Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

1 new defect(s) introduced to Synchronet found with Coverity Scan.
1 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 1 of 1 defect(s)


** CID 510624: High impact quality (Y2K38_SAFETY)
/upload.cpp: 361 in sbbs_t::upload(int, const char *)()


________________________________________________________________________________________________________
*** CID 510624: High impact quality (Y2K38_SAFETY)
/upload.cpp: 361 in sbbs_t::upload(int, const char *)()
355 SAFEPRINTF(descbeg,text[Rated],toupper(ch));
356 }
357 if(cfg.dir[dirnum]->misc&DIR_ULDATE) {
358 now=time(NULL);
359 if(descbeg[0])
360 strcat(descbeg," ");

CID 510624: High impact quality (Y2K38_SAFETY)
A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "this->now" is cast to "time32_t".

361 SAFEPRINTF(str,"%s ",unixtodstr(&cfg,(time32_t)now,tmp));
362 strcat(descbeg,str);
363 }
364 if(cfg.dir[dirnum]->misc&DIR_MULT) {
365 sync();
366 if(!noyes(text[MultipleDiskQ])) {


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=u001.AxU2LYlgjL6eX23u9ErQy-2BKADyCpvUKOL6EWmZljiu4gdQbQRNsarCbK0jIoVQSWT2zCPijRqaed4AhLiEI9Z7MR9SJQ09ot5XPbn9SW-2F14-3DIddI_7FYjIqE8olEh4k02KWtt1r1LGSyuXVEtCuKuJCXgAQYB81ZvyCqI0cAJ-2FU5ubhxKf4JbTpohfwGahN-2FqiJqEJS3JKhfKJrRClFb390j-2Bf3IyHjOgp4TSp0v4WjJhOyS2xAdq9DkOONT15FqaUuN3dwPvrgxJQAm5MhfGSzyQr2ebowkrz6Mx39u7LNSgoa0vxPkqTzBlpznq59pGc5zgjQ-3D-3D



---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

1 new defect(s) introduced to Synchronet found with Coverity Scan.


New defect(s) Reported-by: Coverity Scan
Showing 1 of 1 defect(s)


** CID 511447: Control flow issues (DEADCODE)
/js_bbs.cpp: 2334 in js_xfer_prot_menu(JSContext *, unsigned int, unsigned long *)()


________________________________________________________________________________________________________
*** CID 511447: Control flow issues (DEADCODE)
/js_bbs.cpp: 2334 in js_xfer_prot_menu(JSContext *, unsigned int, unsigned long *)()
2328 if((sbbs=js_GetPrivate(cx, JS_THIS_OBJECT(cx, arglist)))==NULL) 2329 return(JS_FALSE);
2330
2331 if(argc > 0 && argv[0] == JSVAL_TRUE)
2332 xfer_type = XFER_BATCH_UPLOAD;
2333 if(argc > 1 && argv[1] == JSVAL_TRUE)

CID 511447: Control flow issues (DEADCODE)
Execution cannot reach the expression "XFER_BATCH_UPLOAD" inside this statement: "xfer_type = ((xfer_type == ...".

2334 xfer_type = (xfer_type == XFER_UPLOAD) ? XFER_BATCH_UPLOAD : XFER_BATCH_DOWNLOAD;
2335
2336 rc=JS_SUSPENDREQUEST(cx);
2337 sbbs->xfer_prot_menu(xfer_type, &sbbs->useron, keys, sizeof keys);
2338 JSString* js_str = JS_NewStringCopyZ(cx, keys);
2339 if(js_str == nullptr)


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=u001.AxU2LYlgjL6eX23u9ErQy-2BKADyCpvUKOL6EWmZljiu4gdQbQRNsarCbK0jIoVQSWT2zCPijRqaed4AhLiEI9Z7MR9SJQ09ot5XPbn9SW-2F14-3DITFI_7FYjIqE8olEh4k02KWtt1r1LGSyuXVEtCuKuJCXgAQaq5jE-2BLt6d0xDUmd9IA4TiFW4D2c-2Fv2LVaAIklYCEHPyQvUq2Zlw7GDvJu3j8LRmS7SAP5K0MN-2FeHPuzVDlzgYGLGR7UoaRyivmdwaD-2F8GGj2SeuFl5CNmO4uJ75M69NpIJcEgiKbpoWpXeuJdzQYzNm1WuI45zNZnbxNBPzaHrg-3D-3D



---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

1 new defect(s) introduced to Synchronet found with Coverity Scan.
5 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 1 of 1 defect(s)


** CID 511508: High impact quality (Y2K38_SAFETY)
/date_str.c: 158 in datestr()


________________________________________________________________________________________________________
*** CID 511508: High impact quality (Y2K38_SAFETY)
/date_str.c: 158 in datestr()
152 /****************************************************************************/
153 char* datestr(scfg_t* cfg, time_t t, char* str)
154 {
155 if(t == 0)
156 return "---------";
157 if(!cfg->sys_date_verbal)

CID 511508: High impact quality (Y2K38_SAFETY)
A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "t" is cast to "time32_t".

158 return unixtodstr(cfg, (time32_t)t, str);
159 struct tm tm = {0};
160 if(localtime_r(&t, &tm) == NULL)
161 return "!!!!!!!!!";
162 char fmt[32] = "";
163 switch(cfg->sys_date_fmt) {


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=u001.AxU2LYlgjL6eX23u9ErQy-2BKADyCpvUKOL6EWmZljiu4gdQbQRNsarCbK0jIoVQSWT2zCPijRqaed4AhLiEI9Z7MR9SJQ09ot5XPbn9SW-2F14-3DeIbg_7FYjIqE8olEh4k02KWtt1r1LGSyuXVEtCuKuJCXgAQZqqLX5nOyr0GCOMCsCoPlrYhtCBBDisrUKXmOFR94rfPCeqYsaUhoG3UZ-2FYUaiUYrgUIufMTzxsRzH7-2B7zAyM4HCi34k5-2FbdZ1Kp-2FDSG9A8IDyw-2BIsKQ-2B2fNzoCls7j0N-2B7Pb2XI8MB8f5lr-2BCPTiUaqWkDFwSWHqbm0IZWY1GZQ-3D-3D



---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

1 new defect(s) introduced to Synchronet found with Coverity Scan.
3 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 1 of 1 defect(s)


** CID 511621: High impact quality (Y2K38_SAFETY)
/str.cpp: 990 in sbbs_t::unixtodstr(long, char *)()


________________________________________________________________________________________________________
*** CID 511621: High impact quality (Y2K38_SAFETY)
/str.cpp: 990 in sbbs_t::unixtodstr(long, char *)()
984 }
985
986 char* sbbs_t::unixtodstr(time_t t, char* str)
987 {
988 if(str == nullptr)
989 str = datestr_output;

CID 511621: High impact quality (Y2K38_SAFETY)
A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "t" is cast to "time32_t".

990 return ::unixtodstr(&cfg, t, str);
991 }
992
993 void sbbs_t::sys_info()
994 {
995 char tmp[128];


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=u001.AxU2LYlgjL6eX23u9ErQy-2BKADyCpvUKOL6EWmZljiu4gdQbQRNsarCbK0jIoVQSWT2zCPijRqaed4AhLiEI9Z7MR9SJQ09ot5XPbn9SW-2F14-3DFl35_7FYjIqE8olEh4k02KWtt1r1LGSyuXVEtCuKuJCXgAQbldReasLeT64fJgl4QpY1aZbFANNQbDPFr-2BH2HYcH1IWW1-2FtRGPtb0gVjSH-2BBqjWAK7btzMhM331mrzEXRNmqAyTftaCh3YDujP4YB-2F7PQ4EGqELNq7SpMqQKEr5kiHI5KwG1KMczjzMucZ1MepWUctNMP3lW0eqjsOrH2fBSzrg-3D-3D



---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

1 new defect(s) introduced to Synchronet found with Coverity Scan.


New defect(s) Reported-by: Coverity Scan
Showing 1 of 1 defect(s)


** CID 512127: (Y2K38_SAFETY)
/scfg/scfgsys.c: 1367 in edit_sys_date_verbal()
/scfg/scfgsys.c: 1368 in edit_sys_date_verbal()


________________________________________________________________________________________________________
*** CID 512127: (Y2K38_SAFETY)
/scfg/scfgsys.c: 1367 in edit_sys_date_verbal()
1361
1362 int edit_sys_date_verbal(int page, int total)
1363 {
1364 int mode = WIN_SAV | WIN_MID;
1365 int i = cfg.sys_date_verbal;
1366 time_t t = time(NULL);

CID 512127: (Y2K38_SAFETY)
A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "t" is cast to "time32_t".

1367 snprintf(opt[0],MAX_OPLN,"Numeric (e.g. %s)", unixtodstr(&cfg, (time32_t)t, tmp));
1368 snprintf(opt[1],MAX_OPLN,"Verbal (e.g. %s)", verbal_datestr(&cfg, (time32_t)t, tmp));
1369 opt[2][0] = '\0';
1370 uifc.helpbuf=
1371 "`Short Date Display Format:`\n"
1372 "\n"
/scfg/scfgsys.c: 1368 in edit_sys_date_verbal()
1362 int edit_sys_date_verbal(int page, int total)
1363 {
1364 int mode = WIN_SAV | WIN_MID;
1365 int i = cfg.sys_date_verbal;
1366 time_t t = time(NULL);
1367 snprintf(opt[0],MAX_OPLN,"Numeric (e.g. %s)", unixtodstr(&cfg, (time32_t)t, tmp));

CID 512127: (Y2K38_SAFETY)
A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "t" is cast to "time32_t".

1368 snprintf(opt[1],MAX_OPLN,"Verbal (e.g. %s)", verbal_datestr(&cfg, (time32_t)t, tmp));
1369 opt[2][0] = '\0';
1370 uifc.helpbuf=
1371 "`Short Date Display Format:`\n"
1372 "\n"
1373 "If you would like short (8 character) dates to be displayed using verbal\n"


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=u001.AxU2LYlgjL6eX23u9ErQy-2BKADyCpvUKOL6EWmZljiu4gdQbQRNsarCbK0jIoVQSWT2zCPijRqaed4AhLiEI9Z7MR9SJQ09ot5XPbn9SW-2F14-3DIT5o_7FYjIqE8olEh4k02KWtt1r1LGSyuXVEtCuKuJCXgAQavH6tAPUwXIDKUPRKBZGiRgKLj76Ij0uFpD4UCNwTCVen1QmVBk6yGbzTBSC2-2BxBE0GJfAoW-2B-2BWaxWl51M-2B9mp1hicInwTEKrQ8chQM9yGDR81PWtwXM-2Bq2j5YCl48NKAoGGKYo0R42EciGZugnM0LqGuohrShDzTlibesBwTavw-3D-3D



---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

2 new defect(s) introduced to Synchronet found with Coverity Scan.
2 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 2 of 2 defect(s)


** CID 514434: (NULL_RETURNS)
/tmp/sbbs-Nov-03-2024/src/conio/cterm.c: 1001 in prestel_get_state()


________________________________________________________________________________________________________
*** CID 514434: (NULL_RETURNS)
/tmp/sbbs-Nov-03-2024/src/conio/cterm.c: 1001 in prestel_get_state()
995 TERM_XY(&tx, &ty);
996 line = malloc(sizeof(*line) * tx);
997 prestel_new_line(cterm);
998 if (tx > 1) {
999 vmem_gettext(cterm->x, sy, cterm->x + tx - 2, sy, line);
1000 for (int i = 0; i < (tx - 1); i++) {

CID 514434: (NULL_RETURNS)
Dereferencing "line", which is known to be "NULL".

1001 uint8_t ch = line[i].ch;
1002 if (line[i].fg & 0x7F000000) {
1003 ch = (line[i].fg & 0x7F000000) >> 24; 1004 prestel_apply_ctrl(cterm, ch);
1005 }
1006 else {
/tmp/sbbs-Nov-03-2024/src/conio/cterm.c: 999 in prestel_get_state()
993
994 SCR_XY(&sx, &sy);
995 TERM_XY(&tx, &ty);
996 line = malloc(sizeof(*line) * tx);
997 prestel_new_line(cterm);
998 if (tx > 1) {

CID 514434: (NULL_RETURNS)
Dereferencing a pointer that might be "NULL" "line" when calling "ciolib_vmem_gettext".

999 vmem_gettext(cterm->x, sy, cterm->x + tx - 2, sy, line);
1000 for (int i = 0; i < (tx - 1); i++) {
1001 uint8_t ch = line[i].ch;
1002 if (line[i].fg & 0x7F000000) {
1003 ch = (line[i].fg & 0x7F000000) >> 24; 1004 prestel_apply_ctrl(cterm, ch);

** CID 514433: (NULL_RETURNS)
/tmp/sbbs-Nov-03-2024/src/conio/cterm.c: 4990 in prestel_fix_line()


________________________________________________________________________________________________________
*** CID 514433: (NULL_RETURNS)
/tmp/sbbs-Nov-03-2024/src/conio/cterm.c: 4985 in prestel_fix_line()
4979 bool fixed = false;
4980 bool fixedheight = false;
4981
4982 coord_conv_xy(cterm, CTERM_COORD_TERM, CTERM_COORD_SCREEN, &sy, &sx);
4983 ex = sx + TERM_MAXX - 1;
4984 line = malloc(sizeof(*line) * (ex - sx + 1));

CID 514433: (NULL_RETURNS)
Dereferencing a pointer that might be "NULL" "line" when calling "ciolib_vmem_gettext".

4985 vmem_gettext(sx, sy, ex, sy, line);
4986 prestel_new_line(cterm);
4987 for (int i = 0; i < TERM_MAXX; i++) {
4988 uint8_t ch;
4989 // Go through the line applying attributes, held mosaics, etc.
4990 if (line[i].fg & 0x7F000000) { /tmp/sbbs-Nov-03-2024/src/conio/cterm.c: 5098 in prestel_fix_line()
5092 line[i].ch += 64;
5093 fixed = true;
5094 }
5095 }
5096 }
5097 if (force || fixed)

CID 514433: (NULL_RETURNS)
Dereferencing a pointer that might be "NULL" "line" when calling "ciolib_vmem_puttext".

5098 vmem_puttext(sx, sy, ex, sy, line);
5099 free(line);
5100 if (restore) {
5101 cterm->extattr = extattr;
5102 cterm->fg_color = fg_color;
5103 cterm->bg_color = bg_color; /tmp/sbbs-Nov-03-2024/src/conio/cterm.c: 4990 in prestel_fix_line()
4984 line = malloc(sizeof(*line) * (ex - sx + 1));
4985 vmem_gettext(sx, sy, ex, sy, line);
4986 prestel_new_line(cterm);
4987 for (int i = 0; i < TERM_MAXX; i++) {
4988 uint8_t ch;
4989 // Go through the line applying attributes, held mosaics, etc.

CID 514433: (NULL_RETURNS)
Dereferencing "line", which is known to be "NULL".

4990 if (line[i].fg & 0x7F000000) {
4991 // This is a control character
4992 ch = (line[i].fg & 0x7F000000) >> 24;
4993 prestel_apply_ctrl_before(cterm, ch);
4994 if ((cterm->extattr & CTERM_EXTATTR_PRESTEL_DOUBLE_HEIGHT) && ((line[i].bg & 0x01000000) == 0)) {
4995 // Should be double-high


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=u001.AxU2LYlgjL6eX23u9ErQy-2BKADyCpvUKOL6EWmZljiu4gdQbQRNsarCbK0jIoVQSWT2zCPijRqaed4AhLiEI9Z7MR9SJQ09ot5XPbn9SW-2F14-3DIdOQ_7FYjIqE8olEh4k02KWtt1r1LGSyuXVEtCuKuJCXgAQbN8RSzLdCZbSy14N5iWP9J-2FcpNjQ0eI2Oj6rPhHqZBQZA4UM9PchXs94tTdeyxdvCkcPzkWohEpzrEBvlrnd6-2FTfmIpMAsE2mi-2BdkX8vzesYff-2FsK9jSFcjEXcYS-2Fxznm-2FxoYdKxCkLPJPKyAUp9zwS3A1OhpfjMprQ34Tb-2BWdhw-3D-3D



---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

2 new defect(s) introduced to Synchronet found with Coverity Scan.
4 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 2 of 2 defect(s)


** CID 514483: API usage errors (PRINTF_ARGS)


________________________________________________________________________________________________________
*** CID 514483: API usage errors (PRINTF_ARGS)
/websrvr.c: 1659 in http_logon()
1653 SAFECOPY(session->user.modem, session->client.protocol);
1654 SAFECOPY(session->user.comp, session->host_name);
1655 SAFECOPY(session->user.ipaddr, session->host_ip);
1656 session->user.logontime = (time32_t)session->logon_time;
1657 int result = putuserdat(&scfg, &session->user);
1658 if(result != 0)

CID 514483: API usage errors (PRINTF_ARGS)
No argument for format specifier "%d".

