile_withlist()
361
362 if(list != NULL && *list != NULL) {
363 size_t size = strListCount(list) * 1024;
364 auxdata = calloc(1, size);
365 if(auxdata == NULL)
366 return SMB_ERR_MEM;

CID 471656: Memory - corruptions (OVERRUN)
Calling "strListCombine" with "auxdata" and "size - 1UL" is suspicious because of the very large index, 18446744073709551615. The index may be due to a negative parameter being interpreted as unsigned.

367 strListCombine(list, auxdata, size - 1, "\r\n");
368 }
369 result = smb_addfile(smb, file, storage, extdesc, auxdata, path);
370 free(auxdata);
371 return result;
372 }


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yp-2FP9gGRhvFklLaQKuBylUrkMFB3WMR2p7qIYKYTZrh4E6fW2ok94RcmG1J20ETIf4-3D2BKI_g4j7BHlu96plUOfCQsO0yRjoWZCZl8YGnZ-2FUtT39hrCT6x0GAlc7xThQfLCGiCZdmR4qZP1NcowX1yNXO3dy1e3iYdu3LqPMf8Ps-2BXyXIS9z1-2BExxr9YuMCEQ-2FkgG8-2FT0EoCNRZOLQUTkkQaenBh-2FjMptDjEjYYaLSTPN90hBdPvbODU2Cx91ZtvmuRMrZszCSUsoWukacGJvvm4ij2thw-3D-3D



---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

2 new defect(s) introduced to Synchronet found with Coverity Scan.
3 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 2 of 2 defect(s)


** CID 476254: (NULL_RETURNS) /tmp/sbbs-Dec-30-2023/3rdp/src/cl/session/ssh2_chn.c: 505 in getChannelAttribute()
/tmp/sbbs-Dec-30-2023/3rdp/src/cl/session/ssh2_chn.c: 517 in getChannelAttribute()
/tmp/sbbs-Dec-30-2023/3rdp/src/cl/session/ssh2_chn.c: 511 in getChannelAttribute()
/tmp/sbbs-Dec-30-2023/3rdp/src/cl/session/ssh2_chn.c: 525 in getChannelAttribute()


________________________________________________________________________________________________________
*** CID 476254: (NULL_RETURNS) /tmp/sbbs-Dec-30-2023/3rdp/src/cl/session/ssh2_chn.c: 505 in getChannelAttribute()
499 if( isNullChannel( channelInfoPtr ) )
500 return( CRYPT_ERROR_NOTFOUND );
501 *value = channelInfoPtr->channelID;
502 return( CRYPT_OK );
503
504 case CRYPT_SESSINFO_SSH_CHANNEL_ACTIVE:

CID 476254: (NULL_RETURNS)
Dereferencing "writeChannelInfoPtr", which is known to be "NULL".

505 if( isNullChannel( writeChannelInfoPtr ) )
506 return( CRYPT_ERROR_NOTFOUND );
507 *value = isActiveChannel( writeChannelInfoPtr ) ? TRUE : FALSE;
508 return( CRYPT_OK );
509
510 case CRYPT_SESSINFO_SSH_CHANNEL_OPEN: /tmp/sbbs-Dec-30-2023/3rdp/src/cl/session/ssh2_chn.c: 517 in getChannelAttribute()
511 if( isNullChannel( writeChannelInfoPtr ) )
512 return( CRYPT_ERROR_NOTFOUND );
513 *value = ( writeChannelInfoPtr->flags & CHANNEL_FLAG_READCLOSED ) ? FALSE : TRUE;
514 return( CRYPT_OK );
515
516 case CRYPT_SESSINFO_SSH_CHANNEL_WIDTH:

CID 476254: (NULL_RETURNS)
Dereferencing "writeChannelInfoPtr", which is known to be "NULL".

517 if( isNullChannel( writeChannelInfoPtr ) )
518 return( CRYPT_ERROR_NOTFOUND );
519 if (writeChannelInfoPtr->width == 0)
520 return CRYPT_ERROR_NOTFOUND;
521 *value = channelInfoPtr->width;
522 return( CRYPT_OK ); /tmp/sbbs-Dec-30-2023/3rdp/src/cl/session/ssh2_chn.c: 511 in getChannelAttribute()
505 if( isNullChannel( writeChannelInfoPtr ) )
506 return( CRYPT_ERROR_NOTFOUND );
507 *value = isActiveChannel( writeChannelInfoPtr ) ? TRUE : FALSE;
508 return( CRYPT_OK );
509
510 case CRYPT_SESSINFO_SSH_CHANNEL_OPEN:

CID 476254: (NULL_RETURNS)
Dereferencing "writeChannelInfoPtr", which is known to be "NULL".

511 if( isNullChannel( writeChannelInfoPtr ) )
512 return( CRYPT_ERROR_NOTFOUND );
513 *value = ( writeChannelInfoPtr->flags & CHANNEL_FLAG_READCLOSED ) ? FALSE : TRUE;
514 return( CRYPT_OK );
515
516 case CRYPT_SESSINFO_SSH_CHANNEL_WIDTH: /tmp/sbbs-Dec-30-2023/3rdp/src/cl/session/ssh2_chn.c: 525 in getChannelAttribute()
519 if (writeChannelInfoPtr->width == 0)
520 return CRYPT_ERROR_NOTFOUND;
521 *value = channelInfoPtr->width;
522 return( CRYPT_OK );
523
524 case CRYPT_SESSINFO_SSH_CHANNEL_HEIGHT:

CID 476254: (NULL_RETURNS)
Dereferencing "writeChannelInfoPtr", which is known to be "NULL".

525 if( isNullChannel( writeChannelInfoPtr ) )
526 return( CRYPT_ERROR_NOTFOUND );
527 if (writeChannelInfoPtr->height == 0)
528 return CRYPT_ERROR_NOTFOUND;
529 *value = channelInfoPtr->height;
530 return( CRYPT_OK );

** CID 476253: Resource leaks (RESOURCE_LEAK)
/jsdebug.c: 335 in script_debug_prompt()


________________________________________________________________________________________________________
*** CID 476253: Resource leaks (RESOURCE_LEAK)
/jsdebug.c: 335 in script_debug_prompt()
329 JS_SetInterrupt(JS_GetRuntime(dbg->cx), finish_handler, NULL);
330 return DEBUG_CONTINUE;
331 }
332 if(strncmp(line, "quit\n", 5)==0 ||
333 strncmp(line, "q\n", 2)==0
334 ) {

CID 476253: Resource leaks (RESOURCE_LEAK)
Variable "line" going out of scope leaks the storage it points to.

335 return (DEBUG_EXIT);
336 }
337 if(strncmp(line, "eval ", 5)==0 ||
338 strncmp(line, "e ", 2)==0
339 ) {
340 jsval ret;


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yp-2FP9gGRhvFklLaQKuBylUrkMFB3WMR2p7qIYKYTZrh4E6fW2ok94RcmG1J20ETIf4-3Dk6EJ_g4j7BHlu96plUOfCQsO0yRjoWZCZl8YGnZ-2FUtT39hrA-2FX8i-2FapdB1BvZRHSxZvnvG9Gt4EGgnMOyOKJdrt0Ow7WO8U9rY3qdLrGQhhG9KhbgCqQ-2BdjF-2FCZbP8g3Gc1r4QsbMjorELhC-2FfCV8hEXjaVc-2BoAqZ2-2FQeAkDjxFrK3m04is-2FE5aOQcl1hrivcYLiwVEHyHlsUWiqdJNrqtFX4OA-3D-3D



---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

1 new defect(s) introduced to Synchronet found with Coverity Scan.


