Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

1 new defect(s) introduced to Synchronet found with Coverity Scan.
2 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 1 of 1 defect(s)


** CID 516068: Null pointer dereferences (FORWARD_NULL)
/websrvr.c: 5419 in js_ErrorReporter()


________________________________________________________________________________________________________
*** CID 516068: Null pointer dereferences (FORWARD_NULL)
/websrvr.c: 5419 in js_ErrorReporter()
5413 pthread_mutex_lock(&mutex);
5414 if(lastline == report->lineno && report->filename != NULL && strcmp(lastfile, report->filename) == 0)
5415 log_level = LOG_WARNING;
5416 else
5417 log_level = LOG_ERR;
5418 lastline = report->lineno;

CID 516068: Null pointer dereferences (FORWARD_NULL)
Passing null pointer "report->filename" to "strlcpy", which dereferences it. [Note: The source code implementation of the function has been overridden by a builtin model.]

5419 SAFECOPY(lastfile, report->filename);
5420 pthread_mutex_unlock(&mutex);
5421 warning="";
5422 }
5423
5424 lprintf(log_level,"%04d !JavaScript %s%s%s: %s, Request: %s"


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=u001.AxU2LYlgjL6eX23u9ErQy-2BKADyCpvUKOL6EWmZljiu4gdQbQRNsarCbK0jIoVQSWT2zCPijRqaed4AhLiEI9Z7MR9SJQ09ot5XPbn9SW-2F14-3DwGMb_7FYjIqE8olEh4k02KWtt1r1LGSyuXVEtCuKuJCXgAQYoPlNm5BibC088PrWc35An4cdaeXCJhAHOfo6MdQKpuyixiVEFSUvV84YSqGOWCuXdzqHO6D3vFmsefEKTNsriv31FvxSemaYCwQ1e-2F5VqBGX6SKqkk-2F5GGTcyG8HHnvAZdIDYA7eRF8DYP-2F3cg26HCdIpmNxtLPnr6lFDWLJb2Q-3D-3D



---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

9 new defect(s) introduced to Synchronet found with Coverity Scan.


New defect(s) Reported-by: Coverity Scan
Showing 9 of 9 defect(s)


** CID 516415: Error handling issues (CHECKED_RETURN)
/userdat.c: 1472 in node_activity()


________________________________________________________________________________________________________
*** CID 516415: Error handling issues (CHECKED_RETURN)
/userdat.c: 1472 in node_activity()
1466 case NODE_AMSG:
1467 return cfg->text != NULL ? cfg->text[NodeActivityAutoMsg] : "posting auto-message";
1468 case NODE_XTRN:
1469 if(node->aux == 0)
1470 return cfg->text != NULL ? cfg->text[NodeActivityXtrnMenu] : "at external program menu";
1471 user.number = node->useron;

CID 516415: Error handling issues (CHECKED_RETURN)
Calling "getuserdat" without checking return value (as is done elsewhere 83 out of 98 times).

1472 getuserdat(cfg, &user);
1473 xtrnnum = getxtrnnum(cfg, user.curxtrn);
1474 if(is_valid_xtrnnum(cfg, xtrnnum))
1475 snprintf(str, size, "%s %s"
1476 ,cfg->text != NULL ? cfg->text[NodeActivityRunningXtrn] : "running"
1477 ,cfg->xtrn[xtrnnum]->name);

** CID 516414: Error handling issues (CHECKED_RETURN)
/useredit.cpp: 65 in sbbs_t::useredit(int)()


________________________________________________________________________________________________________
*** CID 516414: Error handling issues (CHECKED_RETURN)
/useredit.cpp: 65 in sbbs_t::useredit(int)()
59 if(sys_status&SS_INUEDIT)
60 return;
61 sys_status|=SS_INUEDIT;
62 while(online) {
63 CLS;
64 attr(LIGHTGRAY);

CID 516414: Error handling issues (CHECKED_RETURN)
Calling "getuserdat" without checking return value (as is done elsewhere 83 out of 98 times).

65 getuserdat(&cfg,&user);
66 if(!user.number) {
67 user.number=1;
68 getuserdat(&cfg,&user);
69 if(!user.number) {
70 bputs(text[NoUserData]);

** CID 516413: Error handling issues (CHECKED_RETURN)
/answer.cpp: 168 in sbbs_t::answer()()


________________________________________________________________________________________________________
*** CID 516413: Error handling issues (CHECKED_RETURN)
/answer.cpp: 168 in sbbs_t::answer()()
162 (but keep full terminal type/speed string in rlogin_term): */
163 truncstr(terminal,"/");
164 useron.number = 0;
165 if(rlogin_name[0])
166 useron.number = find_login_id(&cfg, rlogin_name);
167 if(useron.number) {

CID 516413: Error handling issues (CHECKED_RETURN)
Calling "getuserdat" without checking return value (as is done elsewhere 83 out of 98 times).

168 getuserdat(&cfg,&useron);
169 SAFEPRINTF(path,"%srlogin.cfg",cfg.ctrl_dir);
170 if(!findstr(client.addr,path)) {
171 SAFECOPY(tmp, rlogin_pass);
172 for(i=0;i<3 && online;i++) { 173 if(stricmp(tmp,useron.pass)) {

** CID 516412: Error handling issues (CHECKED_RETURN)
/login.cpp: 51 in sbbs_t::login(const char *, const char *, const char *, const char *)()


________________________________________________________________________________________________________
*** CID 516412: Error handling issues (CHECKED_RETURN)
/login.cpp: 51 in sbbs_t::login(const char *, const char *, const char *, const char *)()
45 long useron_misc=useron.misc;
46
47 username = parse_login(username);
48
49 useron.number = find_login_id(&cfg, username);
50 if(useron.number) {

CID 516412: Error handling issues (CHECKED_RETURN)
Calling "getuserdat" without checking return value (as is done elsewhere 83 out of 98 times).

51 getuserdat(&cfg,&useron);
52 if(useron.number && useron.misc&(DELETED|INACTIVE))
53 useron.number=0;
54 }
55
56 if(!useron.number) {

** CID 516411: (CHECKED_RETURN)
/useredit.cpp: 733 in sbbs_t::maindflts(user_t *)()
/useredit.cpp: 738 in sbbs_t::maindflts(user_t *)()


________________________________________________________________________________________________________
*** CID 516411: (CHECKED_RETURN)
/useredit.cpp: 733 in sbbs_t::maindflts(user_t *)()
727
728 action=NODE_DFLT;
729 if (cfg.usercfg_mod[0]) {
730 char cmdline[256];
731 snprintf(cmdline, sizeof(cmdline), "%s %u", cfg.usercfg_mod, user->number);
732 exec_bin(cmdline, &main_csi);

CID 516411: (CHECKED_RETURN)
Calling "getuserdat" without checking return value (as is done elsewhere 83 out of 98 times).

733 getuserdat(&cfg, user);
734 return;
735 }
736 while(online) {
737 CLS;
738 getuserdat(&cfg,user);
/useredit.cpp: 738 in sbbs_t::maindflts(user_t *)()
732 exec_bin(cmdline, &main_csi);
733 getuserdat(&cfg, user);
734 return;
735 }
736 while(online) {
737 CLS;

CID 516411: (CHECKED_RETURN)
Calling "getuserdat" without checking return value (as is done elsewhere 83 out of 98 times).

738 getuserdat(&cfg,user);
739 bprintf(text[UserDefaultsHdr],user->alias,user->number);
740 if(user == &useron) {
741 update_nodeterm();
742 load_user_text();
743 }

** CID 516410: Error handling issues (CHECKED_RETURN)
/websrvr.c: 1662 in http_logon()


________________________________________________________________________________________________________
*** CID 516410: Error handling issues (CHECKED_RETURN)
/websrvr.c: 1662 in http_logon()
1656 session->req.finished=true;
1657 }
1658
1659 void http_logon(http_session_t * session, user_t *usr)
1660 {
1661 if(usr==NULL)

CID 516410: Error handling issues (CHECKED_RETURN)
Calling "getuserdat" without checking return value (as is done elsewhere 83 out of 98 times).

1662 getuserdat(&scfg, &session->user);
1663 else
1664 session->user=*usr;
1665
1666 if(session->user.number==session->last_user_num)
1667 return;

** CID 516409: Error handling issues (CHECKED_RETURN)
/str.cpp: 1388 in sbbs_t::change_user()()


________________________________________________________________________________________________________
*** CID 516409: Error handling issues (CHECKED_RETURN)
/str.cpp: 1388 in sbbs_t::change_user()()
1382 putmsgptrs();
1383 putuserstr(useron.number, USER_CURSUB
1384 ,cfg.sub[usrsub[curgrp][cursub[curgrp]]]->code);
1385 putuserstr(useron.number, USER_CURDIR
1386 ,cfg.dir[usrdir[curlib][curdir[curlib]]]->code);
1387 useron.number=i;

CID 516409: Error handling issues (CHECKED_RETURN)
Calling "getuserdat" without checking return value (as is done elsewhere 83 out of 98 times).

