• New Defects reported by Coverity Scan for Synchronet

    From scan-admin@coverity.com@VERT to cov-scan@synchro.net on Mon Feb 13 13:37:11 2023
    Hi,

    Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

    1 new defect(s) introduced to Synchronet found with Coverity Scan.


    New defect(s) Reported-by: Coverity Scan
    Showing 1 of 1 defect(s)


    ** CID 436064: Error handling issues (CHECKED_RETURN)
    /scfg/scfg.c: 2266 in bail()


    ________________________________________________________________________________________________________
    *** CID 436064: Error handling issues (CHECKED_RETURN)
    /scfg/scfg.c: 2266 in bail()
    2260 if(code) {
    2261 printf("\nHit enter to continue...");
    2262 (void)getchar();
    2263 }
    2264 else if(forcesave) {
    2265 load_main_cfg(&cfg, error, sizeof(error));
    CID 436064: Error handling issues (CHECKED_RETURN)
    Calling "load_msgs_cfg" without checking return value (as is done elsewhere 4 out of 5 times).
    2266 load_msgs_cfg(&cfg, error, sizeof(error));
    2267 load_file_cfg(&cfg, error, sizeof(error));
    2268 load_chat_cfg(&cfg, error, sizeof(error));
    2269 load_xtrn_cfg(&cfg, error, sizeof(error));
    2270 cfg.new_install=new_install;
    2271 save_main_cfg(&cfg,backup_level);


    ________________________________________________________________________________________________________
    To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yp-2FP9gGRhvFklLaQKuBylUrkMFB3WMR2p7qIYKYTZrh4BbWTBf-2B-2Fi5ZUVF-2Fo-2B6flxo-3DD5MO_g4j7BHlu96plUOfCQsO0yRjoWZCZl8YGnZ-2FUtT39hrDTaDtSmOw-2Bk-2F2GY9-2Fd2mdj1kV98qMuZQMWgSaq-2FKJTpW1JmDNOWTqgrbhAT5Uu1FeAUx9pihjmNzRCgsVATSDaJVNi1-2Fy70syPCKRY-2FmYivvscQV3ejVXXYul1-2BVLFI3iZ6Tr68ZR3M-2FuWbVS2FOTtToDy4GMZVGnWexi0ASRqfA-3D-3D



    ---
    Synchronet Vertrauen Home of Synchronet [vert/cvs/bbs].synchro.net
  • From scan-admin@coverity.com@VERT to cov-scan@synchro.net on Sun Feb 19 13:37:56 2023
    Hi,

    Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

    21 new defect(s) introduced to Synchronet found with Coverity Scan.
    16 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

    New defect(s) Reported-by: Coverity Scan
    Showing 20 of 21 defect(s)


    ** CID 436320: (SIGN_EXTENSION)
    /writemsg.cpp: 679 in sbbs_t::writemsg(const char *, const char *, char *, int, unsigned int, const char *, const char *, const char **, const char **)()
    /writemsg.cpp: 680 in sbbs_t::writemsg(const char *, const char *, char *, int, unsigned int, const char *, const char *, const char **, const char **)()
    /writemsg.cpp: 657 in sbbs_t::writemsg(const char *, const char *, char *, int, unsigned int, const char *, const char *, const char **, const char **)()
    /writemsg.cpp: 294 in sbbs_t::writemsg(const char *, const char *, char *, int, unsigned int, const char *, const char *, const char **, const char **)()
    /writemsg.cpp: 656 in sbbs_t::writemsg(const char *, const char *, char *, int, unsigned int, const char *, const char *, const char **, const char **)()


