Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

1 new defect(s) introduced to Synchronet found with Coverity Scan.
1 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 1 of 1 defect(s)


** CID 529991: Control flow issues (DEADCODE) /tmp/sbbs-Jan-09-2025/src/xpdev/genwrap.c: 1151 in xp_fast_timer64()


________________________________________________________________________________________________________
*** CID 529991: Control flow issues (DEADCODE) /tmp/sbbs-Jan-09-2025/src/xpdev/genwrap.c: 1151 in xp_fast_timer64()
1145 if (clock_getres(CLOCK_MONOTONIC_RAW, &ts) == 0)
1146 cid = CLOCK_MONOTONIC_RAW;
1147 }
1148 cid = CLOCK_MONOTONIC_RAW;
1149 #endif
1150 if (cid == CLOCK_REALTIME)

CID 529991: Control flow issues (DEADCODE)
Execution cannot reach this statement: "cid = 1;".

1151 cid = CLOCK_MONOTONIC;
1152
1153 if (clock_gettime(cid, &ts) == 0)
1154 ret = ts.tv_sec;
1155 else
1156 ret = -1;


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, http://url2497.blackduck.com/ls/click?upn=u001.Ji18sHaXCxZb7Rfw8sC51j9Suwl84vq-2FeHTSxCm409PbgTgYEdi2VnuaQNlDgcb5JjALxNeaZf2yWZEMA-2FE6JEQm092Z-2B02AUi7Sp54Z-2B6I-3DJzn7_7FYjIqE8olEh4k02KWtt1r1LGSyuXVEtCuKuJCXgAQYw9HgWY5fw-2BKTu3iNJoyd7G2ZoeBsWXuqG5dV8s2gHJJ3z7riRhQ4NsZmnjMPwb0d5EgUIDxBYRgoxCBOeIJM-2FTyx1gDXnmdIG86yJoS96pjUoxOjapj4QBWqvYthXwRmCXtEhEMTEAYvLzxwt5vpbI04EqHQ4ulGmUuTBimQnkA-3D-3D



---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

3 new defect(s) introduced to Synchronet found with Coverity Scan.


New defect(s) Reported-by: Coverity Scan
Showing 3 of 3 defect(s)


** CID 530002: (NULL_RETURNS)
/tmp/sbbs-Jan-10-2025/src/conio/bitmap_con.c: 1544 in bitmap_clrscr()


________________________________________________________________________________________________________
*** CID 530002: (NULL_RETURNS)
/tmp/sbbs-Jan-10-2025/src/conio/bitmap_con.c: 1547 in bitmap_clrscr()
1541 cols = vstat.cols;
1542 for (y = cio_textinfo.wintop - 1; y < cio_textinfo.winbottom && y < rows; y++) {
1543 for (x = cio_textinfo.winleft - 1; x < cio_textinfo.winright && x < cols; x++) {
1544 va[c++] = *set_vmem_cell(vmem_ptr, y * cio_textinfo.screenwidth + x, fill, ciolib_fg, ciolib_bg);
1545 }
1546 }

CID 530002: (NULL_RETURNS)
Dereferencing a pointer that might be "NULL" "va" when calling "bitmap_draw_vmem".

1547 bitmap_draw_vmem(cio_textinfo.winleft, cio_textinfo.wintop, cio_textinfo.winright, cio_textinfo.winbottom, va);
1548 release_vmem(vmem_ptr);
1549 pthread_mutex_unlock(&vstatlock);
1550 }
1551
1552 void bitmap_getcustomcursor(int *s, int *e, int *r, int *b, int *v) /tmp/sbbs-Jan-10-2025/src/conio/bitmap_con.c: 1544 in bitmap_clrscr()
1538 pthread_mutex_lock(&vstatlock);
1539 vmem_ptr = get_vmem(&vstat);
1540 rows = vstat.rows;
1541 cols = vstat.cols;
1542 for (y = cio_textinfo.wintop - 1; y < cio_textinfo.winbottom && y < rows; y++) {
1543 for (x = cio_textinfo.winleft - 1; x < cio_textinfo.winright && x < cols; x++) {

CID 530002: (NULL_RETURNS)
Dereferencing "va", which is known to be "NULL".

1544 va[c++] = *set_vmem_cell(vmem_ptr, y * cio_textinfo.screenwidth + x, fill, ciolib_fg, ciolib_bg);
1545 }
1546 }
1547 bitmap_draw_vmem(cio_textinfo.winleft, cio_textinfo.wintop, cio_textinfo.winright, cio_textinfo.winbottom, va);
1548 release_vmem(vmem_ptr);
1549 pthread_mutex_unlock(&vstatlock);

** CID 530001: (EVALUATION_ORDER)
/pack_qwk.cpp: 750 in sbbs_t::pack_qwk(char *, unsigned int *, bool)() /pack_qwk.cpp: 750 in sbbs_t::pack_qwk(char *, unsigned int *, bool)()


________________________________________________________________________________________________________
*** CID 530001: (EVALUATION_ORDER)
/pack_qwk.cpp: 750 in sbbs_t::pack_qwk(char *, unsigned int *, bool)()
744 lprintf(LOG_ERR, "libarchive error (%s) creating %s", error, packet);
745 else
746 lprintf(LOG_INFO, "libarchive created %s from %d files", packet, file_count);
747 }
748 if(flength(packet) < 1) {
749 remove(packet);

CID 530001: (EVALUATION_ORDER)
In argument #1 of "this->external(this->cmdstr(this->temp_cmd(ex), packet, path, NULL, ex), ex | 1, NULL)", a call is made to "this->temp_cmd(ex)". In argument #1 of this function, the object "ex" is modified. This object is also used in "ex | 1", the argument #2 of the outer function call. The order in which these arguments are evaluated is not specified, and will vary between platforms.

750 if((i = external(cmdstr(temp_cmd(ex),packet,path,NULL,ex), ex|EX_WILDCARD)) != 0)
751 errormsg(WHERE, ERR_EXEC, cmdstr_output, i); 752 if(flength(packet) < 1) {
753 bputs(text[QWKCompressionFailed]);
754 return(false);
755 }
/pack_qwk.cpp: 750 in sbbs_t::pack_qwk(char *, unsigned int *, bool)()
744 lprintf(LOG_ERR, "libarchive error (%s) creating %s", error, packet);
745 else
746 lprintf(LOG_INFO, "libarchive created %s from %d files", packet, file_count);
747 }
748 if(flength(packet) < 1) {
749 remove(packet);

CID 530001: (EVALUATION_ORDER)
In argument #1 of "this->cmdstr(this->temp_cmd(ex), packet, path, NULL, ex)", a call is made to "this->temp_cmd(ex)". In argument #1 of this function, the object "ex" is modified. This object is also used in "ex", the argument #5 of the outer function call. The order in which these arguments are evaluated is not specified, and will vary between platforms.

750 if((i = external(cmdstr(temp_cmd(ex),packet,path,NULL,ex), ex|EX_WILDCARD)) != 0)
751 errormsg(WHERE, ERR_EXEC, cmdstr_output, i); 752 if(flength(packet) < 1) {
753 bputs(text[QWKCompressionFailed]);
754 return(false);
755 }

** CID 530000: (RESOURCE_LEAK)
/tmp/sbbs-Jan-10-2025/src/conio/bitmap_con.c: 1550 in bitmap_clrscr() /tmp/sbbs-Jan-10-2025/src/conio/bitmap_con.c: 1536 in bitmap_clrscr()


________________________________________________________________________________________________________
*** CID 530000: (RESOURCE_LEAK) /tmp/sbbs-Jan-10-2025/src/conio/bitmap_con.c: 1550 in bitmap_clrscr()
1544 va[c++] = *set_vmem_cell(vmem_ptr, y * cio_textinfo.screenwidth + x, fill, ciolib_fg, ciolib_bg);
1545 }
1546 }
1547 bitmap_draw_vmem(cio_textinfo.winleft, cio_textinfo.wintop, cio_textinfo.winright, cio_textinfo.winbottom, va);
1548 release_vmem(vmem_ptr);
1549 pthread_mutex_unlock(&vstatlock);

CID 530000: (RESOURCE_LEAK)
Variable "va" going out of scope leaks the storage it points to.