1388 getuserdat(&cfg,&useron);
1389 if(getnodedat(cfg.node_num,&thisnode, true)) {
1390 thisnode.useron=useron.number;
1391 putnodedat(cfg.node_num,&thisnode);
1392 }
1393 getmsgptrs();

** CID 516408: Error handling issues (CHECKED_RETURN)
/useredit.cpp: 1166 in sbbs_t::purgeuser(int)()


________________________________________________________________________________________________________
*** CID 516408: Error handling issues (CHECKED_RETURN)
/useredit.cpp: 1166 in sbbs_t::purgeuser(int)()
1160
1161 void sbbs_t::purgeuser(int usernumber)
1162 { char str[128];
1163 user_t user;
1164
1165 user.number=usernumber;

CID 516408: Error handling issues (CHECKED_RETURN)
Calling "getuserdat" without checking return value (as is done elsewhere 83 out of 98 times).

1166 getuserdat(&cfg,&user);
1167 SAFEPRINTF2(str,"Purged %s #%u",user.alias,usernumber);
1168 logentry("!*",str);
1169 delallmail(usernumber, MAIL_ANY);
1170 putusername(&cfg,usernumber,nulstr);
1171 putusermisc(usernumber, user.misc | DELETED);

** CID 516407: Error handling issues (CHECKED_RETURN)
/websrvr.c: 2037 in check_ars()


________________________________________________________________________________________________________
*** CID 516407: Error handling issues (CHECKED_RETURN)
/websrvr.c: 2037 in check_ars()
2031 else
2032 lprintf(LOG_NOTICE,"%04d !UNKNOWN USER: '%s'" 2033 ,session->socket,session->req.auth.username);
2034 return(false);
2035 }
2036 thisuser.number=i;

CID 516407: Error handling issues (CHECKED_RETURN)
Calling "getuserdat" without checking return value (as is done elsewhere 83 out of 98 times).

2037 getuserdat(&scfg, &thisuser);
2038 switch(session->req.auth.type) {
2039 case AUTHENTICATION_TLS_PSK:
2040 if((auth_allowed & (1<<AUTHENTICATION_TLS_PSK))==0)
2041 return(false);
2042 if(session->last_user_num!=0) {


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=u001.AxU2LYlgjL6eX23u9ErQy-2BKADyCpvUKOL6EWmZljiu4gdQbQRNsarCbK0jIoVQSWT2zCPijRqaed4AhLiEI9Z7MR9SJQ09ot5XPbn9SW-2F14-3DQyWe_7FYjIqE8olEh4k02KWtt1r1LGSyuXVEtCuKuJCXgAQZaRdcpKH1DbVbWKil-2BYXbuPo6Nlz2IWCRH2bHbIl-2BZWutyiZLTcraL5FS1iiZSM0cIaa70yw-2BvQnYvTFtY90cnRY6AunfTZ3TOchBhkmrNG5r6R9YGJilsgu5Suh4msrRA-2BqV-2BHoo-2B29c88W6IVBSZdgQoHyw-2Bn9zmKTgeEHvaqQ-3D-3D



---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

1 new defect(s) introduced to Synchronet found with Coverity Scan.
3 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 1 of 1 defect(s)


** CID 516431: Incorrect expression (EVALUATION_ORDER)
/scfg/scfgsys.c: 1740 in sys_cfg()


________________________________________________________________________________________________________
*** CID 516431: Incorrect expression (EVALUATION_ORDER)
/scfg/scfgsys.c: 1740 in sys_cfg()
1734 char sys_pass[sizeof(cfg.sys_pass)];
1735 SAFECOPY(sys_pass, cfg.sys_pass);
1736 while(1) {
1737 i=0;
1738 snprintf(opt[i++],MAX_OPLN,"%-20s%s","BBS Name",cfg.sys_name);
1739 snprintf(opt[i++],MAX_OPLN,"%-20s%s","Location",cfg.sys_location);

CID 516431: Incorrect expression (EVALUATION_ORDER)
In argument #6 of "safe_snprintf(opt[i++], 75UL, "%-20s%s%s %s", "Local Time Zone", ((cfg.sys_timezone == -1) ? "Auto: " : ""), smb_zonestr(sys_timezone(&cfg), NULL), ((!(cfg.sys_timezone <= 1000 && cfg.sys_timezone >= -1000) && (cfg.sys_timezone & 0xc000 || cfg.sys_timezone == 4096 || cfg.sys_timezone == 4156 || cfg.sys_timezone == 4216 || cfg.sys_timezone == 4816 || cfg.sys_timezone == 4696 || cfg.sys_timezone == 4666) && cfg.sys_misc & 0x4000U) ? "(Auto-DST)" : ""))", a call is made to "sys_timezone(&cfg)". In argument #1 of this function, the object "cfg.sys_timezone" is modified. This object is also used in "(cfg.sys_timezone == -1) ? "Auto: " : """, the argument #5 of the outer function call. The order in which these arguments are evaluated is not specified, and will vary between platforms.

1740 snprintf(opt[i++],MAX_OPLN,"%-20s%s%s %s","Local Time Zone"
1741 ,cfg.sys_timezone == SYS_TIMEZONE_AUTO ? "Auto: " : ""
1742 ,smb_zonestr(sys_timezone(&cfg),NULL)
1743 ,SMB_TZ_HAS_DST(cfg.sys_timezone) && cfg.sys_misc&SM_AUTO_DST ? "(Auto-DST)" : "");
1744 snprintf(opt[i++],MAX_OPLN,"%-20s%s (e.g. %s)","Short Date Format"
1745 ,date_format(&cfg, str, sizeof str)


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=u001.AxU2LYlgjL6eX23u9ErQy-2BKADyCpvUKOL6EWmZljiu4gdQbQRNsarCbK0jIoVQSWT2zCPijRqaed4AhLiEI9Z7MR9SJQ09ot5XPbn9SW-2F14-3Du0AK_7FYjIqE8olEh4k02KWtt1r1LGSyuXVEtCuKuJCXgAQZX-2BkC2-2BAZJhPPYfXPDeIQ-2B4YvLEfkbd-2Bd6D-2Bq6Hgb3A8yT9nXPdJTazBcJukBEh03pJKxvVooRsB2exFituB7-2FZiW-2B-2FFf3SbStI-2Fat2UXSZKXBODkmruS46NddedKGixq1GgfIg-2BgPQfkssXqpoMR-2BzxwZcTjLKvzCO0Vk2ny9Gw-3D-3D



---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

3 new defect(s) introduced to Synchronet found with Coverity Scan.
3 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 3 of 3 defect(s)


** CID 516448: High impact quality (Y2K38_SAFETY)
/js_msgbase.c: 1441 in js_get_msg_header_resolve()


________________________________________________________________________________________________________
*** CID 516448: High impact quality (Y2K38_SAFETY)
/js_msgbase.c: 1441 in js_get_msg_header_resolve()
1435 /* Fixed length portion of msg header */
1436 LAZY_UINTEGER("type", p->msg.hdr.type, JSPROP_ENUMERATE);
1437 LAZY_UINTEGER("version", p->msg.hdr.version, JSPROP_ENUMERATE); 1438 LAZY_UINTEGER("attr", p->msg.hdr.attr, JSPROP_ENUMERATE);
1439 LAZY_UINTEGER("auxattr", p->msg.hdr.auxattr, JSPROP_ENUMERATE); 1440 LAZY_UINTEGER("netattr", p->msg.hdr.netattr, JSPROP_ENUMERATE); >>> CID 516448: High impact quality (Y2K38_SAFETY)

A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "smb_time(p->msg.hdr.when_written)" is cast to "uint32".

1441 LAZY_UINTEGER("when_written_time", smb_time(p->msg.hdr.when_written), JSPROP_ENUMERATE);
1442 LAZY_INTEGER("when_written_zone", p->msg.hdr.when_written.zone, JSPROP_ENUMERATE);
1443 LAZY_INTEGER("when_written_zone_offset", smb_tzutc(p->msg.hdr.when_written.zone), JSPROP_ENUMERATE|JSPROP_READONLY);
1444 LAZY_UINTEGER("when_imported_time", p->msg.hdr.when_imported.time, JSPROP_ENUMERATE);
1445 LAZY_INTEGER("when_imported_zone", p->msg.hdr.when_imported.zone, JSPROP_ENUMERATE);
1446 LAZY_INTEGER("when_imported_zone_offset", smb_tzutc(p->msg.hdr.when_imported.zone), JSPROP_ENUMERATE|JSPROP_READONLY);

** CID 516447: High impact quality (Y2K38_SAFETY)
/postmsg.cpp: 625 in votemsg()


________________________________________________________________________________________________________
*** CID 516447: High impact quality (Y2K38_SAFETY)
/postmsg.cpp: 625 in votemsg()
619 }
620 answers++;
621 }
622 }
623 }
624 safe_snprintf(smsg, sizeof(smsg), smsgfmt

CID 516447: High impact quality (Y2K38_SAFETY)
A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "smb_time(msg->hdr.when_written)" is cast to "time32_t".

625 ,timestr(cfg, (time32_t)smb_time(msg->hdr.when_written), tstr)
626 ,cfg->grp[cfg->sub[smb->subnum]->grp]->sname
627 ,cfg->sub[smb->subnum]->sname
628 ,from
629 ,remsg.subj);
630 SAFECAT(smsg, votes);

** CID 516446: (Y2K38_SAFETY)
/qwknodes.c: 366 in main()
/qwknodes.c: 392 in main()
/qwknodes.c: 361 in main()
/qwknodes.c: 384 in main()
/qwknodes.c: 333 in main()
/qwknodes.c: 343 in main()


________________________________________________________________________________________________________
*** CID 516446: (Y2K38_SAFETY)
/qwknodes.c: 366 in main()
360 ,msg.from,p+1
361 ,unixtodstr(&cfg,smb_time(msg.hdr.when_written),tmp)
362 ,str); 363 else
364 fprintf(users,"%-25.25s %-8.8s %s\r\n"
365 ,msg.from,str

CID 516446: (Y2K38_SAFETY)
A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "smb_time(msg.hdr.when_written)" is cast to "time32_t".