    ________________________________________________________________________________________________________
    *** CID 436320: (SIGN_EXTENSION)
    /writemsg.cpp: 679 in sbbs_t::writemsg(const char *, const char *, char *, int, unsigned int, const char *, const char *, const char **, const char **)()
    673 *editor = "Synchronet msgeditor " GIT_BRANCH "/" GIT_HASH;
    674
    675 buf[0]=0;
    676 if(linesquoted || draft_restored) {
    677 if((file=nopen(msgtmp,O_RDONLY))!=-1) {
    678 length=(long)filelength(file);
    CID 436320: (SIGN_EXTENSION)
    Suspicious implicit sign extension: "this->cfg.level_linespermsg[useron_level]" with type "uint16_t" (16 bits, unsigned) is promoted in "this->cfg.level_linespermsg[useron_level] * (this->cols - 1) - 1" to type "int" (32 bits, signed), then sign-extended to type "long" (64 bits, signed). If "this->cfg.level_linespermsg[useron_level] * (this->cols - 1) - 1" is greater than 0x7FFFFFFF, the upper bits of the result will all be 1.
    679 l=length>(cfg.level_linespermsg[useron_level]*MAX_LINE_LEN)-1
    680 ? (cfg.level_linespermsg[useron_level]*MAX_LINE_LEN)-1 : length;
    681 lread(file,buf,l);
    682 buf[l]=0;
    683 close(file);
    684 // remove(msgtmp);
    /writemsg.cpp: 680 in sbbs_t::writemsg(const char *, const char *, char *, int, unsigned int, const char *, const char *, const char **, const char **)()
    674
    675 buf[0]=0;
    676 if(linesquoted || draft_restored) {
    677 if((file=nopen(msgtmp,O_RDONLY))!=-1) {
    678 length=(long)filelength(file);
    679 l=length>(cfg.level_linespermsg[useron_level]*MAX_LINE_LEN)-1
    CID 436320: (SIGN_EXTENSION)
    Suspicious implicit sign extension: "this->cfg.level_linespermsg[useron_level]" with type "uint16_t" (16 bits, unsigned) is promoted in "this->cfg.level_linespermsg[useron_level] * (this->cols - 1) - 1" to type "int" (32 bits, signed), then sign-extended to type "long" (64 bits, signed). If "this->cfg.level_linespermsg[useron_level] * (this->cols - 1) - 1" is greater than 0x7FFFFFFF, the upper bits of the result will all be 1.
    680 ? (cfg.level_linespermsg[useron_level]*MAX_LINE_LEN)-1 : length;
    681 lread(file,buf,l);
    682 buf[l]=0;
    683 close(file);
    684 // remove(msgtmp);
    685 }
    /writemsg.cpp: 657 in sbbs_t::writemsg(const char *, const char *, char *, int, unsigned int, const char *, const char *, const char **, const char **)()
    651 free(buf);
    652 return false;
    653 }
    654 l=strlen((char *)buf); /* reserve space for top and terminating null */
    655 /* truncate if too big */
    656 if(length>(long)((cfg.level_linespermsg[useron_level]*MAX_LINE_LEN)-(l+1))) {
    CID 436320: (SIGN_EXTENSION)
    Suspicious implicit sign extension: "this->cfg.level_linespermsg[useron_level]" with type "uint16_t" (16 bits, unsigned) is promoted in "this->cfg.level_linespermsg[useron_level] * (this->cols - 1)" to type "int" (32 bits, signed), then sign-extended to type "unsigned long" (64 bits, unsigned). If "this->cfg.level_linespermsg[useron_level] * (this->cols - 1)" is greater than 0x7FFFFFFF, the upper bits of the result will all be 1.
    657 length=(cfg.level_linespermsg[useron_level]*MAX_LINE_LEN)-(l+1);
    658 bputs(text[OutOfBytes]);
    659 }
    660 long rd = read(file,buf+l,length);
    661 close(file);
    662 if(rd != length) {
    /writemsg.cpp: 294 in sbbs_t::writemsg(const char *, const char *, char *, int, unsigned int, const char *, const char *, const char **, const char **)()
    288
    289 useron_level=useron.level;
    290
    291 if(editor!=NULL)
    292 *editor=NULL;
    293
    CID 436320: (SIGN_EXTENSION)
    Suspicious implicit sign extension: "this->cfg.level_linespermsg[useron_level]" with type "uint16_t" (16 bits, unsigned) is promoted in "this->cfg.level_linespermsg[useron_level] * (this->cols - 1) + 1" to type "int" (32 bits, signed), then sign-extended to type "unsigned long" (64 bits, unsigned). If "this->cfg.level_linespermsg[useron_level] * (this->cols - 1) + 1" is greater than 0x7FFFFFFF, the upper bits of the result will all be 1.
    294 if((buf=(char*)malloc((cfg.level_linespermsg[useron_level]*MAX_LINE_LEN) + 1))
    295 ==NULL) {
    296 errormsg(WHERE,ERR_ALLOC,fname
    297 ,(cfg.level_linespermsg[useron_level]*MAX_LINE_LEN) +1);
    298 return(false);
    299 }
    /writemsg.cpp: 656 in sbbs_t::writemsg(const char *, const char *, char *, int, unsigned int, const char *, const char *, const char **, const char **)()
    650 errormsg(WHERE, ERR_LEN, msgtmp, length);
    651 free(buf);
    652 return false;
    653 }
    654 l=strlen((char *)buf); /* reserve space for top and terminating null */
    655 /* truncate if too big */
    CID 436320: (SIGN_EXTENSION)
    Suspicious implicit sign extension: "this->cfg.level_linespermsg[useron_level]" with type "uint16_t" (16 bits, unsigned) is promoted in "this->cfg.level_linespermsg[useron_level] * (this->cols - 1)" to type "int" (32 bits, signed), then sign-extended to type "unsigned long" (64 bits, unsigned). If "this->cfg.level_linespermsg[useron_level] * (this->cols - 1)" is greater than 0x7FFFFFFF, the upper bits of the result will all be 1.
    656 if(length>(long)((cfg.level_linespermsg[useron_level]*MAX_LINE_LEN)-(l+1))) {
    657 length=(cfg.level_linespermsg[useron_level]*MAX_LINE_LEN)-(l+1);
    658 bputs(text[OutOfBytes]);
    659 }
    660 long rd = read(file,buf+l,length);
    661 close(file);