1550 }
1551
1552 void bitmap_getcustomcursor(int *s, int *e, int *r, int *b, int *v) 1553 {
1554 pthread_mutex_lock(&vstatlock);
1555 if(s)
/tmp/sbbs-Jan-10-2025/src/conio/bitmap_con.c: 1536 in bitmap_clrscr()
1530 struct vstat_vmem *vmem_ptr;
1531 size_t c = 0;
1532 int rows, cols;
1533 struct vmem_cell *va = malloc(((cio_textinfo.winright - cio_textinfo.winleft + 1) * (cio_textinfo.winbottom - cio_textinfo.wintop + 1)) * sizeof(struct vmem_cell));
1534
1535 if(!bitmap_initialized)

CID 530000: (RESOURCE_LEAK)
Variable "va" going out of scope leaks the storage it points to.

1536 return;
1537
1538 pthread_mutex_lock(&vstatlock);
1539 vmem_ptr = get_vmem(&vstat);
1540 rows = vstat.rows;
1541 cols = vstat.cols;


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://scan.coverity.com/projects/synchronet?tab=overview



---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

46 new defect(s) introduced to Synchronet found with Coverity Scan.
22 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 20 of 46 defect(s)


** CID 530529: Insecure data handling (INTEGER_OVERFLOW)


________________________________________________________________________________________________________
*** CID 530529: Insecure data handling (INTEGER_OVERFLOW)
/str.cpp: 420 in sbbs_t::sif(char *, char *, int)()
414 answers[a+cr]=str[cr];
415 while(cr<max)
416 answers[a+cr++]=ETX;
417 a+=max;
418 }
419 else {

CID 530529: Insecure data handling (INTEGER_OVERFLOW)
"max", which might have underflowed, is passed to "putrec(answers, a, max, str)".

420 putrec(answers,a,max,str);
421 putrec(answers,a+max,2,crlf);
422 a+=max+2;
423 }
424 }
425 }

** CID 530527: Data race undermines locking (LOCK_EVASION)
/download.cpp: 188 in sbbs_t::protocol(prot_t *, XFER_TYPE, const char *, const char *, bool, bool, long *)()


________________________________________________________________________________________________________
*** CID 530527: Data race undermines locking (LOCK_EVASION)
/download.cpp: 188 in sbbs_t::protocol(prot_t *, XFER_TYPE, const char *, const char *, bool, bool, long *)()
182 logline(LOG_DEBUG,nulstr,protlog);
183 }
184 fclose(stream);
185 }
186
187 CRLF;

CID 530527: Data race undermines locking (LOCK_EVASION)
Thread1 sets "sys_status" to a new value. Now the two threads have an inconsistent view of "sys_status" and updates to fields correlated with "sys_status" may be lost.

188 if(autohang) sys_status|=SS_PAUSEOFF; /* Pause off after download */
189 if(elapsed != nullptr) {
190 *elapsed = end - start;
191 if(*elapsed < 0)
192 *elapsed = 0;
193 }

** CID 530526: Control flow issues (UNREACHABLE)
/uedit/uedit.c: 2189 in main()


________________________________________________________________________________________________________
*** CID 530526: Control flow issues (UNREACHABLE)
/uedit/uedit.c: 2189 in main()
2183 edit_user(&cfg, atoi(opt[i]));
2184 break;
2185 }
2186 }
2187 }
2188 }

CID 530526: Control flow issues (UNREACHABLE)
This code cannot be reached: "free_opts(opt);".

2189 free_opts(opt);

** CID 530525: Insecure data handling (INTEGER_OVERFLOW)
/getmsg.cpp: 540 in sbbs_t::getmsgnum(int, long)()


________________________________________________________________________________________________________
*** CID 530525: Insecure data handling (INTEGER_OVERFLOW)
/getmsg.cpp: 540 in sbbs_t::getmsgnum(int, long)()
534 errormsg(WHERE,ERR_OPEN,smb.file,i,smb.last_error);
535 return 0;
536 }
537 int result = smb_getmsgidx_by_time(&smb, &idx, t);
538 smb_close(&smb);
539 if(result >= SMB_SUCCESS)

CID 530525: Insecure data handling (INTEGER_OVERFLOW)
"idx.number - 1U", which might have underflowed, is returned from the function.

540 return idx.number - 1;
541 return ~0;
542 }
543
544 /****************************************************************************/
545 /* Returns the time of the message number pointed to by 'ptr' */

** CID 530524: Data race undermines locking (LOCK_EVASION)
/exec.cpp: 1410 in sbbs_t::exec(csi_t *)()


________________________________________________________________________________________________________
*** CID 530524: Data race undermines locking (LOCK_EVASION)
/exec.cpp: 1410 in sbbs_t::exec(csi_t *)()
1404 csi->logic=strnicmp(csi->str,(char*)csi->ip,strlen((char*)csi->ip));
1405 break;
1406 default:
1407 errormsg(WHERE,ERR_CHK,"shell instruction",*(csi->ip-1));
1408 break;
1409 }

CID 530524: Data race undermines locking (LOCK_EVASION)
Thread1 sets "ip" to a new value. Now the two threads have an inconsistent view of "ip" and updates to fields correlated with "ip" may be lost.

1410 while(*(csi->ip++)); /* Find NULL */
1411 return(0);
1412 }
1413
1414 if(*csi->ip>=CS_THREE_BYTE) {
1415 switch(*(csi->ip++)) {

** CID 530523: Insecure data handling (INTEGER_OVERFLOW)


________________________________________________________________________________________________________
*** CID 530523: Insecure data handling (INTEGER_OVERFLOW)
/chat.cpp: 178 in sbbs_t::multinodechat(int)()
172 SAFECAT(str,"0");
173 i=getkeys(str,cfg.total_chans);
174 if(i&0x80000000L) { /* change channel */
175 savch=(char)(i&~0x80000000L); 176 if(savch==channel)
177 continue;

CID 530523: Insecure data handling (INTEGER_OVERFLOW)
"savch - 1", which might have underflowed, is passed to "this->chan_access(savch - 1)".

178 if(!chan_access(savch-1))
179 continue;
180 bprintf(text[WelcomeToChannelN] 181 ,savch,cfg.chan[savch-1]->name);
182
183 usrs=0;

** CID 530521: Control flow issues (DEADCODE)
/websrvr.c: 6459 in read_post_data()


________________________________________________________________________________________________________
*** CID 530521: Control flow issues (DEADCODE)
/websrvr.c: 6459 in read_post_data()
6453 if(ch_len==0)
6454 break;
6455 /* Check size */
6456 s += ch_len;
6457 if(s > MAX_POST_LEN) {
6458 if(s > SIZE_MAX) {

CID 530521: Control flow issues (DEADCODE)
Execution cannot reach this statement: "send_error(session, 6459U, ...".

6459 send_error(session,__LINE__,"413 Request entity too large");
6460 FCLOSE_OPEN_FILE(fp); 6461 return(false);
6462 }
6463 if(fp==NULL) {
6464 fp=open_post_file(session);

** CID 530517: Resource leaks (RESOURCE_LEAK)
/sbbsecho.c: 5884 in find_stray_packets()


________________________________________________________________________________________________________
*** CID 530517: Resource leaks (RESOURCE_LEAK)
/sbbsecho.c: 5884 in find_stray_packets()
5878 }
5879 if(terminator == FIDO_PACKET_TERMINATOR)
5880 lprintf(LOG_DEBUG, "Stray packet already finalized: %s", packet);
5881 else {
5882 if((pkt->fp = fopen(pkt->filename, "ab")) == NULL) {
5883 lprintf(LOG_ERR, "ERROR %d (%s) opening %s", errno, strerror(errno), pkt->filename);

CID 530517: Resource leaks (RESOURCE_LEAK)
Freeing "pkt" without freeing its pointer field "filename" leaks the storage that "filename" points to.

5884 free(pkt);
5885 continue;
5886 }
5887 }
5888 pkt->orig = pkt_orig;
5889 pkt->dest = pkt_dest;

** CID 530516: Integer handling issues (INTEGER_OVERFLOW)
/sbbsecho.c: 3920 in putfmsg()


________________________________________________________________________________________________________
*** CID 530516: Integer handling issues (INTEGER_OVERFLOW)
/sbbsecho.c: 3920 in putfmsg()
3914 lastlen=9; /* +strlen(seenby); */
3915 net_exists=0;
3916 fprintf(stream,"\rSEEN-BY:"); 3917 }
3918 }
3919

CID 530516: Integer handling issues (INTEGER_OVERFLOW)
Expression "u++", where "u" is known to be equal to 4294967295, overflows the type of "u++", which is type "unsigned int".