New defect(s) Reported-by: Coverity Scan
Showing 1 of 1 defect(s)


** CID 477525: Error handling issues (CHECKED_RETURN)
/ssl.c: 413 in get_ssl_cert()


________________________________________________________________________________________________________
*** CID 477525: Error handling issues (CHECKED_RETURN)
/ssl.c: 413 in get_ssl_cert()
407 CRYPT_CERTIFICATE ssl_cert;
408 char sysop_email[sizeof(cfg->sys_inetaddr)+6];
409 struct cert_list *cert_entry;
410
411 if(!do_cryptInit(lprintf))
412 return -1;

CID 477525: Error handling issues (CHECKED_RETURN)
Calling "ssl_sync" without checking return value (as is done elsewhere 6 out of 7 times).

413 ssl_sync(cfg, lprintf);
414 lock_ssl_cert_write();
415 cert_entry = malloc(sizeof(*cert_entry));
416 if(cert_entry == NULL) {
417 unlock_ssl_cert_write(lprintf);
418 free(cert_entry);


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yp-2FP9gGRhvFklLaQKuBylUrkMFB3WMR2p7qIYKYTZrh4E6fW2ok94RcmG1J20ETIf4-3DG04V_g4j7BHlu96plUOfCQsO0yRjoWZCZl8YGnZ-2FUtT39hrDEpEnmlDe-2FjbKZ4LOKbSyZqFRJl-2FW97DzLqL9YhzmfB5NVnMDaFqAVAu8sqMXAtM7gluOaLuz78sK9hLjatBB8CSJ6nN9iJHgKoglAvkWzF0D2D3-2FP2KvQ4r0FVsLXVQDobxZi1VHS1fHv1o1JN4QuvSLew5iAWvpjb3EkIuqiHp61IxzA0v1Q4zB-2F2vdQH-2Fs-3D



---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

40 new defect(s) introduced to Synchronet found with Coverity Scan.
65 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 20 of 40 defect(s)


** CID 479110: Program hangs (LOCK)
/pack_qwk.cpp: 753 in sbbs_t::pack_qwk(char *, unsigned int *, bool)()


________________________________________________________________________________________________________
*** CID 479110: Program hangs (LOCK)
/pack_qwk.cpp: 753 in sbbs_t::pack_qwk(char *, unsigned int *, bool)()
747 if(flength(packet) < 1) {
748 remove(packet);
749 if((i = external(cmdstr(temp_cmd(),packet,path,NULL), ex|EX_WILDCARD)) != 0)
750 errormsg(WHERE,ERR_EXEC,cmdstr(temp_cmd(),packet,path,NULL),i);
751 if(flength(packet) < 1) {
752 bputs(text[QWKCompressionFailed]);

CID 479110: Program hangs (LOCK)
Returning without unlocking "this->input_thread_mutex".

753 return(false);
754 }
755 }
756
757 if(!prepack && useron.rest&FLAG('Q')) {
758 dir=opendir(cfg.temp_dir);

** CID 479109: (DEADCODE) /tmp/sbbs-Jan-24-2024/3rdp/src/cl/session/cmp_err.c: 349 in readPkiStatusInfo() /tmp/sbbs-Jan-24-2024/3rdp/src/cl/session/cmp_err.c: 364 in readPkiStatusInfo()


________________________________________________________________________________________________________
*** CID 479109: (DEADCODE) /tmp/sbbs-Jan-24-2024/3rdp/src/cl/session/cmp_err.c: 349 in readPkiStatusInfo() 343 ( status, errorInfo,
344 "Invalid PKI status string" ) );
345 }
346 hasErrorMessage = TRUE;
347 }
348 if( cryptStatusError( status ) )

CID 479109: (DEADCODE)
Execution cannot reach this statement: "return status;".

349 return( status ); /* Residual error from peekTag() */
350
351 /* Read the failure information */
352 if( checkStatusLimitsPeekTag( stream, status, tag, endPos ) && \
353 tag == BER_BITSTRING )
354 {
/tmp/sbbs-Jan-24-2024/3rdp/src/cl/session/cmp_err.c: 364 in readPkiStatusInfo() 358 retExt( status,
359 ( status, errorInfo,
360 "Invalid PKI failure information" ) );
361 }
362 }
363 if( cryptStatusError( status ) )

CID 479109: (DEADCODE)
Execution cannot reach this statement: "return status;".

364 return( status ); /* Residual error from peekTag() */
365
366 /* If everything's OK, we're done */
367 if( cmpStatusOK( errorCode ) )
368 return( CRYPT_OK );
369

** CID 479108: Control flow issues (MISSING_BREAK) /tmp/sbbs-Jan-24-2024/3rdp/src/cl/context/ctx_attr.c: 425 in getContextAttributeS()


________________________________________________________________________________________________________
*** CID 479108: Control flow issues (MISSING_BREAK) /tmp/sbbs-Jan-24-2024/3rdp/src/cl/context/ctx_attr.c: 425 in getContextAttributeS()
419 out */
420 return( attributeCopy( msgData, contextInfoPtr->ctxPKC->publicKeyInfo,
421 contextInfoPtr->ctxPKC->publicKeyInfoSize ) );
422 }
423 STDC_FALLTHROUGH;
424

CID 479108: Control flow issues (MISSING_BREAK)
The case for value "CRYPT_CTXINFO_SSH_PUBLIC_KEY" is not terminated by a "break" statement.

425 case CRYPT_CTXINFO_SSH_PUBLIC_KEY:
426 if ( needsKey( contextInfoPtr ) )
427 return CRYPT_ERROR_NOTFOUND;
428 if (contextType != CONTEXT_PKC)
429 return CRYPT_ERROR_NOTFOUND;
430 case CRYPT_IATTRIBUTE_KEY_PGP:

** CID 479107: Control flow issues (DEADCODE) /tmp/sbbs-Jan-24-2024/3rdp/src/cl/session/session.c: 857 in activateSession()


________________________________________________________________________________________________________
*** CID 479107: Control flow issues (DEADCODE) /tmp/sbbs-Jan-24-2024/3rdp/src/cl/session/session.c: 857 in activateSession() 851 {
852 const SES_ACTIVATESUBPROTOCOL_FUNCTION activateSubprotocolFunction = \
853 ( SES_ACTIVATESUBPROTOCOL_FUNCTION ) \
854 FNPTR_GET( sessionInfoPtr->activateInnerSubprotocolFunction );
855 REQUIRES( activateSubprotocolFunction != NULL );
856

CID 479107: Control flow issues (DEADCODE)
Execution cannot reach this statement: "status = activateSubprotoco...".

857 status = activateSubprotocolFunction( sessionInfoPtr );
858 if( cryptStatusError( status ) )
859 return( status );
860
861 /* Record the fact that the layered protocol has been
862 activated */

** CID 479106: Error handling issues (CHECKED_RETURN) /tmp/sbbs-Jan-24-2024/3rdp/src/cl/session/scvp_cli.c: 621 in readScvpResponse()


________________________________________________________________________________________________________
*** CID 479106: Error handling issues (CHECKED_RETURN) /tmp/sbbs-Jan-24-2024/3rdp/src/cl/session/scvp_cli.c: 621 in readScvpResponse() 615 assert( isWritePtr( stream, sizeof( STREAM ) ) );
616 assert( isWritePtr( sessionInfoPtr, sizeof( SESSION_INFO ) ) ); 617 assert( isWritePtr( protocolInfo, sizeof( SCVP_PROTOCOL_INFO ) ) );
618
619 /* Skip the wrapper, version, and server configuration ID */ 620 readSequence( stream, NULL );

CID 479106: Error handling issues (CHECKED_RETURN)
Calling "readShortIntegerTag" without checking return value (as is done elsewhere 36 out of 45 times).