    ** CID 436319: High impact quality (Y2K38_SAFETY)
    /qwktomsg.cpp: 49 in qwk_parse_header_list(sbbs_t *, unsigned int, smbmsg_t *, char ***, bool, bool)()


    ________________________________________________________________________________________________________
    *** CID 436319: High impact quality (Y2K38_SAFETY)
    /qwktomsg.cpp: 49 in qwk_parse_header_list(sbbs_t *, unsigned int, smbmsg_t *, char ***, bool, bool)()
    43 msg->hdr.auxattr |= MSG_HFIELDS_UTF8;
    44 }
    45
    46 if((p=iniPopKey(headers,ROOT_SECTION,"WhenWritten",value))!=NULL) {
    47 xpDateTime_t dt=isoDateTimeStr_parse(p);
    48
    CID 436319: High impact quality (Y2K38_SAFETY)
    A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "xpDateTime_to_localtime(dt)" is cast to "uint32_t".
    49 msg->hdr.when_written.time=(uint32_t)xpDateTime_to_localtime(dt);
    50 msg->hdr.when_written.zone=dt.zone;
    51 sscanf(p,"%*s %s",zone);
    52 if(zone[0])
    53 msg->hdr.when_written.zone=(ushort)strtoul(zone,NULL,16);
    54 }

    ** CID 436318: Error handling issues (CHECKED_RETURN)
    /tmp_xfer.cpp: 88 in sbbs_t::create_filelist(const char *, int)()


    ________________________________________________________________________________________________________
    *** CID 436318: Error handling issues (CHECKED_RETURN)
    /tmp_xfer.cpp: 88 in sbbs_t::create_filelist(const char *, int)()
    82 if(k)
    83 bprintf(text[CreatedFileList],name);
    84 else {
    85 if(online == ON_REMOTE)
    86 bputs(text[NoFiles]);
    87 SAFEPRINTF2(str,"%s%s",cfg.temp_dir,name);
    CID 436318: Error handling issues (CHECKED_RETURN)
    Calling "remove(str)" without checking return value. This library function may fail and return an error code.
    88 remove(str);
    89 }
    90 return(k);
    91 }
    92
    93 /****************************************************************************/

    ** CID 436317: High impact quality (Y2K38_SAFETY)
    /qwktomsg.cpp: 198 in sbbs_t::qwk_new_msg(unsigned int, smbmsg_t *, char *, int, char **, bool)()


    ________________________________________________________________________________________________________
    *** CID 436317: High impact quality (Y2K38_SAFETY)
    /qwktomsg.cpp: 198 in sbbs_t::qwk_new_msg(unsigned int, smbmsg_t *, char *, int, char **, bool)()
    192 tm.tm_year=((hdrblk[14]&0xf)*10)+(hdrblk[15]&0xf);
    193 if(tm.tm_year<Y2K_2DIGIT_WINDOW)
    194 tm.tm_year+=100;
    195 tm.tm_hour=((hdrblk[16]&0xf)*10)+(hdrblk[17]&0xf);
    196 tm.tm_min=((hdrblk[19]&0xf)*10)+(hdrblk[20]&0xf);
    197
    CID 436317: High impact quality (Y2K38_SAFETY)
    A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "sane_mktime(&tm)" is cast to "uint32_t".
    198 msg->hdr.when_written.time=(uint32_t)sane_mktime(&tm); 199 }
    200
    201 if(msg->to==NULL)
    202 smb_hfield_str(msg,RECIPIENT,strip_ctrl(to, to));
    203

    ** CID 436316: Error handling issues (CHECKED_RETURN)
    /netmail.cpp: 1382 in sbbs_t::qnetmail(const char *, const char *, int, smb_t *, smbmsg_t *)()


    ________________________________________________________________________________________________________
    *** CID 436316: Error handling issues (CHECKED_RETURN)
    /netmail.cpp: 1382 in sbbs_t::qnetmail(const char *, const char *, int, smb_t *, smbmsg_t *)()
    1376 smb_close(&smb);
    1377 smb_stack(&smb,SMB_STACK_POP);
    1378 errormsg(WHERE,ERR_OPEN,msgpath,O_RDONLY|O_BINARY); 1379 return(false);
    1380 }
    1381
    CID 436316: Error handling issues (CHECKED_RETURN)
    Calling "fseeko(this->smb.sdt_fp, offset, 0)" without checking return value. This library function may fail and return an error code.
    1382 fseeko(smb.sdt_fp,offset,SEEK_SET);
    1383 xlat=XLAT_NONE;
    1384 fwrite(&xlat,2,1,smb.sdt_fp);
    1385 x=SDT_BLOCK_LEN-2; /* Don't read/write more than 255 */
    1386 while(!feof(instream)) {
    1387 memset(buf,0,x);