366 ,unixtodstr(&cfg,smb_time(msg.hdr.when_written),tmp));
367 }
368 if(cmd&NODES && msg.from_net.type==NET_QWK) {
369 if(mode&TAGS)
370 gettag(&msg,tag);
371 if(mode&FEED) /qwknodes.c: 392 in main()
386 }
387 else
388 fprintf(nodes,"%-8.8s %s\r\n"
389 ,str 390 ,mode&TAGS
391 ? tag >>> CID 516446: (Y2K38_SAFETY)

A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "smb_time(msg.hdr.when_written)" is cast to "time32_t".

392 : unixtodstr(&cfg,smb_time(msg.hdr.when_written),tmp));
393 }
394 }
395 }
396 smb_freemsgmem(&msg);
397 }
/qwknodes.c: 361 in main()
355 else
356 strcpy(str,msg.from_net.addr);
357 p=strrchr(str,'/');
358 if(p)
359 fprintf(users,"%-25.25s %-8.8s %s (%s)\r\n"
360 ,msg.from,p+1

CID 516446: (Y2K38_SAFETY)
A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "smb_time(msg.hdr.when_written)" is cast to "time32_t".

361 ,unixtodstr(&cfg,smb_time(msg.hdr.when_written),tmp)
362 ,str); 363 else
364 fprintf(users,"%-25.25s %-8.8s %s\r\n"
365 ,msg.from,str
366 ,unixtodstr(&cfg,smb_time(msg.hdr.when_written),tmp));
/qwknodes.c: 384 in main()
378 fprintf(nodes,"%-8.8s %s\r\n"
379 ,p+1
380 ,tag);
381 else
382 fprintf(nodes,"%-8.8s %s (%s)\r\n"
383 ,p+1

CID 516446: (Y2K38_SAFETY)
A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "smb_time(msg.hdr.when_written)" is cast to "time32_t".

384 ,unixtodstr(&cfg,smb_time(msg.hdr.when_written),tmp)
385 ,str);
386 }
387 else
388 fprintf(nodes,"%-8.8s %s\r\n"
389 ,str /qwknodes.c: 333 in main()
327 p=strrchr(addr,'/');
328 if(!p)
329 p=addr; 330 else
331 *(p++)=0;
332 safe_snprintf(str, sizeof(str), "%s %s:%s%c%s"

CID 516446: (Y2K38_SAFETY)
A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "smb_time(msg.hdr.when_written)" is cast to "time32_t".

333 ,unixtodstr(&cfg,smb_time(msg.hdr.when_written),tmp)
334 ,p,cfg.sys_id,p==addr ? 0 : '/'
335 ,addr); 336 fprintf(route,"%s\r\n",str);
337 }
338 else {
/qwknodes.c: 343 in main()
337 }
338 else {
339 p=strrchr(addr,'/');
340 if(p) {
341 *(p++)=0;
342 fprintf(route,"%s %s:%.*s\r\n"

CID 516446: (Y2K38_SAFETY)
A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "smb_time(msg.hdr.when_written)" is cast to "time32_t".

343 ,unixtodstr(&cfg,smb_time(msg.hdr.when_written),str)
344 ,p
345 ,(uint)(p-addr)
346 ,addr); 347 }
348 }


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=u001.AxU2LYlgjL6eX23u9ErQy-2BKADyCpvUKOL6EWmZljiu4gdQbQRNsarCbK0jIoVQSWT2zCPijRqaed4AhLiEI9Z7MR9SJQ09ot5XPbn9SW-2F14-3DNGSj_7FYjIqE8olEh4k02KWtt1r1LGSyuXVEtCuKuJCXgAQYgWGJ9BYEIxvdbhMAIayAni-2FuUZOlays8-2BQNW1Qj2YoLcEBScLdhHrJ52SvmolJ5itsnLRiKIwdue9DQ-2F9PO-2FUFGY-2Fa0jLnspeSlF2FiQB80TbxuUTyDk42cNSQCBuIqgPC4jh5ZIq8dm-2B49xrAWdl9U3UIFg1xXJFs0kJktVUnA-3D-3D



---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

3 new defect(s) introduced to Synchronet found with Coverity Scan.
7 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 3 of 3 defect(s)


** CID 516462: Resource leaks (RESOURCE_LEAK)
/str.cpp: 277 in sbbs_t::sif(char *, char *, int)()


________________________________________________________________________________________________________
*** CID 516462: Resource leaks (RESOURCE_LEAK)
/str.cpp: 277 in sbbs_t::sif(char *, char *, int)()
271 errormsg(WHERE,ERR_OPEN,str,O_RDONLY);
272 return;
273 }
274 length=(int)filelength(file);
275 if(length < 0) {
276 errormsg(WHERE, ERR_CHK, str, length);

CID 516462: Resource leaks (RESOURCE_LEAK)
Handle variable "file" going out of scope leaks the handle.

277 return;
278 }
279 if((buf=(char *)calloc(length + 1, 1))==0) {
280 close(file);
281 errormsg(WHERE,ERR_ALLOC,str,length);
282 return;

** CID 516461: Resource leaks (RESOURCE_LEAK)
/writemsg.cpp: 678 in sbbs_t::writemsg(const char *, const char *, char *, int, int, const char *, const char *, const char **, const char **)()


________________________________________________________________________________________________________
*** CID 516461: Resource leaks (RESOURCE_LEAK)
/writemsg.cpp: 678 in sbbs_t::writemsg(const char *, const char *, char *, int, int, const char *, const char *, const char **, const char **)()
672 return(false);
673 }
674 length=(long)filelength(file);
675 if(length < 0) {
676 errormsg(WHERE, ERR_LEN, msgtmp, length);
677 free(buf);

CID 516461: Resource leaks (RESOURCE_LEAK)
Handle variable "file" going out of scope leaks the handle.

678 return false;
679 }
680 l=strlen((char *)buf); /* reserve space for top and terminating null */
681 /* truncate if too big */
682 if(length>(long)((cfg.level_linespermsg[useron_level]*MAX_LINE_LEN)-(l+1))) {
683 length=(cfg.level_linespermsg[useron_level]*MAX_LINE_LEN)-(l+1);

** CID 516460: Error handling issues (CHECKED_RETURN)
/chat.cpp: 254 in sbbs_t::multinodechat(int)()


________________________________________________________________________________________________________
*** CID 516460: Error handling issues (CHECKED_RETURN)
/chat.cpp: 254 in sbbs_t::multinodechat(int)()
248 if(getstr(str,8,K_UPPER|K_ALPHA|K_LINE)) {
249 getnodedat(cfg.node_num,&thisnode,true);
250 thisnode.aux=channel;
251 packchatpass(str,&thisnode);
252 }
253 else {

CID 516460: Error handling issues (CHECKED_RETURN)
Calling "getnodedat" without checking return value (as is done elsewhere 54 out of 58 times).

254 getnodedat(cfg.node_num,&thisnode,true);
255 thisnode.aux=channel;
256 }
257 }
258 else {
259 getnodedat(cfg.node_num,&thisnode,true);


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=u001.AxU2LYlgjL6eX23u9ErQy-2BKADyCpvUKOL6EWmZljiu4gdQbQRNsarCbK0jIoVQSWT2zCPijRqaed4AhLiEI9Z7MR9SJQ09ot5XPbn9SW-2F14-3DT8kj_7FYjIqE8olEh4k02KWtt1r1LGSyuXVEtCuKuJCXgAQZ0FBX-2BUT7uzaWITu7U3dUMhdetuA-2BXV7YO8edQOGefnmNi1UdppKCC6vLOx06Y8sPuw5srJbsIYFYToJzSPdHxTD057AtOipCaMaoVsZPXJm19KDepDOzvHsB8koLerJtFoWwn5Qu57g8OiPy6q-2FxqWajzzHkfT1WyGUJ-2Bbs009Q-3D-3D



---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

1 new defect(s) introduced to Synchronet found with Coverity Scan.
2 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 1 of 1 defect(s)


** CID 528581: Control flow issues (DEADCODE) /tmp/sbbs-Jan-01-2025/src/conio/sdl_con.c: 994 in sdl_video_event_thread()


________________________________________________________________________________________________________
*** CID 528581: Control flow issues (DEADCODE) /tmp/sbbs-Jan-01-2025/src/conio/sdl_con.c: 994 in sdl_video_event_thread()
988 if (bios_key >= 429496730 ||
989 (bios_key == 429496729 && ((ev.key.keysym.sym > SDLK_KP_5) || (ev.key.keysym.sym == SDLK_KP_0)))) {
990 terminate_bios = true;
991 }
992 }
993 else {

CID 528581: Control flow issues (DEADCODE)
Execution cannot reach the expression "ev.key.keysym.sym > SDLK_KP_5" inside this statement: "if (bios_key >= 26U || (bio...".