621 readShortInteger( stream, &value );
622 status = readShortInteger( stream, &value );
623 if( cryptStatusError( status ) )
624 {
625 retExt( status,
626 ( status, SESSION_ERRINFO,

** CID 479105: Control flow issues (DEADCODE) /tmp/sbbs-Jan-24-2024/3rdp/src/cl/session/session.c: 1030 in closeSession()


________________________________________________________________________________________________________
*** CID 479105: Control flow issues (DEADCODE) /tmp/sbbs-Jan-24-2024/3rdp/src/cl/session/session.c: 1030 in closeSession() 1024 #if defined( USE_WEBSOCKETS ) || defined( USE_EAP )
1025 if( sessionInfoPtr->subProtocol != CRYPT_SUBPROTOCOL_NONE ) 1026 {
1027 /* If there's an inner protocol present, shut that down as well */
1028 if( FNPTR_ISSET( sessionInfoPtr->closeInnerSubprotocolFunction ) )
1029 {

CID 479105: Control flow issues (DEADCODE)
Execution cannot reach the expression "sessionInfoPtr->closeInnerSubprotocolFunction.fnPtr" inside this statement: "closeSubprotocolFunction = ...".

1030 const SES_CLOSESUBPROTOCOL_FUNCTION closeSubprotocolFunction = \
1031 ( SES_CLOSESUBPROTOCOL_FUNCTION ) \
1032 FNPTR_GET( sessionInfoPtr->closeInnerSubprotocolFunction );
1033 REQUIRES( closeSubprotocolFunction != NULL ); 1034
1035 ( void ) closeSubprotocolFunction( sessionInfoPtr );

** CID 479104: (BAD_SHIFT) /tmp/sbbs-Jan-24-2024/3rdp/src/cl/cert/dn_string.c: 220 in getWidechar() /tmp/sbbs-Jan-24-2024/3rdp/src/cl/cert/dn_string.c: 220 in getWidechar()


________________________________________________________________________________________________________
*** CID 479104: (BAD_SHIFT) /tmp/sbbs-Jan-24-2024/3rdp/src/cl/cert/dn_string.c: 220 in getWidechar()
214 non-char values can only be accessed on word-aligned boundaries */
215 LOOP_SMALL( i = 0, i < WCHAR_SIZE, i++ )
216 {
217 ENSURES_EXT( LOOP_INVARIANT_SMALL( i, 0, WCHAR_SIZE - 1 ), 0 );
218
219 #ifdef DATA_LITTLEENDIAN

CID 479104: (BAD_SHIFT)
In expression "string[i] << shiftAmt", left shifting by more than 31 bits has undefined behavior. The shift amount, "shiftAmt", is at least 72.

220 ch |= string[ i ] << shiftAmt;
221 shiftAmt += 8;
222 #else
223 ch = ( ch << 8 ) | string[ i ];
224 #endif /* DATA_LITTLEENDIAN */
225 }
/tmp/sbbs-Jan-24-2024/3rdp/src/cl/cert/dn_string.c: 220 in getWidechar()
214 non-char values can only be accessed on word-aligned boundaries */
215 LOOP_SMALL( i = 0, i < WCHAR_SIZE, i++ )
216 {
217 ENSURES_EXT( LOOP_INVARIANT_SMALL( i, 0, WCHAR_SIZE - 1 ), 0 );
218
219 #ifdef DATA_LITTLEENDIAN

CID 479104: (BAD_SHIFT)
In expression "string[i] << shiftAmt", left shifting by more than 31 bits has undefined behavior. The shift amount, "shiftAmt", is at least 72.

220 ch |= string[ i ] << shiftAmt;
221 shiftAmt += 8;
222 #else
223 ch = ( ch << 8 ) | string[ i ];
224 #endif /* DATA_LITTLEENDIAN */
225 }

** CID 479103: (SLEEP)


________________________________________________________________________________________________________
*** CID 479103: (SLEEP)
/pack_rep.cpp: 120 in sbbs_t::pack_rep(unsigned int)()
114 /*********************/
115 /* Pack new messages */
116 /*********************/
117 SAFEPRINTF(smb.file,"%smail",cfg.data_dir);
118 smb.retry_time=cfg.smb_retry_time;
119 smb.subnum=INVALID_SUB;

CID 479103: (SLEEP)
Call to "smb_open" might sleep while holding lock "this->input_thread_mutex".

120 if((i=smb_open(&smb))!=0) {
121 fclose(rep);
122 if(hdrs!=NULL)
123 fclose(hdrs);
124 if(voting!=NULL)
125 fclose(voting);
/pack_rep.cpp: 112 in sbbs_t::pack_rep(unsigned int)()
106 errormsg(WHERE,ERR_CREATE,str,0);
107 }
108 if(!(cfg.qhub[hubnum]->misc&QHUB_NOVOTING)) {
109 SAFEPRINTF(str,"%sVOTING.DAT",cfg.temp_dir);
110 fexistcase(str);
111 if((voting=fopen(str,"a"))==NULL)

CID 479103: (SLEEP)
Call to "errormsg" might sleep while holding lock "this->input_thread_mutex".

112 errormsg(WHERE,ERR_CREATE,str,0);
113 }
114 /*********************/
115 /* Pack new messages */
116 /*********************/
117 SAFEPRINTF(smb.file,"%smail",cfg.data_dir);
/pack_rep.cpp: 106 in sbbs_t::pack_rep(unsigned int)()
100 ,QWK_BLOCK_LEN, hubid_upper); /* So write header */
101 }
102 if(!(cfg.qhub[hubnum]->misc&QHUB_NOHEADERS)) {
103 SAFEPRINTF(str,"%sHEADERS.DAT",cfg.temp_dir);
104 fexistcase(str);
105 if((hdrs=fopen(str,"a"))==NULL)

CID 479103: (SLEEP)
Call to "errormsg" might sleep while holding lock "this->input_thread_mutex".

106 errormsg(WHERE,ERR_CREATE,str,0);
107 }
108 if(!(cfg.qhub[hubnum]->misc&QHUB_NOVOTING)) {
109 SAFEPRINTF(str,"%sVOTING.DAT",cfg.temp_dir);
110 fexistcase(str);
111 if((voting=fopen(str,"a"))==NULL)

** CID 479102: Error handling issues (CHECKED_RETURN) /tmp/sbbs-Jan-24-2024/3rdp/src/cl/enc_dec/asn1_algoenc.c: 662 in readCryptAlgoParams()


________________________________________________________________________________________________________
*** CID 479102: Error handling issues (CHECKED_RETURN) /tmp/sbbs-Jan-24-2024/3rdp/src/cl/enc_dec/asn1_algoenc.c: 662 in readCryptAlgoParams()
656 RC2_KEYSIZE_MAGIC (corresponding to a 128-bit key) but in
657 practice this doesn't really matter, we just use whatever we
658 find inside the PKCS #1 padding */
659 readSequence( stream, NULL );
660 if( queryInfo->cryptMode != CRYPT_MODE_CBC ) 661 return( readShortInteger( stream, NULL ) );

CID 479102: Error handling issues (CHECKED_RETURN)
Calling "readShortIntegerTag" without checking return value (as is done elsewhere 36 out of 45 times).