    ** CID 436315: Code maintainability issues (UNUSED_VALUE)
    /str.cpp: 406 in sbbs_t::sof(char *, char *, int)()


    ________________________________________________________________________________________________________
    *** CID 436315: Code maintainability issues (UNUSED_VALUE)
    /str.cpp: 406 in sbbs_t::sof(char *, char *, int)()
    400 max=max*10+(buf[++m]&0xf);
    401 }
    402 if(buf[m+1]=='.' && IS_DIGIT(buf[m+2])) {
    403 m++;
    404 min=buf[++m]&0xf;
    405 if(IS_DIGIT(buf[m+1]))
    CID 436315: Code maintainability issues (UNUSED_VALUE)
    Assigning value from "min * 10 + (buf[++m] & 0xf)" to "min" here, but that stored value is overwritten before it can be used.
    406 min=min*10+(buf[++m]&0xf);
    407 }
    408 if(buf[m+1]=='"') {
    409 max=0;
    410 m++;
    411 while(buf[++m]!='"' && max<80)

    ** CID 436314: (RESOURCE_LEAK)
    /xtrn.cpp: 1692 in sbbs_t::external(const char *, int, const char *)() /xtrn.cpp: 1692 in sbbs_t::external(const char *, int, const char *)()


    ________________________________________________________________________________________________________
    *** CID 436314: (RESOURCE_LEAK)
    /xtrn.cpp: 1692 in sbbs_t::external(const char *, int, const char *)()
    1686 dup2(fd, STDOUT_FILENO);
    1687 if(!(mode&EX_NOLOG))
    1688 dup2(fd, STDERR_FILENO);
    1689 if (fd > 2)
    1690 close(fd);
    1691 }
    CID 436314: (RESOURCE_LEAK)
    Handle variable "fd" going out of scope leaks the handle.
    1692 }
    1693
    1694 if(mode&EX_BG) /* background execution, detach child */
    1695 {
    1696 lprintf(LOG_INFO,"Detaching external process"); 1697 daemon(TRUE,FALSE);
    /xtrn.cpp: 1692 in sbbs_t::external(const char *, int, const char *)()
    1686 dup2(fd, STDOUT_FILENO);
    1687 if(!(mode&EX_NOLOG))
    1688 dup2(fd, STDERR_FILENO);
    1689 if (fd > 2)
    1690 close(fd);
    1691 }
    CID 436314: (RESOURCE_LEAK)
    Handle variable "fd" going out of scope leaks the handle.
    1692 }
    1693
    1694 if(mode&EX_BG) /* background execution, detach child */
    1695 {
    1696 lprintf(LOG_INFO,"Detaching external process"); 1697 daemon(TRUE,FALSE);

    ** CID 436313: (OVERRUN)
    /main.cpp: 4367 in node_thread(void *)()


    ________________________________________________________________________________________________________
    *** CID 436313: (OVERRUN)
    /main.cpp: 4383 in node_thread(void *)()
    4377
    4378 curshell=sbbs->useron.shell;
    4379 sbbs->main_csi.ip=sbbs->main_csi.cs; 4380 sbbs->menu_dir[0]=0;
    4381 sbbs->menu_file[0]=0;
    4382 }
    CID 436313: (OVERRUN)
    Calling "exec" with "sbbs->main_csi.cs" and "sbbs->main_csi.length" is suspicious because of the very large index, 18446744073709551615. The index may be due to a negative parameter being interpreted as unsigned.
    4383 if(sbbs->exec(&sbbs->main_csi))
    4384 break;
    4385 }
    4386 listRemoveTaggedNode(&current_logins, sbbs->cfg.node_num, /* free_data */TRUE);
    4387 }
    4388
    /main.cpp: 4367 in node_thread(void *)()
    4361 close(file);
    4362 sbbs->errormsg(WHERE,ERR_ALLOC,str,sbbs->main_csi.length);
    4363 sbbs->hangup();
    4364 break;
    4365 }
    4366
    CID 436313: (OVERRUN)
    Calling "read" with "sbbs->main_csi.cs" and "sbbs->main_csi.length" is suspicious because of the very large index, 18446744073709551615. The index may be due to a negative parameter being interpreted as unsigned. [Note: The source code implementation of the function has been overridden by a builtin model.]
    4367 if(lread(file,sbbs->main_csi.cs,sbbs->main_csi.length)
    4368 !=(int)sbbs->main_csi.length) { 4369 sbbs->errormsg(WHERE,ERR_READ,str,sbbs->main_csi.length);
    4370 close(file);
    4371 free(sbbs->main_csi.cs);
    4372 sbbs->main_csi.cs=NULL;