994 if (bios_key >= 26 ||
995 (bios_key == 429496729 && ((ev.key.keysym.sym > SDLK_KP_5) || (ev.key.keysym.sym == SDLK_KP_0)))) {
996 terminate_bios = true;
997 }
998 }
999 if (terminate_bios) {


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=u001.AxU2LYlgjL6eX23u9ErQy-2BKADyCpvUKOL6EWmZljiu4gdQbQRNsarCbK0jIoVQSWT2zCPijRqaed4AhLiEI9Z7MR9SJQ09ot5XPbn9SW-2F14-3DXNhu_7FYjIqE8olEh4k02KWtt1r1LGSyuXVEtCuKuJCXgAQbC0dee144hDhJdlAtpKcHwzMEyb91qJk06-2BZ5IIx-2F9DZxU4TfNPF8J4DJ1D5ZwCMW0WOJBoN8726nac3S-2FDDq0nwEjPKYHJxK0wxgZqFE1jRhzJfndbA8hvw5ibvT9tO3VGpQu88n0PuZ5Z9AmM7-2Fkauxnye2PWIl66kbToPTPZw-3D-3D



---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

2 new defect(s) introduced to Synchronet found with Coverity Scan.


New defect(s) Reported-by: Coverity Scan
Showing 2 of 2 defect(s)


** CID 529876: (OVERRUN)
/tmp/sbbs-Jan-05-2025/src/encode/lzh.c: 457 in lzh_update() /tmp/sbbs-Jan-05-2025/src/encode/lzh.c: 458 in lzh_update()


________________________________________________________________________________________________________
*** CID 529876: (OVERRUN)
/tmp/sbbs-Jan-05-2025/src/encode/lzh.c: 457 in lzh_update()
451
452 tmp = huff->child[c];
453 huff->parent[tmp] = l;
454 if (tmp < LZH_TABLE_SZ)
455 huff->parent[tmp + 1] = l;
456

CID 529876: (OVERRUN)
Overrunning array "huff->child" of 628 2-byte elements at element index 628 (byte offset 1257) using index "l" (which evaluates to 628).

457 tmp2 = huff->child[l];
458 huff->child[l] = tmp;
459
460 huff->parent[tmp2] = c;
461 if (tmp2 < LZH_TABLE_SZ)
462 huff->parent[tmp2 + 1] = c; /tmp/sbbs-Jan-05-2025/src/encode/lzh.c: 458 in lzh_update()
452 tmp = huff->child[c];
453 huff->parent[tmp] = l;
454 if (tmp < LZH_TABLE_SZ)
455 huff->parent[tmp + 1] = l;
456
457 tmp2 = huff->child[l];

CID 529876: (OVERRUN)
Overrunning array "huff->child" of 628 2-byte elements at element index 628 (byte offset 1257) using index "l" (which evaluates to 628).

458 huff->child[l] = tmp;
459
460 huff->parent[tmp2] = c;
461 if (tmp2 < LZH_TABLE_SZ)
462 huff->parent[tmp2 + 1] = c;
463 huff->child[c] = tmp2;

** CID 529875: (OVERRUN)
/tmp/sbbs-Jan-05-2025/src/encode/lzh.c: 450 in lzh_update() /tmp/sbbs-Jan-05-2025/src/encode/lzh.c: 449 in lzh_update() /tmp/sbbs-Jan-05-2025/src/encode/lzh.c: 445 in lzh_update()


________________________________________________________________________________________________________
*** CID 529875: (OVERRUN)
/tmp/sbbs-Jan-05-2025/src/encode/lzh.c: 450 in lzh_update()
444 // If we exited before the end of table, decrement l
445 if (tmp <= huff->freq[l])
446 l--;
447
448 // Now swap nodes
449 huff->freq[c] = huff->freq[l];

CID 529875: (OVERRUN)
Overrunning array "huff->freq" of 628 2-byte elements at element index 628 (byte offset 1257) using index "l" (which evaluates to 628).

450 huff->freq[l] = tmp;
451
452 tmp = huff->child[c];
453 huff->parent[tmp] = l;
454 if (tmp < LZH_TABLE_SZ)
455 huff->parent[tmp + 1] = l; /tmp/sbbs-Jan-05-2025/src/encode/lzh.c: 449 in lzh_update()
443
444 // If we exited before the end of table, decrement l
445 if (tmp <= huff->freq[l])
446 l--;
447
448 // Now swap nodes

CID 529875: (OVERRUN)
Overrunning array "huff->freq" of 628 2-byte elements at element index 628 (byte offset 1257) using index "l" (which evaluates to 628).

449 huff->freq[c] = huff->freq[l];
450 huff->freq[l] = tmp;
451
452 tmp = huff->child[c];
453 huff->parent[tmp] = l;
454 if (tmp < LZH_TABLE_SZ) /tmp/sbbs-Jan-05-2025/src/encode/lzh.c: 445 in lzh_update()
439 * that has a lower frequency than our new one 440 */
441 for (l = c + 1; l <= LZH_TABLE_SZ && tmp > huff->freq[l]; l++)
442 ;
443
444 // If we exited before the end of table, decrement l

CID 529875: (OVERRUN)
Overrunning array "huff->freq" of 628 2-byte elements at element index 628 (byte offset 1257) using index "l" (which evaluates to 628).

445 if (tmp <= huff->freq[l])
446 l--;
447
448 // Now swap nodes
449 huff->freq[c] = huff->freq[l];
450 huff->freq[l] = tmp;


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=u001.AxU2LYlgjL6eX23u9ErQy-2BKADyCpvUKOL6EWmZljiu4gdQbQRNsarCbK0jIoVQSWT2zCPijRqaed4AhLiEI9Z7MR9SJQ09ot5XPbn9SW-2F14-3DVjXG_7FYjIqE8olEh4k02KWtt1r1LGSyuXVEtCuKuJCXgAQYmOS4dF7bzpu1cVppVHTeUZERPDt2v2E4lCt9lCuWdNtkNglNtUqzAPEUlnwGBzZlBueizPFLO26MyF5roLbzi-2F0G80IHg4mwTrYLGZfPUf8Sg5333ueo95zQQtd4OVT7zx85Gr8TBXnJTKyUKhNeMTemzlJoM0HPQHEa-2FpXlaaw-3D-3D



---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

1 new defect(s) introduced to Synchronet found with Coverity Scan.


New defect(s) Reported-by: Coverity Scan
Showing 1 of 1 defect(s)


** CID 529977: Incorrect expression (SIZEOF_MISMATCH)
/atcodes.cpp: 2311 in sbbs_t::atcode(const char *, char *, unsigned long, int *, bool, JSObject *)()


________________________________________________________________________________________________________
*** CID 529977: Incorrect expression (SIZEOF_MISMATCH)
/atcodes.cpp: 2311 in sbbs_t::atcode(const char *, char *, unsigned long, int *, bool, JSObject *)()
2305 : (current_file->from == nullptr ? nulstr : current_file->from);
2306 if(strcmp(sp, "FILE_BYTES") == 0) {
2307 safe_snprintf(str, maxlen, "%ld", (long)current_file->size);
2308 return str;
2309 }
2310 if(strcmp(sp, "FILE_SIZE") == 0)

CID 529977: Incorrect expression (SIZEOF_MISMATCH)
Passing argument "str" of type "char *" and argument "8UL /* sizeof (str) */" to function "byte_estimate_to_str" is suspicious.

2311 return byte_estimate_to_str(current_file->size, str, sizeof str, /* units: */1024, /* precision: */1);
2312 if(strcmp(sp, "FILE_CREDITS") == 0) {
2313 safe_snprintf(str, maxlen, "%" PRIu64, current_file->cost);
2314 return str;
2315 }
2316 if(strcmp(sp, "FILE_CRC32") == 0) {


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, http://url2497.blackduck.com/ls/click?upn=u001.Ji18sHaXCxZb7Rfw8sC51j9Suwl84vq-2FeHTSxCm409PbgTgYEdi2VnuaQNlDgcb5JjALxNeaZf2yWZEMA-2FE6JEQm092Z-2B02AUi7Sp54Z-2B6I-3DjXBk_7FYjIqE8olEh4k02KWtt1r1LGSyuXVEtCuKuJCXgAQZ-2BccbwOBuD5ui7v9trYaUtAyk5nXDg6l2xX3MkPoD01xhpnfT-2Fkg6ap91bIfb4XqTQXNlxWOzjRjRNOVMZ2H7I9Q-2BXHowhaav-2B3SVUHs-2B21No7COFVbHUcCKKxzwKovyWxOeYInAxTYvAJs43a5sYtCMrwgWJgXbztBD8zm37Rwg-3D-3D



---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

1 new defect(s) introduced to Synchronet found with Coverity Scan.
1 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 1 of 1 defect(s)


** CID 529991: Control flow issues (DEADCODE) /tmp/sbbs-Jan-09-2025/src/xpdev/genwrap.c: 1151 in xp_fast_timer64()


________________________________________________________________________________________________________
*** CID 529991: Control flow issues (DEADCODE) /tmp/sbbs-Jan-09-2025/src/xpdev/genwrap.c: 1151 in xp_fast_timer64()
1145 if (clock_getres(CLOCK_MONOTONIC_RAW, &ts) == 0)
1146 cid = CLOCK_MONOTONIC_RAW;
1147 }
1148 cid = CLOCK_MONOTONIC_RAW;
1149 #endif
1150 if (cid == CLOCK_REALTIME)

CID 529991: Control flow issues (DEADCODE)
Execution cannot reach this statement: "cid = 1;".