662 readShortInteger( stream, NULL );
663 return( readOctetString( stream, queryInfo->iv, 664 &queryInfo->ivLength,
665 MIN_IVSIZE, CRYPT_MAX_IVSIZE ) );
666 #endif /* USE_RC2 */
667

** CID 479101: (CHECKED_RETURN)
/ssl.c: 353 in internal_do_cryptInit()
/ssl.c: 345 in internal_do_cryptInit()


________________________________________________________________________________________________________
*** CID 479101: (CHECKED_RETURN)
/ssl.c: 353 in internal_do_cryptInit()
347 }
348 ret = cryptGetAttributeString(CRYPT_UNUSED, CRYPT_OPTION_INFO_PATCHES, patches, &stp);
349 if (cryptStatusError(ret) || stp != 32 || memcmp(patches, CRYPTLIB_PATCHES, 32) != 0) {
350 cryptInit_error = ret;
351 cryptlib_initialized = false;
352 cryptEnd();

CID 479101: (CHECKED_RETURN)
Calling "asprintf" without checking return value (as is done elsewhere 19 out of 21 times).

353 asprintf(&cryptfail, "Incorrect cryptlib patch set %.32s (expected %s)", patches, CRYPTLIB_PATCHES);
354 return;
355 }
356 return;
357 }
358
/ssl.c: 345 in internal_do_cryptInit()
339 }
340 tmp = (maj * 100) + (min * 10) + stp;
341 if (tmp != CRYPTLIB_VERSION) {
342 cryptInit_error = CRYPT_ERROR_INVALID;
343 cryptlib_initialized = false;
344 cryptEnd();

CID 479101: (CHECKED_RETURN)
Calling "asprintf" without checking return value (as is done elsewhere 19 out of 21 times).

345 asprintf(&cryptfail, "Incorrect cryptlib version %d (expected %d)", tmp, CRYPTLIB_VERSION);
346 return;
347 }
348 ret = cryptGetAttributeString(CRYPT_UNUSED, CRYPT_OPTION_INFO_PATCHES, patches, &stp);
349 if (cryptStatusError(ret) || stp != 32 || memcmp(patches, CRYPTLIB_PATCHES, 32) != 0) {
350 cryptInit_error = ret;

** CID 479100: (ATOMICITY)
/ssl.c: 659 in destroy_session()
/ssl.c: 659 in destroy_session()


________________________________________________________________________________________________________
*** CID 479100: (ATOMICITY)
/ssl.c: 659 in destroy_session()
653 lprintf(LOG_ERR, "Unable to unlock cert_epoch_lock for write at %d", __LINE__);
654 return CRYPT_ERROR_INTERNAL;
655 }
656 sess->sess = -1;
657 pthread_mutex_lock(&ssl_cert_list_mutex);
658 sess->next = cert_list;

CID 479100: (ATOMICITY)
Using an unreliable value of "sess" inside the second locked section. If the data that "sess" depends on was changed by another thread, this use might be incorrect.

659 cert_list = sess;
660 pthread_mutex_unlock(&ssl_cert_list_mutex);
661 ret = cryptDestroySession(csess);
662 }
663 else {
664 if (!rwlock_unlock(&cert_epoch_lock)) {
/ssl.c: 659 in destroy_session()
653 lprintf(LOG_ERR, "Unable to unlock cert_epoch_lock for write at %d", __LINE__);
654 return CRYPT_ERROR_INTERNAL;
655 }
656 sess->sess = -1;
657 pthread_mutex_lock(&ssl_cert_list_mutex);
658 sess->next = cert_list;

CID 479100: (ATOMICITY)
Using an unreliable value of "sess" inside the second locked section. If the data that "sess" depends on was changed by another thread, this use might be incorrect.

659 cert_list = sess;
660 pthread_mutex_unlock(&ssl_cert_list_mutex);
661 ret = cryptDestroySession(csess);
662 }
663 else {
664 if (!rwlock_unlock(&cert_epoch_lock)) {

** CID 479099: Control flow issues (DEADCODE) /tmp/sbbs-Jan-24-2024/3rdp/src/cl/session/cmp_rdmsg.c: 495 in readResponseBody()


________________________________________________________________________________________________________
*** CID 479099: Control flow issues (DEADCODE) /tmp/sbbs-Jan-24-2024/3rdp/src/cl/session/cmp_rdmsg.c: 495 in readResponseBody()
489 ( status, SESSION_ERRINFO,
490 "Invalid caPubs field in %s", 491 getCMPMessageName( messageType ) ) );
492 }
493 }
494 if( cryptStatusError( status ) )

CID 479099: Control flow issues (DEADCODE)
Execution cannot reach this statement: "return status;".

495 return( status ); /* Residual error from checkStatusPeekTag() */
496
497 /* If it's a revocation response then the only returned data is the
498 status value */
499 if( protocolInfo->operation == CTAG_PB_RR )
500 {

** CID 479098: Program hangs (LOCK)
/pack_rep.cpp: 95 in sbbs_t::pack_rep(unsigned int)()


________________________________________________________________________________________________________
*** CID 479098: Program hangs (LOCK)
/pack_rep.cpp: 95 in sbbs_t::pack_rep(unsigned int)()
89 if(fexistcase(str))
90 fmode="r+b";
91 else
92 fmode="w+b";
93 if((rep=fopen(str, fmode))==NULL) {
94 errormsg(WHERE, ERR_CREATE, str, 0, fmode);

CID 479098: Program hangs (LOCK)
Returning without unlocking "this->input_thread_mutex".

95 return false;
96 }
97 fseek(rep, 0, SEEK_END);
98 if(ftell(rep) < 1) { /* New REP packet */
99 fprintf(rep, "%-*s"
100 ,QWK_BLOCK_LEN, hubid_upper); /* So write header */

** CID 479097: Control flow issues (DEADCODE) /tmp/sbbs-Jan-24-2024/3rdp/src/cl/session/session.c: 1035 in closeSession()


________________________________________________________________________________________________________
*** CID 479097: Control flow issues (DEADCODE) /tmp/sbbs-Jan-24-2024/3rdp/src/cl/session/session.c: 1035 in closeSession() 1029 {
1030 const SES_CLOSESUBPROTOCOL_FUNCTION closeSubprotocolFunction = \
1031 ( SES_CLOSESUBPROTOCOL_FUNCTION ) \
1032 FNPTR_GET( sessionInfoPtr->closeInnerSubprotocolFunction );
1033 REQUIRES( closeSubprotocolFunction != NULL ); 1034

CID 479097: Control flow issues (DEADCODE)
Execution cannot reach this statement: "(void)closeSubprotocolFunct...".

1035 ( void ) closeSubprotocolFunction( sessionInfoPtr );
1036 }
1037
1038 /* If protocol management is handled by an outer protocol, don't
1039 perform a session shutdown. This is in theory rather nasty in
1040 that an attacker who can spoof an unsecured outer protocol packet

** CID 479096: Control flow issues (DEADCODE) /tmp/sbbs-Jan-24-2024/3rdp/src/cl/session/session.c: 685 in activateConnection()


________________________________________________________________________________________________________
*** CID 479096: Control flow issues (DEADCODE) /tmp/sbbs-Jan-24-2024/3rdp/src/cl/session/session.c: 685 in activateConnection()
679
680 /* If there's sub-protocol selected, activate that as well */ 681 #if defined( USE_WEBSOCKETS ) || defined( USE_EAP )
682 if( sessionInfoPtr->subProtocol != CRYPT_SUBPROTOCOL_NONE && \ 683 FNPTR_ISSET( sessionInfoPtr->activateOuterSubprotocolFunction ) )
684 {

CID 479096: Control flow issues (DEADCODE)
Execution cannot reach the expression "sessionInfoPtr->activateOuterSubprotocolFunction.fnPtr" inside this statement: "activateSubprotocolFunction...".