    ** CID 436312: Error handling issues (CHECKED_RETURN)
    /xtrn.cpp: 1750 in sbbs_t::external(const char *, int, const char *)()


    ________________________________________________________________________________________________________
    *** CID 436312: Error handling issues (CHECKED_RETURN)
    /xtrn.cpp: 1750 in sbbs_t::external(const char *, int, const char *)()
    1744 write(in_pipe[1],buf,wr);
    1745 }
    1746
    1747 bp=buf;
    1748 i=0;
    1749 if(mode&EX_NOLOG)
    CID 436312: Error handling issues (CHECKED_RETURN)
    Calling "poll(fds, 1UL, 1)" without checking return value. This library function may fail and return an error code. [Note: The source code implementation of the function has been overridden by a builtin model.]
    1750 poll(fds, 1, 1);
    1751 else {
    1752 while (poll(fds, 2, 1) > 0 && (fds[1].revents)
    1753 && (i < (int)sizeof(buf) - 1)) { 1754 if((rd=read(err_pipe[0],bp,1))>0) {
    1755 i+=rd;

    ** CID 436311: (OVERRUN)
    /exec.cpp: 812 in sbbs_t::exec_bin(const char *, csi_t *, const char *)()


    ________________________________________________________________________________________________________
    *** CID 436311: (OVERRUN)
    /exec.cpp: 812 in sbbs_t::exec_bin(const char *, csi_t *, const char *)()
    806 }
    807 if((bin.cs=(uchar *)malloc(bin.length))==NULL) {
    808 close(file);
    809 errormsg(WHERE,ERR_ALLOC,str,bin.length);
    810 return(-1);
    811 }
    CID 436311: (OVERRUN)
    Calling "read" with "bin.cs" and "bin.length" is suspicious because of the very large index, 18446744073709551615. The index may be due to a negative parameter being interpreted as unsigned. [Note: The source code implementation of the function has been overridden by a builtin model.]
    812 if(lread(file,bin.cs,bin.length)!=(ssize_t)bin.length) {
    813 close(file);
    814 errormsg(WHERE,ERR_READ,str,bin.length);
    815 free(bin.cs);
    816 return(-1);
    817 }
    /exec.cpp: 825 in sbbs_t::exec_bin(const char *, csi_t *, const char *)()
    819
    820 bin.ip=bin.cs;
    821 bin.rets=0;
    822 bin.cmdrets=0;
    823 bin.misc=0;
    824
    CID 436311: (OVERRUN)
    Calling "exec" with "bin.cs" and "bin.length" is suspicious because of the very large index, 18446744073709551615. The index may be due to a negative parameter being interpreted as unsigned.
    825 while(exec(&bin)==0)
    826 if(!(bin.misc&CS_OFFLINE_EXEC)) {
    827 checkline();
    828 if(!online)
    829 break;
    830 }

    ** CID 436310: High impact quality (Y2K38_SAFETY)
    /xtrn_sec.cpp: 1114 in sbbs_t::moduserdat(unsigned int)()


    ________________________________________________________________________________________________________
    *** CID 436310: High impact quality (Y2K38_SAFETY)
    /xtrn_sec.cpp: 1114 in sbbs_t::moduserdat(unsigned int)()
    1108 useron.level=(uint8_t)i;
    1109 putuserdec32(useron.number, USER_LEVEL, useron.level);
    1110 }
    1111 lseek(file,75,SEEK_CUR); /* read in expiration date */
    1112 read(file,&i,2); /* convert from julian to unix */
    1113 i = LE_INT(i);
    CID 436310: High impact quality (Y2K38_SAFETY)
    A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "juliantounix(i)" is cast to "time32_t".
    1114 useron.expire=(time32_t)juliantounix(i);
    1115 putuserdatetime(useron.number, USER_EXPIRE, useron.expire);
    1116 }
    1117 close(file);
    1118 }
    1119 return;

    ** CID 436309: Error handling issues (CHECKED_RETURN)
    /qwk.cpp: 294 in sbbs_t::qwk_success(unsigned int, char, char)()


    ________________________________________________________________________________________________________
    *** CID 436309: Error handling issues (CHECKED_RETURN)
    /qwk.cpp: 294 in sbbs_t::qwk_success(unsigned int, char, char)()
    288 SAFECOPY(str, "downloaded QWK packet");
    289 logline("D-",str);
    290 posts_read+=msgcnt;
    291
    292 sprintf(str,"%sfile/%04u.qwk",cfg.data_dir,useron.number);
    293 if(fexistcase(str))
    CID 436309: Error handling issues (CHECKED_RETURN)
    Calling "remove(str)" without checking return value. This library function may fail and return an error code.
    294 remove(str);
    295
    296 if(!bi) {
    297 batch_download(-1);
    298 delfiles(cfg.temp_dir,ALLFILES);
    299 }