1659 lprintf(LOG_ERR, "%04d %s [%s] <%s> !Error %d writing user data for user #%d"
1660 ,session->socket, session->client.protocol, session->host_ip
1661 ,session->username, session->user.number);
1662
1663 }
1664 SAFECOPY(session->client.user, session->username);

** CID 514482: API usage errors (PW.TOO_FEW_PRINTF_ARGS)
/websrvr.c: 1661 in ()


________________________________________________________________________________________________________
*** CID 514482: API usage errors (PW.TOO_FEW_PRINTF_ARGS)
/websrvr.c: 1661 in ()
1655 SAFECOPY(session->user.ipaddr, session->host_ip);
1656 session->user.logontime = (time32_t)session->logon_time;
1657 int result = putuserdat(&scfg, &session->user);
1658 if(result != 0)
1659 lprintf(LOG_ERR, "%04d %s [%s] <%s> !Error %d writing user data for user #%d"
1660 ,session->socket, session->client.protocol, session->host_ip

CID 514482: API usage errors (PW.TOO_FEW_PRINTF_ARGS)
the format string requires additional arguments

1661 ,session->username, session->user.number);
1662
1663 }
1664 SAFECOPY(session->client.user, session->username);
1665 session->client.usernum = session->user.number;
1666 client_on(session->socket, &session->client, /* update existing client record? */true);


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=u001.AxU2LYlgjL6eX23u9ErQy-2BKADyCpvUKOL6EWmZljiu4gdQbQRNsarCbK0jIoVQSWT2zCPijRqaed4AhLiEI9Z7MR9SJQ09ot5XPbn9SW-2F14-3DjGNe_7FYjIqE8olEh4k02KWtt1r1LGSyuXVEtCuKuJCXgAQZrw1ACipL81Cfrev1KTkNSpg9ocZGsXxFU4AldvxV89V-2FFS8Im4F3ZlIWKiU1IgZ7U6FnHvW5nOIPElnOgDye48Et-2FcrMwNOZVyWRSzqRdvKvjv7tIxk-2BD72e1fmIEEOvn4SDov1pv-2FzEWSevpHegP3dEU8oXtKIA8RNAEjZ1XUg-3D-3D



---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

1 new defect(s) introduced to Synchronet found with Coverity Scan.
2 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 1 of 1 defect(s)


** CID 514519: (LOCK)
/main.cpp: 4849 in sbbs_t::daily_maint()()
/main.cpp: 4849 in sbbs_t::daily_maint()()


________________________________________________________________________________________________________
*** CID 514519: (LOCK)
/main.cpp: 4849 in sbbs_t::daily_maint()()
4843 lprintf(result ? LOG_ERR : LOG_INFO, "Daily event: '%s' returned %d", cmd, result);
4844 }
4845 if((sys_status & SS_NEW_MONTH) && cfg.sys_monthly[0]) {
4846 lputs(LOG_INFO, "DAILY: Running monthly event");
4847 const char* cmd = cmdstr(cfg.sys_monthly,nulstr,nulstr,NULL);
4848 online = ON_LOCAL;

CID 514519: (LOCK)
"external" unlocks "this->input_thread_mutex" while it is unlocked. 4849 int result = external(cmd, EX_OFFLINE);

4850 online = false;
4851 lprintf(result ? LOG_ERR : LOG_INFO, "Monthly event: '%s' returned %d", cmd, result);
4852 }
4853 lputs(LOG_INFO, "DAILY: System maintenance ended");
4854 sys_status&=~SS_DAILY;
/main.cpp: 4849 in sbbs_t::daily_maint()()
4843 lprintf(result ? LOG_ERR : LOG_INFO, "Daily event: '%s' returned %d", cmd, result);
4844 }
4845 if((sys_status & SS_NEW_MONTH) && cfg.sys_monthly[0]) {
4846 lputs(LOG_INFO, "DAILY: Running monthly event");
4847 const char* cmd = cmdstr(cfg.sys_monthly,nulstr,nulstr,NULL);
4848 online = ON_LOCAL;

CID 514519: (LOCK)
"external" locks "this->input_thread_mutex" while it is locked.

4849 int result = external(cmd, EX_OFFLINE);
4850 online = false;
4851 lprintf(result ? LOG_ERR : LOG_INFO, "Monthly event: '%s' returned %d", cmd, result);
4852 }
4853 lputs(LOG_INFO, "DAILY: System maintenance ended");
4854 sys_status&=~SS_DAILY;


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=u001.AxU2LYlgjL6eX23u9ErQy-2BKADyCpvUKOL6EWmZljiu4gdQbQRNsarCbK0jIoVQSWT2zCPijRqaed4AhLiEI9Z7MR9SJQ09ot5XPbn9SW-2F14-3DmVJv_7FYjIqE8olEh4k02KWtt1r1LGSyuXVEtCuKuJCXgAQZYt7Pe-2B8KlpNPxf3vYfbGXTetKrkOysaWsLoXwVVJy-2BlT3vWHLSa-2F-2BgpVoMRk-2FB9lZhpdNOATgKKch-2FKRWKdw7CGPsa8-2BoRGvrYP8DjPqUmQVJXsmXD2xm4gPlAPoQOpnW8tWCZcdj7lp745Fp7QOqFvNAcU4EQLHiapc9wQpj6A-3D-3D



---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

2 new defect(s) introduced to Synchronet found with Coverity Scan.
3 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 2 of 2 defect(s)


** CID 514629: API usage errors (PW.PRINTF_ARG_MISMATCH) /tmp/sbbs-Nov-10-2024/src/smblib/smblib.c: 298 in ()


________________________________________________________________________________________________________
*** CID 514629: API usage errors (PW.PRINTF_ARG_MISMATCH) /tmp/sbbs-Nov-10-2024/src/smblib/smblib.c: 298 in ()
292 else
293 if(time(NULL)-start>=(time_t)smb->retry_time) 294 break;
295 ++count;
296 SLEEP((count / 10) * smb->retry_delay);
297 }

CID 514629: API usage errors (PW.PRINTF_ARG_MISMATCH)
argument is incompatible with corresponding format string conversion (expected type "int" but argument has type "long")

298 safe_snprintf(smb->last_error,sizeof(smb->last_error),"%s timeout locking message base after %d seconds", __FUNCTION__, time(NULL) - start);
299 return(SMB_ERR_TIMEOUT);
300 }
301
302 /****************************************************************************/
303 /* Read the SMB header from the header file and place into smb.status */

** CID 514628: API usage errors (PRINTF_ARGS)


________________________________________________________________________________________________________
*** CID 514628: API usage errors (PRINTF_ARGS) /tmp/sbbs-Nov-10-2024/src/smblib/smblib.c: 298 in smb_locksmbhdr()
292 else
293 if(time(NULL)-start>=(time_t)smb->retry_time) 294 break;
295 ++count;
296 SLEEP((count / 10) * smb->retry_delay);
297 }

CID 514628: API usage errors (PRINTF_ARGS)
Argument "time(NULL) - start" to format specifier "%d" was expected to have type "int" but has type "long".

298 safe_snprintf(smb->last_error,sizeof(smb->last_error),"%s timeout locking message base after %d seconds", __FUNCTION__, time(NULL) - start);
299 return(SMB_ERR_TIMEOUT);
300 }
301
302 /****************************************************************************/
303 /* Read the SMB header from the header file and place into smb.status */


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=u001.AxU2LYlgjL6eX23u9ErQy-2BKADyCpvUKOL6EWmZljiu4gdQbQRNsarCbK0jIoVQSWT2zCPijRqaed4AhLiEI9Z7MR9SJQ09ot5XPbn9SW-2F14-3D04SY_7FYjIqE8olEh4k02KWtt1r1LGSyuXVEtCuKuJCXgAQbRNqpwvGc4zcZ5uKeIndhuSqNnxi4ZbqnqhqxxcEUjkJJHGyGkBZt6V7UXUX2xnB2lvPBmqBCBxBghPzBYV7kJY89l3F0Je2EKuh7lbcH1Ki5248pEoplbC6UdQ14IH1AzZ-2BYu06Kjq-2F-2BS7xugvit0MheMfmyl63WZ-2BGQqWv04fA-3D-3D



---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

1 new defect(s) introduced to Synchronet found with Coverity Scan.
4 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 1 of 1 defect(s)


** CID 514647: Resource leaks (RESOURCE_LEAK)
/userdat.c: 1397 in getnodeext()


________________________________________________________________________________________________________
*** CID 514647: Resource leaks (RESOURCE_LEAK)
/userdat.c: 1397 in getnodeext()
1391 {
1392 int f;
1393
1394 if(!VALID_CFG(cfg) || num < 1)
1395 return "";
1396 if((f = opennodeext(cfg)) < 1)

CID 514647: Resource leaks (RESOURCE_LEAK)
Handle variable "f" going out of scope leaks the handle.

1397 return "";
1398 (void)lseek(f, (num-1) * 128, SEEK_SET);
1399 if(read(f, buf, 128) != 128)
1400 memset(buf, 0, 128);
1401 close(f);
1402 buf[127] = 0;


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=u001.AxU2LYlgjL6eX23u9ErQy-2BKADyCpvUKOL6EWmZljiu4gdQbQRNsarCbK0jIoVQSWT2zCPijRqaed4AhLiEI9Z7MR9SJQ09ot5XPbn9SW-2F14-3DNrRS_7FYjIqE8olEh4k02KWtt1r1LGSyuXVEtCuKuJCXgAQZ3ELp6fsbhc-2FY9mD5Zp1-2FoSxtPMVY9W2gQFqb-2BWiMKBXb3R551uQj1an4L8jxHGCtVzJ8f8hTy9TuLVRQzLD3L1M-2FICoSbiZvQ-2FUBPSeV-2BCcsclK4jYNyukSMcGAKOr-2BtLQBr5jUdpUtVX-2FuxQBKwF4hNcUqyrDA8X7YI-2FfcIZtw-3D-3D



---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

3 new defect(s) introduced to Synchronet found with Coverity Scan.
2 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 3 of 3 defect(s)


** CID 515048: Security best practices violations (SECURE_TEMP)
/sbbsecho.c: 1848 in add_areas_from_echolists()


________________________________________________________________________________________________________
*** CID 515048: Security best practices violations (SECURE_TEMP)
/sbbsecho.c: 1848 in add_areas_from_echolists()
1842 match=0;
1843 for(k=0; cfg.listcfg[j].keys[k] ;k++) {
1844 if(match) break;
1845 for(x=0; nodecfg->keys[x] ;x++) {
1846 if(!stricmp(cfg.listcfg[j].keys[k]
1847 ,nodecfg->keys[x])) {

CID 515048: Security best practices violations (SECURE_TEMP)
"tmpfile" creates files with predictable names, which is unsafe.

1848 if((fwdfile=tmpfile())==NULL) { 1849 lprintf(LOG_ERR,"ERROR line %d opening forward temp "
1850 "file",__LINE__);
1851 match=1;
1852 break;
1853 }

** CID 515047: Control flow issues (NO_EFFECT)
/sbbsecho.c: 1635 in alter_areas_ini()


________________________________________________________________________________________________________
*** CID 515047: Control flow issues (NO_EFFECT)
/sbbsecho.c: 1635 in alter_areas_ini()
1629 continue;
1630 }
1631 }
1632 if(add_area[0] != NULL) { /* Check for areas to add */
1633 bool add_all = (stricmp(add_area[0], "+ALL") == 0);
1634 j = strListFind(add_area, echotag, /* case-sensitive */false);

CID 515047: Control flow issues (NO_EFFECT)
This greater-than-or-equal-to-zero comparison of an unsigned value is always true. "j >= 0U".

1635 if(add_all || j >= 0) {
1636 if(j >= 0)
1637 add_area[j][0]=0; /* So we can check other lists */
1638 uint areanum = find_area(echotag);
1639 if(!area_is_valid(areanum)) {
1640 lprintf(LOG_ERR, "Invalid area num on line %d", __LINE__);

** CID 515046: Error handling issues (CHECKED_RETURN)
/sbbsecho.c: 1989 in alter_areas()


________________________________________________________________________________________________________
*** CID 515046: Error handling issues (CHECKED_RETURN)
/sbbsecho.c: 1989 in alter_areas()
1983 ,smb_faddrtoa(&addr,NULL), (ulong)added, cfg.areafile);
1984 if(deleted)
1985 lprintf(LOG_DEBUG, "AreaFix (for %s) Removed links to %lu areas in %s"
1986 ,smb_faddrtoa(&addr,NULL), (ulong)deleted, cfg.areafile);
1987 if(added || deleted) {
1988 if(stat(cfg.areafile, &st) == 0)

CID 515046: Error handling issues (CHECKED_RETURN)
Calling "chmod(outpath, st.st_mode)" without checking return value. This library function may fail and return an error code.

1989 chmod(outpath, st.st_mode);
1990 if(cfg.areafile_backups == 0 || !backup(cfg.areafile, cfg.areafile_backups, /* ren: */TRUE))
1991 delfile(cfg.areafile, __LINE__); /* Delete AREAS.BBS */
1992 if(rename(outpath,cfg.areafile)) /* Rename new AREAS.BBS file */
1993 lprintf(LOG_ERR,"ERROR line %d renaming %s to %s",__LINE__,outpath,cfg.areafile);
1994 }


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=u001.AxU2LYlgjL6eX23u9ErQy-2BKADyCpvUKOL6EWmZljiu4gdQbQRNsarCbK0jIoVQSWT2zCPijRqaed4AhLiEI9Z7MR9SJQ09ot5XPbn9SW-2F14-3D1jSz_7FYjIqE8olEh4k02KWtt1r1LGSyuXVEtCuKuJCXgAQbxEcP2FV-2FE8SZ4Zj-2B5i-2FvXMBc1u-2B9IyI73gYzjnV6pIIbqC2pGfKYB3KXIl7XZEKXLdLz8vi8-2BwsF6O91kuZqV1ShM13vaTkO37J3VV7GT6YwOX288v8WtwpdrdHMhRE2EqIozgp1HMSE07wuarfyxBLAND56oVPlNda7IFeLuFA-3D-3D



---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

1 new defect(s) introduced to Synchronet found with Coverity Scan.
2 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 1 of 1 defect(s)


** CID 515063: Security best practices violations (SECURE_TEMP)
/sbbsecho.c: 2142 in areamgr_command()


________________________________________________________________________________________________________
*** CID 515063: Security best practices violations (SECURE_TEMP)
/sbbsecho.c: 2142 in areamgr_command()
2136 nodecfg->archive = SBBSECHO_ARCHIVE_NONE;
2137 else {
2138 for(u=0;u<cfg.arcdefs;u++)
2139 if(stricmp(p,cfg.arcdef[u].name) == 0) 2140 break;
2141 if(u==cfg.arcdefs) {

CID 515063: Security best practices violations (SECURE_TEMP)
"tmpfile" creates files with predictable names, which is unsafe.

2142 if((tmpf=tmpfile())==NULL) {
2143 lprintf(LOG_ERR,"ERROR line %d opening tmpfile()",__LINE__);
2144 return false;
2145 }
2146 SAFEPRINTF(str, "Compression type unavailable: %s", p);
2147 lprintf(LOG_INFO, "AreaMgr (for %s) %s", faddrtoa(&addr), str);


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=u001.AxU2LYlgjL6eX23u9ErQy-2BKADyCpvUKOL6EWmZljiu4gdQbQRNsarCbK0jIoVQSWT2zCPijRqaed4AhLiEI9Z7MR9SJQ09ot5XPbn9SW-2F14-3DGoz1_7FYjIqE8olEh4k02KWtt1r1LGSyuXVEtCuKuJCXgAQYHiJRuOAYx4mtSc3Rs7eY9P2HGERsO3Ui1TozxvEl3HSa54-2BxmZuyJa4rdPvK8KqeFliWPJD252StMkW9mo-2B6uT2KWq9YxJqegr2CCurq6i8coJamUQEMyVcyknmxOhR1KJArkVSLfkYq8-2BmPn9fVdieJLgwrSG692S4HB3dKfZQ-3D-3D



---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

1 new defect(s) introduced to Synchronet found with Coverity Scan.


New defect(s) Reported-by: Coverity Scan
Showing 1 of 1 defect(s)


** CID 515130: Concurrent data access violations (MISSING_LOCK) /tmp/sbbs-Nov-24-2024/src/conio/sdl_con.c: 357 in sdl_get_bounds()


________________________________________________________________________________________________________
*** CID 515130: Concurrent data access violations (MISSING_LOCK) /tmp/sbbs-Nov-24-2024/src/conio/sdl_con.c: 357 in sdl_get_bounds()
351 SDL_Rect r;
352 int ABUw, ABUh;
353 int pixelw, pixelh;
354
355 if (sdl.GetDisplayUsableBounds(0, &r) != 0)
356 return false;

CID 515130: Concurrent data access violations (MISSING_LOCK)
Accessing "win" without holding lock "win_mutex". Elsewhere, "win" is written to with "win_mutex" held 1 out of 1 times.

357 sdl.GetWindowSize(win, &ABUw, &ABUh);
358 sdl.GetWindowSizeInPixels(win, &pixelw, &pixelh);
359 if (pixelw == 0 || pixelh == 0 || ABUw == 0 || ABUh == 0) {
360 *w = r.w;
361 *h = r.h;
362 return true;


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=u001.AxU2LYlgjL6eX23u9ErQy-2BKADyCpvUKOL6EWmZljiu4gdQbQRNsarCbK0jIoVQSWT2zCPijRqaed4AhLiEI9Z7MR9SJQ09ot5XPbn9SW-2F14-3D_t4Q_7FYjIqE8olEh4k02KWtt1r1LGSyuXVEtCuKuJCXgAQYVVBXfFUuA-2FsWyQ5uMS5ufMK7jgOcJ6VIupDH54bwQZq7SuxKbKUjUqnKiK9OnXbOb5gfXyBtjeI0-2BrMXfePEiZJ6tllUVEkd4WCimYeBdVV8tZ-2FZWYZleIzw9Ex3-2BGpSI29JxK7ySTVVle557znXI2HDyHti8hj8D3RvYxamaIw-3D-3D



---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

14 new defect(s) introduced to Synchronet found with Coverity Scan.


New defect(s) Reported-by: Coverity Scan
Showing 14 of 14 defect(s)


** CID 515601: Program hangs (LOCK)
/js_bbs.cpp: 3400 in js_get_node_message(JSContext *, unsigned int, unsigned long *)()


________________________________________________________________________________________________________
*** CID 515601: Program hangs (LOCK)
/js_bbs.cpp: 3400 in js_get_node_message(JSContext *, unsigned int, unsigned long *)()
3394 clearline = JSVAL_TO_BOOLEAN(argv[0]);
3395
3396 rc=JS_SUSPENDREQUEST(cx);
3397 sbbs->getnmsg(clearline ? true : false);
3398 JS_RESUMEREQUEST(cx, rc);
3399

CID 515601: Program hangs (LOCK)
Returning without unlocking "sbbs->nodefile_mutex".