685 const SES_ACTIVATESUBPROTOCOL_FUNCTION activateSubprotocolFunction = \
686 ( SES_ACTIVATESUBPROTOCOL_FUNCTION ) \
687 FNPTR_GET( sessionInfoPtr->activateOuterSubprotocolFunction );
688 REQUIRES( activateSubprotocolFunction != NULL );
689
690 status = activateSubprotocolFunction( sessionInfoPtr );

** CID 479095: Control flow issues (DEADCODE) /tmp/sbbs-Jan-24-2024/3rdp/src/cl/kernel/selftest.c: 130 in testSafetyMechanisms()


________________________________________________________________________________________________________
*** CID 479095: Control flow issues (DEADCODE) /tmp/sbbs-Jan-24-2024/3rdp/src/cl/kernel/selftest.c: 130 in testSafetyMechanisms()
124 tmrIntB |= 0x800;
125 tmrIntC |= 0x01;
126 if( TMR_VALID( tmrInt ) || TMR_GET( tmrInt ) != 20 )
127 return( FALSE );
128 TMR_SCRUB( tmrInt );
129 if( tmrIntA != 20 || tmrIntB != 20 || tmrIntC != 20 )

CID 479095: Control flow issues (DEADCODE)
Execution cannot reach this statement: "return 0;".

130 return( FALSE );
131 CFI_CHECK_UPDATE( "TMR" );
132
133 /* Test the overflow-checking mechanisms. These checks will probably
134 fall prey to optimiser inlining but it'll still statically check that
135 they work as expected.

** CID 479094: (DEADCODE)
/tmp/sbbs-Jan-24-2024/3rdp/src/cl/cert/read.c: 720 in readAttributeCertInfo() /tmp/sbbs-Jan-24-2024/3rdp/src/cl/cert/read.c: 668 in readAttributeCertInfo() /tmp/sbbs-Jan-24-2024/3rdp/src/cl/cert/read.c: 641 in readAttributeCertInfo()


________________________________________________________________________________________________________
*** CID 479094: (DEADCODE)
/tmp/sbbs-Jan-24-2024/3rdp/src/cl/cert/read.c: 720 in readAttributeCertInfo() 714 {
715 return( certErrorReturn( certInfoPtr, "issuer unique ID",
716 status ) );
717 }
718 }
719 if( cryptStatusError( status ) )

CID 479094: (DEADCODE)
Execution cannot reach this statement: "return status;".

720 return( status ); /* Residual error from peekTag() */
721
722 /* If there are no extensions present, we're done */
723 if( stell( stream ) >= endPos )
724 return( CRYPT_OK );
725
/tmp/sbbs-Jan-24-2024/3rdp/src/cl/cert/read.c: 668 in readAttributeCertInfo() 662 if( cryptStatusOK( status ) )
663 status = readIssuerDN( stream, certInfoPtr ); 664 if( cryptStatusError( status ) )
665 return( certErrorReturn( certInfoPtr, "issuer name", status ) );
666 }
667 if( cryptStatusError( status ) )

CID 479094: (DEADCODE)
Execution cannot reach this statement: "return status;".

668 return( status ); /* Residual error from peekTag() */
669 if( checkStatusLimitsPeekTag( stream, status, tag, innerEndPos ) && \
670 tag == MAKE_CTAG( CTAG_AC_ISSUER_BASECERTIFICATEID ) ) 671 {
672 status = readUniversal( stream );
673 }
/tmp/sbbs-Jan-24-2024/3rdp/src/cl/cert/read.c: 641 in readAttributeCertInfo() 635 if( cryptStatusOK( status ) )
636 status = readSubjectDN( stream, certInfoPtr ); 637 if( cryptStatusError( status ) )
638 return( certErrorReturn( certInfoPtr, "holder name", status ) );
639 }
640 if( cryptStatusError( status ) )

CID 479094: (DEADCODE)
Execution cannot reach this statement: "return status;".

641 return( status ); /* Residual error from peekTag() */
642 if( checkStatusLimitsPeekTag( stream, status, tag, innerEndPos ) && \
643 tag == MAKE_CTAG( CTAG_AC_HOLDER_OBJECTDIGESTINFO ) ) 644 {
645 /* This is a complicated structure that in effect encodes a generic
646 hole reference to "other", for now we just skip it until we can

** CID 479093: (DEADCODE)
/tmp/sbbs-Jan-24-2024/3rdp/src/cl/cryptkey.c: 1779 in openKeyset() /tmp/sbbs-Jan-24-2024/3rdp/src/cl/cryptkey.c: 1770 in openKeyset() /tmp/sbbs-Jan-24-2024/3rdp/src/cl/cryptkey.c: 1771 in openKeyset()


________________________________________________________________________________________________________
*** CID 479093: (DEADCODE)
/tmp/sbbs-Jan-24-2024/3rdp/src/cl/cryptkey.c: 1779 in openKeyset()
1773 break;
1774
1775 case CRYPT_KEYSET_HTTP:
1776 status = setAccessMethodHTTP( keysetInfoPtr ); 1777 break;
1778

CID 479093: (DEADCODE)
Execution cannot reach this statement: "case CRYPT_KEYSET_LDAP:".

1779 case CRYPT_KEYSET_LDAP:
1780 status = setAccessMethodLDAP( keysetInfoPtr ); 1781 break;
1782
1783 default:
1784 retIntError(); /tmp/sbbs-Jan-24-2024/3rdp/src/cl/cryptkey.c: 1770 in openKeyset()
1764 }
1765
1766 /* It's a specific type of keyset, set up the access information for it
1767 and connect to it */
1768 switch( keysetType )
1769 {

CID 479093: (DEADCODE)
Execution cannot reach this statement: "case CRYPT_KEYSET_DATABASE:". 1770 case CRYPT_KEYSET_DATABASE:

1771 case CRYPT_KEYSET_DATABASE_STORE:
1772 status = setAccessMethodDBMS( keysetInfoPtr, keysetType );
1773 break;
1774
1775 case CRYPT_KEYSET_HTTP: /tmp/sbbs-Jan-24-2024/3rdp/src/cl/cryptkey.c: 1771 in openKeyset()
1765
1766 /* It's a specific type of keyset, set up the access information for it
1767 and connect to it */
1768 switch( keysetType )
1769 {
1770 case CRYPT_KEYSET_DATABASE:

CID 479093: (DEADCODE)
Execution cannot reach this statement: "case CRYPT_KEYSET_DATABASE_...".

1771 case CRYPT_KEYSET_DATABASE_STORE:
1772 status = setAccessMethodDBMS( keysetInfoPtr, keysetType );
1773 break;
1774
1775 case CRYPT_KEYSET_HTTP:
1776 status = setAccessMethodHTTP( keysetInfoPtr );

** CID 479092: Resource leaks (RESOURCE_LEAK) /tmp/sbbs-Jan-24-2024/3rdp/src/cl/cert/ext_copy.c: 285 in copyAttribute()


________________________________________________________________________________________________________
*** CID 479092: Resource leaks (RESOURCE_LEAK) /tmp/sbbs-Jan-24-2024/3rdp/src/cl/cert/ext_copy.c: 285 in copyAttribute()
279 if( DATAPTR_ISSET_PTR( newAttributeHeadPtr ) ) 280 deleteAttributes( newAttributeHeadPtr );
281 return( status );
282 }
283
284 /* Append the new field to the new attribute list */ >>> CID 479092: Resource leaks (RESOURCE_LEAK)

Variable "newAttributeField" going out of scope leaks the storage it points to.