3920 for(u=0;u<area.links;u++) { /* Add all links to SEEN-BYs */
3921 nodecfg_t* nodecfg=findnodecfg(&cfg, area.link[u], /* exact: */false);
3922 if(nodecfg!=NULL && nodecfg->passive) 3923 continue;
3924 strcpy(seenby," ");
3925 if(foreign_zone(addr.zone, area.link[u].zone) || area.link[u].point)

** CID 530515: Insecure data handling (INTEGER_OVERFLOW)
/js_system.c: 1575 in js_get_node()


________________________________________________________________________________________________________
*** CID 530515: Insecure data handling (INTEGER_OVERFLOW)
/js_system.c: 1575 in js_get_node()
1569 JS_DefineProperty(cx, nodeobj, "action", INT_TO_JSVAL((int)node.action), NULL, NULL, JSPROP_ENUMERATE);
1570 JS_DefineProperty(cx, nodeobj, "activity", STRING_TO_JSVAL(JS_NewStringCopyZ(cx, node_activity(sys->cfg, &node, str, sizeof str, node_num))), NULL, NULL, JSPROP_ENUMERATE);
1571 JS_DefineProperty(cx, nodeobj, "useron", INT_TO_JSVAL((int)node.useron), NULL, NULL, JSPROP_ENUMERATE);
1572 JS_DefineProperty(cx, nodeobj, "connection", INT_TO_JSVAL((int)node.connection), NULL, NULL, JSPROP_ENUMERATE);
1573 JS_DefineProperty(cx, nodeobj, "misc", INT_TO_JSVAL((int)node.misc), NULL, NULL, JSPROP_ENUMERATE);
1574 JS_DefineProperty(cx, nodeobj, "aux", INT_TO_JSVAL((int)node.aux), NULL, NULL, JSPROP_ENUMERATE);

CID 530515: Insecure data handling (INTEGER_OVERFLOW)
The cast of "node.extaux" to a signed type could result in a negative number.

1575 JS_DefineProperty(cx, nodeobj, "extaux", INT_TO_JSVAL((int)node.extaux), NULL, NULL, JSPROP_ENUMERATE);
1576 JS_SET_RVAL(cx, arglist, OBJECT_TO_JSVAL(nodeobj));
1577 return JS_TRUE;
1578 }
1579
1580 static JSBool

** CID 530514: (INTEGER_OVERFLOW)
/scansubs.cpp: 312 in sbbs_t::new_scan_ptr_cfg()()
/scansubs.cpp: 375 in sbbs_t::new_scan_ptr_cfg()()


________________________________________________________________________________________________________
*** CID 530514: (INTEGER_OVERFLOW)
/scansubs.cpp: 312 in sbbs_t::new_scan_ptr_cfg()()
306 else
307 subscan[usrsub[i][j]].ptr=l-s;
308 }
309 progress(text[LoadingMsgPtrs], subs, total_subs);
310 continue;
311 }

CID 530514: (INTEGER_OVERFLOW)
Expression "i", where "(s & 0xffffffff7fffffffL) - 1L" is known to be equal to -1, overflows the type of "i", which is type "int".

312 i=(s&~0x80000000L)-1;
313 while(online) {
314 l=0;
315 bprintf(text[CfgSubLstHdr],cfg.grp[usrgrp[i]]->lname);
316 for(j=0;j<usrsubs[i] && !msgabort();j++) {
317 checkline();
/scansubs.cpp: 375 in sbbs_t::new_scan_ptr_cfg()()
369 subscan[usrsub[i][j]].ptr=l-s;
370 }
371 progress(text[LoadingMsgPtrs], j, usrsubs[i]);
372 continue;
373 }
374 else {

CID 530514: (INTEGER_OVERFLOW)
Expression "j", where "(s & 0xffffffff7fffffffL) - 1L" is known to be equal to -1, overflows the type of "j", which is type "int".

375 j=(s&~0x80000000L)-1;
376 mnemonics(text[SetMsgPtrPrompt]);
377 SAFEPRINTF2(keys, "%s%c", text[DateLastKeys], quit_key());
378 s=getkeys(keys, 9999);
379 if(s==-1 || s==quit_key())
380 continue;

** CID 530512: Integer handling issues (INTEGER_OVERFLOW)
/scansubs.cpp: 472 in sbbs_t::new_scan_cfg(unsigned int)()


________________________________________________________________________________________________________
*** CID 530512: Integer handling issues (INTEGER_OVERFLOW)
/scansubs.cpp: 472 in sbbs_t::new_scan_cfg(unsigned int)()
466 subscan[usrsub[i][j]].cfg&=~SUB_CFG_YSCAN;
467 subscan[usrsub[i][j]].cfg|=misc;
468 }
469 }
470 continue;
471 }

CID 530512: Integer handling issues (INTEGER_OVERFLOW)
Expression "j", where "(s & 0xffffffff7fffffffL) - 1L" is known to be equal to -1, overflows the type of "j", which is type "int".

472 j=(s&~0x80000000L)-1;
473 if(misc&SUB_CFG_NSCAN && !(subscan[usrsub[i][j]].cfg&misc)) {
474 if(!(useron.rest&FLAG('Q')) && !noyes(text[MsgsToYouOnlyQ]))
475 subscan[usrsub[i][j]].cfg|=SUB_CFG_YSCAN;
476 else
477 subscan[usrsub[i][j]].cfg&=~SUB_CFG_YSCAN;

** CID 530511: (INTEGER_OVERFLOW)
/websrvr.c: 706 in sess_sendbuf()
/websrvr.c: 719 in sess_sendbuf()


________________________________________________________________________________________________________
*** CID 530511: (INTEGER_OVERFLOW)
/websrvr.c: 706 in sess_sendbuf()
700 }
701 else
702 *failed=true;
703 result = tls_sent;
704 }
705 else {

CID 530511: (INTEGER_OVERFLOW)
"len - sent", which might have underflowed, is passed to "send(session->socket, buf + sent, len - sent, 0)".

706 result=sendsocket(session->socket,buf+sent,len-sent);
707 if(result==SOCKET_ERROR) {
708 if(SOCKET_ERRNO==ECONNRESET) 709 lprintf(LOG_NOTICE,"%04d Connection reset by peer on send",session->socket);
710 else if(SOCKET_ERRNO==ECONNABORTED)
711 lprintf(LOG_NOTICE,"%04d Connection aborted by peer on send",session->socket);
/websrvr.c: 719 in sess_sendbuf()
713 else if(SOCKET_ERRNO==EPIPE) 714 lprintf(LOG_NOTICE,"%04d Unable to send to peer",session->socket);
715 #endif
716 else if(session->socket != INVALID_SOCKET)
717 lprintf(LOG_WARNING,"%04d !ERROR %d sending on socket",session->socket,SOCKET_ERRNO);
718 *failed=true;

CID 530511: (INTEGER_OVERFLOW)
"sent", which might have underflowed, is returned from the function. 719 return(sent);

720 }
721 }
722 }
723 else {
724 lprintf(LOG_WARNING,"%04d Timeout waiting for socket to become writable",session->socket);

** CID 530509: (INTEGER_OVERFLOW)
/getstr.cpp: 338 in sbbs_t::getstr(char *, unsigned long, int, char **)() /getstr.cpp: 482 in sbbs_t::getstr(char *, unsigned long, int, char **)() /getstr.cpp: 427 in sbbs_t::getstr(char *, unsigned long, int, char **)() /getstr.cpp: 617 in sbbs_t::getstr(char *, unsigned long, int, char **)()


________________________________________________________________________________________________________
*** CID 530509: (INTEGER_OVERFLOW)
/getstr.cpp: 338 in sbbs_t::getstr(char *, unsigned long, int, char **)()
332 l=strlen(strout);
333 if(mode&K_NOECHO)
334 return(l);
335 if(mode&K_MSG)
336 redrwstr(strout,i,l,K_MSG);
337 else {

CID 530509: (INTEGER_OVERFLOW)
Expression "i--", where "i" is known to be equal to 0, underflows the type of "i--", which is type "size_t".