3400 return(JS_TRUE);
3401 }
3402
3403 static JSBool
3404 js_put_node_message(JSContext *cx, uintN argc, jsval *arglist)
3405 {

** CID 515600: Error handling issues (CHECKED_RETURN)
/download.cpp: 367 in sbbs_t::seqwait(unsigned int)()


________________________________________________________________________________________________________
*** CID 515600: Error handling issues (CHECKED_RETURN)
/download.cpp: 367 in sbbs_t::seqwait(unsigned int)()
361
362 if(!devnum)
363 return;
364 for(start=now=time(NULL);online && now-start<90;now=time(NULL)) {
365 if(msgabort()) /* max wait ^^^^ sec */
366 break;

CID 515600: Error handling issues (CHECKED_RETURN)
Calling "getnodedat" without checking return value (as is done elsewhere 52 out of 59 times).

367 getnodedat(cfg.node_num,&thisnode,true); /* open and lock this record */
368 for(i=1;i<=cfg.sys_nodes;i++) {
369 if(i==cfg.node_num) continue;
370 if(getnodedat(i,&node, true)) {
371 if((node.status==NODE_INUSE || node.status==NODE_QUIET)
372 && node.action==NODE_RFSD && node.aux==devnum) {

** CID 515599: Concurrent data access violations (MISSING_LOCK)
/putnode.cpp: 108 in sbbs_t::unlocknodedat(unsigned int)()


________________________________________________________________________________________________________
*** CID 515599: Concurrent data access violations (MISSING_LOCK) /putnode.cpp: 108 in sbbs_t::unlocknodedat(unsigned int)()
102 errormsg(WHERE, ERR_CHK, "node number", number);
103 return false;
104 }
105 int result = unlock(nodefile, (number - 1) * sizeof(node_t), sizeof(node_t));
106 if(cfg.node_misc & NM_CLOSENODEDAB) {
107 close(nodefile);

CID 515599: Concurrent data access violations (MISSING_LOCK)
Accessing "this->nodefile" without holding lock "sbbs_t.nodefile_mutex". Elsewhere, "sbbs_t.nodefile" is written to with "sbbs_t.nodefile_mutex" held 4 out of 5 times.

108 nodefile = -1;
109 }
110 pthread_mutex_unlock(&nodefile_mutex);
111 return result == 0;
112 }
113

** CID 515598: (SLEEP)


________________________________________________________________________________________________________
*** CID 515598: (SLEEP)
/getnode.cpp: 268 in sbbs_t::getnmsg(bool)()
262 buf[length]=0;
263
264 if(clearline)
265 this->clearline();
266 else if(column)
267 CRLF;

CID 515598: (SLEEP)
Call to "putmsg" might sleep while holding lock "this->nodefile_mutex". 268 putmsg(buf,P_NOATCODES);

269 free(buf);
270
271 return retval == 0;
272 }
273
/getnode.cpp: 265 in sbbs_t::getnmsg(bool)()
259 }
260 int retval = chsize(file,0L);
261 close(file);
262 buf[length]=0;
263
264 if(clearline)

CID 515598: (SLEEP)
Call to "clearline" might sleep while holding lock "this->nodefile_mutex".

265 this->clearline();
266 else if(column)
267 CRLF;
268 putmsg(buf,P_NOATCODES);
269 free(buf);
270

** CID 515597: Program hangs (LOCK)
/main.cpp: 2243 in input_thread(void *)()


________________________________________________________________________________________________________
*** CID 515597: Program hangs (LOCK)
/main.cpp: 2243 in input_thread(void *)()
2237 }
2238 else
2239 #endif
2240 rd = recv(sock, (char*)inbuf, rd, 0);
2241
2242 if(pthread_mutex_unlock(&sbbs->input_thread_mutex)!=0) >>> CID 515597: Program hangs (LOCK)

"errormsg" locks "sbbs->nodefile_mutex" while it is locked.

2243 sbbs->errormsg(WHERE,ERR_UNLOCK,"input_thread_mutex",0);
2244
2245 if (rd == 0 && !socket_recvdone(sock, 0))
2246 continue;
2247
2248 if(rd == SOCKET_ERROR)

** CID 515596: Program hangs (LOCK)
/logfile.cpp: 331 in sbbs_t::errormsg(int, const char *, const char *, const char *, const char *, int, const char *)()


________________________________________________________________________________________________________
*** CID 515596: Program hangs (LOCK)
/logfile.cpp: 331 in sbbs_t::errormsg(int, const char *, const char *, const char *, const char *, int, const char *)()
325 fprintf(logfile_fp,"!! %s%s", str, log_line_ending); 326 logcol=1;
327 fflush(logfile_fp);
328 }
329
330 errormsg_inside=false;

CID 515596: Program hangs (LOCK)
Returning without unlocking "this->nodefile_mutex".

331 }
332
333 /****************************************************************************/
334 /* Open a log file for append, supporting log rotation based on size */
335 /****************************************************************************/
336 extern "C" FILE* fopenlog(scfg_t* cfg, const char* path)

** CID 515595: Program hangs (LOCK)
/main.cpp: 4335 in sbbs_t::logoffstats()()


________________________________________________________________________________________________________
*** CID 515595: Program hangs (LOCK)
/main.cpp: 4335 in sbbs_t::logoffstats()()
4329
4330 for(i=0;i<2;i++) {
4331 FILE* fp = fopen_dstats(&cfg, i ? 0 : cfg.node_num, /* for_write: */true);
4332 if(fp == NULL)
4333 continue;
4334 if(!fread_dstats(fp, &stats)) {

CID 515595: Program hangs (LOCK)
"errormsg" locks "this->nodefile_mutex" while it is locked.

4335 errormsg(WHERE, ERR_READ, "dsts.ini", i);
4336 } else {
4337 stats.total.timeon += minutes_used;
4338 stats.today.timeon += minutes_used;
4339 if(!fwrite_dstats(fp, &stats, __FUNCTION__)) 4340 errormsg(WHERE, ERR_WRITE, "dsts.ini", i);

** CID 515594: (SLEEP)


________________________________________________________________________________________________________
*** CID 515594: (SLEEP)
/main.cpp: 4649 in sbbs_t::daily_maint()()
4643 backup(str,cfg.user_backup_level,false);
4644 }
4645
4646 if(cfg.mail_backup_level) {
4647 lputs(LOG_INFO,"DAILY: Backing-up mail data...");
4648 smb_t mail;

CID 515594: (SLEEP)
Call to "smb_open_sub" might sleep while holding lock "this->nodefile_mutex".

4649 int result = smb_open_sub(&cfg, &mail, INVALID_SUB); 4650 if(result != SMB_SUCCESS)
4651 lprintf(LOG_ERR, "ERROR %d (%s) opening mail base", result, mail.last_error);
4652 else {
4653 result = smb_lock(&mail);
4654 if(result != SMB_SUCCESS)
/main.cpp: 4778 in sbbs_t::daily_maint()()
4772 closeuserdat(userfile);
4773
4774 lputs(LOG_INFO,"DAILY: Purging deleted/expired e-mail");
4775 SAFEPRINTF(smb.file,"%smail",cfg.data_dir);
4776 smb.retry_time=cfg.smb_retry_time;
4777 smb.subnum=INVALID_SUB;

CID 515594: (SLEEP)
Call to "smb_open" might sleep while holding lock "this->nodefile_mutex".

4778 if((i=smb_open(&smb))!=0)
4779 errormsg(WHERE,ERR_OPEN,smb.file,i,smb.last_error); 4780 else {
4781 if(filelength(fileno(smb.shd_fp))>0) {
4782 if((i=smb_locksmbhdr(&smb))!=0)
4783 errormsg(WHERE,ERR_LOCK,smb.file,i,smb.last_error);

** CID 515593: (LOCK)
/getnode.cpp: 258 in sbbs_t::getnmsg(bool)()
/getnode.cpp: 252 in sbbs_t::getnmsg(bool)()
/getnode.cpp: 242 in sbbs_t::getnmsg(bool)()
/getnode.cpp: 271 in sbbs_t::getnmsg(bool)()
/getnode.cpp: 237 in sbbs_t::getnmsg(bool)()
/getnode.cpp: 247 in sbbs_t::getnmsg(bool)()


________________________________________________________________________________________________________
*** CID 515593: (LOCK)
/getnode.cpp: 258 in sbbs_t::getnmsg(bool)()
252 return false;
253 }
254 if(read(file,buf,length)!=length) {
255 close(file);
256 free(buf);
257 errormsg(WHERE,ERR_READ,str,length);

CID 515593: (LOCK)
Returning without unlocking "this->nodefile_mutex".

258 return false;
259 }
260 int retval = chsize(file,0L);
261 close(file);
262 buf[length]=0;
263
/getnode.cpp: 252 in sbbs_t::getnmsg(bool)()
246 close(file);
247 return true;
248 }
249 if((buf=(char *)malloc(length+1))==NULL) {
250 close(file);
251 errormsg(WHERE,ERR_ALLOC,str,length+1);

CID 515593: (LOCK)
Returning without unlocking "this->nodefile_mutex".

252 return false;
253 }
254 if(read(file,buf,length)!=length) {
255 close(file);
256 free(buf);
257 errormsg(WHERE,ERR_READ,str,length);
/getnode.cpp: 242 in sbbs_t::getnmsg(bool)()
236 if(flength(str)<1L)
237 return true;
238 if((file=nopen(str,O_RDWR))==-1) {
239 /**
240 errormsg(WHERE,ERR_OPEN,str,O_RDWR);
241 **/

CID 515593: (LOCK)
Returning without unlocking "this->nodefile_mutex".

242 return false;
243 }
244 length=(long)filelength(file);
245 if(length <= 0) {
246 close(file);
247 return true;
/getnode.cpp: 271 in sbbs_t::getnmsg(bool)()
265 this->clearline();
266 else if(column)
267 CRLF;
268 putmsg(buf,P_NOATCODES);
269 free(buf);
270

CID 515593: (LOCK)
Returning without unlocking "this->nodefile_mutex".

271 return retval == 0;
272 }
273
274 /****************************************************************************/
275 /* 'ext' must be at least 128 bytes! */
276 /****************************************************************************/
/getnode.cpp: 237 in sbbs_t::getnmsg(bool)()
231 thisnode.misc&=~NODE_NMSG; /* clear the NMSG flag */
232 putnodedat(cfg.node_num,&thisnode);
233 }
234
235 SAFEPRINTF2(str,"%smsgs/n%3.3u.msg",cfg.data_dir,cfg.node_num); 236 if(flength(str)<1L)

CID 515593: (LOCK)
Returning without unlocking "this->nodefile_mutex".

237 return true;
238 if((file=nopen(str,O_RDWR))==-1) {
239 /**
240 errormsg(WHERE,ERR_OPEN,str,O_RDWR);
241 **/
242 return false;
/getnode.cpp: 247 in sbbs_t::getnmsg(bool)()
241 **/
242 return false;
243 }
244 length=(long)filelength(file);
245 if(length <= 0) {
246 close(file);

CID 515593: (LOCK)
Returning without unlocking "this->nodefile_mutex".

247 return true;
248 }
249 if((buf=(char *)malloc(length+1))==NULL) {
250 close(file);
251 errormsg(WHERE,ERR_ALLOC,str,length+1);
252 return false;

** CID 515592: (SLEEP)


________________________________________________________________________________________________________
*** CID 515592: (SLEEP)
/getnode.cpp: 162 in sbbs_t::nodesync(bool)()
156 thisnode.misc&=~NODE_UDAT;
157 putnodedat(cfg.node_num,&thisnode);
158 }
159 }
160 if(!(sys_status&SS_MOFF)) {
161 if(thisnode.misc&NODE_MSGW)

CID 515592: (SLEEP)
Call to "getsmsg" might sleep while holding lock "this->nodefile_mutex".

162 getsmsg(useron.number, clearline); /* getsmsg clears MSGW flag */
163 if(thisnode.misc&NODE_NMSG)
164 getnmsg(clearline); /* getnmsg clears NMSG flag */
165 }
166 }
167
/getnode.cpp: 174 in sbbs_t::nodesync(bool)()
168 if(cfg.sync_mod[0])
169 exec_bin(cfg.sync_mod,&main_csi);
170
171 if(thisnode.misc&NODE_INTR) {
172 bputs(text[NodeLocked]);
173 logline(LOG_NOTICE,nulstr,"Interrupted");

CID 515592: (SLEEP)
Call to "hangup" might sleep while holding lock "this->nodefile_mutex". 174 hangup();

175 nodesync_inside=0;
176 return;
177 }
178
179 if(thisnode.misc&NODE_LCHAT) { // pulled into local chat with sysop
/getnode.cpp: 164 in sbbs_t::nodesync(bool)()
158 }
159 }
160 if(!(sys_status&SS_MOFF)) {
161 if(thisnode.misc&NODE_MSGW)
162 getsmsg(useron.number, clearline); /* getsmsg clears MSGW flag */
163 if(thisnode.misc&NODE_NMSG)

CID 515592: (SLEEP)
Call to "getnmsg" might sleep while holding lock "this->nodefile_mutex".

164 getnmsg(clearline); /* getnmsg clears NMSG flag */
165 }
166 }
167
168 if(cfg.sync_mod[0])
169 exec_bin(cfg.sync_mod,&main_csi);
/getnode.cpp: 211 in sbbs_t::nodesync(bool)()
205 }
206
207 if(sys_status&SS_USERON && online && (timeleft/60)<(5-timeleft_warn)
208 && !SYSOP) {
209 timeleft_warn=5-(timeleft/60);
210 if(!(sys_status&SS_MOFF)) {

CID 515592: (SLEEP)
Call to "attr" might sleep while holding lock "this->nodefile_mutex". 211 attr(LIGHTGRAY);

212 bprintf(text[OnlyXminutesLeft]
213 ,((ushort)timeleft/60)+1,(timeleft/60) ? "s" : nulstr);
214 }
215 }
216
/getnode.cpp: 217 in sbbs_t::nodesync(bool)()
211 attr(LIGHTGRAY);
212 bprintf(text[OnlyXminutesLeft]
213 ,((ushort)timeleft/60)+1,(timeleft/60) ? "s" : nulstr);
214 }
215 }
216

CID 515592: (SLEEP)
Call to "attr" might sleep while holding lock "this->nodefile_mutex". 217 attr(atr); /* replace original attributes */

218 nodesync_inside=0;
219 }
220
221 /****************************************************************************/
222 /* Prints short messages waiting for this node, if any... */
/getnode.cpp: 181 in sbbs_t::nodesync(bool)()
175 nodesync_inside=0;
176 return;
177 }
178
179 if(thisnode.misc&NODE_LCHAT) { // pulled into local chat with sysop
180 saveline();

CID 515592: (SLEEP)
Call to "privchat" might sleep while holding lock "this->nodefile_mutex".

181 privchat(true);
182 restoreline();
183 }
184
185 if(thisnode.misc&NODE_FCHAT) { // forced into private chat
186 int n = getpagingnode(&cfg);
/getnode.cpp: 182 in sbbs_t::nodesync(bool)()
176 return;
177 }
178
179 if(thisnode.misc&NODE_LCHAT) { // pulled into local chat with sysop
180 saveline();
181 privchat(true);

CID 515592: (SLEEP)
Call to "restoreline" might sleep while holding lock "this->nodefile_mutex".

182 restoreline();
183 }
184
185 if(thisnode.misc&NODE_FCHAT) { // forced into private chat
186 int n = getpagingnode(&cfg);
187 if(n) {
/getnode.cpp: 197 in sbbs_t::nodesync(bool)()
191 action = save_action;
192 restoreline();
193 }
194 if(getnodedat(cfg.node_num, &thisnode, true)) {
195 thisnode.action = action;
196 thisnode.misc &= ~NODE_FCHAT;

CID 515592: (SLEEP)
Call to "putnodedat" might sleep while holding lock "this->nodefile_mutex".

197 putnodedat(cfg.node_num, &thisnode);
198 }
199 }
200
201 if(sys_status&SS_USERON && memcmp(&nodesync_user,&useron,sizeof(user_t))) {
202 getusrdirs();

** CID 515591: (LOCK)
/getnode.cpp: 219 in sbbs_t::nodesync(bool)()
/getnode.cpp: 157 in sbbs_t::nodesync(bool)()


________________________________________________________________________________________________________
*** CID 515591: (LOCK)
/getnode.cpp: 219 in sbbs_t::nodesync(bool)()
213 ,((ushort)timeleft/60)+1,(timeleft/60) ? "s" : nulstr);
214 }
215 }
216
217 attr(atr); /* replace original attributes */
218 nodesync_inside=0;

CID 515591: (LOCK)
Returning without unlocking "this->nodefile_mutex".

219 }
220
221 /****************************************************************************/
222 /* Prints short messages waiting for this node, if any... */
223 /****************************************************************************/
224 bool sbbs_t::getnmsg(bool clearline)
/getnode.cpp: 164 in sbbs_t::nodesync(bool)()
158 }
159 }
160 if(!(sys_status&SS_MOFF)) {
161 if(thisnode.misc&NODE_MSGW)
162 getsmsg(useron.number, clearline); /* getsmsg clears MSGW flag */
163 if(thisnode.misc&NODE_NMSG)

CID 515591: (LOCK)
"getnmsg" locks "this->nodefile_mutex" while it is locked.