285 insertDoubleListElement( newAttributeHeadPtr, newAttributeListTail,
286 newAttributeField, ATTRIBUTE_LIST );
287 newAttributeListTail = newAttributeField;
288 }
289 ENSURES( LOOP_BOUND_OK );
290 ENSURES( DATAPTR_ISSET_PTR( newAttributeHeadPtr ) );

** CID 479091: Integer handling issues (CONSTANT_EXPRESSION_RESULT) /tmp/sbbs-Jan-24-2024/3rdp/src/cl/session/ssh2_msgcli.c: 707 in processChannelOpenConfirmation()


________________________________________________________________________________________________________
*** CID 479091: Integer handling issues (CONSTANT_EXPRESSION_RESULT) /tmp/sbbs-Jan-24-2024/3rdp/src/cl/session/ssh2_msgcli.c: 707 in processChannelOpenConfirmation()
701 done */
702 if( serviceType == SERVICE_PORTFORWARD ) {
703 selectChannel( sessionInfoPtr, origWriteChannelNo, CHANNEL_WRITE );
704 return( CRYPT_OK );
705 }
706

CID 479091: Integer handling issues (CONSTANT_EXPRESSION_RESULT)
"255612575 || channelNo == 0 || !waitforWindow" is always true regardless of the values of its operands. This occurs as the logical operand of "if".

707 if ( TRUE || channelNo == 0 || !waitforWindow )
708 {
709 /* It's a session open request that requires additional messages to do
710 anything useful, create and send the extra packets. Unlike the
711 overall open request, we can't wrap and send the packets in one go
712 because serviceType == SERVICE_SHELL has to send multiple packets,


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yp-2FP9gGRhvFklLaQKuBylUrkMFB3WMR2p7qIYKYTZrh4E6fW2ok94RcmG1J20ETIf4-3D_Ob8_g4j7BHlu96plUOfCQsO0yRjoWZCZl8YGnZ-2FUtT39hrDXsFtzU0G-2FWPcCSE76ga65FpTOVnlTg2HlohxKy4ePNmfAvcTgQHzRuwjEUPYcoNsjv51yTcWgn-2B5ZoKEZbHKDuJHZyg4oYm-2B85r0HAuyVfWOvaujD7HGzC-2Bi-2BJJr4c31Rz-2B5noR-2FnEcQw4pO0lSZx8Qbg6Ydb9v-2FQISXmWX5vnA-3D-3D



---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

1 new defect(s) introduced to Synchronet found with Coverity Scan.


New defect(s) Reported-by: Coverity Scan
Showing 1 of 1 defect(s)


** CID 480410: Uninitialized variables (UNINIT) /tmp/sbbs-Feb-01-2024/src/conio/ciolib.c: 2152 in ciolib_rgb_to_legacyattr()


________________________________________________________________________________________________________
*** CID 480410: Uninitialized variables (UNINIT) /tmp/sbbs-Feb-01-2024/src/conio/ciolib.c: 2152 in ciolib_rgb_to_legacyattr() 2146 }
2147 }
2148 }
2149 }
2150
2151 return (bestb << 4) | bestf;

CID 480410: Uninitialized variables (UNINIT)
Using uninitialized value "bestf".

________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yp-2FP9gGRhvFklLaQKuBylUrkMFB3WMR2p7qIYKYTZrh4E6fW2ok94RcmG1J20ETIf4-3D0Whj_g4j7BHlu96plUOfCQsO0yRjoWZCZl8YGnZ-2FUtT39hrCGuXH-2F8nbk79WMe2MJx6-2FI9exgVraqIoXRfw5t191-2Fkv7cvlCW07dWiwEkebe6LE7W-2FqT6ZfpHP5InVb8zXpzOgZvf4Ur9-2BJrsFE50Fqk6iSfX0glKX5AlD-2FYPX7BWAafhUDNW6RVuwz3H5dgusXmMWB9WTfpkkhCog7HEgqDjmg-3D-3D



---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

1 new defect(s) introduced to Synchronet found with Coverity Scan.


New defect(s) Reported-by: Coverity Scan
Showing 1 of 1 defect(s)


** CID 483188: Memory - corruptions (OVERRUN)
/ssl.c: 349 in internal_do_cryptInit()


________________________________________________________________________________________________________
*** CID 483188: Memory - corruptions (OVERRUN)
/ssl.c: 349 in internal_do_cryptInit()
343 cryptlib_initialized = false;
344 cryptEnd();
345 asprintf(&cryptfail, "Incorrect cryptlib version %d (expected %d)", tmp, CRYPTLIB_VERSION);
346 return;
347 }
348 ret = cryptGetAttributeString(CRYPT_UNUSED, CRYPT_OPTION_INFO_PATCHES, patches, &stp);

CID 483188: Memory - corruptions (OVERRUN)
Overrunning array """" of 1 bytes by passing it to a function which accesses it at byte offset 31 using argument "32UL".

349 if (cryptStatusError(ret) || stp != 32 || memcmp(patches, CRYPTLIB_PATCHES, 32) != 0) {
350 cryptInit_error = ret;
351 cryptlib_initialized = false;
352 cryptEnd();
353 asprintf(&cryptfail, "Incorrect cryptlib patch set %.32s (expected %s)", patches, CRYPTLIB_PATCHES);
354 return;


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yp-2FP9gGRhvFklLaQKuBylUrkMFB3WMR2p7qIYKYTZrh4E6fW2ok94RcmG1J20ETIf4-3DoE8P_g4j7BHlu96plUOfCQsO0yRjoWZCZl8YGnZ-2FUtT39hrCgaHhvhfxqmGN-2F2MOiNHiXAXmmE5-2BoMir72-2FKS-2B4CChPr-2B6DUEcHFnW2fJcB9K-2BLqjLkG6SOds2KKoiOogAgt4kivLp-2Bbv0MawXscaXZ6U3zKSU8zPaw8llzmAMgAx1EcIlUZ9-2Faak-2B54E1Z-2BGSHEscOAt6ClVWnKMr9zoYGJFvw-3D-3D



---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

1 new defect(s) introduced to Synchronet found with Coverity Scan.
8 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 1 of 1 defect(s)


** CID 483249: Error handling issues (CHECKED_RETURN)
/main.cpp: 3570 in sbbs_t::init()()


________________________________________________________________________________________________________
*** CID 483249: Error handling issues (CHECKED_RETURN)
/main.cpp: 3570 in sbbs_t::init()()
3564 thisnode.misc&=(NODE_EVENT|NODE_LOCK|NODE_RRUN);
3565 criterrs=thisnode.errors;
3566 putnodedat(cfg.node_num,&thisnode);
3567
3568 // remove any pending node messages
3569 safe_snprintf(str, sizeof(str), "%smsgs/n%3.3u.msg",cfg.data_dir,cfg.node_num);

CID 483249: Error handling issues (CHECKED_RETURN)
Calling "remove(str)" without checking return value. This library function may fail and return an error code.