    ** CID 436308: (CHECKED_RETURN)
    /pack_qwk.cpp: 619 in sbbs_t::pack_qwk(char *, unsigned int *, bool)() /pack_qwk.cpp: 745 in sbbs_t::pack_qwk(char *, unsigned int *, bool)() /pack_qwk.cpp: 733 in sbbs_t::pack_qwk(char *, unsigned int *, bool)()


    ________________________________________________________________________________________________________
    *** CID 436308: (CHECKED_RETURN)
    /pack_qwk.cpp: 619 in sbbs_t::pack_qwk(char *, unsigned int *, bool)()
    613 fclose(voting);
    614 }
    615 if(personal) {
    616 fclose(personal); /* close PERSONAL.NDX */
    617 SAFEPRINTF(str,"%sPERSONAL.NDX",cfg.temp_dir);
    618 if(!flength(str))
    CID 436308: (CHECKED_RETURN)
    Calling "remove(str)" without checking return value. This library function may fail and return an error code.
    619 remove(str);
    620 }
    621 CRLF;
    622
    623 if(!prepack && online!=ON_LOCAL && ((sys_status&SS_ABORT) || !online)) {
    624 bputs(text[Aborted]);
    /pack_qwk.cpp: 745 in sbbs_t::pack_qwk(char *, unsigned int *, bool)()
    739 if(file_count < 0)
    740 lprintf(LOG_ERR, "libarchive error (%s) creating %s", error, packet);
    741 else
    742 lprintf(LOG_INFO, "libarchive created %s from %d files", packet, file_count);
    743 }
    744 if(flength(packet) < 1) {
    CID 436308: (CHECKED_RETURN)
    Calling "remove(packet)" without checking return value. This library function may fail and return an error code.
    745 remove(packet);
    746 if((i = external(cmdstr(temp_cmd(),packet,path,NULL), ex|EX_WILDCARD)) != 0)
    747 errormsg(WHERE,ERR_EXEC,cmdstr(temp_cmd(),packet,path,NULL),i);
    748 if(flength(packet) < 1) {
    749 bputs(text[QWKCompressionFailed]);
    750 return(false);
    /pack_qwk.cpp: 733 in sbbs_t::pack_qwk(char *, unsigned int *, bool)()
    727 }
    728 }
    729
    730 /*******************/
    731 /* Compress Packet */
    732 /*******************/
    CID 436308: (CHECKED_RETURN)
    Calling "remove(packet)" without checking return value. This library function may fail and return an error code.
    733 remove(packet);
    734 SAFEPRINTF2(path,"%s%s",cfg.temp_dir,ALLFILES);
    735 if(strListFind((str_list_t)supported_archive_formats, useron.tmpext, /* case_sensitive */FALSE) >= 0) {
    736 str_list_t file_list = directory(path);
    737 int file_count = create_archive(packet, useron.tmpext, /* with_path: */false, file_list, error, sizeof(error));
    738 strListFree(&file_list);

    ** CID 436307: High impact quality (Y2K38_SAFETY)
    /main.cpp: 4407 in node_thread(void *)()


    ________________________________________________________________________________________________________
    *** CID 436307: High impact quality (Y2K38_SAFETY)
    /main.cpp: 4407 in node_thread(void *)()
    4401 time_t now = time(NULL);
    4402 SAFEPRINTF(str, "%sclient.ini", sbbs->cfg.node_dir);
    4403 FILE* fp = fopen(str, "at");
    4404 if(fp != NULL) {
    4405 fprintf(fp, "user=%u\n", sbbs->useron.number);
    4406 fprintf(fp, "name=%s\n", sbbs->useron.alias);
    CID 436307: High impact quality (Y2K38_SAFETY)
    A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "now" is cast to "uint".
    4407 fprintf(fp, "done=%u\n", (uint)now);
    4408 fclose(fp);
    4409 }
    4410
    4411 if(sbbs->sys_status&SS_DAILY) { // New day, run daily events/maintenance
    4412 sbbs->daily_maint();

    ** CID 436306: High impact quality (Y2K38_SAFETY)
    /atcodes.cpp: 1235 in sbbs_t::atcode(char *, char *, unsigned long, int *, bool, JSObject *)()


    ________________________________________________________________________________________________________
    *** CID 436306: High impact quality (Y2K38_SAFETY)
    /atcodes.cpp: 1235 in sbbs_t::atcode(char *, char *, unsigned long, int *, bool, JSObject *)()
    1229 f = (float)useron.dls / useron.uls;
    1230 safe_snprintf(str, maxlen, "%u", f ? (uint)(100 / f) : 0);
    1231 return str;
    1232 }
    1233
    1234 if(!strcmp(sp,"LASTNEW"))
    CID 436306: High impact quality (Y2K38_SAFETY)
    A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "this->ns_time" is cast to "time32_t".
    1235 return(unixtodstr(&cfg,(time32_t)ns_time,str));
    1236
    1237 if(strncmp(sp, "LASTNEW:", 8) == 0) {
    1238 sp += 8;
    1239 c_unescape_str(sp);
    1240 memset(&tm, 0, sizeof(tm));