164 getnmsg(clearline); /* getnmsg clears NMSG flag */
165 }
166 }
167
168 if(cfg.sync_mod[0])
169 exec_bin(cfg.sync_mod,&main_csi);
/getnode.cpp: 197 in sbbs_t::nodesync(bool)()
191 action = save_action;
192 restoreline();
193 }
194 if(getnodedat(cfg.node_num, &thisnode, true)) {
195 thisnode.action = action;
196 thisnode.misc &= ~NODE_FCHAT;

CID 515591: (LOCK)
"putnodedat" locks "this->nodefile_mutex" while it is locked.

197 putnodedat(cfg.node_num, &thisnode);
198 }
199 }
200
201 if(sys_status&SS_USERON && memcmp(&nodesync_user,&useron,sizeof(user_t))) {
202 getusrdirs();
/getnode.cpp: 157 in sbbs_t::nodesync(bool)()
151 }
152 }
153 if(thisnode.misc&NODE_UDAT && !(useron.rest&FLAG('G'))) { /* not guest */
154 getuserdat(&cfg, &useron);
155 if(getnodedat(cfg.node_num,&thisnode, true)) { 156 thisnode.misc&=~NODE_UDAT;

CID 515591: (LOCK)
"putnodedat" locks "this->nodefile_mutex" while it is locked.

157 putnodedat(cfg.node_num,&thisnode);
158 }
159 }
160 if(!(sys_status&SS_MOFF)) {
161 if(thisnode.misc&NODE_MSGW)
162 getsmsg(useron.number, clearline); /* getsmsg clears MSGW flag */

** CID 515590: (LOCK)
/un_qwk.cpp: 94 in sbbs_t::unpack_qwk(char *, unsigned int)()
/un_qwk.cpp: 123 in sbbs_t::unpack_qwk(char *, unsigned int)()


________________________________________________________________________________________________________
*** CID 515590: (LOCK)
/un_qwk.cpp: 94 in sbbs_t::unpack_qwk(char *, unsigned int)()
88 lprintf(LOG_ERR, "libarchive error %ld (%s) extracting %s", file_count, error, packet);
89 if(*cfg.qhub[hubnum]->unpack == '\0')
90 return false;
91 i=external(cmdstr(cfg.qhub[hubnum]->unpack,packet,ALLFILES,NULL),EX_OFFLINE);
92 if(i) {
93 errormsg(WHERE,ERR_EXEC,cmdstr(cfg.qhub[hubnum]->unpack,packet,ALLFILES,NULL),i);

CID 515590: (LOCK)
Returning without unlocking "this->input_thread_mutex".

94 return(false);
95 }
96 }
97 SAFEPRINTF(str,"%sMESSAGES.DAT",cfg.temp_dir);
98 if(!fexistcase(str)) {
99 lprintf(LOG_WARNING,"%s doesn't contain MESSAGES.DAT (%s)",packet,str);
/un_qwk.cpp: 123 in sbbs_t::unpack_qwk(char *, unsigned int)()
117 remove(fname);
118 }
119 SAFEPRINTF(fname, "%sVOTING.DAT", cfg.temp_dir);
120 if(fexistcase(fname)) {
121 lprintf(LOG_DEBUG, "Reading %s", fname);
122 if((fp=fopen(fname,"r")) == NULL)

CID 515590: (LOCK)
"errormsg" locks "this->nodefile_mutex" while it is locked.

123 errormsg(WHERE,ERR_OPEN,fname,O_RDONLY);
124 else {
125 voting=iniReadFile(fp);
126 fclose(fp);
127 }
128 remove(fname);

** CID 515589: Error handling issues (CHECKED_RETURN)
/logon.cpp: 124 in sbbs_t::logon()()


________________________________________________________________________________________________________
*** CID 515589: Error handling issues (CHECKED_RETURN)
/logon.cpp: 124 in sbbs_t::logon()()
118 ,useron.number,useron.alias);
119 logline(LOG_NOTICE,"+!",str);
120 hangup();
121 return(false);
122 }
123 if(yesno(text[RemoveNodeLockQ])) {

CID 515589: Error handling issues (CHECKED_RETURN)
Calling "getnodedat" without checking return value (as is done elsewhere 52 out of 59 times).

124 getnodedat(cfg.node_num,&thisnode, true);
125 logline("S-","Removed Node Lock");
126 thisnode.misc&=~NODE_LOCK;
127 }
128 else
129 getnodedat(cfg.node_num,&thisnode, true);

** CID 515588: (SLEEP)
/main.cpp: 3450 in event_thread(void *)()
/main.cpp: 3272 in event_thread(void *)()


________________________________________________________________________________________________________
*** CID 515588: (SLEEP)
/main.cpp: 3277 in event_thread(void *)()
3271 while(!sbbs->terminated) {
3272 mswait(1000); 3273 now=time(NULL); 3274 if(now-start>10 && now-lastnodechk<10)
3275 continue;
3276 for(j=first_node;j<=last_node;j++) {

CID 515588: (SLEEP)
Call to "getnodedat" might sleep while holding lock "sbbs->nodefile_mutex".

3277 if(!sbbs->getnodedat(j,&node, true))
3278 continue;
3279 if(node.status==NODE_WFC)
3280 node.status=NODE_EVENT_LIMBO;
3281 node.aux=sbbs->cfg.event[i]->node;
3282 sbbs->putnodedat(j,&node);
/main.cpp: 3450 in event_thread(void *)()
3444 }
3445 }
3446 }
3447 }
3448 }
3449 sbbs->event_code = nulstr;

CID 515588: (SLEEP)
Call to "nanosleep" might sleep while holding lock "sbbs->nodefile_mutex".

3450 mswait(1000);
3451 }
3452 sbbs->cfg.node_num=0;
3453 sbbs->useron.number = 0;
3454 sbbs->js_cleanup();
3455
/main.cpp: 3373 in event_thread(void *)()
3367 && (sbbs->cfg.event[i]->node<first_node || sbbs->cfg.event[i]->node>last_node)) {
3368 sbbs->lprintf(LOG_NOTICE,"Changing node status for nodes %d through %d to WFC"
3369 ,first_node,last_node); 3370 sbbs->cfg.event[i]->last=(time32_t)now;
3371 for(j=first_node;j<=last_node;j++) {
3372 node.status=NODE_INVALID_STATUS;

CID 515588: (SLEEP)
Call to "getnodedat" might sleep while holding lock "sbbs->nodefile_mutex".

3373 if(!sbbs->getnodedat(j,&node, true))
3374 continue;
3375 node.status=NODE_WFC; 3376 sbbs->putnodedat(j,&node);
3377 }
3378 }
/main.cpp: 3413 in event_thread(void *)()
3407 cmd = sbbs->cmdstr(cmd, nulstr, sbbs->cfg.event[i]->dir, NULL);
3408 sbbs->lprintf(LOG_INFO,"Running %s%stimed event: %s"
3409 ,native_executable(&sbbs->cfg, cmd, ex_mode) ? "native ":"16-bit DOS "
3410 ,(ex_mode&EX_BG) ? "background ":""
3411 ,cmd);
3412 {

CID 515588: (SLEEP)
Call to "external" might sleep while holding lock "sbbs->nodefile_mutex".

3413 int result = sbbs->external(cmd, ex_mode, sbbs->cfg.event[i]->dir);
3414 if(!(ex_mode&EX_BG)) 3415 sbbs->lprintf(result ? sbbs->cfg.event[i]->errlevel : LOG_INFO, "Timed event: '%s' returned %d", cmd, result);
3416 else
3417 sbbs->lprintf(LOG_DEBUG, "Background timed event spawned: %s", cmd);
3418 }
/main.cpp: 3277 in event_thread(void *)()
3271 while(!sbbs->terminated) {
3272 mswait(1000); 3273 now=time(NULL); 3274 if(now-start>10 && now-lastnodechk<10)
3275 continue;
3276 for(j=first_node;j<=last_node;j++) {

CID 515588: (SLEEP)
Call to "getnodedat" might sleep while holding lock "sbbs->nodefile_mutex".

3277 if(!sbbs->getnodedat(j,&node, true))
3278 continue;
3279 if(node.status==NODE_WFC)
3280 node.status=NODE_EVENT_LIMBO;
3281 node.aux=sbbs->cfg.event[i]->node;
3282 sbbs->putnodedat(j,&node);
/main.cpp: 2986 in event_thread(void *)()
2980 if(!fexist(fname))
2981 continue;
2982 sbbs->useron.number = 0;
2983 sbbs->lprintf(LOG_INFO, "QWK pack semaphore signaled: %s", fname);
2984 int usernum = atoi(fname+offset);
2985 sbbs->useron.number = usernum;

CID 515588: (SLEEP)
Call to "getuserdat" might sleep while holding lock "sbbs->nodefile_mutex".

2986 int retval = getuserdat(&sbbs->cfg,&sbbs->useron);
2987 if(retval != 0) {
2988 sbbs->lprintf(LOG_WARNING, "ERROR %d reading user data for user #%d", retval, usernum);
2989 sbbs->fremove(WHERE, fname, /* log-all-errors: */true);
2990 continue;
2991 }
/main.cpp: 3272 in event_thread(void *)()
3266 sbbs->lprintf(LOG_DEBUG,"event last run: %s (0x%08x)"
3267 ,sbbs->timestr(sbbs->cfg.event[i]->last)
3268 ,sbbs->cfg.event[i]->last);
3269 lastnodechk=0; /* really last event time check */
3270 start=time(NULL);
3271 while(!sbbs->terminated) {

CID 515588: (SLEEP)
Call to "nanosleep" might sleep while holding lock "sbbs->nodefile_mutex".

3272 mswait(1000); 3273 now=time(NULL); 3274 if(now-start>10 && now-lastnodechk<10)
3275 continue;
3276 for(j=first_node;j<=last_node;j++) {
3277 if(!sbbs->getnodedat(j,&node, true))


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=u001.AxU2LYlgjL6eX23u9ErQy-2BKADyCpvUKOL6EWmZljiu4gdQbQRNsarCbK0jIoVQSWT2zCPijRqaed4AhLiEI9Z7MR9SJQ09ot5XPbn9SW-2F14-3D0VuE_7FYjIqE8olEh4k02KWtt1r1LGSyuXVEtCuKuJCXgAQZXtRHBZwsv7Kfty0nOtNaK0UAFlR-2FrVR2f6CKktOSW3KEH5A-2BAGbll45RILco6MRWsB-2BPA-2F5LbzoDmAwnm2EdPSGWu8DKQDA8ovxbR0nzs0zWwn4zpQwqZ0g5MQ5Uxv60wCv-2BEyap91XzPuWSQ2OUE7j0iN0wndXT1J2mredhBFg-3D-3D



---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

3 new defect(s) introduced to Synchronet found with Coverity Scan.
9 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 3 of 3 defect(s)


** CID 515659: Resource leaks (RESOURCE_LEAK)
/readmail.cpp: 814 in sbbs_t::readmail(unsigned int, int, int)()


________________________________________________________________________________________________________
*** CID 515659: Resource leaks (RESOURCE_LEAK)
/readmail.cpp: 814 in sbbs_t::readmail(unsigned int, int, int)()
808 }
809
810 smb_close(&smb);
811 smb_stack(&smb,SMB_STACK_POP);
812 current_msg=NULL;
813

CID 515659: Resource leaks (RESOURCE_LEAK)
Variable "mail" going out of scope leaks the storage it points to.

814 return lm_mode;
815 }
816
817 int sbbs_t::searchmail(mail_t *mail, int start, int msgs, int which, const char *search, const char* order)
818 {
819 char* buf;

** CID 515658: Error handling issues (CHECKED_RETURN)


________________________________________________________________________________________________________
*** CID 515658: Error handling issues (CHECKED_RETURN)
/dupefind.c: 75 in display_filename()
69 char *display_filename(scfg_t *cfg, uint dirnum, uint32_t fil_off)
70 {
71 static char str[256];
72 static smb_t smb;
73 if(smb_open_dir(cfg, &smb, dirnum) != SMB_SUCCESS)
74 return smb.last_error;

CID 515658: Error handling issues (CHECKED_RETURN)
Calling "smb_fseek(smb.sid_fp, (fil_off - 1U) * 128UL, 0)" without checking return value. It wraps a library function that may fail and return an error code.

75 smb_fseek(smb.sid_fp, (fil_off - 1) * sizeof(fileidxrec_t), SEEK_SET); 76 fileidxrec_t idx;
77 if(smb_fread(&smb, &idx, sizeof(idx), smb.sid_fp) != sizeof(idx)) {
78 smb_close(&smb);
79 return smb.last_error;
80 }

** CID 515657: Error handling issues (CHECKED_RETURN)
/load_cfg.c: 627 in smb_open_dir()


________________________________________________________________________________________________________
*** CID 515657: Error handling issues (CHECKED_RETURN)
/load_cfg.c: 627 in smb_open_dir()
621 if(filelength(fileno(smb->shd_fp)) < 1) {
622 smb->status.max_files = cfg->dir[dirnum]->maxfiles; 623 smb->status.max_age = cfg->dir[dirnum]->maxage;
624 smb->status.attr = SMB_FILE_DIRECTORY; 625 if(cfg->dir[dirnum]->misc & DIR_NOHASH)
626 smb->status.attr |= SMB_NOHASH;

CID 515657: Error handling issues (CHECKED_RETURN)
Calling "smb_create" without checking return value (as is done elsewhere 16 out of 17 times).

627 smb_create(smb);
628 }
629 return SMB_SUCCESS;
630 }
631
632 int get_lang_count(scfg_t* cfg)


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=u001.AxU2LYlgjL6eX23u9ErQy-2BKADyCpvUKOL6EWmZljiu4gdQbQRNsarCbK0jIoVQSWT2zCPijRqaed4AhLiEI9Z7MR9SJQ09ot5XPbn9SW-2F14-3DArCi_7FYjIqE8olEh4k02KWtt1r1LGSyuXVEtCuKuJCXgAQZBUi-2F07t06F46PFVW9NK8AEOuHmZrMv6aNSdOw0AIeo4ogvPzV8VRWZ8jRTfiHC12zKsA4sipybJiH6RgyZ0m7AfiNQvXpSFbavk3k9Q6PyWgsjGH13ueAcyWa7DsklJg0kfAfT7EZWBHjtJZZ7z9FYBEIQ4aPAWfq3llNwIH-2F5w-3D-3D



---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

1 new defect(s) introduced to Synchronet found with Coverity Scan.
8 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 1 of 1 defect(s)


** CID 515673: Code maintainability issues (SIZEOF_MISMATCH)
/sbbsecho.c: 1309 in link_area()


________________________________________________________________________________________________________
*** CID 515673: Code maintainability issues (SIZEOF_MISMATCH)
/sbbsecho.c: 1309 in link_area()
1303 return false;
1304 }
1305
1306 void link_area(unsigned area_num, const fidoaddr_t* addr)
1307 {
1308 area_t* area = &cfg.area[area_num];

CID 515673: Code maintainability issues (SIZEOF_MISMATCH)
Passing argument "area->link" of type "fidoaddr_t const *" and argument "8UL /* sizeof (addr) */ * (area->links + 1)" to function "realloc_or_free" is suspicious. In this case, "sizeof (fidoaddr_t const *)" is equal to "sizeof (fidoaddr_t const)", but this is not a portable assumption.

1309 if((area->link = realloc_or_free(area->link, (sizeof addr) * (area->links + 1))) == NULL) {
1310 lprintf(LOG_ERR,"ERROR line %d allocating memory for area "
1311 "#%u links.",__LINE__, area_num + 1);
1312 bail(1);
1313 return;
1314 }


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=u001.AxU2LYlgjL6eX23u9ErQy-2BKADyCpvUKOL6EWmZljiu4gdQbQRNsarCbK0jIoVQSWT2zCPijRqaed4AhLiEI9Z7MR9SJQ09ot5XPbn9SW-2F14-3DjswB_7FYjIqE8olEh4k02KWtt1r1LGSyuXVEtCuKuJCXgAQZTIkIcVsFEubRKPyVR-2BCuKY5oHLU9ayFn6T1x6if3eS0nVM4zzDglf0kSu84NvdLQvLmLpVUMBWFTCqIbKw97TOhNhU4Up-2FQ0gGVaItXyTTfc3Uu2zZfP2qWOCQU0YU4SaCyb8-2B3kJNnxUzaATxOedk4YqKEgN0RG-2F7ZgTWOZJ5A-3D-3D



---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

3 new defect(s) introduced to Synchronet found with Coverity Scan.
1 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 3 of 3 defect(s)


** CID 515715: Incorrect expression (SIZEOF_MISMATCH)
/userdat.c: 1420 in node_vstatus()


________________________________________________________________________________________________________
*** CID 515715: Incorrect expression (SIZEOF_MISMATCH)
/userdat.c: 1420 in node_vstatus()
1414 return cfg->text != NULL ? cfg->text[NodeStatusOffline] : "Offline";
1415 case NODE_NETTING: /* Obsolete */
1416 return "Networking";
1417 case NODE_LOGON:
1418 return cfg->text != NULL ? cfg->text[NodeStatusLogon] : "At login prompt";
1419 case NODE_LOGOUT:

CID 515715: Incorrect expression (SIZEOF_MISMATCH)
Passing argument "str" of type "char *" and argument "8UL /* sizeof (str) */" to function "safe_snprintf" is suspicious.

1420 snprintf(str, sizeof str, cfg->text != NULL ? cfg->text[NodeStatusLogout] : "Logging out %s", username(cfg,node->useron,tmp));
1421 return str;
1422 case NODE_EVENT_WAITING:
1423 return cfg->text != NULL ? cfg->text[NodeStatusEventWaiting] : "Waiting for all nodes to become inactive";
1424 case NODE_EVENT_LIMBO:
1425 snprintf(str, size, cfg->text != NULL ? cfg->text[NodeStatusEventLimbo] : "Waiting for node %d to finish external event"

** CID 515714: Uninitialized variables (UNINIT)


________________________________________________________________________________________________________
*** CID 515714: Uninitialized variables (UNINIT)
/getnode.cpp: 289 in sbbs_t::getnodeext(unsigned int, char *)()
283 errormsg(WHERE,ERR_CHK,"node number",number);
284 return false;
285 }
286
287 if((node_ext=opennodeext(&cfg))==-1) {
288 memset(ext,0,128);

CID 515714: Uninitialized variables (UNINIT)
Using uninitialized value "*str" when calling "errormsg".