1151 cid = CLOCK_MONOTONIC;
1152
1153 if (clock_gettime(cid, &ts) == 0)
1154 ret = ts.tv_sec;
1155 else
1156 ret = -1;


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, http://url2497.blackduck.com/ls/click?upn=u001.Ji18sHaXCxZb7Rfw8sC51j9Suwl84vq-2FeHTSxCm409PbgTgYEdi2VnuaQNlDgcb5JjALxNeaZf2yWZEMA-2FE6JEQm092Z-2B02AUi7Sp54Z-2B6I-3DJzn7_7FYjIqE8olEh4k02KWtt1r1LGSyuXVEtCuKuJCXgAQYw9HgWY5fw-2BKTu3iNJoyd7G2ZoeBsWXuqG5dV8s2gHJJ3z7riRhQ4NsZmnjMPwb0d5EgUIDxBYRgoxCBOeIJM-2FTyx1gDXnmdIG86yJoS96pjUoxOjapj4QBWqvYthXwRmCXtEhEMTEAYvLzxwt5vpbI04EqHQ4ulGmUuTBimQnkA-3D-3D



---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

3 new defect(s) introduced to Synchronet found with Coverity Scan.


New defect(s) Reported-by: Coverity Scan
Showing 3 of 3 defect(s)


** CID 530002: (NULL_RETURNS)
/tmp/sbbs-Jan-10-2025/src/conio/bitmap_con.c: 1544 in bitmap_clrscr()


________________________________________________________________________________________________________
*** CID 530002: (NULL_RETURNS)
/tmp/sbbs-Jan-10-2025/src/conio/bitmap_con.c: 1547 in bitmap_clrscr()
1541 cols = vstat.cols;
1542 for (y = cio_textinfo.wintop - 1; y < cio_textinfo.winbottom && y < rows; y++) {
1543 for (x = cio_textinfo.winleft - 1; x < cio_textinfo.winright && x < cols; x++) {
1544 va[c++] = *set_vmem_cell(vmem_ptr, y * cio_textinfo.screenwidth + x, fill, ciolib_fg, ciolib_bg);
1545 }
1546 }

CID 530002: (NULL_RETURNS)
Dereferencing a pointer that might be "NULL" "va" when calling "bitmap_draw_vmem".

1547 bitmap_draw_vmem(cio_textinfo.winleft, cio_textinfo.wintop, cio_textinfo.winright, cio_textinfo.winbottom, va);
1548 release_vmem(vmem_ptr);
1549 pthread_mutex_unlock(&vstatlock);
1550 }
1551
1552 void bitmap_getcustomcursor(int *s, int *e, int *r, int *b, int *v) /tmp/sbbs-Jan-10-2025/src/conio/bitmap_con.c: 1544 in bitmap_clrscr()
1538 pthread_mutex_lock(&vstatlock);
1539 vmem_ptr = get_vmem(&vstat);
1540 rows = vstat.rows;
1541 cols = vstat.cols;
1542 for (y = cio_textinfo.wintop - 1; y < cio_textinfo.winbottom && y < rows; y++) {
1543 for (x = cio_textinfo.winleft - 1; x < cio_textinfo.winright && x < cols; x++) {

CID 530002: (NULL_RETURNS)
Dereferencing "va", which is known to be "NULL".

1544 va[c++] = *set_vmem_cell(vmem_ptr, y * cio_textinfo.screenwidth + x, fill, ciolib_fg, ciolib_bg);
1545 }
1546 }
1547 bitmap_draw_vmem(cio_textinfo.winleft, cio_textinfo.wintop, cio_textinfo.winright, cio_textinfo.winbottom, va);
1548 release_vmem(vmem_ptr);
1549 pthread_mutex_unlock(&vstatlock);

** CID 530001: (EVALUATION_ORDER)
/pack_qwk.cpp: 750 in sbbs_t::pack_qwk(char *, unsigned int *, bool)() /pack_qwk.cpp: 750 in sbbs_t::pack_qwk(char *, unsigned int *, bool)()


________________________________________________________________________________________________________
*** CID 530001: (EVALUATION_ORDER)
/pack_qwk.cpp: 750 in sbbs_t::pack_qwk(char *, unsigned int *, bool)()
744 lprintf(LOG_ERR, "libarchive error (%s) creating %s", error, packet);
745 else
746 lprintf(LOG_INFO, "libarchive created %s from %d files", packet, file_count);
747 }
748 if(flength(packet) < 1) {
749 remove(packet);

CID 530001: (EVALUATION_ORDER)
In argument #1 of "this->external(this->cmdstr(this->temp_cmd(ex), packet, path, NULL, ex), ex | 1, NULL)", a call is made to "this->temp_cmd(ex)". In argument #1 of this function, the object "ex" is modified. This object is also used in "ex | 1", the argument #2 of the outer function call. The order in which these arguments are evaluated is not specified, and will vary between platforms.

750 if((i = external(cmdstr(temp_cmd(ex),packet,path,NULL,ex), ex|EX_WILDCARD)) != 0)
751 errormsg(WHERE, ERR_EXEC, cmdstr_output, i); 752 if(flength(packet) < 1) {
753 bputs(text[QWKCompressionFailed]);
754 return(false);
755 }
/pack_qwk.cpp: 750 in sbbs_t::pack_qwk(char *, unsigned int *, bool)()
744 lprintf(LOG_ERR, "libarchive error (%s) creating %s", error, packet);
745 else
746 lprintf(LOG_INFO, "libarchive created %s from %d files", packet, file_count);
747 }
748 if(flength(packet) < 1) {
749 remove(packet);

CID 530001: (EVALUATION_ORDER)
In argument #1 of "this->cmdstr(this->temp_cmd(ex), packet, path, NULL, ex)", a call is made to "this->temp_cmd(ex)". In argument #1 of this function, the object "ex" is modified. This object is also used in "ex", the argument #5 of the outer function call. The order in which these arguments are evaluated is not specified, and will vary between platforms.

750 if((i = external(cmdstr(temp_cmd(ex),packet,path,NULL,ex), ex|EX_WILDCARD)) != 0)
751 errormsg(WHERE, ERR_EXEC, cmdstr_output, i); 752 if(flength(packet) < 1) {
753 bputs(text[QWKCompressionFailed]);
754 return(false);
755 }

** CID 530000: (RESOURCE_LEAK)
/tmp/sbbs-Jan-10-2025/src/conio/bitmap_con.c: 1550 in bitmap_clrscr() /tmp/sbbs-Jan-10-2025/src/conio/bitmap_con.c: 1536 in bitmap_clrscr()


________________________________________________________________________________________________________
*** CID 530000: (RESOURCE_LEAK) /tmp/sbbs-Jan-10-2025/src/conio/bitmap_con.c: 1550 in bitmap_clrscr()
1544 va[c++] = *set_vmem_cell(vmem_ptr, y * cio_textinfo.screenwidth + x, fill, ciolib_fg, ciolib_bg);
1545 }
1546 }
1547 bitmap_draw_vmem(cio_textinfo.winleft, cio_textinfo.wintop, cio_textinfo.winright, cio_textinfo.winbottom, va);
1548 release_vmem(vmem_ptr);
1549 pthread_mutex_unlock(&vstatlock);

CID 530000: (RESOURCE_LEAK)
Variable "va" going out of scope leaks the storage it points to.

1550 }
1551
1552 void bitmap_getcustomcursor(int *s, int *e, int *r, int *b, int *v) 1553 {
1554 pthread_mutex_lock(&vstatlock);
1555 if(s)
/tmp/sbbs-Jan-10-2025/src/conio/bitmap_con.c: 1536 in bitmap_clrscr()
1530 struct vstat_vmem *vmem_ptr;
1531 size_t c = 0;
1532 int rows, cols;
1533 struct vmem_cell *va = malloc(((cio_textinfo.winright - cio_textinfo.winleft + 1) * (cio_textinfo.winbottom - cio_textinfo.wintop + 1)) * sizeof(struct vmem_cell));
1534
1535 if(!bitmap_initialized)

CID 530000: (RESOURCE_LEAK)
Variable "va" going out of scope leaks the storage it points to.

1536 return;
1537
1538 pthread_mutex_lock(&vstatlock);
1539 vmem_ptr = get_vmem(&vstat);
1540 rows = vstat.rows;
1541 cols = vstat.cols;


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://scan.coverity.com/projects/synchronet?tab=overview



---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

46 new defect(s) introduced to Synchronet found with Coverity Scan.
22 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 20 of 46 defect(s)


** CID 530529: Insecure data handling (INTEGER_OVERFLOW)


________________________________________________________________________________________________________
*** CID 530529: Insecure data handling (INTEGER_OVERFLOW)
/str.cpp: 420 in sbbs_t::sif(char *, char *, int)()
414 answers[a+cr]=str[cr];
415 while(cr<max)
416 answers[a+cr++]=ETX;
417 a+=max;
418 }
419 else {

CID 530529: Insecure data handling (INTEGER_OVERFLOW)
"max", which might have underflowed, is passed to "putrec(answers, a, max, str)".

420 putrec(answers,a,max,str);
421 putrec(answers,a+max,2,crlf);
422 a+=max+2;
423 }
424 }
425 }

** CID 530527: Data race undermines locking (LOCK_EVASION)
/download.cpp: 188 in sbbs_t::protocol(prot_t *, XFER_TYPE, const char *, const char *, bool, bool, long *)()


________________________________________________________________________________________________________
*** CID 530527: Data race undermines locking (LOCK_EVASION)
/download.cpp: 188 in sbbs_t::protocol(prot_t *, XFER_TYPE, const char *, const char *, bool, bool, long *)()
182 logline(LOG_DEBUG,nulstr,protlog);
183 }
184 fclose(stream);
185 }
186
187 CRLF;

CID 530527: Data race undermines locking (LOCK_EVASION)
Thread1 sets "sys_status" to a new value. Now the two threads have an inconsistent view of "sys_status" and updates to fields correlated with "sys_status" may be lost.