338 while(i--)
339 bputs("\b");
340 bputs(strout);
341 if(mode&K_LINE)
342 attr(LIGHTGRAY);
343 }
/getstr.cpp: 482 in sbbs_t::getstr(char *, unsigned long, int, char **)()
476 if(history != NULL) {
477 if(history[hidx + 1] == NULL) { 478 outchar(BEL);
479 break;
480 }
481 hidx++;

CID 530509: (INTEGER_OVERFLOW)
Expression "i--", where "i" is known to be equal to 0, underflows the type of "i--", which is type "size_t".

482 while(i--)
483 backspace();
484 SAFECOPY(str1, history[hidx]); 485 i=l=strlen(str1);
486 rputs(str1);
487 cleartoeol();
/getstr.cpp: 427 in sbbs_t::getstr(char *, unsigned long, int, char **)()
421 }
422 i=0;
423 console|=CON_DELETELINE;
424 break;
425 case CTRL_Z: /* Undo */
426 if(!(mode&K_NOECHO)) {

CID 530509: (INTEGER_OVERFLOW)
Expression "i--", where "i" is known to be equal to 0, underflows the type of "i--", which is type "size_t".

427 while(i--)
428 backspace();
429 }
430 SAFECOPY(str1,undo);
431 i=l=strlen(str1);
432 rputs(str1);
/getstr.cpp: 617 in sbbs_t::getstr(char *, unsigned long, int, char **)()
611 }
612 getstr_offset=i;
613 if(!online)
614 return(0);
615 if(i>l)
616 l=i;

CID 530509: (INTEGER_OVERFLOW)
"l", which might have underflowed, is passed to "str1[l]".

617 str1[l]=0;
618 if(!(sys_status&SS_ABORT)) {
619 strcpy(strout,str1);
620 if(mode&K_TRIM)
621 truncsp(strout);
622 if((strip_invalid_attr(strout) || (console&CON_INSERT)) && !(mode&K_NOECHO))

** CID 530506: Concurrent data access violations (MISSING_LOCK)
/ssl.c: 640 in destroy_session()


________________________________________________________________________________________________________
*** CID 530506: Concurrent data access violations (MISSING_LOCK)
/ssl.c: 640 in destroy_session()
634 while (sess != NULL) {
635 if (sess->sess == csess) {
636 if (psess == NULL) {
637 sess_list = sess->next;
638 }
639 else {

CID 530506: Concurrent data access violations (MISSING_LOCK)
Accessing "psess->next" without holding lock "ssl_cert_list_mutex". Elsewhere, "cert_list.next" is written to with "ssl_cert_list_mutex" held 2 out of 4 times (2 of these accesses strongly imply that it is necessary).

640 psess->next = sess->next;
641 }
642 break;
643 }
644 psess = sess;
645 sess = sess->next;

** CID 530505: Resource leaks (RESOURCE_LEAK)
/bulkmail.cpp: 177 in sbbs_t::bulkmailhdr(smb_t *, smbmsg_t *, unsigned int)()


________________________________________________________________________________________________________
*** CID 530505: Resource leaks (RESOURCE_LEAK)
/bulkmail.cpp: 177 in sbbs_t::bulkmailhdr(smb_t *, smbmsg_t *, unsigned int)() 171
172 user.number=usernum;
173 if(getuserdat(&cfg, &user)!=0)
174 return(0);
175
176 if((i=smb_copymsgmem(NULL,&newmsg,msg))!=SMB_SUCCESS)

CID 530505: Resource leaks (RESOURCE_LEAK)
Variable "newmsg" going out of scope leaks the storage "newmsg.hfield_dat" points to.

177 return(i);
178
179 SAFECOPY(str,user.alias);
180 smb_hfield_str(&newmsg,RECIPIENT,str);
181
182 if(cfg.sys_misc&SM_FWDTONET && user.misc&NETMAIL && user.netmail[0]) {

** CID 530504: Insecure data handling (INTEGER_OVERFLOW)
/websrvr.c: 6476 in read_post_data()


________________________________________________________________________________________________________
*** CID 530504: Insecure data handling (INTEGER_OVERFLOW)
/websrvr.c: 6476 in read_post_data()
6470 return(false);
6471 }
6472 }
6473 else {
6474 /* realloc() to new size */ 6475 /* FREE()d in close_request */ >>> CID 530504: Insecure data handling (INTEGER_OVERFLOW)

"s", which might have underflowed, is passed to "realloc(session->req.post_data, s)".

6476 p=realloc(session->req.post_data, s);
6477 if(p==NULL) {
6478 errprintf(LOG_CRIT, WHERE, "%04d !ERROR Allocating %lu bytes of memory",session->socket, (ulong)session->req.post_len);
6479 send_error(session,__LINE__,"413 Request entity too large");
6480 FCLOSE_OPEN_FILE(fp); 6481 return(false);

** CID 530501: Resource leaks (RESOURCE_LEAK)
/js_socket.c: 3239 in js_connected_socket_constructor()


________________________________________________________________________________________________________
*** CID 530501: Resource leaks (RESOURCE_LEAK)
/js_socket.c: 3239 in js_connected_socket_constructor()
3233
3234 dbprintf(false, p, "object constructed");
3235 return(JS_TRUE);
3236
3237 fail:
3238 if (p)

CID 530501: Resource leaks (RESOURCE_LEAK)
Freeing "p" without freeing its handle field "sock" leaks the handle. 3239 free(p);

3240 if (protocol)
3241 free(protocol);
3242 if (host)
3243 free(host);
3244 return JS_FALSE;

** CID 530500: Control flow issues (DEADCODE) /tmp/sbbs-Jan-12-2025/src/xpdev/xpsem.c: 62 in xp_sem_init()


________________________________________________________________________________________________________
*** CID 530500: Control flow issues (DEADCODE) /tmp/sbbs-Jan-12-2025/src/xpdev/xpsem.c: 62 in xp_sem_init()
56 errno = EPERM;
57 retval = -1;
58 goto RETURN;
59 }
60
61 if (value > XP_SEM_VALUE_MAX) {

CID 530500: Control flow issues (DEADCODE)
Execution cannot reach this statement: "*__errno_location() = 22;".

62 errno = EINVAL;
63 retval = -1;
64 goto RETURN;
65 }
66
67 *sem = (xp_sem_t)malloc(sizeof(struct xp_sem));

** CID 530498: Resource leaks (RESOURCE_LEAK)
/js_socket.c: 3413 in js_listening_socket_constructor()


________________________________________________________________________________________________________
*** CID 530498: Resource leaks (RESOURCE_LEAK)
/js_socket.c: 3413 in js_listening_socket_constructor()
3407 return(JS_FALSE);
3408 }
3409
3410 if(!js_DefineSocketOptionsArray(cx, obj, type)) {
3411 free(p);
3412 free(set);

CID 530498: Resource leaks (RESOURCE_LEAK)
Variable "protocol" going out of scope leaks the storage it points to. 3413 return(JS_FALSE);

3414 }
3415
3416 #ifdef BUILD_JSDOCS
3417 js_DescribeSyncObject(cx,obj,"Class used for incoming TCP/IP socket communications",317);
3418 js_DescribeSyncConstructor(cx,obj,"To create a new ListeningSocket object: "


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://scan.coverity.com/projects/synchronet?tab=overview



---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

1 new defect(s) introduced to Synchronet found with Coverity Scan.


New defect(s) Reported-by: Coverity Scan
Showing 1 of 1 defect(s)


** CID 530828: Possible Control flow issues (DEADCODE)
/load_cfg.c: 147 in load_cfg()


________________________________________________________________________________________________________
*** CID 530828: Possible Control flow issues (DEADCODE)
/load_cfg.c: 147 in load_cfg()
141 free(text[n]);
142 text[n] = strdup(list[i]->value);
143 }
144 iniFreeNamedStringList(list);
145 iniFreeStringList(ini);
146 if (!success)

CID 530828: Possible Control flow issues (DEADCODE)
Execution cannot reach this statement: "return false;".