    ** CID 436305: (Y2K38_SAFETY)
    /pack_qwk.cpp: 128 in sbbs_t::pack_qwk(char *, unsigned int *, bool)() /pack_qwk.cpp: 598 in sbbs_t::pack_qwk(char *, unsigned int *, bool)() /pack_qwk.cpp: 603 in sbbs_t::pack_qwk(char *, unsigned int *, bool)()


    ________________________________________________________________________________________________________
    *** CID 436305: (Y2K38_SAFETY)
    /pack_qwk.cpp: 128 in sbbs_t::pack_qwk(char *, unsigned int *, bool)()
    122 errormsg(WHERE,ERR_OPEN,str,0);
    123 return(false);
    124 }
    125
    126 now=time(NULL);
    127 if(localtime_r(&now,&tm)==NULL) {
    CID 436305: (Y2K38_SAFETY)
    A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "this->now" is cast to "uint".
    128 errormsg(WHERE, ERR_CHK, "time", (uint)now); 129 return(false);
    130 }
    131
    132 fprintf(stream,"%s\r\n%s\r\n%s\r\n%s, Sysop\r\n0000,%s\r\n"
    133 "%02u-%02u-%u,%02u:%02u:%02u\r\n" /pack_qwk.cpp: 598 in sbbs_t::pack_qwk(char *, unsigned int *, bool)()
    592 byte_estimate_to_str(ftell(qwk), tmp, sizeof(tmp), 1024, 1);
    593 if(online == ON_REMOTE)
    594 bprintf("\r\n\r\n\1n\1hPacked %u messages (%s bytes) in %u seconds "
    595 "(%lu messages/second)."
    596 ,(*msgcnt)+mailmsgs
    597 ,tmp
    CID 436305: (Y2K38_SAFETY)
    A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "elapsed" is cast to "uint".
    598 ,(uint)elapsed
    599 ,((*msgcnt)+mailmsgs) / elapsed);
    600 lprintf(LOG_INFO, "packed %u messages (%s bytes) in %u seconds (%u msgs/sec)"
    601 ,(*msgcnt)+mailmsgs
    602 ,tmp
    603 ,(uint)elapsed
    /pack_qwk.cpp: 603 in sbbs_t::pack_qwk(char *, unsigned int *, bool)()
    597 ,tmp
    598 ,(uint)elapsed
    599 ,((*msgcnt)+mailmsgs) / elapsed);
    600 lprintf(LOG_INFO, "packed %u messages (%s bytes) in %u seconds (%u msgs/sec)"
    601 ,(*msgcnt)+mailmsgs
    602 ,tmp
    CID 436305: (Y2K38_SAFETY)
    A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "elapsed" is cast to "uint".
    603 ,(uint)elapsed
    604 ,(uint)(((*msgcnt)+mailmsgs)/elapsed));
    605 }
    606
    607 BOOL voting_data = FALSE;
    608 fclose(qwk); /* close MESSAGE.DAT */

    ** CID 436304: Error handling issues (CHECKED_RETURN)
    /writemsg.cpp: 242 in sbbs_t::process_edited_file(const char *, const char *, int, unsigned int *, unsigned int)()


    ________________________________________________________________________________________________________
    *** CID 436304: Error handling issues (CHECKED_RETURN)
    /writemsg.cpp: 242 in sbbs_t::process_edited_file(const char *, const char *, int, unsigned int *, unsigned int)()
    236 if((fp=fopen(src,"rb"))==NULL) {
    237 free(buf);
    238 return -3;
    239 }
    240
    241 memset(buf,0,len+1);
    CID 436304: Error handling issues (CHECKED_RETURN)
    "fread(void * restrict, size_t, size_t, FILE * restrict)" returns the number of bytes read, but it is ignored.
    242 fread(buf,len,sizeof(char),fp);
    243 fclose(fp);
    244
    245 if((fp=fopen(dest,"wb"))!=NULL) {
    246 len=process_edited_text(buf, fp, mode, lines, maxlines);
    247 fclose(fp);