188 if(autohang) sys_status|=SS_PAUSEOFF; /* Pause off after download */
189 if(elapsed != nullptr) {
190 *elapsed = end - start;
191 if(*elapsed < 0)
192 *elapsed = 0;
193 }

** CID 530526: Control flow issues (UNREACHABLE)
/uedit/uedit.c: 2189 in main()


________________________________________________________________________________________________________
*** CID 530526: Control flow issues (UNREACHABLE)
/uedit/uedit.c: 2189 in main()
2183 edit_user(&cfg, atoi(opt[i]));
2184 break;
2185 }
2186 }
2187 }
2188 }

CID 530526: Control flow issues (UNREACHABLE)
This code cannot be reached: "free_opts(opt);".

2189 free_opts(opt);

** CID 530525: Insecure data handling (INTEGER_OVERFLOW)
/getmsg.cpp: 540 in sbbs_t::getmsgnum(int, long)()


________________________________________________________________________________________________________
*** CID 530525: Insecure data handling (INTEGER_OVERFLOW)
/getmsg.cpp: 540 in sbbs_t::getmsgnum(int, long)()
534 errormsg(WHERE,ERR_OPEN,smb.file,i,smb.last_error);
535 return 0;
536 }
537 int result = smb_getmsgidx_by_time(&smb, &idx, t);
538 smb_close(&smb);
539 if(result >= SMB_SUCCESS)

CID 530525: Insecure data handling (INTEGER_OVERFLOW)
"idx.number - 1U", which might have underflowed, is returned from the function.

540 return idx.number - 1;
541 return ~0;
542 }
543
544 /****************************************************************************/
545 /* Returns the time of the message number pointed to by 'ptr' */

** CID 530524: Data race undermines locking (LOCK_EVASION)
/exec.cpp: 1410 in sbbs_t::exec(csi_t *)()


________________________________________________________________________________________________________
*** CID 530524: Data race undermines locking (LOCK_EVASION)
/exec.cpp: 1410 in sbbs_t::exec(csi_t *)()
1404 csi->logic=strnicmp(csi->str,(char*)csi->ip,strlen((char*)csi->ip));
1405 break;
1406 default:
1407 errormsg(WHERE,ERR_CHK,"shell instruction",*(csi->ip-1));
1408 break;
1409 }

CID 530524: Data race undermines locking (LOCK_EVASION)
Thread1 sets "ip" to a new value. Now the two threads have an inconsistent view of "ip" and updates to fields correlated with "ip" may be lost.

1410 while(*(csi->ip++)); /* Find NULL */
1411 return(0);
1412 }
1413
1414 if(*csi->ip>=CS_THREE_BYTE) {
1415 switch(*(csi->ip++)) {

** CID 530523: Insecure data handling (INTEGER_OVERFLOW)


________________________________________________________________________________________________________
*** CID 530523: Insecure data handling (INTEGER_OVERFLOW)
/chat.cpp: 178 in sbbs_t::multinodechat(int)()
172 SAFECAT(str,"0");
173 i=getkeys(str,cfg.total_chans);
174 if(i&0x80000000L) { /* change channel */
175 savch=(char)(i&~0x80000000L); 176 if(savch==channel)
177 continue;

CID 530523: Insecure data handling (INTEGER_OVERFLOW)
"savch - 1", which might have underflowed, is passed to "this->chan_access(savch - 1)".

178 if(!chan_access(savch-1))
179 continue;
180 bprintf(text[WelcomeToChannelN] 181 ,savch,cfg.chan[savch-1]->name);
182
183 usrs=0;

** CID 530521: Control flow issues (DEADCODE)
/websrvr.c: 6459 in read_post_data()


________________________________________________________________________________________________________
*** CID 530521: Control flow issues (DEADCODE)
/websrvr.c: 6459 in read_post_data()
6453 if(ch_len==0)
6454 break;
6455 /* Check size */
6456 s += ch_len;
6457 if(s > MAX_POST_LEN) {
6458 if(s > SIZE_MAX) {

CID 530521: Control flow issues (DEADCODE)
Execution cannot reach this statement: "send_error(session, 6459U, ...".

6459 send_error(session,__LINE__,"413 Request entity too large");
6460 FCLOSE_OPEN_FILE(fp); 6461 return(false);
6462 }
6463 if(fp==NULL) {
6464 fp=open_post_file(session);

** CID 530517: Resource leaks (RESOURCE_LEAK)
/sbbsecho.c: 5884 in find_stray_packets()


________________________________________________________________________________________________________
*** CID 530517: Resource leaks (RESOURCE_LEAK)
/sbbsecho.c: 5884 in find_stray_packets()
5878 }
5879 if(terminator == FIDO_PACKET_TERMINATOR)
5880 lprintf(LOG_DEBUG, "Stray packet already finalized: %s", packet);
5881 else {
5882 if((pkt->fp = fopen(pkt->filename, "ab")) == NULL) {
5883 lprintf(LOG_ERR, "ERROR %d (%s) opening %s", errno, strerror(errno), pkt->filename);

CID 530517: Resource leaks (RESOURCE_LEAK)
Freeing "pkt" without freeing its pointer field "filename" leaks the storage that "filename" points to.

5884 free(pkt);
5885 continue;
5886 }
5887 }
5888 pkt->orig = pkt_orig;
5889 pkt->dest = pkt_dest;

** CID 530516: Integer handling issues (INTEGER_OVERFLOW)
/sbbsecho.c: 3920 in putfmsg()


________________________________________________________________________________________________________
*** CID 530516: Integer handling issues (INTEGER_OVERFLOW)
/sbbsecho.c: 3920 in putfmsg()
3914 lastlen=9; /* +strlen(seenby); */
3915 net_exists=0;
3916 fprintf(stream,"\rSEEN-BY:"); 3917 }
3918 }
3919

CID 530516: Integer handling issues (INTEGER_OVERFLOW)
Expression "u++", where "u" is known to be equal to 4294967295, overflows the type of "u++", which is type "unsigned int".

3920 for(u=0;u<area.links;u++) { /* Add all links to SEEN-BYs */
3921 nodecfg_t* nodecfg=findnodecfg(&cfg, area.link[u], /* exact: */false);
3922 if(nodecfg!=NULL && nodecfg->passive) 3923 continue;
3924 strcpy(seenby," ");
3925 if(foreign_zone(addr.zone, area.link[u].zone) || area.link[u].point)

** CID 530515: Insecure data handling (INTEGER_OVERFLOW)
/js_system.c: 1575 in js_get_node()


________________________________________________________________________________________________________
*** CID 530515: Insecure data handling (INTEGER_OVERFLOW)
/js_system.c: 1575 in js_get_node()
1569 JS_DefineProperty(cx, nodeobj, "action", INT_TO_JSVAL((int)node.action), NULL, NULL, JSPROP_ENUMERATE);
1570 JS_DefineProperty(cx, nodeobj, "activity", STRING_TO_JSVAL(JS_NewStringCopyZ(cx, node_activity(sys->cfg, &node, str, sizeof str, node_num))), NULL, NULL, JSPROP_ENUMERATE);
1571 JS_DefineProperty(cx, nodeobj, "useron", INT_TO_JSVAL((int)node.useron), NULL, NULL, JSPROP_ENUMERATE);
1572 JS_DefineProperty(cx, nodeobj, "connection", INT_TO_JSVAL((int)node.connection), NULL, NULL, JSPROP_ENUMERATE);
1573 JS_DefineProperty(cx, nodeobj, "misc", INT_TO_JSVAL((int)node.misc), NULL, NULL, JSPROP_ENUMERATE);
1574 JS_DefineProperty(cx, nodeobj, "aux", INT_TO_JSVAL((int)node.aux), NULL, NULL, JSPROP_ENUMERATE);

CID 530515: Insecure data handling (INTEGER_OVERFLOW)
The cast of "node.extaux" to a signed type could result in a negative number.

1575 JS_DefineProperty(cx, nodeobj, "extaux", INT_TO_JSVAL((int)node.extaux), NULL, NULL, JSPROP_ENUMERATE);
1576 JS_SET_RVAL(cx, arglist, OBJECT_TO_JSVAL(nodeobj));
1577 return JS_TRUE;
1578 }
1579
1580 static JSBool

** CID 530514: (INTEGER_OVERFLOW)
/scansubs.cpp: 312 in sbbs_t::new_scan_ptr_cfg()()
/scansubs.cpp: 375 in sbbs_t::new_scan_ptr_cfg()()


________________________________________________________________________________________________________
*** CID 530514: (INTEGER_OVERFLOW)
/scansubs.cpp: 312 in sbbs_t::new_scan_ptr_cfg()()
306 else
307 subscan[usrsub[i][j]].ptr=l-s;
308 }
309 progress(text[LoadingMsgPtrs], subs, total_subs);
310 continue;
311 }

CID 530514: (INTEGER_OVERFLOW)
Expression "i", where "(s & 0xffffffff7fffffffL) - 1L" is known to be equal to -1, overflows the type of "i", which is type "int".