289 errormsg(WHERE,ERR_OPEN,str,O_RDONLY|O_DENYNONE);
290 return false;
291 }
292
293 number--; /* make zero based */
294 for(count=0;count<LOOP_NODEDAB;count++) {

** CID 515713: Incorrect expression (SIZEOF_MISMATCH)
/userdat.c: 1512 in node_activity()


________________________________________________________________________________________________________
*** CID 515713: Incorrect expression (SIZEOF_MISMATCH)
/userdat.c: 1512 in node_activity()
1506 return cfg->text != NULL ? cfg->text[NodeActivityLoggingOn] : "logging on";
1507 case NODE_LCHT:
1508 snprintf(str, size, cfg->text != NULL ? cfg->text[NodeActivityLocalChat] : "chatting with %s", cfg->sys_op);
1509 break;
1510 case NODE_MCHT:
1511 if(node->aux != 0)

CID 515713: Incorrect expression (SIZEOF_MISMATCH)
Passing argument "str" of type "char *" and argument "8UL /* sizeof (str) */" to function "safe_snprintf" is suspicious.

1512 snprintf(str, sizeof str
1513 ,cfg->text != NULL ? cfg->text[NodeActivityChatChannel] : "in multinode chat channel %d"
1514 ,node->aux & 0xff);
1515 else
1516 return cfg->text != NULL ? cfg->text[NodeActivityGlobalChat] : "in multinode global chat channel";
1517 break;


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=u001.AxU2LYlgjL6eX23u9ErQy-2BKADyCpvUKOL6EWmZljiu4gdQbQRNsarCbK0jIoVQSWT2zCPijRqaed4AhLiEI9Z7MR9SJQ09ot5XPbn9SW-2F14-3Drf1g_7FYjIqE8olEh4k02KWtt1r1LGSyuXVEtCuKuJCXgAQY9ty8xtnl2sw1SqlPRU2WILlz6B-2F41RYA0wpD7iGPK7iJJRJMlj06LpTw8H4oLu0ZD6NOR-2Fs4yPZ6xU2n8ZKWHL4-2F4cgQ0xljfi-2B5nJtvQuTTNG4kyAp2Ph0XvRGRr1KcMs8Gin6jWDWu2x-2Bkj9Q6Trx86Of-2BJRienYR-2Fbv9gQgw-3D-3D



---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

1 new defect(s) introduced to Synchronet found with Coverity Scan.
2 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 1 of 1 defect(s)


** CID 516068: Null pointer dereferences (FORWARD_NULL)
/websrvr.c: 5419 in js_ErrorReporter()


________________________________________________________________________________________________________
*** CID 516068: Null pointer dereferences (FORWARD_NULL)
/websrvr.c: 5419 in js_ErrorReporter()
5413 pthread_mutex_lock(&mutex);
5414 if(lastline == report->lineno && report->filename != NULL && strcmp(lastfile, report->filename) == 0)
5415 log_level = LOG_WARNING;
5416 else
5417 log_level = LOG_ERR;
5418 lastline = report->lineno;

CID 516068: Null pointer dereferences (FORWARD_NULL)
Passing null pointer "report->filename" to "strlcpy", which dereferences it. [Note: The source code implementation of the function has been overridden by a builtin model.]

5419 SAFECOPY(lastfile, report->filename);
5420 pthread_mutex_unlock(&mutex);
5421 warning="";
5422 }
5423
5424 lprintf(log_level,"%04d !JavaScript %s%s%s: %s, Request: %s"


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=u001.AxU2LYlgjL6eX23u9ErQy-2BKADyCpvUKOL6EWmZljiu4gdQbQRNsarCbK0jIoVQSWT2zCPijRqaed4AhLiEI9Z7MR9SJQ09ot5XPbn9SW-2F14-3DwGMb_7FYjIqE8olEh4k02KWtt1r1LGSyuXVEtCuKuJCXgAQYoPlNm5BibC088PrWc35An4cdaeXCJhAHOfo6MdQKpuyixiVEFSUvV84YSqGOWCuXdzqHO6D3vFmsefEKTNsriv31FvxSemaYCwQ1e-2F5VqBGX6SKqkk-2F5GGTcyG8HHnvAZdIDYA7eRF8DYP-2F3cg26HCdIpmNxtLPnr6lFDWLJb2Q-3D-3D



---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

9 new defect(s) introduced to Synchronet found with Coverity Scan.


New defect(s) Reported-by: Coverity Scan
Showing 9 of 9 defect(s)


** CID 516415: Error handling issues (CHECKED_RETURN)
/userdat.c: 1472 in node_activity()


________________________________________________________________________________________________________
*** CID 516415: Error handling issues (CHECKED_RETURN)
/userdat.c: 1472 in node_activity()
1466 case NODE_AMSG:
1467 return cfg->text != NULL ? cfg->text[NodeActivityAutoMsg] : "posting auto-message";
1468 case NODE_XTRN:
1469 if(node->aux == 0)
1470 return cfg->text != NULL ? cfg->text[NodeActivityXtrnMenu] : "at external program menu";
1471 user.number = node->useron;

CID 516415: Error handling issues (CHECKED_RETURN)
Calling "getuserdat" without checking return value (as is done elsewhere 83 out of 98 times).

1472 getuserdat(cfg, &user);
1473 xtrnnum = getxtrnnum(cfg, user.curxtrn);
1474 if(is_valid_xtrnnum(cfg, xtrnnum))
1475 snprintf(str, size, "%s %s"
1476 ,cfg->text != NULL ? cfg->text[NodeActivityRunningXtrn] : "running"
1477 ,cfg->xtrn[xtrnnum]->name);

** CID 516414: Error handling issues (CHECKED_RETURN)
/useredit.cpp: 65 in sbbs_t::useredit(int)()


________________________________________________________________________________________________________
*** CID 516414: Error handling issues (CHECKED_RETURN)
/useredit.cpp: 65 in sbbs_t::useredit(int)()
59 if(sys_status&SS_INUEDIT)
60 return;
61 sys_status|=SS_INUEDIT;
62 while(online) {
63 CLS;
64 attr(LIGHTGRAY);

CID 516414: Error handling issues (CHECKED_RETURN)
Calling "getuserdat" without checking return value (as is done elsewhere 83 out of 98 times).

65 getuserdat(&cfg,&user);
66 if(!user.number) {
67 user.number=1;
68 getuserdat(&cfg,&user);
69 if(!user.number) {
70 bputs(text[NoUserData]);

** CID 516413: Error handling issues (CHECKED_RETURN)
/answer.cpp: 168 in sbbs_t::answer()()


________________________________________________________________________________________________________
*** CID 516413: Error handling issues (CHECKED_RETURN)
/answer.cpp: 168 in sbbs_t::answer()()
162 (but keep full terminal type/speed string in rlogin_term): */
163 truncstr(terminal,"/");
164 useron.number = 0;
165 if(rlogin_name[0])
166 useron.number = find_login_id(&cfg, rlogin_name);
167 if(useron.number) {

CID 516413: Error handling issues (CHECKED_RETURN)
Calling "getuserdat" without checking return value (as is done elsewhere 83 out of 98 times).

168 getuserdat(&cfg,&useron);
169 SAFEPRINTF(path,"%srlogin.cfg",cfg.ctrl_dir);
170 if(!findstr(client.addr,path)) {
171 SAFECOPY(tmp, rlogin_pass);
172 for(i=0;i<3 && online;i++) { 173 if(stricmp(tmp,useron.pass)) {

** CID 516412: Error handling issues (CHECKED_RETURN)
/login.cpp: 51 in sbbs_t::login(const char *, const char *, const char *, const char *)()


________________________________________________________________________________________________________
*** CID 516412: Error handling issues (CHECKED_RETURN)
/login.cpp: 51 in sbbs_t::login(const char *, const char *, const char *, const char *)()
45 long useron_misc=useron.misc;
46
47 username = parse_login(username);
48
49 useron.number = find_login_id(&cfg, username);
50 if(useron.number) {

CID 516412: Error handling issues (CHECKED_RETURN)
Calling "getuserdat" without checking return value (as is done elsewhere 83 out of 98 times).

51 getuserdat(&cfg,&useron);
52 if(useron.number && useron.misc&(DELETED|INACTIVE))
53 useron.number=0;
54 }
55
56 if(!useron.number) {

** CID 516411: (CHECKED_RETURN)
/useredit.cpp: 733 in sbbs_t::maindflts(user_t *)()
/useredit.cpp: 738 in sbbs_t::maindflts(user_t *)()


________________________________________________________________________________________________________
*** CID 516411: (CHECKED_RETURN)
/useredit.cpp: 733 in sbbs_t::maindflts(user_t *)()
727
728 action=NODE_DFLT;
729 if (cfg.usercfg_mod[0]) {
730 char cmdline[256];
731 snprintf(cmdline, sizeof(cmdline), "%s %u", cfg.usercfg_mod, user->number);
732 exec_bin(cmdline, &main_csi);

CID 516411: (CHECKED_RETURN)
Calling "getuserdat" without checking return value (as is done elsewhere 83 out of 98 times).

733 getuserdat(&cfg, user);
734 return;
735 }
736 while(online) {
737 CLS;
738 getuserdat(&cfg,user);
/useredit.cpp: 738 in sbbs_t::maindflts(user_t *)()
732 exec_bin(cmdline, &main_csi);
733 getuserdat(&cfg, user);
734 return;
735 }
736 while(online) {
737 CLS;

CID 516411: (CHECKED_RETURN)
Calling "getuserdat" without checking return value (as is done elsewhere 83 out of 98 times).

738 getuserdat(&cfg,user);
739 bprintf(text[UserDefaultsHdr],user->alias,user->number);
740 if(user == &useron) {
741 update_nodeterm();
742 load_user_text();
743 }

** CID 516410: Error handling issues (CHECKED_RETURN)
/websrvr.c: 1662 in http_logon()


________________________________________________________________________________________________________
*** CID 516410: Error handling issues (CHECKED_RETURN)
/websrvr.c: 1662 in http_logon()
1656 session->req.finished=true;
1657 }
1658
1659 void http_logon(http_session_t * session, user_t *usr)
1660 {
1661 if(usr==NULL)

CID 516410: Error handling issues (CHECKED_RETURN)
Calling "getuserdat" without checking return value (as is done elsewhere 83 out of 98 times).

1662 getuserdat(&scfg, &session->user);
1663 else
1664 session->user=*usr;
1665
1666 if(session->user.number==session->last_user_num)
1667 return;

** CID 516409: Error handling issues (CHECKED_RETURN)
/str.cpp: 1388 in sbbs_t::change_user()()


________________________________________________________________________________________________________
*** CID 516409: Error handling issues (CHECKED_RETURN)
/str.cpp: 1388 in sbbs_t::change_user()()
1382 putmsgptrs();
1383 putuserstr(useron.number, USER_CURSUB
1384 ,cfg.sub[usrsub[curgrp][cursub[curgrp]]]->code);
1385 putuserstr(useron.number, USER_CURDIR
1386 ,cfg.dir[usrdir[curlib][curdir[curlib]]]->code);
1387 useron.number=i;

CID 516409: Error handling issues (CHECKED_RETURN)
Calling "getuserdat" without checking return value (as is done elsewhere 83 out of 98 times).

1388 getuserdat(&cfg,&useron);
1389 if(getnodedat(cfg.node_num,&thisnode, true)) {
1390 thisnode.useron=useron.number;
1391 putnodedat(cfg.node_num,&thisnode);
1392 }
1393 getmsgptrs();

** CID 516408: Error handling issues (CHECKED_RETURN)
/useredit.cpp: 1166 in sbbs_t::purgeuser(int)()


________________________________________________________________________________________________________
*** CID 516408: Error handling issues (CHECKED_RETURN)
/useredit.cpp: 1166 in sbbs_t::purgeuser(int)()
1160
1161 void sbbs_t::purgeuser(int usernumber)
1162 { char str[128];
1163 user_t user;
1164
1165 user.number=usernumber;

CID 516408: Error handling issues (CHECKED_RETURN)
Calling "getuserdat" without checking return value (as is done elsewhere 83 out of 98 times).

1166 getuserdat(&cfg,&user);
1167 SAFEPRINTF2(str,"Purged %s #%u",user.alias,usernumber);
1168 logentry("!*",str);
1169 delallmail(usernumber, MAIL_ANY);
1170 putusername(&cfg,usernumber,nulstr);
1171 putusermisc(usernumber, user.misc | DELETED);

** CID 516407: Error handling issues (CHECKED_RETURN)
/websrvr.c: 2037 in check_ars()


________________________________________________________________________________________________________
*** CID 516407: Error handling issues (CHECKED_RETURN)
/websrvr.c: 2037 in check_ars()
2031 else
2032 lprintf(LOG_NOTICE,"%04d !UNKNOWN USER: '%s'" 2033 ,session->socket,session->req.auth.username);
2034 return(false);
2035 }
2036 thisuser.number=i;

CID 516407: Error handling issues (CHECKED_RETURN)
Calling "getuserdat" without checking return value (as is done elsewhere 83 out of 98 times).

2037 getuserdat(&scfg, &thisuser);
2038 switch(session->req.auth.type) {
2039 case AUTHENTICATION_TLS_PSK:
2040 if((auth_allowed & (1<<AUTHENTICATION_TLS_PSK))==0)
2041 return(false);
2042 if(session->last_user_num!=0) {


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=u001.AxU2LYlgjL6eX23u9ErQy-2BKADyCpvUKOL6EWmZljiu4gdQbQRNsarCbK0jIoVQSWT2zCPijRqaed4AhLiEI9Z7MR9SJQ09ot5XPbn9SW-2F14-3DQyWe_7FYjIqE8olEh4k02KWtt1r1LGSyuXVEtCuKuJCXgAQZaRdcpKH1DbVbWKil-2BYXbuPo6Nlz2IWCRH2bHbIl-2BZWutyiZLTcraL5FS1iiZSM0cIaa70yw-2BvQnYvTFtY90cnRY6AunfTZ3TOchBhkmrNG5r6R9YGJilsgu5Suh4msrRA-2BqV-2BHoo-2B29c88W6IVBSZdgQoHyw-2Bn9zmKTgeEHvaqQ-3D-3D



---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

1 new defect(s) introduced to Synchronet found with Coverity Scan.
3 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 1 of 1 defect(s)


** CID 516431: Incorrect expression (EVALUATION_ORDER)
/scfg/scfgsys.c: 1740 in sys_cfg()


________________________________________________________________________________________________________
*** CID 516431: Incorrect expression (EVALUATION_ORDER)
/scfg/scfgsys.c: 1740 in sys_cfg()
1734 char sys_pass[sizeof(cfg.sys_pass)];
1735 SAFECOPY(sys_pass, cfg.sys_pass);
1736 while(1) {
1737 i=0;
1738 snprintf(opt[i++],MAX_OPLN,"%-20s%s","BBS Name",cfg.sys_name);
1739 snprintf(opt[i++],MAX_OPLN,"%-20s%s","Location",cfg.sys_location);

CID 516431: Incorrect expression (EVALUATION_ORDER)
In argument #6 of "safe_snprintf(opt[i++], 75UL, "%-20s%s%s %s", "Local Time Zone", ((cfg.sys_timezone == -1) ? "Auto: " : ""), smb_zonestr(sys_timezone(&cfg), NULL), ((!(cfg.sys_timezone <= 1000 && cfg.sys_timezone >= -1000) && (cfg.sys_timezone & 0xc000 || cfg.sys_timezone == 4096 || cfg.sys_timezone == 4156 || cfg.sys_timezone == 4216 || cfg.sys_timezone == 4816 || cfg.sys_timezone == 4696 || cfg.sys_timezone == 4666) && cfg.sys_misc & 0x4000U) ? "(Auto-DST)" : ""))", a call is made to "sys_timezone(&cfg)". In argument #1 of this function, the object "cfg.sys_timezone" is modified. This object is also used in "(cfg.sys_timezone == -1) ? "Auto: " : """, the argument #5 of the outer function call. The order in which these arguments are evaluated is not specified, and will vary between platforms.

1740 snprintf(opt[i++],MAX_OPLN,"%-20s%s%s %s","Local Time Zone"
1741 ,cfg.sys_timezone == SYS_TIMEZONE_AUTO ? "Auto: " : ""
1742 ,smb_zonestr(sys_timezone(&cfg),NULL)
1743 ,SMB_TZ_HAS_DST(cfg.sys_timezone) && cfg.sys_misc&SM_AUTO_DST ? "(Auto-DST)" : "");
1744 snprintf(opt[i++],MAX_OPLN,"%-20s%s (e.g. %s)","Short Date Format"
1745 ,date_format(&cfg, str, sizeof str)


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=u001.AxU2LYlgjL6eX23u9ErQy-2BKADyCpvUKOL6EWmZljiu4gdQbQRNsarCbK0jIoVQSWT2zCPijRqaed4AhLiEI9Z7MR9SJQ09ot5XPbn9SW-2F14-3Du0AK_7FYjIqE8olEh4k02KWtt1r1LGSyuXVEtCuKuJCXgAQZX-2BkC2-2BAZJhPPYfXPDeIQ-2B4YvLEfkbd-2Bd6D-2Bq6Hgb3A8yT9nXPdJTazBcJukBEh03pJKxvVooRsB2exFituB7-2FZiW-2B-2FFf3SbStI-2Fat2UXSZKXBODkmruS46NddedKGixq1GgfIg-2BgPQfkssXqpoMR-2BzxwZcTjLKvzCO0Vk2ny9Gw-3D-3D



---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

3 new defect(s) introduced to Synchronet found with Coverity Scan.
3 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 3 of 3 defect(s)


** CID 516448: High impact quality (Y2K38_SAFETY)
/js_msgbase.c: 1441 in js_get_msg_header_resolve()


________________________________________________________________________________________________________
*** CID 516448: High impact quality (Y2K38_SAFETY)
/js_msgbase.c: 1441 in js_get_msg_header_resolve()
1435 /* Fixed length portion of msg header */
1436 LAZY_UINTEGER("type", p->msg.hdr.type, JSPROP_ENUMERATE);
1437 LAZY_UINTEGER("version", p->msg.hdr.version, JSPROP_ENUMERATE); 1438 LAZY_UINTEGER("attr", p->msg.hdr.attr, JSPROP_ENUMERATE);
1439 LAZY_UINTEGER("auxattr", p->msg.hdr.auxattr, JSPROP_ENUMERATE); 1440 LAZY_UINTEGER("netattr", p->msg.hdr.netattr, JSPROP_ENUMERATE); >>> CID 516448: High impact quality (Y2K38_SAFETY)

A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "smb_time(p->msg.hdr.when_written)" is cast to "uint32".