147 return false;
148 }
149
150 cfg->text = text;
151 }
152


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://scan.coverity.com/projects/synchronet?tab=overview



---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

1 new defect(s) introduced to Synchronet found with Coverity Scan.
3 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 1 of 1 defect(s)


** CID 530902: (CHECKED_RETURN)
/useredit.cpp: 745 in sbbs_t::user_config(user_t *)()
/useredit.cpp: 740 in sbbs_t::user_config(user_t *)()


________________________________________________________________________________________________________
*** CID 530902: (CHECKED_RETURN)
/useredit.cpp: 745 in sbbs_t::user_config(user_t *)()
739 exec_bin(cmdline, &main_csi);
740 getuserdat(&cfg, user);
741 return;
742 }
743 while (online) {
744 CLS;

CID 530902: (CHECKED_RETURN)
Calling "getuserdat" without checking return value (as is done elsewhere 83 out of 98 times).

745 getuserdat(&cfg, user);
746 bprintf(text[UserDefaultsHdr], user->alias, user->number);
747 if (user == &useron) {
748 update_nodeterm();
749 load_user_text();
750 }
/useredit.cpp: 740 in sbbs_t::user_config(user_t *)()
734
735 action = NODE_DFLT;
736 if (cfg.usercfg_mod[0]) {
737 char cmdline[256];
738 snprintf(cmdline, sizeof(cmdline), "%s %u", cfg.usercfg_mod, user->number);
739 exec_bin(cmdline, &main_csi);

CID 530902: (CHECKED_RETURN)
Calling "getuserdat" without checking return value (as is done elsewhere 83 out of 98 times).

740 getuserdat(&cfg, user);
741 return;
742 }
743 while (online) {
744 CLS;
745 getuserdat(&cfg, user);


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://scan.coverity.com/projects/synchronet?tab=overview



---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

1 new defect(s) introduced to Synchronet found with Coverity Scan.


New defect(s) Reported-by: Coverity Scan
Showing 1 of 1 defect(s)


** CID 531895: Integer handling issues (INTEGER_OVERFLOW) /tmp/sbbs-Jan-24-2025/src/conio/bitmap_con.c: 783 in draw_char_row_slow()


________________________________________________________________________________________________________
*** CID 531895: Integer handling issues (INTEGER_OVERFLOW) /tmp/sbbs-Jan-24-2025/src/conio/bitmap_con.c: 783 in draw_char_row_slow()
777
778 uint8_t fb = cs->font[cs->fontoffset];
779 for(unsigned x = 0; x < vstat.charwidth; x++) {
780 unsigned bitnum = x & 0x07;
781 if (bs->expand && x == bs->font_data_width) {
782 if (cs->gexpand)

CID 531895: Integer handling issues (INTEGER_OVERFLOW)
Expression "x - 1U", where "x" is known to be equal to 0, underflows the type of "x - 1U", which is type "unsigned int".

783 fbb = cs->font[cs->fontoffset - 1] & (0x80 >> ((x - 1) & 7));
784 else
785 fbb = 0;
786 }
787 else {
788 if (bitnum == 0 && x != 0) {


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://scan.coverity.com/projects/synchronet?tab=overview



---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

1 new defect(s) introduced to Synchronet found with Coverity Scan.
2 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 1 of 1 defect(s)


** CID 531919: Integer handling issues (INTEGER_OVERFLOW) /tmp/sbbs-Jan-26-2025/src/xpdev/named_str_list.c: 43 in namedStrListDelete()


________________________________________________________________________________________________________
*** CID 531919: Integer handling issues (INTEGER_OVERFLOW) /tmp/sbbs-Jan-26-2025/src/xpdev/named_str_list.c: 43 in namedStrListDelete()
37 size_t count;
38 named_string_t *old;
39 named_string_t **newlist;
40
41 COUNT_LIST_ITEMS(*list, count);
42 if (index == NAMED_STR_LIST_LAST_INDEX)

CID 531919: Integer handling issues (INTEGER_OVERFLOW)
Expression "count - 1UL", where "count" is known to be equal to 0, underflows the type of "count - 1UL", which is type "unsigned long".

43 index = count - 1;
44 if (index >= count)
45 return false;
46 newlist = (named_string_t **)realloc(*list, (count + 1) * sizeof(named_string_t*));
47 if (newlist != NULL)
48 *list = newlist;


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://scan.coverity.com/projects/synchronet?tab=overview



---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

1 new defect(s) introduced to Synchronet found with Coverity Scan.


New defect(s) Reported-by: Coverity Scan
Showing 1 of 1 defect(s)


** CID 532317: Error handling issues (CHECKED_RETURN)
/js_socket.c: 2380 in js_socket_set()


________________________________________________________________________________________________________
*** CID 532317: Error handling issues (CHECKED_RETURN)
/js_socket.c: 2380 in js_socket_set()
2374 size_t key_sz;
2375 JS_IdToValue(cx, ids->vector[k], &js_id);
2376 id = NULL;
2377 JSVALUE_TO_MSTRING(cx, js_id, id, &id_sz);
2378 if (id != NULL) {
2379 if (!JS_IsExceptionPending(cx)) {

CID 532317: Error handling issues (CHECKED_RETURN)
Calling "JS_GetProperty" without checking return value (as is done elsewhere 196 out of 203 times).

2380 JS_GetProperty(cx, p->tls_psk, id, &js_key);
2381 JSVALUE_TO_MSTRING(cx, js_key, key, &key_sz);
2382 if (key != NULL) {
2383 if (!JS_IsExceptionPending(cx)) {
2384 if (do_cryptAttributeString(p->session, CRYPT_SESSINFO_USERNAME, id, id_sz) == CRYPT_OK)
2385 do_cryptAttributeString(p->session, CRYPT_SESSINFO_PASSWORD, key, key_sz);


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://scan.coverity.com/projects/synchronet?tab=overview



---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

2 new defect(s) introduced to Synchronet found with Coverity Scan.
17 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 2 of 2 defect(s)


** CID 543172: Program hangs (SLEEP)


________________________________________________________________________________________________________
*** CID 543172: Program hangs (SLEEP)
/main.cpp: 3876 in sbbs_t::~sbbs_t()()
3870 fremove(WHERE, syspage_semfile);
3871
3872 /********************************/
3873 /* Free allocated class members */
3874 /********************************/
3875

CID 543172: Program hangs (SLEEP)
Call to "js_cleanup" might sleep while holding lock "this->nodefile_mutex".

3876 js_cleanup();
3877
3878 /* Reset text.dat */
3879
3880 for (i = 0; i < TOTAL_TEXT; i++)
3881 if (text[i] != text_sav[i]) {

** CID 543171: Null pointer dereferences (FORWARD_NULL)


________________________________________________________________________________________________________
*** CID 543171: Null pointer dereferences (FORWARD_NULL)
/main.cpp: 1528 in sbbs_t::js_create_user_objects(JSContext *, JSObject *)() 1522 bool sbbs_t::js_create_user_objects(JSContext* cx, JSObject* glob) 1523 {
1524 bool result = false;
1525 if (cx != NULL) {
1526 JS_BEGINREQUEST(cx);
1527 if (!js_CreateUserObjects(cx, glob, &cfg, &useron, &client, startup == NULL ? NULL :startup->web_file_vpath_prefix, subscan, mqtt))

CID 543171: Null pointer dereferences (FORWARD_NULL)
"errprintf" dereferences null "this->startup".

1528 errprintf(LOG_ERR, WHERE, "!JavaScript ERROR creating user objects");
1529 else
1530 result = true;
1531 JS_ENDREQUEST(cx);
1532 }
1533 return result;


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://scan.coverity.com/projects/synchronet?tab=overview



---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

1 new defect(s) introduced to Synchronet found with Coverity Scan.
3 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 1 of 1 defect(s)


** CID 544155: Error handling issues (CHECKED_RETURN)
/ssl.c: 540 in get_ssl_cert()


________________________________________________________________________________________________________
*** CID 544155: Error handling issues (CHECKED_RETURN)
/ssl.c: 540 in get_ssl_cert()
534 size_t backoff_ms = 1;
535 unsigned loops = 0;
536 while (cert_entry->cert == -1) {
537 assert_pthread_mutex_lock(&get_ssl_cert_mutex);
538 /* Get the certificate... first try loading it from a file... */
539 if (cryptStatusOK(cryptKeysetOpen(&ssl_keyset, CRYPT_UNUSED, CRYPT_KEYSET_FILE, cert_path, CRYPT_KEYOPT_READONLY))) {

CID 544155: Error handling issues (CHECKED_RETURN)
Calling "log_cryptlib_error" without checking return value (as is done elsewhere 16 out of 17 times).