312 i=(s&~0x80000000L)-1;
313 while(online) {
314 l=0;
315 bprintf(text[CfgSubLstHdr],cfg.grp[usrgrp[i]]->lname);
316 for(j=0;j<usrsubs[i] && !msgabort();j++) {
317 checkline();
/scansubs.cpp: 375 in sbbs_t::new_scan_ptr_cfg()()
369 subscan[usrsub[i][j]].ptr=l-s;
370 }
371 progress(text[LoadingMsgPtrs], j, usrsubs[i]);
372 continue;
373 }
374 else {

CID 530514: (INTEGER_OVERFLOW)
Expression "j", where "(s & 0xffffffff7fffffffL) - 1L" is known to be equal to -1, overflows the type of "j", which is type "int".

375 j=(s&~0x80000000L)-1;
376 mnemonics(text[SetMsgPtrPrompt]);
377 SAFEPRINTF2(keys, "%s%c", text[DateLastKeys], quit_key());
378 s=getkeys(keys, 9999);
379 if(s==-1 || s==quit_key())
380 continue;

** CID 530512: Integer handling issues (INTEGER_OVERFLOW)
/scansubs.cpp: 472 in sbbs_t::new_scan_cfg(unsigned int)()


________________________________________________________________________________________________________
*** CID 530512: Integer handling issues (INTEGER_OVERFLOW)
/scansubs.cpp: 472 in sbbs_t::new_scan_cfg(unsigned int)()
466 subscan[usrsub[i][j]].cfg&=~SUB_CFG_YSCAN;
467 subscan[usrsub[i][j]].cfg|=misc;
468 }
469 }
470 continue;
471 }

CID 530512: Integer handling issues (INTEGER_OVERFLOW)
Expression "j", where "(s & 0xffffffff7fffffffL) - 1L" is known to be equal to -1, overflows the type of "j", which is type "int".

472 j=(s&~0x80000000L)-1;
473 if(misc&SUB_CFG_NSCAN && !(subscan[usrsub[i][j]].cfg&misc)) {
474 if(!(useron.rest&FLAG('Q')) && !noyes(text[MsgsToYouOnlyQ]))
475 subscan[usrsub[i][j]].cfg|=SUB_CFG_YSCAN;
476 else
477 subscan[usrsub[i][j]].cfg&=~SUB_CFG_YSCAN;

** CID 530511: (INTEGER_OVERFLOW)
/websrvr.c: 706 in sess_sendbuf()
/websrvr.c: 719 in sess_sendbuf()


________________________________________________________________________________________________________
*** CID 530511: (INTEGER_OVERFLOW)
/websrvr.c: 706 in sess_sendbuf()
700 }
701 else
702 *failed=true;
703 result = tls_sent;
704 }
705 else {

CID 530511: (INTEGER_OVERFLOW)
"len - sent", which might have underflowed, is passed to "send(session->socket, buf + sent, len - sent, 0)".

706 result=sendsocket(session->socket,buf+sent,len-sent);
707 if(result==SOCKET_ERROR) {
708 if(SOCKET_ERRNO==ECONNRESET) 709 lprintf(LOG_NOTICE,"%04d Connection reset by peer on send",session->socket);
710 else if(SOCKET_ERRNO==ECONNABORTED)
711 lprintf(LOG_NOTICE,"%04d Connection aborted by peer on send",session->socket);
/websrvr.c: 719 in sess_sendbuf()
713 else if(SOCKET_ERRNO==EPIPE) 714 lprintf(LOG_NOTICE,"%04d Unable to send to peer",session->socket);
715 #endif
716 else if(session->socket != INVALID_SOCKET)
717 lprintf(LOG_WARNING,"%04d !ERROR %d sending on socket",session->socket,SOCKET_ERRNO);
718 *failed=true;

CID 530511: (INTEGER_OVERFLOW)
"sent", which might have underflowed, is returned from the function. 719 return(sent);

720 }
721 }
722 }
723 else {
724 lprintf(LOG_WARNING,"%04d Timeout waiting for socket to become writable",session->socket);

** CID 530509: (INTEGER_OVERFLOW)
/getstr.cpp: 338 in sbbs_t::getstr(char *, unsigned long, int, char **)() /getstr.cpp: 482 in sbbs_t::getstr(char *, unsigned long, int, char **)() /getstr.cpp: 427 in sbbs_t::getstr(char *, unsigned long, int, char **)() /getstr.cpp: 617 in sbbs_t::getstr(char *, unsigned long, int, char **)()


________________________________________________________________________________________________________
*** CID 530509: (INTEGER_OVERFLOW)
/getstr.cpp: 338 in sbbs_t::getstr(char *, unsigned long, int, char **)()
332 l=strlen(strout);
333 if(mode&K_NOECHO)
334 return(l);
335 if(mode&K_MSG)
336 redrwstr(strout,i,l,K_MSG);
337 else {

CID 530509: (INTEGER_OVERFLOW)
Expression "i--", where "i" is known to be equal to 0, underflows the type of "i--", which is type "size_t".

338 while(i--)
339 bputs("\b");
340 bputs(strout);
341 if(mode&K_LINE)
342 attr(LIGHTGRAY);
343 }
/getstr.cpp: 482 in sbbs_t::getstr(char *, unsigned long, int, char **)()
476 if(history != NULL) {
477 if(history[hidx + 1] == NULL) { 478 outchar(BEL);
479 break;
480 }
481 hidx++;

CID 530509: (INTEGER_OVERFLOW)
Expression "i--", where "i" is known to be equal to 0, underflows the type of "i--", which is type "size_t".

482 while(i--)
483 backspace();
484 SAFECOPY(str1, history[hidx]); 485 i=l=strlen(str1);
486 rputs(str1);
487 cleartoeol();
/getstr.cpp: 427 in sbbs_t::getstr(char *, unsigned long, int, char **)()
421 }
422 i=0;
423 console|=CON_DELETELINE;
424 break;
425 case CTRL_Z: /* Undo */
426 if(!(mode&K_NOECHO)) {

CID 530509: (INTEGER_OVERFLOW)
Expression "i--", where "i" is known to be equal to 0, underflows the type of "i--", which is type "size_t".

427 while(i--)
428 backspace();
429 }
430 SAFECOPY(str1,undo);
431 i=l=strlen(str1);
432 rputs(str1);
/getstr.cpp: 617 in sbbs_t::getstr(char *, unsigned long, int, char **)()
611 }
612 getstr_offset=i;
613 if(!online)
614 return(0);
615 if(i>l)
616 l=i;

CID 530509: (INTEGER_OVERFLOW)
"l", which might have underflowed, is passed to "str1[l]".

617 str1[l]=0;
618 if(!(sys_status&SS_ABORT)) {
619 strcpy(strout,str1);
620 if(mode&K_TRIM)
621 truncsp(strout);
622 if((strip_invalid_attr(strout) || (console&CON_INSERT)) && !(mode&K_NOECHO))

** CID 530506: Concurrent data access violations (MISSING_LOCK)
/ssl.c: 640 in destroy_session()


________________________________________________________________________________________________________
*** CID 530506: Concurrent data access violations (MISSING_LOCK)
/ssl.c: 640 in destroy_session()
634 while (sess != NULL) {
635 if (sess->sess == csess) {
636 if (psess == NULL) {
637 sess_list = sess->next;
638 }
639 else {

CID 530506: Concurrent data access violations (MISSING_LOCK)
Accessing "psess->next" without holding lock "ssl_cert_list_mutex". Elsewhere, "cert_list.next" is written to with "ssl_cert_list_mutex" held 2 out of 4 times (2 of these accesses strongly imply that it is necessary).

640 psess->next = sess->next;
641 }
642 break;
643 }
644 psess = sess;
645 sess = sess->next;

** CID 530505: Resource leaks (RESOURCE_LEAK)
/bulkmail.cpp: 177 in sbbs_t::bulkmailhdr(smb_t *, smbmsg_t *, unsigned int)()


________________________________________________________________________________________________________
*** CID 530505: Resource leaks (RESOURCE_LEAK)
/bulkmail.cpp: 177 in sbbs_t::bulkmailhdr(smb_t *, smbmsg_t *, unsigned int)() 171
172 user.number=usernum;
173 if(getuserdat(&cfg, &user)!=0)
174 return(0);
175
176 if((i=smb_copymsgmem(NULL,&newmsg,msg))!=SMB_SUCCESS)

CID 530505: Resource leaks (RESOURCE_LEAK)
Variable "newmsg" going out of scope leaks the storage "newmsg.hfield_dat" points to.

177 return(i);
178
179 SAFECOPY(str,user.alias);
180 smb_hfield_str(&newmsg,RECIPIENT,str);
181
182 if(cfg.sys_misc&SM_FWDTONET && user.misc&NETMAIL && user.netmail[0]) {

** CID 530504: Insecure data handling (INTEGER_OVERFLOW)
/websrvr.c: 6476 in read_post_data()


________________________________________________________________________________________________________
*** CID 530504: Insecure data handling (INTEGER_OVERFLOW)
/websrvr.c: 6476 in read_post_data()
6470 return(false);
6471 }
6472 }
6473 else {
6474 /* realloc() to new size */ 6475 /* FREE()d in close_request */ >>> CID 530504: Insecure data handling (INTEGER_OVERFLOW)

"s", which might have underflowed, is passed to "realloc(session->req.post_data, s)".