3570 remove(str);
3571 // Delete any stale temporary files (with potentially sensitive content)
3572 delfiles(cfg.temp_dir,ALLFILES);
3573 safe_snprintf(str, sizeof(str), "%sMSGTMP", cfg.node_dir);
3574 removecase(str);
3575 safe_snprintf(str, sizeof(str), "%sQUOTES.TXT", cfg.node_dir);


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yp-2FP9gGRhvFklLaQKuBylUrkMFB3WMR2p7qIYKYTZrh4E6fW2ok94RcmG1J20ETIf4-3DuxM4_g4j7BHlu96plUOfCQsO0yRjoWZCZl8YGnZ-2FUtT39hrDlWnKXqUo4ko-2BswZDnU0KThZlBPhv1kFyIVU6rRp9K48otOTA5WQm5qg8o-2FY8FDqYkPfgDhKOyoUIQMv1mPwAY7yKStOAqjn6xloHvMgh0mRG0DJXpuxyIOkTyi2gGZzdoTshBDw9gCNjiMqTW3IeGxtntX-2B4oBRMrCvut8dx1Kg-3D-3D



---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

1 new defect(s) introduced to Synchronet found with Coverity Scan.
1 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 1 of 1 defect(s)


** CID 486181: (RESOURCE_LEAK)
/js_bbs.cpp: 1730 in js_expand_atcodes(JSContext *, unsigned int, unsigned long *)()
/js_bbs.cpp: 1732 in js_expand_atcodes(JSContext *, unsigned int, unsigned long *)()


________________________________________________________________________________________________________
*** CID 486181: (RESOURCE_LEAK)
/js_bbs.cpp: 1730 in js_expand_atcodes(JSContext *, unsigned int, unsigned long *)()
1724 if (instr == NULL)
1725 return JS_FALSE;
1726
1727 if(JSVAL_IS_OBJECT(argv[1]) && !JSVAL_IS_NULL(argv[1])) {
1728 JSObject* hdrobj;
1729 if((hdrobj = JSVAL_TO_OBJECT(argv[1])) == NULL)

CID 486181: (RESOURCE_LEAK)
Variable "instr" going out of scope leaks the storage it points to. 1730 return JS_FALSE;

1731 if(!js_GetMsgHeaderObjectPrivates(cx, hdrobj, /* smb_t: */NULL, &msg, /* post: */NULL))
1732 return JS_FALSE;
1733 }
1734
1735 rc = JS_SUSPENDREQUEST(cx);
/js_bbs.cpp: 1732 in js_expand_atcodes(JSContext *, unsigned int, unsigned long *)()
1726
1727 if(JSVAL_IS_OBJECT(argv[1]) && !JSVAL_IS_NULL(argv[1])) {
1728 JSObject* hdrobj;
1729 if((hdrobj = JSVAL_TO_OBJECT(argv[1])) == NULL)
1730 return JS_FALSE;
1731 if(!js_GetMsgHeaderObjectPrivates(cx, hdrobj, /* smb_t: */NULL, &msg, /* post: */NULL))

CID 486181: (RESOURCE_LEAK)
Variable "instr" going out of scope leaks the storage it points to. 1732 return JS_FALSE;

1733 }
1734
1735 rc = JS_SUSPENDREQUEST(cx);
1736 sbbs->expand_atcodes(instr, result, sizeof result, msg);
1737 free(instr);


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yp-2FP9gGRhvFklLaQKuBylUrkMFB3WMR2p7qIYKYTZrh4E6fW2ok94RcmG1J20ETIf4-3DmylI_g4j7BHlu96plUOfCQsO0yRjoWZCZl8YGnZ-2FUtT39hrDXJXQdHoPdhvgvF0Vb847O95f-2F78EIoUagepOVq0LGxVFLDoLOCCiMG-2Fo4JxZOKwjHbMnoOXJKKkCjtFcCkE7VRLhxJ-2FNLJW4jwAN0Jl-2F3no6moASPMez-2F6bxuKm8Qy55QwIHngsrpIdU6tJlGz6f2tQot6J2A4fn-2FWICSVomHTA-3D-3D



---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

1 new defect(s) introduced to Synchronet found with Coverity Scan.
2 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 1 of 1 defect(s)


** CID 486276: (USE_AFTER_FREE)
/tmp/sbbs-Feb-09-2024/src/xpdev/xpprintf.c: 1378 in xp_vasprintf() /tmp/sbbs-Feb-09-2024/src/xpdev/xpprintf.c: 1378 in xp_vasprintf() /tmp/sbbs-Feb-09-2024/src/xpdev/xpprintf.c: 1378 in xp_vasprintf() /tmp/sbbs-Feb-09-2024/src/xpdev/xpprintf.c: 1378 in xp_vasprintf() /tmp/sbbs-Feb-09-2024/src/xpdev/xpprintf.c: 1378 in xp_vasprintf() /tmp/sbbs-Feb-09-2024/src/xpdev/xpprintf.c: 1378 in xp_vasprintf() /tmp/sbbs-Feb-09-2024/src/xpdev/xpprintf.c: 1378 in xp_vasprintf() /tmp/sbbs-Feb-09-2024/src/xpdev/xpprintf.c: 1378 in xp_vasprintf() /tmp/sbbs-Feb-09-2024/src/xpdev/xpprintf.c: 1378 in xp_vasprintf() /tmp/sbbs-Feb-09-2024/src/xpdev/xpprintf.c: 1378 in xp_vasprintf() /tmp/sbbs-Feb-09-2024/src/xpdev/xpprintf.c: 1378 in xp_vasprintf() /tmp/sbbs-Feb-09-2024/src/xpdev/xpprintf.c: 1378 in xp_vasprintf() /tmp/sbbs-Feb-09-2024/src/xpdev/xpprintf.c: 1378 in xp_vasprintf() /tmp/sbbs-Feb-09-2024/src/xpdev/xpprintf.c: 1378 in xp_vasprintf() /tmp/sbbs-Feb-09-2024/src/xpdev/xpprintf.c: 1378 in xp_vasprintf()


________________________________________________________________________________________________________
*** CID 486276: (USE_AFTER_FREE)
/tmp/sbbs-Feb-09-2024/src/xpdev/xpprintf.c: 1378 in xp_vasprintf()
1372 break;
1373 case XP_PRINTF_TYPE_SIZET:
1374 next=xp_asprintf_next(working, type, va_arg(va, size_t));
1375 break;
1376 }
1377 if(next==NULL) {

CID 486276: (USE_AFTER_FREE)
Calling "free" frees pointer "working" which has already been freed. 1378 free(working);

1379 return(NULL);
1380 }
1381 working=next;
1382 }
1383 next=xp_asprintf_end(working, NULL); /tmp/sbbs-Feb-09-2024/src/xpdev/xpprintf.c: 1378 in xp_vasprintf()
1372 break;
1373 case XP_PRINTF_TYPE_SIZET:
1374 next=xp_asprintf_next(working, type, va_arg(va, size_t));
1375 break;
1376 }
1377 if(next==NULL) {

CID 486276: (USE_AFTER_FREE)
Calling "free" frees pointer "working" which has already been freed. 1378 free(working);

1379 return(NULL);
1380 }
1381 working=next;
1382 }
1383 next=xp_asprintf_end(working, NULL); /tmp/sbbs-Feb-09-2024/src/xpdev/xpprintf.c: 1378 in xp_vasprintf()
1372 break;
1373 case XP_PRINTF_TYPE_SIZET:
1374 next=xp_asprintf_next(working, type, va_arg(va, size_t));
1375 break;
1376 }
1377 if(next==NULL) {

CID 486276: (USE_AFTER_FREE)
Calling "free" frees pointer "working" which has already been freed. 1378 free(working);

1379 return(NULL);
1380 }
1381 working=next;
1382 }
1383 next=xp_asprintf_end(working, NULL); /tmp/sbbs-Feb-09-2024/src/xpdev/xpprintf.c: 1378 in xp_vasprintf()
1372 break;
1373 case XP_PRINTF_TYPE_SIZET:
1374 next=xp_asprintf_next(working, type, va_arg(va, size_t));
1375 break;
1376 }
1377 if(next==NULL) {