1441 LAZY_UINTEGER("when_written_time", smb_time(p->msg.hdr.when_written), JSPROP_ENUMERATE);
1442 LAZY_INTEGER("when_written_zone", p->msg.hdr.when_written.zone, JSPROP_ENUMERATE);
1443 LAZY_INTEGER("when_written_zone_offset", smb_tzutc(p->msg.hdr.when_written.zone), JSPROP_ENUMERATE|JSPROP_READONLY);
1444 LAZY_UINTEGER("when_imported_time", p->msg.hdr.when_imported.time, JSPROP_ENUMERATE);
1445 LAZY_INTEGER("when_imported_zone", p->msg.hdr.when_imported.zone, JSPROP_ENUMERATE);
1446 LAZY_INTEGER("when_imported_zone_offset", smb_tzutc(p->msg.hdr.when_imported.zone), JSPROP_ENUMERATE|JSPROP_READONLY);

** CID 516447: High impact quality (Y2K38_SAFETY)
/postmsg.cpp: 625 in votemsg()


________________________________________________________________________________________________________
*** CID 516447: High impact quality (Y2K38_SAFETY)
/postmsg.cpp: 625 in votemsg()
619 }
620 answers++;
621 }
622 }
623 }
624 safe_snprintf(smsg, sizeof(smsg), smsgfmt

CID 516447: High impact quality (Y2K38_SAFETY)
A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "smb_time(msg->hdr.when_written)" is cast to "time32_t".

625 ,timestr(cfg, (time32_t)smb_time(msg->hdr.when_written), tstr)
626 ,cfg->grp[cfg->sub[smb->subnum]->grp]->sname
627 ,cfg->sub[smb->subnum]->sname
628 ,from
629 ,remsg.subj);
630 SAFECAT(smsg, votes);

** CID 516446: (Y2K38_SAFETY)
/qwknodes.c: 366 in main()
/qwknodes.c: 392 in main()
/qwknodes.c: 361 in main()
/qwknodes.c: 384 in main()
/qwknodes.c: 333 in main()
/qwknodes.c: 343 in main()


________________________________________________________________________________________________________
*** CID 516446: (Y2K38_SAFETY)
/qwknodes.c: 366 in main()
360 ,msg.from,p+1
361 ,unixtodstr(&cfg,smb_time(msg.hdr.when_written),tmp)
362 ,str); 363 else
364 fprintf(users,"%-25.25s %-8.8s %s\r\n"
365 ,msg.from,str

CID 516446: (Y2K38_SAFETY)
A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "smb_time(msg.hdr.when_written)" is cast to "time32_t".

366 ,unixtodstr(&cfg,smb_time(msg.hdr.when_written),tmp));
367 }
368 if(cmd&NODES && msg.from_net.type==NET_QWK) {
369 if(mode&TAGS)
370 gettag(&msg,tag);
371 if(mode&FEED) /qwknodes.c: 392 in main()
386 }
387 else
388 fprintf(nodes,"%-8.8s %s\r\n"
389 ,str 390 ,mode&TAGS
391 ? tag >>> CID 516446: (Y2K38_SAFETY)

A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "smb_time(msg.hdr.when_written)" is cast to "time32_t".

392 : unixtodstr(&cfg,smb_time(msg.hdr.when_written),tmp));
393 }
394 }
395 }
396 smb_freemsgmem(&msg);
397 }
/qwknodes.c: 361 in main()
355 else
356 strcpy(str,msg.from_net.addr);
357 p=strrchr(str,'/');
358 if(p)
359 fprintf(users,"%-25.25s %-8.8s %s (%s)\r\n"
360 ,msg.from,p+1

CID 516446: (Y2K38_SAFETY)
A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "smb_time(msg.hdr.when_written)" is cast to "time32_t".

361 ,unixtodstr(&cfg,smb_time(msg.hdr.when_written),tmp)
362 ,str); 363 else
364 fprintf(users,"%-25.25s %-8.8s %s\r\n"
365 ,msg.from,str
366 ,unixtodstr(&cfg,smb_time(msg.hdr.when_written),tmp));
/qwknodes.c: 384 in main()
378 fprintf(nodes,"%-8.8s %s\r\n"
379 ,p+1
380 ,tag);
381 else
382 fprintf(nodes,"%-8.8s %s (%s)\r\n"
383 ,p+1

CID 516446: (Y2K38_SAFETY)
A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "smb_time(msg.hdr.when_written)" is cast to "time32_t".

384 ,unixtodstr(&cfg,smb_time(msg.hdr.when_written),tmp)
385 ,str);
386 }
387 else
388 fprintf(nodes,"%-8.8s %s\r\n"
389 ,str /qwknodes.c: 333 in main()
327 p=strrchr(addr,'/');
328 if(!p)
329 p=addr; 330 else
331 *(p++)=0;
332 safe_snprintf(str, sizeof(str), "%s %s:%s%c%s"

CID 516446: (Y2K38_SAFETY)
A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "smb_time(msg.hdr.when_written)" is cast to "time32_t".

333 ,unixtodstr(&cfg,smb_time(msg.hdr.when_written),tmp)
334 ,p,cfg.sys_id,p==addr ? 0 : '/'
335 ,addr); 336 fprintf(route,"%s\r\n",str);
337 }
338 else {
/qwknodes.c: 343 in main()
337 }
338 else {
339 p=strrchr(addr,'/');
340 if(p) {
341 *(p++)=0;
342 fprintf(route,"%s %s:%.*s\r\n"

CID 516446: (Y2K38_SAFETY)
A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "smb_time(msg.hdr.when_written)" is cast to "time32_t".

343 ,unixtodstr(&cfg,smb_time(msg.hdr.when_written),str)
344 ,p
345 ,(uint)(p-addr)
346 ,addr); 347 }
348 }


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=u001.AxU2LYlgjL6eX23u9ErQy-2BKADyCpvUKOL6EWmZljiu4gdQbQRNsarCbK0jIoVQSWT2zCPijRqaed4AhLiEI9Z7MR9SJQ09ot5XPbn9SW-2F14-3DNGSj_7FYjIqE8olEh4k02KWtt1r1LGSyuXVEtCuKuJCXgAQYgWGJ9BYEIxvdbhMAIayAni-2FuUZOlays8-2BQNW1Qj2YoLcEBScLdhHrJ52SvmolJ5itsnLRiKIwdue9DQ-2F9PO-2FUFGY-2Fa0jLnspeSlF2FiQB80TbxuUTyDk42cNSQCBuIqgPC4jh5ZIq8dm-2B49xrAWdl9U3UIFg1xXJFs0kJktVUnA-3D-3D



---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

3 new defect(s) introduced to Synchronet found with Coverity Scan.
7 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 3 of 3 defect(s)


** CID 516462: Resource leaks (RESOURCE_LEAK)
/str.cpp: 277 in sbbs_t::sif(char *, char *, int)()


________________________________________________________________________________________________________
*** CID 516462: Resource leaks (RESOURCE_LEAK)
/str.cpp: 277 in sbbs_t::sif(char *, char *, int)()
271 errormsg(WHERE,ERR_OPEN,str,O_RDONLY);
272 return;
273 }
274 length=(int)filelength(file);
275 if(length < 0) {
276 errormsg(WHERE, ERR_CHK, str, length);

CID 516462: Resource leaks (RESOURCE_LEAK)
Handle variable "file" going out of scope leaks the handle.

277 return;
278 }
279 if((buf=(char *)calloc(length + 1, 1))==0) {
280 close(file);
281 errormsg(WHERE,ERR_ALLOC,str,length);
282 return;

** CID 516461: Resource leaks (RESOURCE_LEAK)
/writemsg.cpp: 678 in sbbs_t::writemsg(const char *, const char *, char *, int, int, const char *, const char *, const char **, const char **)()


________________________________________________________________________________________________________
*** CID 516461: Resource leaks (RESOURCE_LEAK)
/writemsg.cpp: 678 in sbbs_t::writemsg(const char *, const char *, char *, int, int, const char *, const char *, const char **, const char **)()
672 return(false);
673 }
674 length=(long)filelength(file);
675 if(length < 0) {
676 errormsg(WHERE, ERR_LEN, msgtmp, length);
677 free(buf);

CID 516461: Resource leaks (RESOURCE_LEAK)
Handle variable "file" going out of scope leaks the handle.

678 return false;
679 }
680 l=strlen((char *)buf); /* reserve space for top and terminating null */
681 /* truncate if too big */
682 if(length>(long)((cfg.level_linespermsg[useron_level]*MAX_LINE_LEN)-(l+1))) {
683 length=(cfg.level_linespermsg[useron_level]*MAX_LINE_LEN)-(l+1);

** CID 516460: Error handling issues (CHECKED_RETURN)
/chat.cpp: 254 in sbbs_t::multinodechat(int)()


________________________________________________________________________________________________________
*** CID 516460: Error handling issues (CHECKED_RETURN)
/chat.cpp: 254 in sbbs_t::multinodechat(int)()
248 if(getstr(str,8,K_UPPER|K_ALPHA|K_LINE)) {
249 getnodedat(cfg.node_num,&thisnode,true);
250 thisnode.aux=channel;
251 packchatpass(str,&thisnode);
252 }
253 else {

CID 516460: Error handling issues (CHECKED_RETURN)
Calling "getnodedat" without checking return value (as is done elsewhere 54 out of 58 times).

254 getnodedat(cfg.node_num,&thisnode,true);
255 thisnode.aux=channel;
256 }
257 }
258 else {
259 getnodedat(cfg.node_num,&thisnode,true);


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=u001.AxU2LYlgjL6eX23u9ErQy-2BKADyCpvUKOL6EWmZljiu4gdQbQRNsarCbK0jIoVQSWT2zCPijRqaed4AhLiEI9Z7MR9SJQ09ot5XPbn9SW-2F14-3DT8kj_7FYjIqE8olEh4k02KWtt1r1LGSyuXVEtCuKuJCXgAQZ0FBX-2BUT7uzaWITu7U3dUMhdetuA-2BXV7YO8edQOGefnmNi1UdppKCC6vLOx06Y8sPuw5srJbsIYFYToJzSPdHxTD057AtOipCaMaoVsZPXJm19KDepDOzvHsB8koLerJtFoWwn5Qu57g8OiPy6q-2FxqWajzzHkfT1WyGUJ-2Bbs009Q-3D-3D



---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

1 new defect(s) introduced to Synchronet found with Coverity Scan.
2 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 1 of 1 defect(s)


** CID 528581: Control flow issues (DEADCODE) /tmp/sbbs-Jan-01-2025/src/conio/sdl_con.c: 994 in sdl_video_event_thread()


________________________________________________________________________________________________________
*** CID 528581: Control flow issues (DEADCODE) /tmp/sbbs-Jan-01-2025/src/conio/sdl_con.c: 994 in sdl_video_event_thread()
988 if (bios_key >= 429496730 ||
989 (bios_key == 429496729 && ((ev.key.keysym.sym > SDLK_KP_5) || (ev.key.keysym.sym == SDLK_KP_0)))) {
990 terminate_bios = true;
991 }
992 }
993 else {

CID 528581: Control flow issues (DEADCODE)
Execution cannot reach the expression "ev.key.keysym.sym > SDLK_KP_5" inside this statement: "if (bios_key >= 26U || (bio...".

994 if (bios_key >= 26 ||
995 (bios_key == 429496729 && ((ev.key.keysym.sym > SDLK_KP_5) || (ev.key.keysym.sym == SDLK_KP_0)))) {
996 terminate_bios = true;
997 }
998 }
999 if (terminate_bios) {


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=u001.AxU2LYlgjL6eX23u9ErQy-2BKADyCpvUKOL6EWmZljiu4gdQbQRNsarCbK0jIoVQSWT2zCPijRqaed4AhLiEI9Z7MR9SJQ09ot5XPbn9SW-2F14-3DXNhu_7FYjIqE8olEh4k02KWtt1r1LGSyuXVEtCuKuJCXgAQbC0dee144hDhJdlAtpKcHwzMEyb91qJk06-2BZ5IIx-2F9DZxU4TfNPF8J4DJ1D5ZwCMW0WOJBoN8726nac3S-2FDDq0nwEjPKYHJxK0wxgZqFE1jRhzJfndbA8hvw5ibvT9tO3VGpQu88n0PuZ5Z9AmM7-2Fkauxnye2PWIl66kbToPTPZw-3D-3D



---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

2 new defect(s) introduced to Synchronet found with Coverity Scan.


New defect(s) Reported-by: Coverity Scan
Showing 2 of 2 defect(s)


** CID 529876: (OVERRUN)
/tmp/sbbs-Jan-05-2025/src/encode/lzh.c: 457 in lzh_update() /tmp/sbbs-Jan-05-2025/src/encode/lzh.c: 458 in lzh_update()


________________________________________________________________________________________________________
*** CID 529876: (OVERRUN)
/tmp/sbbs-Jan-05-2025/src/encode/lzh.c: 457 in lzh_update()
451
452 tmp = huff->child[c];
453 huff->parent[tmp] = l;
454 if (tmp < LZH_TABLE_SZ)
455 huff->parent[tmp + 1] = l;
456

CID 529876: (OVERRUN)
Overrunning array "huff->child" of 628 2-byte elements at element index 628 (byte offset 1257) using index "l" (which evaluates to 628).

457 tmp2 = huff->child[l];
458 huff->child[l] = tmp;
459
460 huff->parent[tmp2] = c;
461 if (tmp2 < LZH_TABLE_SZ)
462 huff->parent[tmp2 + 1] = c; /tmp/sbbs-Jan-05-2025/src/encode/lzh.c: 458 in lzh_update()
452 tmp = huff->child[c];
453 huff->parent[tmp] = l;
454 if (tmp < LZH_TABLE_SZ)
455 huff->parent[tmp + 1] = l;
456
457 tmp2 = huff->child[l];

CID 529876: (OVERRUN)
Overrunning array "huff->child" of 628 2-byte elements at element index 628 (byte offset 1257) using index "l" (which evaluates to 628).

458 huff->child[l] = tmp;
459
460 huff->parent[tmp2] = c;
461 if (tmp2 < LZH_TABLE_SZ)
462 huff->parent[tmp2 + 1] = c;
463 huff->child[c] = tmp2;

** CID 529875: (OVERRUN)
/tmp/sbbs-Jan-05-2025/src/encode/lzh.c: 450 in lzh_update() /tmp/sbbs-Jan-05-2025/src/encode/lzh.c: 449 in lzh_update() /tmp/sbbs-Jan-05-2025/src/encode/lzh.c: 445 in lzh_update()


________________________________________________________________________________________________________
*** CID 529875: (OVERRUN)
/tmp/sbbs-Jan-05-2025/src/encode/lzh.c: 450 in lzh_update()
444 // If we exited before the end of table, decrement l
445 if (tmp <= huff->freq[l])
446 l--;
447
448 // Now swap nodes
449 huff->freq[c] = huff->freq[l];

CID 529875: (OVERRUN)
Overrunning array "huff->freq" of 628 2-byte elements at element index 628 (byte offset 1257) using index "l" (which evaluates to 628).

450 huff->freq[l] = tmp;
451
452 tmp = huff->child[c];
453 huff->parent[tmp] = l;
454 if (tmp < LZH_TABLE_SZ)
455 huff->parent[tmp + 1] = l; /tmp/sbbs-Jan-05-2025/src/encode/lzh.c: 449 in lzh_update()
443
444 // If we exited before the end of table, decrement l
445 if (tmp <= huff->freq[l])
446 l--;
447
448 // Now swap nodes

CID 529875: (OVERRUN)
Overrunning array "huff->freq" of 628 2-byte elements at element index 628 (byte offset 1257) using index "l" (which evaluates to 628).

449 huff->freq[c] = huff->freq[l];
450 huff->freq[l] = tmp;
451
452 tmp = huff->child[c];
453 huff->parent[tmp] = l;
454 if (tmp < LZH_TABLE_SZ) /tmp/sbbs-Jan-05-2025/src/encode/lzh.c: 445 in lzh_update()
439 * that has a lower frequency than our new one 440 */
441 for (l = c + 1; l <= LZH_TABLE_SZ && tmp > huff->freq[l]; l++)
442 ;
443
444 // If we exited before the end of table, decrement l

CID 529875: (OVERRUN)
Overrunning array "huff->freq" of 628 2-byte elements at element index 628 (byte offset 1257) using index "l" (which evaluates to 628).