540 DO("getting private key", ssl_keyset, cryptGetPrivateKey(ssl_keyset, &cert_entry->cert, CRYPT_KEYID_NAME, "ssl_cert", cfg->sys_pass));
541 cryptKeysetClose(ssl_keyset);
542 }
543 if (cert_entry->cert == -1) {
544 lprintf(LOG_WARNING, "Failed to open/read TLS certificate: %s", cert_path);
545 if (cfg->create_self_signed_cert) {


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://scan.coverity.com/projects/synchronet?tab=overview



---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

5 new defect(s) introduced to Synchronet found with Coverity Scan.
6 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 5 of 5 defect(s)


** CID 548252: Error handling issues (NEGATIVE_RETURNS)
/writemsg.cpp: 709 in sbbs_t::writemsg(const char *, const char *, char *, int, int, const char *, const char *, const char **, const char **)()


________________________________________________________________________________________________________
*** CID 548252: Error handling issues (NEGATIVE_RETURNS)
/writemsg.cpp: 709 in sbbs_t::writemsg(const char *, const char *, char *, int, int, const char *, const char *, const char **, const char **)()
703 buf[0] = 0;
704 if (linesquoted || draft_restored) {
705 if ((file = nopen(msgtmp, O_RDONLY)) != -1) { 706 length = (long)filelength(file);
707 l = length > (int)(cfg.level_linespermsg[useron_level] * MAX_LINE_LEN) - 1
708 ? (cfg.level_linespermsg[useron_level] * MAX_LINE_LEN) - 1 : length;

CID 548252: Error handling issues (NEGATIVE_RETURNS)
"l" is passed to a parameter that cannot be negative. [Note: The source code implementation of the function has been overridden by a builtin model.]

709 if (read(file, buf, l) != l)
710 l = 0;
711 buf[l] = 0;
712 close(file);
713 // remove(msgtmp);
714 }

** CID 548251: Incorrect expression (SIZEOF_MISMATCH)
/xtrn.cpp: 1621 in sbbs_t::external(const char *, int, const char *)()


________________________________________________________________________________________________________
*** CID 548251: Incorrect expression (SIZEOF_MISMATCH)
/xtrn.cpp: 1621 in sbbs_t::external(const char *, int, const char *)()
1615 return -1;
1616 }
1617
1618 if ((mode & EX_STDIO) == EX_STDIO) {
1619 struct winsize winsize;
1620 struct termios termio;

CID 548251: Incorrect expression (SIZEOF_MISMATCH)
Passing argument "&termio" of type "termios *" and argument "8UL" ("sizeof (this->term)") to function "memset" is suspicious because "sizeof (termios) /*60*/" is expected.

1621 memset(&termio, 0, sizeof(term));
1622 cfsetispeed(&termio, B19200);
1623 cfsetospeed(&termio, B19200);
1624 if (mode & EX_BIN)
1625 cfmakeraw(&termio);
1626 else {

** CID 548250: Control flow issues (NO_EFFECT)
/terminal.cpp: 31 in Terminal::scroll_hotspots(unsigned int)()


________________________________________________________________________________________________________
*** CID 548250: Control flow issues (NO_EFFECT)
/terminal.cpp: 31 in Terminal::scroll_hotspots(unsigned int)()
25 unsigned spots = 0;
26 unsigned remain = 0;
27 for (list_node_t* node = mouse_hotspots->first; node != NULL; node = node->next) {
28 struct mouse_hotspot* spot = (struct mouse_hotspot*)node->data; 29 spot->y -= count;
30 spots++;

CID 548250: Control flow issues (NO_EFFECT)
This greater-than-or-equal-to-zero comparison of an unsigned value is always true. "spot->y >= 0U".

31 if (spot->y >= 0)
32 remain++;
33 }
34 #ifdef _DEBUG
35 if (spots)
36 sbbs->lprintf(LOG_DEBUG, "Scrolled %u mouse hot-spots %u rows (%u remain)", spots, count, remain);

** CID 548249: (DEADCODE)
/useredit.cpp: 89 in sbbs_t::useredit(int)()
/useredit.cpp: 89 in sbbs_t::useredit(int)()


________________________________________________________________________________________________________
*** CID 548249: (DEADCODE)
/useredit.cpp: 89 in sbbs_t::useredit(int)()
83 SAFEPRINTF2(user_pass, "%.*s..", (int)(max_len - 2), user.pass);
84 bprintf(text[UeditAliasPassword]
85 , user.alias
86 , datestr(user.pwmod, tmp)
87 , (user.level > useron.level || !(cfg.sys_misc & SM_ECHO_PW)) ? "<hidden>" : user_pass
88 );

CID 548249: (DEADCODE)
Execution cannot reach the expression ""XXXXXXXX"" inside this statement: "this->bprintf(this->text[Ue...".

89 bprintf(text[UeditRealNamePhone]
90 , user.level > useron.level && console & CON_R_ECHO
91 ? "XXXXXXXX" : user.name
92 , user.level > useron.level && console & CON_R_ECHO
93 ? "XXX-XXX-XXXX" : user.phone);
94 bprintf(text[UeditAddressBirthday]
/useredit.cpp: 89 in sbbs_t::useredit(int)()
83 SAFEPRINTF2(user_pass, "%.*s..", (int)(max_len - 2), user.pass);
84 bprintf(text[UeditAliasPassword]
85 , user.alias
86 , datestr(user.pwmod, tmp)
87 , (user.level > useron.level || !(cfg.sys_misc & SM_ECHO_PW)) ? "<hidden>" : user_pass
88 );

CID 548249: (DEADCODE)
Execution cannot reach the expression ""XXX-XXX-XXXX"" inside this statement: "this->bprintf(this->text[Ue...".

89 bprintf(text[UeditRealNamePhone]
90 , user.level > useron.level && console & CON_R_ECHO
91 ? "XXXXXXXX" : user.name
92 , user.level > useron.level && console & CON_R_ECHO
93 ? "XXX-XXX-XXXX" : user.phone);
94 bprintf(text[UeditAddressBirthday]

** CID 548248: Error handling issues (CHECKED_RETURN)
/writemsg.cpp: 1836 in sbbs_t::movemsg(smbmsg_t *, int)()


________________________________________________________________________________________________________
*** CID 548248: Error handling issues (CHECKED_RETURN)
/writemsg.cpp: 1836 in sbbs_t::movemsg(smbmsg_t *, int)()
1830 length = smb_getmsgdatlen(msg);
1831 if ((buf = (char *)malloc(length)) == NULL) {
1832 errormsg(WHERE, ERR_ALLOC, smb.file, length);
1833 return false;
1834 }
1835

CID 548248: Error handling issues (CHECKED_RETURN)
Calling "fseek(this->smb.sdt_fp, msg->hdr.offset, 0)" without checking return value. This library function may fail and return an error code.

1836 fseek(smb.sdt_fp, msg->hdr.offset, SEEK_SET);
1837 if (fread(buf, length, 1, smb.sdt_fp) != 1) {
1838 free(buf);
1839 errormsg(WHERE, ERR_READ, smb.file, length);
1840 return false;
1841 }


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://scan.coverity.com/projects/synchronet?tab=overview



---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

1 new defect(s) introduced to Synchronet found with Coverity Scan.
3 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 1 of 1 defect(s)


** CID 548912: Data race undermines locking (LOCK_EVASION)
/answer.cpp: 437 in sbbs_t::answer(bool *)()


________________________________________________________________________________________________________
*** CID 548912: Data race undermines locking (LOCK_EVASION)
/answer.cpp: 437 in sbbs_t::answer(bool *)()
431 activate_ssh = init_sftp(cid);
432 term->cols = 0;
433 term->rows = 0;
434 SAFECOPY(terminal, "sftp");
435 mouse_mode = MOUSE_MODE_OFF;
436 autoterm = 0;

CID 548912: Data race undermines locking (LOCK_EVASION)
Thread1 sets "sys_status" to a new value. Now the two threads have an inconsistent view of "sys_status" and updates to fields correlated with "sys_status" may be lost.