6476 p=realloc(session->req.post_data, s);
6477 if(p==NULL) {
6478 errprintf(LOG_CRIT, WHERE, "%04d !ERROR Allocating %lu bytes of memory",session->socket, (ulong)session->req.post_len);
6479 send_error(session,__LINE__,"413 Request entity too large");
6480 FCLOSE_OPEN_FILE(fp); 6481 return(false);

** CID 530501: Resource leaks (RESOURCE_LEAK)
/js_socket.c: 3239 in js_connected_socket_constructor()


________________________________________________________________________________________________________
*** CID 530501: Resource leaks (RESOURCE_LEAK)
/js_socket.c: 3239 in js_connected_socket_constructor()
3233
3234 dbprintf(false, p, "object constructed");
3235 return(JS_TRUE);
3236
3237 fail:
3238 if (p)

CID 530501: Resource leaks (RESOURCE_LEAK)
Freeing "p" without freeing its handle field "sock" leaks the handle. 3239 free(p);

3240 if (protocol)
3241 free(protocol);
3242 if (host)
3243 free(host);
3244 return JS_FALSE;

** CID 530500: Control flow issues (DEADCODE) /tmp/sbbs-Jan-12-2025/src/xpdev/xpsem.c: 62 in xp_sem_init()


________________________________________________________________________________________________________
*** CID 530500: Control flow issues (DEADCODE) /tmp/sbbs-Jan-12-2025/src/xpdev/xpsem.c: 62 in xp_sem_init()
56 errno = EPERM;
57 retval = -1;
58 goto RETURN;
59 }
60
61 if (value > XP_SEM_VALUE_MAX) {

CID 530500: Control flow issues (DEADCODE)
Execution cannot reach this statement: "*__errno_location() = 22;".

62 errno = EINVAL;
63 retval = -1;
64 goto RETURN;
65 }
66
67 *sem = (xp_sem_t)malloc(sizeof(struct xp_sem));

** CID 530498: Resource leaks (RESOURCE_LEAK)
/js_socket.c: 3413 in js_listening_socket_constructor()


________________________________________________________________________________________________________
*** CID 530498: Resource leaks (RESOURCE_LEAK)
/js_socket.c: 3413 in js_listening_socket_constructor()
3407 return(JS_FALSE);
3408 }
3409
3410 if(!js_DefineSocketOptionsArray(cx, obj, type)) {
3411 free(p);
3412 free(set);

CID 530498: Resource leaks (RESOURCE_LEAK)
Variable "protocol" going out of scope leaks the storage it points to. 3413 return(JS_FALSE);

3414 }
3415
3416 #ifdef BUILD_JSDOCS
3417 js_DescribeSyncObject(cx,obj,"Class used for incoming TCP/IP socket communications",317);
3418 js_DescribeSyncConstructor(cx,obj,"To create a new ListeningSocket object: "


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://scan.coverity.com/projects/synchronet?tab=overview



---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

1 new defect(s) introduced to Synchronet found with Coverity Scan.


New defect(s) Reported-by: Coverity Scan
Showing 1 of 1 defect(s)


** CID 530828: Possible Control flow issues (DEADCODE)
/load_cfg.c: 147 in load_cfg()


________________________________________________________________________________________________________
*** CID 530828: Possible Control flow issues (DEADCODE)
/load_cfg.c: 147 in load_cfg()
141 free(text[n]);
142 text[n] = strdup(list[i]->value);
143 }
144 iniFreeNamedStringList(list);
145 iniFreeStringList(ini);
146 if (!success)

CID 530828: Possible Control flow issues (DEADCODE)
Execution cannot reach this statement: "return false;".

147 return false;
148 }
149
150 cfg->text = text;
151 }
152


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://scan.coverity.com/projects/synchronet?tab=overview



---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

1 new defect(s) introduced to Synchronet found with Coverity Scan.
3 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 1 of 1 defect(s)


** CID 530902: (CHECKED_RETURN)
/useredit.cpp: 745 in sbbs_t::user_config(user_t *)()
/useredit.cpp: 740 in sbbs_t::user_config(user_t *)()


________________________________________________________________________________________________________
*** CID 530902: (CHECKED_RETURN)
/useredit.cpp: 745 in sbbs_t::user_config(user_t *)()
739 exec_bin(cmdline, &main_csi);
740 getuserdat(&cfg, user);
741 return;
742 }
743 while (online) {
744 CLS;

CID 530902: (CHECKED_RETURN)
Calling "getuserdat" without checking return value (as is done elsewhere 83 out of 98 times).

745 getuserdat(&cfg, user);
746 bprintf(text[UserDefaultsHdr], user->alias, user->number);
747 if (user == &useron) {
748 update_nodeterm();
749 load_user_text();
750 }
/useredit.cpp: 740 in sbbs_t::user_config(user_t *)()
734
735 action = NODE_DFLT;
736 if (cfg.usercfg_mod[0]) {
737 char cmdline[256];
738 snprintf(cmdline, sizeof(cmdline), "%s %u", cfg.usercfg_mod, user->number);
739 exec_bin(cmdline, &main_csi);

CID 530902: (CHECKED_RETURN)
Calling "getuserdat" without checking return value (as is done elsewhere 83 out of 98 times).

740 getuserdat(&cfg, user);
741 return;
742 }
743 while (online) {
744 CLS;
745 getuserdat(&cfg, user);


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://scan.coverity.com/projects/synchronet?tab=overview



---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

1 new defect(s) introduced to Synchronet found with Coverity Scan.


New defect(s) Reported-by: Coverity Scan
Showing 1 of 1 defect(s)


** CID 531895: Integer handling issues (INTEGER_OVERFLOW) /tmp/sbbs-Jan-24-2025/src/conio/bitmap_con.c: 783 in draw_char_row_slow()


________________________________________________________________________________________________________
*** CID 531895: Integer handling issues (INTEGER_OVERFLOW) /tmp/sbbs-Jan-24-2025/src/conio/bitmap_con.c: 783 in draw_char_row_slow()
777
778 uint8_t fb = cs->font[cs->fontoffset];
779 for(unsigned x = 0; x < vstat.charwidth; x++) {
780 unsigned bitnum = x & 0x07;
781 if (bs->expand && x == bs->font_data_width) {
782 if (cs->gexpand)

CID 531895: Integer handling issues (INTEGER_OVERFLOW)
Expression "x - 1U", where "x" is known to be equal to 0, underflows the type of "x - 1U", which is type "unsigned int".

783 fbb = cs->font[cs->fontoffset - 1] & (0x80 >> ((x - 1) & 7));
784 else
785 fbb = 0;
786 }
787 else {
788 if (bitnum == 0 && x != 0) {


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://scan.coverity.com/projects/synchronet?tab=overview



---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

1 new defect(s) introduced to Synchronet found with Coverity Scan.
2 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 1 of 1 defect(s)


** CID 531919: Integer handling issues (INTEGER_OVERFLOW) /tmp/sbbs-Jan-26-2025/src/xpdev/named_str_list.c: 43 in namedStrListDelete()


________________________________________________________________________________________________________
*** CID 531919: Integer handling issues (INTEGER_OVERFLOW) /tmp/sbbs-Jan-26-2025/src/xpdev/named_str_list.c: 43 in namedStrListDelete()
37 size_t count;
38 named_string_t *old;
39 named_string_t **newlist;
40
41 COUNT_LIST_ITEMS(*list, count);
42 if (index == NAMED_STR_LIST_LAST_INDEX)

CID 531919: Integer handling issues (INTEGER_OVERFLOW)
Expression "count - 1UL", where "count" is known to be equal to 0, underflows the type of "count - 1UL", which is type "unsigned long".

43 index = count - 1;
44 if (index >= count)
45 return false;
46 newlist = (named_string_t **)realloc(*list, (count + 1) * sizeof(named_string_t*));
47 if (newlist != NULL)
48 *list = newlist;


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://scan.coverity.com/projects/synchronet?tab=overview



---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

1 new defect(s) introduced to Synchronet found with Coverity Scan.


New defect(s) Reported-by: Coverity Scan
Showing 1 of 1 defect(s)


** CID 532317: Error handling issues (CHECKED_RETURN)
/js_socket.c: 2380 in js_socket_set()


________________________________________________________________________________________________________
*** CID 532317: Error handling issues (CHECKED_RETURN)
/js_socket.c: 2380 in js_socket_set()
2374 size_t key_sz;
2375 JS_IdToValue(cx, ids->vector[k], &js_id);
2376 id = NULL;
2377 JSVALUE_TO_MSTRING(cx, js_id, id, &id_sz);
2378 if (id != NULL) {
2379 if (!JS_IsExceptionPending(cx)) {

CID 532317: Error handling issues (CHECKED_RETURN)
Calling "JS_GetProperty" without checking return value (as is done elsewhere 196 out of 203 times).

2380 JS_GetProperty(cx, p->tls_psk, id, &js_key);
2381 JSVALUE_TO_MSTRING(cx, js_key, key, &key_sz);
2382 if (key != NULL) {
2383 if (!JS_IsExceptionPending(cx)) {
2384 if (do_cryptAttributeString(p->session, CRYPT_SESSINFO_USERNAME, id, id_sz) == CRYPT_OK)
2385 do_cryptAttributeString(p->session, CRYPT_SESSINFO_PASSWORD, key, key_sz);


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://scan.coverity.com/projects/synchronet?tab=overview



---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net