445 if (tmp <= huff->freq[l])
446 l--;
447
448 // Now swap nodes
449 huff->freq[c] = huff->freq[l];
450 huff->freq[l] = tmp;


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=u001.AxU2LYlgjL6eX23u9ErQy-2BKADyCpvUKOL6EWmZljiu4gdQbQRNsarCbK0jIoVQSWT2zCPijRqaed4AhLiEI9Z7MR9SJQ09ot5XPbn9SW-2F14-3DVjXG_7FYjIqE8olEh4k02KWtt1r1LGSyuXVEtCuKuJCXgAQYmOS4dF7bzpu1cVppVHTeUZERPDt2v2E4lCt9lCuWdNtkNglNtUqzAPEUlnwGBzZlBueizPFLO26MyF5roLbzi-2F0G80IHg4mwTrYLGZfPUf8Sg5333ueo95zQQtd4OVT7zx85Gr8TBXnJTKyUKhNeMTemzlJoM0HPQHEa-2FpXlaaw-3D-3D



---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

1 new defect(s) introduced to Synchronet found with Coverity Scan.


New defect(s) Reported-by: Coverity Scan
Showing 1 of 1 defect(s)


** CID 529977: Incorrect expression (SIZEOF_MISMATCH)
/atcodes.cpp: 2311 in sbbs_t::atcode(const char *, char *, unsigned long, int *, bool, JSObject *)()


________________________________________________________________________________________________________
*** CID 529977: Incorrect expression (SIZEOF_MISMATCH)
/atcodes.cpp: 2311 in sbbs_t::atcode(const char *, char *, unsigned long, int *, bool, JSObject *)()
2305 : (current_file->from == nullptr ? nulstr : current_file->from);
2306 if(strcmp(sp, "FILE_BYTES") == 0) {
2307 safe_snprintf(str, maxlen, "%ld", (long)current_file->size);
2308 return str;
2309 }
2310 if(strcmp(sp, "FILE_SIZE") == 0)

CID 529977: Incorrect expression (SIZEOF_MISMATCH)
Passing argument "str" of type "char *" and argument "8UL /* sizeof (str) */" to function "byte_estimate_to_str" is suspicious.

2311 return byte_estimate_to_str(current_file->size, str, sizeof str, /* units: */1024, /* precision: */1);
2312 if(strcmp(sp, "FILE_CREDITS") == 0) {
2313 safe_snprintf(str, maxlen, "%" PRIu64, current_file->cost);
2314 return str;
2315 }
2316 if(strcmp(sp, "FILE_CRC32") == 0) {


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, http://url2497.blackduck.com/ls/click?upn=u001.Ji18sHaXCxZb7Rfw8sC51j9Suwl84vq-2FeHTSxCm409PbgTgYEdi2VnuaQNlDgcb5JjALxNeaZf2yWZEMA-2FE6JEQm092Z-2B02AUi7Sp54Z-2B6I-3DjXBk_7FYjIqE8olEh4k02KWtt1r1LGSyuXVEtCuKuJCXgAQZ-2BccbwOBuD5ui7v9trYaUtAyk5nXDg6l2xX3MkPoD01xhpnfT-2Fkg6ap91bIfb4XqTQXNlxWOzjRjRNOVMZ2H7I9Q-2BXHowhaav-2B3SVUHs-2B21No7COFVbHUcCKKxzwKovyWxOeYInAxTYvAJs43a5sYtCMrwgWJgXbztBD8zm37Rwg-3D-3D



---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

1 new defect(s) introduced to Synchronet found with Coverity Scan.
1 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 1 of 1 defect(s)


** CID 529991: Control flow issues (DEADCODE) /tmp/sbbs-Jan-09-2025/src/xpdev/genwrap.c: 1151 in xp_fast_timer64()


________________________________________________________________________________________________________
*** CID 529991: Control flow issues (DEADCODE) /tmp/sbbs-Jan-09-2025/src/xpdev/genwrap.c: 1151 in xp_fast_timer64()
1145 if (clock_getres(CLOCK_MONOTONIC_RAW, &ts) == 0)
1146 cid = CLOCK_MONOTONIC_RAW;
1147 }
1148 cid = CLOCK_MONOTONIC_RAW;
1149 #endif
1150 if (cid == CLOCK_REALTIME)

CID 529991: Control flow issues (DEADCODE)
Execution cannot reach this statement: "cid = 1;".

1151 cid = CLOCK_MONOTONIC;
1152
1153 if (clock_gettime(cid, &ts) == 0)
1154 ret = ts.tv_sec;
1155 else
1156 ret = -1;


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, http://url2497.blackduck.com/ls/click?upn=u001.Ji18sHaXCxZb7Rfw8sC51j9Suwl84vq-2FeHTSxCm409PbgTgYEdi2VnuaQNlDgcb5JjALxNeaZf2yWZEMA-2FE6JEQm092Z-2B02AUi7Sp54Z-2B6I-3DJzn7_7FYjIqE8olEh4k02KWtt1r1LGSyuXVEtCuKuJCXgAQYw9HgWY5fw-2BKTu3iNJoyd7G2ZoeBsWXuqG5dV8s2gHJJ3z7riRhQ4NsZmnjMPwb0d5EgUIDxBYRgoxCBOeIJM-2FTyx1gDXnmdIG86yJoS96pjUoxOjapj4QBWqvYthXwRmCXtEhEMTEAYvLzxwt5vpbI04EqHQ4ulGmUuTBimQnkA-3D-3D



---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

3 new defect(s) introduced to Synchronet found with Coverity Scan.


New defect(s) Reported-by: Coverity Scan
Showing 3 of 3 defect(s)


** CID 530002: (NULL_RETURNS)
/tmp/sbbs-Jan-10-2025/src/conio/bitmap_con.c: 1544 in bitmap_clrscr()


________________________________________________________________________________________________________
*** CID 530002: (NULL_RETURNS)
/tmp/sbbs-Jan-10-2025/src/conio/bitmap_con.c: 1547 in bitmap_clrscr()
1541 cols = vstat.cols;
1542 for (y = cio_textinfo.wintop - 1; y < cio_textinfo.winbottom && y < rows; y++) {
1543 for (x = cio_textinfo.winleft - 1; x < cio_textinfo.winright && x < cols; x++) {
1544 va[c++] = *set_vmem_cell(vmem_ptr, y * cio_textinfo.screenwidth + x, fill, ciolib_fg, ciolib_bg);
1545 }
1546 }

CID 530002: (NULL_RETURNS)
Dereferencing a pointer that might be "NULL" "va" when calling "bitmap_draw_vmem".

1547 bitmap_draw_vmem(cio_textinfo.winleft, cio_textinfo.wintop, cio_textinfo.winright, cio_textinfo.winbottom, va);
1548 release_vmem(vmem_ptr);
1549 pthread_mutex_unlock(&vstatlock);
1550 }
1551
1552 void bitmap_getcustomcursor(int *s, int *e, int *r, int *b, int *v) /tmp/sbbs-Jan-10-2025/src/conio/bitmap_con.c: 1544 in bitmap_clrscr()
1538 pthread_mutex_lock(&vstatlock);
1539 vmem_ptr = get_vmem(&vstat);
1540 rows = vstat.rows;
1541 cols = vstat.cols;
1542 for (y = cio_textinfo.wintop - 1; y < cio_textinfo.winbottom && y < rows; y++) {
1543 for (x = cio_textinfo.winleft - 1; x < cio_textinfo.winright && x < cols; x++) {

CID 530002: (NULL_RETURNS)
Dereferencing "va", which is known to be "NULL".

1544 va[c++] = *set_vmem_cell(vmem_ptr, y * cio_textinfo.screenwidth + x, fill, ciolib_fg, ciolib_bg);
1545 }
1546 }
1547 bitmap_draw_vmem(cio_textinfo.winleft, cio_textinfo.wintop, cio_textinfo.winright, cio_textinfo.winbottom, va);
1548 release_vmem(vmem_ptr);
1549 pthread_mutex_unlock(&vstatlock);

** CID 530001: (EVALUATION_ORDER)
/pack_qwk.cpp: 750 in sbbs_t::pack_qwk(char *, unsigned int *, bool)() /pack_qwk.cpp: 750 in sbbs_t::pack_qwk(char *, unsigned int *, bool)()


________________________________________________________________________________________________________
*** CID 530001: (EVALUATION_ORDER)
/pack_qwk.cpp: 750 in sbbs_t::pack_qwk(char *, unsigned int *, bool)()
744 lprintf(LOG_ERR, "libarchive error (%s) creating %s", error, packet);
745 else
746 lprintf(LOG_INFO, "libarchive created %s from %d files", packet, file_count);
747 }
748 if(flength(packet) < 1) {
749 remove(packet);

CID 530001: (EVALUATION_ORDER)
In argument #1 of "this->external(this->cmdstr(this->temp_cmd(ex), packet, path, NULL, ex), ex | 1, NULL)", a call is made to "this->temp_cmd(ex)". In argument #1 of this function, the object "ex" is modified. This object is also used in "ex | 1", the argument #2 of the outer function call. The order in which these arguments are evaluated is not specified, and will vary between platforms.

750 if((i = external(cmdstr(temp_cmd(ex),packet,path,NULL,ex), ex|EX_WILDCARD)) != 0)
751 errormsg(WHERE, ERR_EXEC, cmdstr_output, i); 752 if(flength(packet) < 1) {
753 bputs(text[QWKCompressionFailed]);
754 return(false);
755 }
/pack_qwk.cpp: 750 in sbbs_t::pack_qwk(char *, unsigned int *, bool)()
744 lprintf(LOG_ERR, "libarchive error (%s) creating %s", error, packet);
745 else
746 lprintf(LOG_INFO, "libarchive created %s from %d files", packet, file_count);
747 }
748 if(flength(packet) < 1) {
749 remove(packet);

CID 530001: (EVALUATION_ORDER)
In argument #1 of "this->cmdstr(this->temp_cmd(ex), packet, path, NULL, ex)", a call is made to "this->temp_cmd(ex)". In argument #1 of this function, the object "ex" is modified. This object is also used in "ex", the argument #5 of the outer function call. The order in which these arguments are evaluated is not specified, and will vary between platforms.

750 if((i = external(cmdstr(temp_cmd(ex),packet,path,NULL,ex), ex|EX_WILDCARD)) != 0)
751 errormsg(WHERE, ERR_EXEC, cmdstr_output, i); 752 if(flength(packet) < 1) {
753 bputs(text[QWKCompressionFailed]);
754 return(false);
755 }

** CID 530000: (RESOURCE_LEAK)
/tmp/sbbs-Jan-10-2025/src/conio/bitmap_con.c: 1550 in bitmap_clrscr() /tmp/sbbs-Jan-10-2025/src/conio/bitmap_con.c: 1536 in bitmap_clrscr()


________________________________________________________________________________________________________
*** CID 530000: (RESOURCE_LEAK) /tmp/sbbs-Jan-10-2025/src/conio/bitmap_con.c: 1550 in bitmap_clrscr()
1544 va[c++] = *set_vmem_cell(vmem_ptr, y * cio_textinfo.screenwidth + x, fill, ciolib_fg, ciolib_bg);
1545 }
1546 }
1547 bitmap_draw_vmem(cio_textinfo.winleft, cio_textinfo.wintop, cio_textinfo.winright, cio_textinfo.winbottom, va);
1548 release_vmem(vmem_ptr);
1549 pthread_mutex_unlock(&vstatlock);

CID 530000: (RESOURCE_LEAK)
Variable "va" going out of scope leaks the storage it points to.

1550 }
1551
1552 void bitmap_getcustomcursor(int *s, int *e, int *r, int *b, int *v) 1553 {
1554 pthread_mutex_lock(&vstatlock);
1555 if(s)
/tmp/sbbs-Jan-10-2025/src/conio/bitmap_con.c: 1536 in bitmap_clrscr()
1530 struct vstat_vmem *vmem_ptr;
1531 size_t c = 0;
1532 int rows, cols;
1533 struct vmem_cell *va = malloc(((cio_textinfo.winright - cio_textinfo.winleft + 1) * (cio_textinfo.winbottom - cio_textinfo.wintop + 1)) * sizeof(struct vmem_cell));
1534
1535 if(!bitmap_initialized)

CID 530000: (RESOURCE_LEAK)
Variable "va" going out of scope leaks the storage it points to.

1536 return;
1537
1538 pthread_mutex_lock(&vstatlock);
1539 vmem_ptr = get_vmem(&vstat);
1540 rows = vstat.rows;
1541 cols = vstat.cols;


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://scan.coverity.com/projects/synchronet?tab=overview



---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

46 new defect(s) introduced to Synchronet found with Coverity Scan.
22 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 20 of 46 defect(s)


** CID 530529: Insecure data handling (INTEGER_OVERFLOW)


________________________________________________________________________________________________________
*** CID 530529: Insecure data handling (INTEGER_OVERFLOW)
/str.cpp: 420 in sbbs_t::sif(char *, char *, int)()
414 answers[a+cr]=str[cr];
415 while(cr<max)
416 answers[a+cr++]=ETX;
417 a+=max;
418 }
419 else {

CID 530529: Insecure data handling (INTEGER_OVERFLOW)
"max", which might have underflowed, is passed to "putrec(answers, a, max, str)".

420 putrec(answers,a,max,str);
421 putrec(answers,a+max,2,crlf);
422 a+=max+2;
423 }
424 }
425 }

** CID 530527: Data race undermines locking (LOCK_EVASION)
/download.cpp: 188 in sbbs_t::protocol(prot_t *, XFER_TYPE, const char *, const char *, bool, bool, long *)()


________________________________________________________________________________________________________
*** CID 530527: Data race undermines locking (LOCK_EVASION)
/download.cpp: 188 in sbbs_t::protocol(prot_t *, XFER_TYPE, const char *, const char *, bool, bool, long *)()
182 logline(LOG_DEBUG,nulstr,protlog);
183 }
184 fclose(stream);
185 }
186
187 CRLF;

CID 530527: Data race undermines locking (LOCK_EVASION)
Thread1 sets "sys_status" to a new value. Now the two threads have an inconsistent view of "sys_status" and updates to fields correlated with "sys_status" may be lost.

188 if(autohang) sys_status|=SS_PAUSEOFF; /* Pause off after download */
189 if(elapsed != nullptr) {
190 *elapsed = end - start;
191 if(*elapsed < 0)
192 *elapsed = 0;
193 }

** CID 530526: Control flow issues (UNREACHABLE)
/uedit/uedit.c: 2189 in main()


________________________________________________________________________________________________________
*** CID 530526: Control flow issues (UNREACHABLE)
/uedit/uedit.c: 2189 in main()
2183 edit_user(&cfg, atoi(opt[i]));
2184 break;
2185 }
2186 }
2187 }
2188 }

CID 530526: Control flow issues (UNREACHABLE)
This code cannot be reached: "free_opts(opt);".

2189 free_opts(opt);

** CID 530525: Insecure data handling (INTEGER_OVERFLOW)
/getmsg.cpp: 540 in sbbs_t::getmsgnum(int, long)()


________________________________________________________________________________________________________
*** CID 530525: Insecure data handling (INTEGER_OVERFLOW)
/getmsg.cpp: 540 in sbbs_t::getmsgnum(int, long)()
534 errormsg(WHERE,ERR_OPEN,smb.file,i,smb.last_error);
535 return 0;
536 }
537 int result = smb_getmsgidx_by_time(&smb, &idx, t);
538 smb_close(&smb);
539 if(result >= SMB_SUCCESS)

CID 530525: Insecure data handling (INTEGER_OVERFLOW)
"idx.number - 1U", which might have underflowed, is returned from the function.

540 return idx.number - 1;
541 return ~0;
542 }
543
544 /****************************************************************************/
545 /* Returns the time of the message number pointed to by 'ptr' */

** CID 530524: Data race undermines locking (LOCK_EVASION)
/exec.cpp: 1410 in sbbs_t::exec(csi_t *)()


________________________________________________________________________________________________________
*** CID 530524: Data race undermines locking (LOCK_EVASION)
/exec.cpp: 1410 in sbbs_t::exec(csi_t *)()
1404 csi->logic=strnicmp(csi->str,(char*)csi->ip,strlen((char*)csi->ip));
1405 break;
1406 default:
1407 errormsg(WHERE,ERR_CHK,"shell instruction",*(csi->ip-1));
1408 break;
1409 }

CID 530524: Data race undermines locking (LOCK_EVASION)
Thread1 sets "ip" to a new value. Now the two threads have an inconsistent view of "ip" and updates to fields correlated with "ip" may be lost.

1410 while(*(csi->ip++)); /* Find NULL */
1411 return(0);
1412 }
1413
1414 if(*csi->ip>=CS_THREE_BYTE) {
1415 switch(*(csi->ip++)) {

** CID 530523: Insecure data handling (INTEGER_OVERFLOW)


________________________________________________________________________________________________________
*** CID 530523: Insecure data handling (INTEGER_OVERFLOW)
/chat.cpp: 178 in sbbs_t::multinodechat(int)()
172 SAFECAT(str,"0");
173 i=getkeys(str,cfg.total_chans);
174 if(i&0x80000000L) { /* change channel */
175 savch=(char)(i&~0x80000000L); 176 if(savch==channel)
177 continue;

CID 530523: Insecure data handling (INTEGER_OVERFLOW)
"savch - 1", which might have underflowed, is passed to "this->chan_access(savch - 1)".

178 if(!chan_access(savch-1))
179 continue;
180 bprintf(text[WelcomeToChannelN] 181 ,savch,cfg.chan[savch-1]->name);
182
183 usrs=0;

** CID 530521: Control flow issues (DEADCODE)
/websrvr.c: 6459 in read_post_data()


________________________________________________________________________________________________________
*** CID 530521: Control flow issues (DEADCODE)
/websrvr.c: 6459 in read_post_data()
6453 if(ch_len==0)
6454 break;
6455 /* Check size */
6456 s += ch_len;
6457 if(s > MAX_POST_LEN) {
6458 if(s > SIZE_MAX) {

CID 530521: Control flow issues (DEADCODE)
Execution cannot reach this statement: "send_error(session, 6459U, ...".