437 sys_status |= SS_USERON;
438 SAFECOPY(client.protocol, "SFTP");
439 SAFECOPY(client.user, useron.alias);
440 client.usernum = useron.number;
441 client_on(client_socket, &client, /* update: */ TRUE);
442 SAFECOPY(connection, client.protocol);


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://scan.coverity.com/projects/synchronet?tab=overview



---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

2 new defect(s) introduced to Synchronet found with Coverity Scan.


New defect(s) Reported-by: Coverity Scan
Showing 2 of 2 defect(s)


** CID 549016: Integer handling issues (INTEGER_OVERFLOW)
/str.cpp: 1194 in sbbs_t::spy(unsigned int)()


________________________________________________________________________________________________________
*** CID 549016: Integer handling issues (INTEGER_OVERFLOW)
/str.cpp: 1194 in sbbs_t::spy(unsigned int)()
1188 && !msgabort()) {
1189 in = incom(1000);
1190 if (in == NOINP) {
1191 gettimeleft();
1192 continue;
1193 }

CID 549016: Integer handling issues (INTEGER_OVERFLOW)
Expression "ch", where "in" is known to be equal to 256, overflows the type of "ch", which is type "char".

1194 ch = in;
1195 if (ch == ESC) {
1196 if (ansi_len)
1197 ansi_len = 0;
1198 else {
1199 if ((in = incom(500)) != NOINP) {

** CID 549015: Uninitialized variables (UNINIT)


________________________________________________________________________________________________________
*** CID 549015: Uninitialized variables (UNINIT)
/js_system.c: 2089 in js_chkpassword()
2083
2084 js_system_private_t* sys;
2085 if ((sys = (js_system_private_t*)js_GetClassPrivate(cx, obj, &js_system_class)) == NULL)
2086 return JS_FALSE;
2087
2088 rc = JS_SUSPENDREQUEST(cx);

CID 549015: Uninitialized variables (UNINIT)
Using uninitialized value "*str" when calling "check_pass".

2089 bool result = check_pass(sys->cfg, str, /* user: */NULL, /* unique: */false, /* reason: */NULL)
2090 && !trashcan(sys->cfg, str, "password"); 2091 JS_SET_RVAL(cx, arglist, BOOLEAN_TO_JSVAL(result));
2092 JS_RESUMEREQUEST(cx, rc);
2093
2094 return JS_TRUE;


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://scan.coverity.com/projects/synchronet?tab=overview



---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net

<!DOCTYPE html>
<html>
<head>
<style>
body {
font-family: Arial, sans-serif;
line-height: 1.6;
}
.button {
display: inline-block;
padding: 10px 20px;
margin: 20px 0;
font-size: 16px;
color: #fff;
background-color: #007bff;
text-decoration: none;
border-radius: 5px;
}
.button:hover {
background-color: #0056b3;
}
</style>
</head>
<body>
<p>Hi,</p>

<p>
Coverity Scan has identified new defect(s) in the project <strong>Synchronet</strong>.
</p>

<h3>Defect Summary:</h3>
<ul>
<li><strong>New Defects Found:</strong> 2</li>
<li><strong>Defects Fixed:</strong> 1</li>
<li><strong>Defects Displayed:</strong> Showing 2 of 2</li>
</ul>

<p>
To view the full list of defects and take action, click the button below:
</p>

<p>
<a href="https://scan.coverity.com/projects/synchronet?tab=overview" class="button">View Defects</a>
</p>

<p>
If you have any questions or need assistance, feel free to contact our support team.
</p>


<p>Best regards,</p>
<p>The Coverity Scan Admin Team</p>
<img class="logo" width="140" src="/assets/BlackDuckLogo-6697adc63e07340464201a2ad534d3d3e44f95d36edda20b140440d34f05372f.svg" />
</body>
</html>


---
* Synchronet * Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net

----==_mimepart_686a7047ce71_192e802d9f7544199c8471c
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

2 new defect(s) introduced to Synchronet found with Coverity Scan.


New defect(s) Reported-by: Coverity Scan
Showing 2 of 2 defect(s)


** CID 569480: Resource leaks (RESOURCE_LEAK)
/js_system.c: 1781 in js_notify()


_____________________________________________________________________________________________
*** CID 569480: Resource leaks (RESOURCE_LEAK)
/js_system.c: 1781 in js_notify()
1775 if (msg == NULL)
1776 return JS_TRUE;
1777 }
1778
1779 if (argc > 3 && !JSVAL_NULL_OR_VOID(argv[3])) {
1780 if ((js_str = JS_ValueToString(cx, argv[3])) == NULL) >>> CID 569480: Resource leaks (RESOURCE_LEAK)

Variable "msg" going out of scope leaks the storage it points to.

1781 return JS_FALSE;
1782
1783 JSSTRING_TO_MSTRING(cx, js_str, replyto, NULL);
1784 HANDLE_PENDING(cx, replyto);
1785 if (replyto == NULL)
1786 return JS_TRUE;

** CID 569479: Resource leaks (RESOURCE_LEAK)
/js_system.c: 1793 in js_notify()


_____________________________________________________________________________________________
*** CID 569479: Resource leaks (RESOURCE_LEAK)
/js_system.c: 1793 in js_notify()
1787 }
1788
1789 JSSTRING_TO_MSTRING(cx, js_subj, subj, NULL);
1790 HANDLE_PENDING(cx, subj);
1791 if (subj == NULL) {
1792 free(msg);

CID 569479: Resource leaks (RESOURCE_LEAK)
Variable "replyto" going out of scope leaks the storage it points to. 1793 return JS_TRUE;

1794 }
1795
1796 rc = JS_SUSPENDREQUEST(cx);
1797 ret = notify(sys->cfg, usernumber, subj, msg, replyto) == 0; 1798 free(subj);


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://scan.coverity.com/projects/synchronet?tab=overview


----==_mimepart_686a7047ce71_192e802d9f7544199c8471c
Content-Type: text/html; charset=us-ascii
Content-Transfer-Encoding: 7bit

<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<title>New Defects Reported - Synchronet</title>
<style>
body { font-family: Arial, sans-serif; color: #222; line-height: 1.6; }
.button {
display: inline-block;
padding: 10px 20px;
margin: 20px 0;
font-size: 16px;
color: #fff !important;
background-color: #0056b3;
text-decoration: none;
border-radius: 5px;
}
pre {
background: #f8f9fa;
padding: 10px;
border-radius: 5px;
font-size: 14px;
overflow-x: auto;
}
</style>
</head>
<body>
<p>Hi,</p>

<p>
Please find the latest report on new defect(s) introduced to <strong>Synchronet</strong>
found with Coverity Scan.
</p>

<ul>
<li><strong>New Defects Found:</strong> 2</li>
<li><strong>Defects Shown:</strong> Showing 2 of 2 defect(s)</li>
</ul>

<h3>Defect Details</h3>
<pre>
** CID 569480: Resource leaks (RESOURCE_LEAK)
/js_system.c: 1781 in js_notify()


_____________________________________________________________________________________________
*** CID 569480: Resource leaks (RESOURCE_LEAK)
/js_system.c: 1781 in js_notify()
1775 if (msg == NULL)
1776 return JS_TRUE;
1777 }
1778
1779 if (argc &gt; 3 &amp;&amp; !JSVAL_NULL_OR_VOID(argv[3])) {
1780 if ((js_str = JS_ValueToString(cx, argv[3])) == NULL) &gt;&gt;&gt; CID 569480: Resource leaks (RESOURCE_LEAK) &gt;&gt;&gt; Variable &quot;msg&quot; going out of scope leaks the storage it points to.
1781 return JS_FALSE;
1782
1783 JSSTRING_TO_MSTRING(cx, js_str, replyto, NULL);
1784 HANDLE_PENDING(cx, replyto);
1785 if (replyto == NULL)
1786 return JS_TRUE;

** CID 569479: Resource leaks (RESOURCE_LEAK)
/js_system.c: 1793 in js_notify()


_____________________________________________________________________________________________
*** CID 569479: Resource leaks (RESOURCE_LEAK)
/js_system.c: 1793 in js_notify()
1787 }
1788
1789 JSSTRING_TO_MSTRING(cx, js_subj, subj, NULL);
1790 HANDLE_PENDING(cx, subj);
1791 if (subj == NULL) {
1792 free(msg);
&gt;&gt;&gt; CID 569479: Resource leaks (RESOURCE_LEAK) &gt;&gt;&gt; Variable &quot;replyto&quot; going out of scope leaks the storage it points to.
1793 return JS_TRUE;
1794 }
1795
1796 rc = JS_SUSPENDREQUEST(cx);
1797 ret = notify(sys-&gt;cfg, usernumber, subj, msg, replyto) == 0; 1798 free(subj);

</pre>

<p>
<a href="https://scan.coverity.com/projects/synchronet?tab=overview" class="button">View Defects in Coverity Scan</a>
</p>

<p>Best regards,</p>
<p>The Coverity Scan Admin Team</p>
<img class="logo" width="140" src="https://scan.coverity.com/assets/BlackDuckLogo-6697adc63e07340464201a2ad534d3d3e44f95d36edda20b140440d34f05372f.svg" />
</body>
</html>
----==_mimepart_686a7047ce71_192e802d9f7544199c8471c--


---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net

----==_mimepart_687ce502ba0a3_2748642bf92199999045dc
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

2 new defect(s) introduced to Synchronet found with Coverity Scan.