CID 486276: (USE_AFTER_FREE)
Calling "free" frees pointer "working" which has already been freed. 1378 free(working);

1379 return(NULL);
1380 }
1381 working=next;
1382 }
1383 next=xp_asprintf_end(working, NULL); /tmp/sbbs-Feb-09-2024/src/xpdev/xpprintf.c: 1378 in xp_vasprintf()
1372 break;
1373 case XP_PRINTF_TYPE_SIZET:
1374 next=xp_asprintf_next(working, type, va_arg(va, size_t));
1375 break;
1376 }
1377 if(next==NULL) {

CID 486276: (USE_AFTER_FREE)
Calling "free" frees pointer "working" which has already been freed. 1378 free(working);

1379 return(NULL);
1380 }
1381 working=next;
1382 }
1383 next=xp_asprintf_end(working, NULL); /tmp/sbbs-Feb-09-2024/src/xpdev/xpprintf.c: 1378 in xp_vasprintf()
1372 break;
1373 case XP_PRINTF_TYPE_SIZET:
1374 next=xp_asprintf_next(working, type, va_arg(va, size_t));
1375 break;
1376 }
1377 if(next==NULL) {

CID 486276: (USE_AFTER_FREE)
Calling "free" frees pointer "working" which has already been freed. 1378 free(working);

1379 return(NULL);
1380 }
1381 working=next;
1382 }
1383 next=xp_asprintf_end(working, NULL); /tmp/sbbs-Feb-09-2024/src/xpdev/xpprintf.c: 1378 in xp_vasprintf()
1372 break;
1373 case XP_PRINTF_TYPE_SIZET:
1374 next=xp_asprintf_next(working, type, va_arg(va, size_t));
1375 break;
1376 }
1377 if(next==NULL) {

CID 486276: (USE_AFTER_FREE)
Calling "free" frees pointer "working" which has already been freed. 1378 free(working);

1379 return(NULL);
1380 }
1381 working=next;
1382 }
1383 next=xp_asprintf_end(working, NULL); /tmp/sbbs-Feb-09-2024/src/xpdev/xpprintf.c: 1378 in xp_vasprintf()
1372 break;
1373 case XP_PRINTF_TYPE_SIZET:
1374 next=xp_asprintf_next(working, type, va_arg(va, size_t));
1375 break;
1376 }
1377 if(next==NULL) {

CID 486276: (USE_AFTER_FREE)
Calling "free" frees pointer "working" which has already been freed. 1378 free(working);

1379 return(NULL);
1380 }
1381 working=next;
1382 }
1383 next=xp_asprintf_end(working, NULL); /tmp/sbbs-Feb-09-2024/src/xpdev/xpprintf.c: 1378 in xp_vasprintf()
1372 break;
1373 case XP_PRINTF_TYPE_SIZET:
1374 next=xp_asprintf_next(working, type, va_arg(va, size_t));
1375 break;
1376 }
1377 if(next==NULL) {

CID 486276: (USE_AFTER_FREE)
Calling "free" frees pointer "working" which has already been freed. 1378 free(working);

1379 return(NULL);
1380 }
1381 working=next;
1382 }
1383 next=xp_asprintf_end(working, NULL); /tmp/sbbs-Feb-09-2024/src/xpdev/xpprintf.c: 1378 in xp_vasprintf()
1372 break;
1373 case XP_PRINTF_TYPE_SIZET:
1374 next=xp_asprintf_next(working, type, va_arg(va, size_t));
1375 break;
1376 }
1377 if(next==NULL) {

CID 486276: (USE_AFTER_FREE)
Calling "free" frees pointer "working" which has already been freed. 1378 free(working);

1379 return(NULL);
1380 }
1381 working=next;
1382 }
1383 next=xp_asprintf_end(working, NULL); /tmp/sbbs-Feb-09-2024/src/xpdev/xpprintf.c: 1378 in xp_vasprintf()
1372 break;
1373 case XP_PRINTF_TYPE_SIZET:
1374 next=xp_asprintf_next(working, type, va_arg(va, size_t));
1375 break;
1376 }
1377 if(next==NULL) {

CID 486276: (USE_AFTER_FREE)
Calling "free" frees pointer "working" which has already been freed. 1378 free(working);

1379 return(NULL);
1380 }
1381 working=next;
1382 }
1383 next=xp_asprintf_end(working, NULL); /tmp/sbbs-Feb-09-2024/src/xpdev/xpprintf.c: 1378 in xp_vasprintf()
1372 break;
1373 case XP_PRINTF_TYPE_SIZET:
1374 next=xp_asprintf_next(working, type, va_arg(va, size_t));
1375 break;
1376 }
1377 if(next==NULL) {

CID 486276: (USE_AFTER_FREE)
Calling "free" frees pointer "working" which has already been freed. 1378 free(working);

1379 return(NULL);
1380 }
1381 working=next;
1382 }
1383 next=xp_asprintf_end(working, NULL); /tmp/sbbs-Feb-09-2024/src/xpdev/xpprintf.c: 1378 in xp_vasprintf()
1372 break;
1373 case XP_PRINTF_TYPE_SIZET:
1374 next=xp_asprintf_next(working, type, va_arg(va, size_t));
1375 break;
1376 }
1377 if(next==NULL) {

CID 486276: (USE_AFTER_FREE)
Calling "free" frees pointer "working" which has already been freed. 1378 free(working);

1379 return(NULL);
1380 }
1381 working=next;
1382 }
1383 next=xp_asprintf_end(working, NULL); /tmp/sbbs-Feb-09-2024/src/xpdev/xpprintf.c: 1378 in xp_vasprintf()
1372 break;
1373 case XP_PRINTF_TYPE_SIZET:
1374 next=xp_asprintf_next(working, type, va_arg(va, size_t));
1375 break;
1376 }
1377 if(next==NULL) {

CID 486276: (USE_AFTER_FREE)
Calling "free" frees pointer "working" which has already been freed. 1378 free(working);

1379 return(NULL);
1380 }
1381 working=next;
1382 }
1383 next=xp_asprintf_end(working, NULL); /tmp/sbbs-Feb-09-2024/src/xpdev/xpprintf.c: 1378 in xp_vasprintf()
1372 break;
1373 case XP_PRINTF_TYPE_SIZET:
1374 next=xp_asprintf_next(working, type, va_arg(va, size_t));
1375 break;
1376 }
1377 if(next==NULL) {

CID 486276: (USE_AFTER_FREE)
Calling "free" frees pointer "working" which has already been freed. 1378 free(working);

1379 return(NULL);
1380 }
1381 working=next;
1382 }
1383 next=xp_asprintf_end(working, NULL);


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yp-2FP9gGRhvFklLaQKuBylUrkMFB3WMR2p7qIYKYTZrh4E6fW2ok94RcmG1J20ETIf4-3DIHvH_g4j7BHlu96plUOfCQsO0yRjoWZCZl8YGnZ-2FUtT39hrCP2NMkGTJz9ej0zbFZSaut2su5O4d-2FdeN5YNfhO3vr5iN7SLkyWMmA-2BkVBoBNMCMtjp4F5UOP3BhPg-2B0yHPx-2BA66plmcHqc3TbhObiquLp-2FeS-2BJifVzCXGlHdvyg4PHEaoR6LUO7c-2FqTSbtEkku9P0EYfxZeeo5KgjMqT4aVuFYw-3D-3D



---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net