6459 send_error(session,__LINE__,"413 Request entity too large");
6460 FCLOSE_OPEN_FILE(fp); 6461 return(false);
6462 }
6463 if(fp==NULL) {
6464 fp=open_post_file(session);

** CID 530517: Resource leaks (RESOURCE_LEAK)
/sbbsecho.c: 5884 in find_stray_packets()


________________________________________________________________________________________________________
*** CID 530517: Resource leaks (RESOURCE_LEAK)
/sbbsecho.c: 5884 in find_stray_packets()
5878 }
5879 if(terminator == FIDO_PACKET_TERMINATOR)
5880 lprintf(LOG_DEBUG, "Stray packet already finalized: %s", packet);
5881 else {
5882 if((pkt->fp = fopen(pkt->filename, "ab")) == NULL) {
5883 lprintf(LOG_ERR, "ERROR %d (%s) opening %s", errno, strerror(errno), pkt->filename);

CID 530517: Resource leaks (RESOURCE_LEAK)
Freeing "pkt" without freeing its pointer field "filename" leaks the storage that "filename" points to.

5884 free(pkt);
5885 continue;
5886 }
5887 }
5888 pkt->orig = pkt_orig;
5889 pkt->dest = pkt_dest;

** CID 530516: Integer handling issues (INTEGER_OVERFLOW)
/sbbsecho.c: 3920 in putfmsg()


________________________________________________________________________________________________________
*** CID 530516: Integer handling issues (INTEGER_OVERFLOW)
/sbbsecho.c: 3920 in putfmsg()
3914 lastlen=9; /* +strlen(seenby); */
3915 net_exists=0;
3916 fprintf(stream,"\rSEEN-BY:"); 3917 }
3918 }
3919

CID 530516: Integer handling issues (INTEGER_OVERFLOW)
Expression "u++", where "u" is known to be equal to 4294967295, overflows the type of "u++", which is type "unsigned int".

3920 for(u=0;u<area.links;u++) { /* Add all links to SEEN-BYs */
3921 nodecfg_t* nodecfg=findnodecfg(&cfg, area.link[u], /* exact: */false);
3922 if(nodecfg!=NULL && nodecfg->passive) 3923 continue;
3924 strcpy(seenby," ");
3925 if(foreign_zone(addr.zone, area.link[u].zone) || area.link[u].point)

** CID 530515: Insecure data handling (INTEGER_OVERFLOW)
/js_system.c: 1575 in js_get_node()


________________________________________________________________________________________________________
*** CID 530515: Insecure data handling (INTEGER_OVERFLOW)
/js_system.c: 1575 in js_get_node()
1569 JS_DefineProperty(cx, nodeobj, "action", INT_TO_JSVAL((int)node.action), NULL, NULL, JSPROP_ENUMERATE);
1570 JS_DefineProperty(cx, nodeobj, "activity", STRING_TO_JSVAL(JS_NewStringCopyZ(cx, node_activity(sys->cfg, &node, str, sizeof str, node_num))), NULL, NULL, JSPROP_ENUMERATE);
1571 JS_DefineProperty(cx, nodeobj, "useron", INT_TO_JSVAL((int)node.useron), NULL, NULL, JSPROP_ENUMERATE);
1572 JS_DefineProperty(cx, nodeobj, "connection", INT_TO_JSVAL((int)node.connection), NULL, NULL, JSPROP_ENUMERATE);
1573 JS_DefineProperty(cx, nodeobj, "misc", INT_TO_JSVAL((int)node.misc), NULL, NULL, JSPROP_ENUMERATE);
1574 JS_DefineProperty(cx, nodeobj, "aux", INT_TO_JSVAL((int)node.aux), NULL, NULL, JSPROP_ENUMERATE);

CID 530515: Insecure data handling (INTEGER_OVERFLOW)
The cast of "node.extaux" to a signed type could result in a negative number.

1575 JS_DefineProperty(cx, nodeobj, "extaux", INT_TO_JSVAL((int)node.extaux), NULL, NULL, JSPROP_ENUMERATE);
1576 JS_SET_RVAL(cx, arglist, OBJECT_TO_JSVAL(nodeobj));
1577 return JS_TRUE;
1578 }
1579
1580 static JSBool

** CID 530514: (INTEGER_OVERFLOW)
/scansubs.cpp: 312 in sbbs_t::new_scan_ptr_cfg()()
/scansubs.cpp: 375 in sbbs_t::new_scan_ptr_cfg()()


________________________________________________________________________________________________________
*** CID 530514: (INTEGER_OVERFLOW)
/scansubs.cpp: 312 in sbbs_t::new_scan_ptr_cfg()()
306 else
307 subscan[usrsub[i][j]].ptr=l-s;
308 }
309 progress(text[LoadingMsgPtrs], subs, total_subs);
310 continue;
311 }

CID 530514: (INTEGER_OVERFLOW)
Expression "i", where "(s & 0xffffffff7fffffffL) - 1L" is known to be equal to -1, overflows the type of "i", which is type "int".

312 i=(s&~0x80000000L)-1;
313 while(online) {
314 l=0;
315 bprintf(text[CfgSubLstHdr],cfg.grp[usrgrp[i]]->lname);
316 for(j=0;j<usrsubs[i] && !msgabort();j++) {
317 checkline();
/scansubs.cpp: 375 in sbbs_t::new_scan_ptr_cfg()()
369 subscan[usrsub[i][j]].ptr=l-s;
370 }
371 progress(text[LoadingMsgPtrs], j, usrsubs[i]);
372 continue;
373 }
374 else {

CID 530514: (INTEGER_OVERFLOW)
Expression "j", where "(s & 0xffffffff7fffffffL) - 1L" is known to be equal to -1, overflows the type of "j", which is type "int".

375 j=(s&~0x80000000L)-1;
376 mnemonics(text[SetMsgPtrPrompt]);
377 SAFEPRINTF2(keys, "%s%c", text[DateLastKeys], quit_key());
378 s=getkeys(keys, 9999);
379 if(s==-1 || s==quit_key())
380 continue;

** CID 530512: Integer handling issues (INTEGER_OVERFLOW)
/scansubs.cpp: 472 in sbbs_t::new_scan_cfg(unsigned int)()


________________________________________________________________________________________________________
*** CID 530512: Integer handling issues (INTEGER_OVERFLOW)
/scansubs.cpp: 472 in sbbs_t::new_scan_cfg(unsigned int)()
466 subscan[usrsub[i][j]].cfg&=~SUB_CFG_YSCAN;
467 subscan[usrsub[i][j]].cfg|=misc;
468 }
469 }
470 continue;
471 }

CID 530512: Integer handling issues (INTEGER_OVERFLOW)
Expression "j", where "(s & 0xffffffff7fffffffL) - 1L" is known to be equal to -1, overflows the type of "j", which is type "int".

472 j=(s&~0x80000000L)-1;
473 if(misc&SUB_CFG_NSCAN && !(subscan[usrsub[i][j]].cfg&misc)) {
474 if(!(useron.rest&FLAG('Q')) && !noyes(text[MsgsToYouOnlyQ]))
475 subscan[usrsub[i][j]].cfg|=SUB_CFG_YSCAN;
476 else
477 subscan[usrsub[i][j]].cfg&=~SUB_CFG_YSCAN;

** CID 530511: (INTEGER_OVERFLOW)
/websrvr.c: 706 in sess_sendbuf()
/websrvr.c: 719 in sess_sendbuf()


________________________________________________________________________________________________________
*** CID 530511: (INTEGER_OVERFLOW)
/websrvr.c: 706 in sess_sendbuf()
700 }
701 else
702 *failed=true;
703 result = tls_sent;
704 }
705 else {

CID 530511: (INTEGER_OVERFLOW)
"len - sent", which might have underflowed, is passed to "send(session->socket, buf + sent, len - sent, 0)".

706 result=sendsocket(session->socket,buf+sent,len-sent);
707 if(result==SOCKET_ERROR) {
708 if(SOCKET_ERRNO==ECONNRESET) 709 lprintf(LOG_NOTICE,"%04d Connection reset by peer on send",session->socket);
710 else if(SOCKET_ERRNO==ECONNABORTED)
711 lprintf(LOG_NOTICE,"%04d Connection aborted by peer on send",session->socket);
/websrvr.c: 719 in sess_sendbuf()
713 else if(SOCKET_ERRNO==EPIPE) 714 lprintf(LOG_NOTICE,"%04d Unable to send to peer",session->socket);
715 #endif
716 else if(session->socket != INVALID_SOCKET)
717 lprintf(LOG_WARNING,"%04d !ERROR %d sending on socket",session->socket,SOCKET_ERRNO);
718 *failed=true;

CID 530511: (INTEGER_OVERFLOW)
"sent", which might have underflowed, is returned from the function. 719 return(sent);

720 }
721 }
722 }
723 else {
724 lprintf(LOG_WARNING,"%04d Timeout waiting for socket to become writable",session->socket);

** CID 530509: (INTEGER_OVERFLOW)
/getstr.cpp: 338 in sbbs_t::getstr(char *, unsigned long, int, char **)() /getstr.cpp: 482 in sbbs_t::getstr(char *, unsigned long, int, char **)() /getstr.cpp: 427 in sbbs_t::getstr(char *, unsigned long, int, char **)() /getstr.cpp: 617 in sbbs_t::getstr(char *, unsigned long, int, char **)()


________________________________________________________________________________________________________
*** CID 530509: (INTEGER_OVERFLOW)
/getstr.cpp: 338 in sbbs_t::getstr(char *, unsigned long, int, char **)()
332 l=strlen(strout);
333 if(mode&K_NOECHO)
334 return(l);
335 if(mode&K_MSG)
336 redrwstr(strout,i,l,K_MSG);
337 else {

CID 530509: (INTEGER_OVERFLOW)
Expression "i--", where "i" is known to be equal to 0, underflows the type of "i--", which is type "size_t".

338 while(i--)
339 bputs("\b");
340 bputs(strout);
341 if(mode&K_LINE)
342 attr(LIGHTGRAY);
343 }
/getstr.cpp: 482 in sbbs_t::getstr(char *, unsigned long, int, char **)()
476 if(history != NULL) {
477 if(history[hidx + 1] == NULL) { 478 outchar(BEL);
479 break;
480 }
481 hidx++;

CID 530509: (INTEGER_OVERFLOW)
Expression "i--", where "i" is known to be equal to 0, underflows the type of "i--", which is type "size_t".

482 while(i--)
483 backspace();
484 SAFECOPY(str1, history[hidx]); 485 i=l=strlen(str1);
486 rputs(str1);
487 cleartoeol();
/getstr.cpp: 427 in sbbs_t::getstr(char *, unsigned long, int, char **)()
421 }
422 i=0;
423 console|=CON_DELETELINE;
424 break;
425 case CTRL_Z: /* Undo */
426 if(!(mode&K_NOECHO)) {

CID 530509: (INTEGER_OVERFLOW)
Expression "i--", where "i" is known to be equal to 0, underflows the type of "i--", which is type "size_t".

427 while(i--)
428 backspace();
429 }
430 SAFECOPY(str1,undo);
431 i=l=strlen(str1);
432 rputs(str1);
/getstr.cpp: 617 in sbbs_t::getstr(char *, unsigned long, int, char **)()
611 }
612 getstr_offset=i;
613 if(!online)
614 return(0);
615 if(i>l)
616 l=i;

CID 530509: (INTEGER_OVERFLOW)
"l", which might have underflowed, is passed to "str1[l]".

617 str1[l]=0;
618 if(!(sys_status&SS_ABORT)) {
619 strcpy(strout,str1);
620 if(mode&K_TRIM)
621 truncsp(strout);
622 if((strip_invalid_attr(strout) || (console&CON_INSERT)) && !(mode&K_NOECHO))

** CID 530506: Concurrent data access violations (MISSING_LOCK)
/ssl.c: 640 in destroy_session()


________________________________________________________________________________________________________
*** CID 530506: Concurrent data access violations (MISSING_LOCK)
/ssl.c: 640 in destroy_session()
634 while (sess != NULL) {
635 if (sess->sess == csess) {
636 if (psess == NULL) {
637 sess_list = sess->next;
638 }
639 else {

CID 530506: Concurrent data access violations (MISSING_LOCK)
Accessing "psess->next" without holding lock "ssl_cert_list_mutex". Elsewhere, "cert_list.next" is written to with "ssl_cert_list_mutex" held 2 out of 4 times (2 of these accesses strongly imply that it is necessary).

640 psess->next = sess->next;
641 }
642 break;
643 }
644 psess = sess;
645 sess = sess->next;

** CID 530505: Resource leaks (RESOURCE_LEAK)
/bulkmail.cpp: 177 in sbbs_t::bulkmailhdr(smb_t *, smbmsg_t *, unsigned int)()


________________________________________________________________________________________________________
*** CID 530505: Resource leaks (RESOURCE_LEAK)
/bulkmail.cpp: 177 in sbbs_t::bulkmailhdr(smb_t *, smbmsg_t *, unsigned int)() 171
172 user.number=usernum;
173 if(getuserdat(&cfg, &user)!=0)
174 return(0);
175
176 if((i=smb_copymsgmem(NULL,&newmsg,msg))!=SMB_SUCCESS)

CID 530505: Resource leaks (RESOURCE_LEAK)
Variable "newmsg" going out of scope leaks the storage "newmsg.hfield_dat" points to.

177 return(i);
178
179 SAFECOPY(str,user.alias);
180 smb_hfield_str(&newmsg,RECIPIENT,str);
181
182 if(cfg.sys_misc&SM_FWDTONET && user.misc&NETMAIL && user.netmail[0]) {

** CID 530504: Insecure data handling (INTEGER_OVERFLOW)
/websrvr.c: 6476 in read_post_data()


________________________________________________________________________________________________________
*** CID 530504: Insecure data handling (INTEGER_OVERFLOW)
/websrvr.c: 6476 in read_post_data()
6470 return(false);
6471 }
6472 }
6473 else {
6474 /* realloc() to new size */ 6475 /* FREE()d in close_request */ >>> CID 530504: Insecure data handling (INTEGER_OVERFLOW)

"s", which might have underflowed, is passed to "realloc(session->req.post_data, s)".

6476 p=realloc(session->req.post_data, s);
6477 if(p==NULL) {
6478 errprintf(LOG_CRIT, WHERE, "%04d !ERROR Allocating %lu bytes of memory",session->socket, (ulong)session->req.post_len);
6479 send_error(session,__LINE__,"413 Request entity too large");
6480 FCLOSE_OPEN_FILE(fp); 6481 return(false);

** CID 530501: Resource leaks (RESOURCE_LEAK)
/js_socket.c: 3239 in js_connected_socket_constructor()


________________________________________________________________________________________________________
*** CID 530501: Resource leaks (RESOURCE_LEAK)
/js_socket.c: 3239 in js_connected_socket_constructor()
3233
3234 dbprintf(false, p, "object constructed");
3235 return(JS_TRUE);
3236
3237 fail:
3238 if (p)

CID 530501: Resource leaks (RESOURCE_LEAK)
Freeing "p" without freeing its handle field "sock" leaks the handle. 3239 free(p);

3240 if (protocol)
3241 free(protocol);
3242 if (host)
3243 free(host);
3244 return JS_FALSE;

** CID 530500: Control flow issues (DEADCODE) /tmp/sbbs-Jan-12-2025/src/xpdev/xpsem.c: 62 in xp_sem_init()


________________________________________________________________________________________________________
*** CID 530500: Control flow issues (DEADCODE) /tmp/sbbs-Jan-12-2025/src/xpdev/xpsem.c: 62 in xp_sem_init()
56 errno = EPERM;
57 retval = -1;
58 goto RETURN;
59 }
60
61 if (value > XP_SEM_VALUE_MAX) {

CID 530500: Control flow issues (DEADCODE)
Execution cannot reach this statement: "*__errno_location() = 22;".

62 errno = EINVAL;
63 retval = -1;
64 goto RETURN;
65 }
66
67 *sem = (xp_sem_t)malloc(sizeof(struct xp_sem));

** CID 530498: Resource leaks (RESOURCE_LEAK)
/js_socket.c: 3413 in js_listening_socket_constructor()


________________________________________________________________________________________________________
*** CID 530498: Resource leaks (RESOURCE_LEAK)
/js_socket.c: 3413 in js_listening_socket_constructor()
3407 return(JS_FALSE);
3408 }
3409
3410 if(!js_DefineSocketOptionsArray(cx, obj, type)) {
3411 free(p);
3412 free(set);

CID 530498: Resource leaks (RESOURCE_LEAK)
Variable "protocol" going out of scope leaks the storage it points to. 3413 return(JS_FALSE);

3414 }
3415
3416 #ifdef BUILD_JSDOCS
3417 js_DescribeSyncObject(cx,obj,"Class used for incoming TCP/IP socket communications",317);
3418 js_DescribeSyncConstructor(cx,obj,"To create a new ListeningSocket object: "


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://scan.coverity.com/projects/synchronet?tab=overview



---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

1 new defect(s) introduced to Synchronet found with Coverity Scan.


New defect(s) Reported-by: Coverity Scan
Showing 1 of 1 defect(s)


** CID 530828: Possible Control flow issues (DEADCODE)
/load_cfg.c: 147 in load_cfg()


________________________________________________________________________________________________________
*** CID 530828: Possible Control flow issues (DEADCODE)
/load_cfg.c: 147 in load_cfg()
141 free(text[n]);
142 text[n] = strdup(list[i]->value);
143 }
144 iniFreeNamedStringList(list);
145 iniFreeStringList(ini);
146 if (!success)

CID 530828: Possible Control flow issues (DEADCODE)
Execution cannot reach this statement: "return false;".

147 return false;
148 }
149
150 cfg->text = text;
151 }
152


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://scan.coverity.com/projects/synchronet?tab=overview



---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net