New defect(s) Reported-by: Coverity Scan
Showing 2 of 2 defect(s)


** CID 582443: High impact quality (Y2K38_SAFETY)
/sexyz.c: 1356 in receive_files()


_____________________________________________________________________________________________
*** CID 582443: High impact quality (Y2K38_SAFETY)
/sexyz.c: 1356 in receive_files()
1350 if (!t)
1351 t = 1;
1352 if (zm.file_skipped)
1353 lprintf(LOG_WARNING, "File Skipped");
1354 else if (success)
1355 lprintf(LOG_INFO, "Successful - Time: %s CPS: %lu"

CID 582443: High impact quality (Y2K38_SAFETY)
A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "t" is cast to "uint".

1356 , seconds_to_str((uint)t, tmp), (ulong)(file_bytes / t));
1357 else
1358 lprintf(LOG_ERR, "File Transfer %s"
1359 , zm.local_abort ? "Aborted": zm.cancelled ? "Cancelled":"Failure");
1360
1361 if (!(mode & XMODEM) && ftime)

** CID 582442: (Y2K38_SAFETY)
/sexyz.c: 994 in send_files()
/sexyz.c: 1069 in send_files()


_____________________________________________________________________________________________
*** CID 582442: (Y2K38_SAFETY)
/sexyz.c: 994 in send_files()
988 xm.sent_files++;
989 xm.sent_bytes += fsize;
990 if (zm.file_skipped)
991 lprintf(LOG_WARNING, "File Skipped");
992 else
993 lprintf(LOG_INFO, "Successful - Time: %s CPS: %u"

CID 582442: (Y2K38_SAFETY)
A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "t" is cast to "uint".

994 , seconds_to_str((uint)t, tmp)
995 , cps);
996
997 if (xm.total_files - xm.sent_files)
998 lprintf(LOG_INFO, "Remaining - Time: %s Files: %lu KBytes: %" PRId64
999 , seconds_to_str((uint)((xm.total_bytes - xm.sent_bytes) / cps), tmp)
/sexyz.c: 1069 in send_files()
1063 }
1064 if (xm.total_files > 1) {
1065 t = time(NULL) - startall;
1066 if (!t)
1067 t = 1;
1068 lprintf(LOG_INFO, "Overall - Time %s KBytes: %" PRId64 " CPS: %lu"

CID 582442: (Y2K38_SAFETY)
A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "t" is cast to "uint".

1069 , seconds_to_str((uint)t, tmp)
1070 , total_bytes / 1024, total_bytes / t); 1071 }
1072 return 0; /* success */
1073 }
1074


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://scan.coverity.com/projects/synchronet?tab=overview


----==_mimepart_687ce502ba0a3_2748642bf92199999045dc
Content-Type: text/html; charset=us-ascii
Content-Transfer-Encoding: 7bit

<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<title>New Defects Reported - Synchronet</title>
<style>
body { font-family: Arial, sans-serif; color: #222; line-height: 1.6; }
.button {
display: inline-block;
padding: 10px 20px;
margin: 20px 0;
font-size: 16px;
color: #fff !important;
background-color: #0056b3;
text-decoration: none;
border-radius: 5px;
}
pre {
background: #f8f9fa;
padding: 10px;
border-radius: 5px;
font-size: 14px;
overflow-x: auto;
}
</style>
</head>
<body>
<p>Hi,</p>

<p>
Please find the latest report on new defect(s) introduced to <strong>Synchronet</strong>
found with Coverity Scan.
</p>

<ul>
<li><strong>New Defects Found:</strong> 2</li>
<li><strong>Defects Shown:</strong> Showing 2 of 2 defect(s)</li>
</ul>

<h3>Defect Details</h3>
<pre>
** CID 582443: High impact quality (Y2K38_SAFETY)
/sexyz.c: 1356 in receive_files()


_____________________________________________________________________________________________
*** CID 582443: High impact quality (Y2K38_SAFETY)
/sexyz.c: 1356 in receive_files()
1350 if (!t)
1351 t = 1;
1352 if (zm.file_skipped)
1353 lprintf(LOG_WARNING, &quot;File Skipped&quot;); 1354 else if (success)
1355 lprintf(LOG_INFO, &quot;Successful - Time: %s CPS: %lu&quot;
&gt;&gt;&gt; CID 582443: High impact quality (Y2K38_SAFETY) &gt;&gt;&gt; A &quot;time_t&quot; value is stored in an integer with too few bits to accommodate it. The expression &quot;t&quot; is cast to &quot;uint&quot;.
1356 , seconds_to_str((uint)t, tmp), (ulong)(file_bytes / t));
1357 else
1358 lprintf(LOG_ERR, &quot;File Transfer %s&quot; 1359 , zm.local_abort ? &quot;Aborted&quot;: zm.cancelled ? &quot;Cancelled&quot;:&quot;Failure&quot;);
1360
1361 if (!(mode &amp; XMODEM) &amp;&amp; ftime)

** CID 582442: (Y2K38_SAFETY)
/sexyz.c: 994 in send_files()
/sexyz.c: 1069 in send_files()


_____________________________________________________________________________________________
*** CID 582442: (Y2K38_SAFETY)
/sexyz.c: 994 in send_files()
988 xm.sent_files++;
989 xm.sent_bytes += fsize;
990 if (zm.file_skipped)
991 lprintf(LOG_WARNING, &quot;File Skipped&quot;);
992 else
993 lprintf(LOG_INFO, &quot;Successful - Time: %s CPS: %u&quot;
&gt;&gt;&gt; CID 582442: (Y2K38_SAFETY)
&gt;&gt;&gt; A &quot;time_t&quot; value is stored in an integer with too few bits to accommodate it. The expression &quot;t&quot; is cast to &quot;uint&quot;.
994 , seconds_to_str((uint)t, tmp)
995 , cps);
996
997 if (xm.total_files - xm.sent_files)
998 lprintf(LOG_INFO, &quot;Remaining - Time: %s Files: %lu KBytes: %&quot; PRId64
999 , seconds_to_str((uint)((xm.total_bytes - xm.sent_bytes) / cps), tmp)
/sexyz.c: 1069 in send_files()
1063 }
1064 if (xm.total_files &gt; 1) {
1065 t = time(NULL) - startall;
1066 if (!t)
1067 t = 1;
1068 lprintf(LOG_INFO, &quot;Overall - Time %s KBytes: %&quot; PRId64 &quot; CPS: %lu&quot;
&gt;&gt;&gt; CID 582442: (Y2K38_SAFETY)
&gt;&gt;&gt; A &quot;time_t&quot; value is stored in an integer with too few bits to accommodate it. The expression &quot;t&quot; is cast to &quot;uint&quot;.
1069 , seconds_to_str((uint)t, tmp)
1070 , total_bytes / 1024, total_bytes / t); 1071 }
1072 return 0; /* success */
1073 }
1074

</pre>

<p>
<a href="https://scan.coverity.com/projects/synchronet?tab=overview" class="button">View Defects in Coverity Scan</a>
</p>

<p>Best regards,</p>
<p>The Coverity Scan Admin Team</p>
<img class="logo" width="140" src="https://scan.coverity.com/assets/BlackDuckLogo-6697adc63e07340464201a2ad534d3d3e44f95d36edda20b140440d34f05372f.svg" />
</body>
</html>
----==_mimepart_687ce502ba0a3_2748642bf92199999045dc--


---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net