    ** CID 436303: Uninitialized variables (UNINIT)


    ________________________________________________________________________________________________________
    *** CID 436303: Uninitialized variables (UNINIT)
    /readmsgs.cpp: 218 in sbbs_t::loadposts(unsigned int *, unsigned int, unsigned int, int, unsigned int *, unsigned int *)()
    212 if(idx.to!=namecrc && idx.from!=namecrc
    213 && idx.to!=aliascrc && idx.from!=aliascrc
    214 && (useron.number!=1 || idx.to!=sysop)) 215 continue;
    216 msg.idx=idx;
    217 if(!smb_lockmsghdr(&smb,&msg)) {
    CID 436303: Uninitialized variables (UNINIT)
    Using uninitialized value "msg.idx_offset" when calling "smb_getmsghdr".
    218 if(!smb_getmsghdr(&smb,&msg)) {
    219 if(stricmp(msg.to,useron.alias) 220 && stricmp(msg.from,useron.alias)
    221 && stricmp(msg.to,useron.name)
    222 && stricmp(msg.from,useron.name)
    223 && (useron.number!=1 || stricmp(msg.to,"sysop")

    ** CID 436302: Memory - illegal accesses (STRING_NULL)
    /telgate.cpp: 194 in sbbs_t::telnet_gate(char *, unsigned int, unsigned int, char *, char *, char *)()


    ________________________________________________________________________________________________________
    *** CID 436302: Memory - illegal accesses (STRING_NULL)
    /telgate.cpp: 194 in sbbs_t::telnet_gate(char *, unsigned int, unsigned int, char *, char *, char *)()
    188 l=K_CHAT;
    189 if(!(mode&TG_ECHO))
    190 l|=K_NOECHO;
    191 rd=getstr((char*)buf,sizeof(buf)-1,l);
    192 if(!rd)
    193 continue;
    CID 436302: Memory - illegal accesses (STRING_NULL)
    Passing unterminated string "buf" to "strlen", which expects a null-terminated string.
    194 SAFECAT(buf,crlf);
    195 rd+=2;
    196 gotline=true;
    197 }
    198 if((mode&TG_CRLF) && buf[rd-1]=='\r') 199 buf[rd++]='\n';

    ** CID 436301: Insecure data handling (TAINTED_SCALAR)


    ________________________________________________________________________________________________________
    *** CID 436301: Insecure data handling (TAINTED_SCALAR)
    /writemsg.cpp: 752 in sbbs_t::writemsg(const char *, const char *, char *, int, unsigned int, const char *, const char *, const char **, const char **)()
    746 while(!feof(tag)) {
    747 if(!fgets(str,sizeof(str),tag)) 748 break;
    749 truncsp(str);
    750 if(utf8) {
    751 char buf[sizeof(str)*4];
    CID 436301: Insecure data handling (TAINTED_SCALAR)
    Passing tainted expression "str" to "cp437_to_utf8_str", which uses it as an offset.
    752 cp437_to_utf8_str(str, buf, sizeof(buf) - 1, /* minval: */'\x02');
    753 l+=fprintf(stream,"%s\r\n", buf);
    754 } else
    755 l+=fprintf(stream,"%s\r\n",str);
    756 lines++; /* line counter */
    757 }


    ________________________________________________________________________________________________________
    To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yp-2FP9gGRhvFklLaQKuBylUrkMFB3WMR2p7qIYKYTZrh4BbWTBf-2B-2Fi5ZUVF-2Fo-2B6flxo-3Drgn4_g4j7BHlu96plUOfCQsO0yRjoWZCZl8YGnZ-2FUtT39hrBgI3c58nn-2BM3pe4vcfOmT008rEPNCgcySL-2BxLmEpv67QM-2F5FYfBWKXdLuapzG8Uw08lzNE-2FII55Z3TUX6jcFlwAq3AECQ-2BNvq5LcItSQXmz87wTP5IweENV-2Fec52OWXZ5z-2Bkfj7gccdDWHh5Lsy5qHClX0MJc5hcJeyhGduvOrMQ-3D-3D



    ---
    Synchronet Vertrauen Home of Synchronet [vert/cvs/bbs].synchro.net
  • From scan-admin@coverity.com@VERT to cov-scan@synchro.net on Tue Feb 21 13:36:08 2023
    Hi,

    Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

    1 new defect(s) introduced to Synchronet found with Coverity Scan.


    New defect(s) Reported-by: Coverity Scan
    Showing 1 of 1 defect(s)


    ** CID 436563: High impact quality (Y2K38_SAFETY) /tmp/sbbs-Feb-21-2023/src/smblib/smblib.c: 2033 in smb_create()


    ________________________________________________________________________________________________________
    *** CID 436563: High impact quality (Y2K38_SAFETY) /tmp/sbbs-Feb-21-2023/src/smblib/smblib.c: 2033 in smb_create()
    2027 rewind(smb->sid_fp);
    2028 if(chsize(fileno(smb->sid_fp),0L) != 0)
    2029 return SMB_ERR_TRUNCATE;
    2030
    2031 SAFEPRINTF(str,"%s.ini",smb->file);
    2032 if((fp = fopen(str, "w")) != NULL) {
    CID 436563: High impact quality (Y2K38_SAFETY)
    A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "time(NULL)" is cast to "int".
    2033 fprintf(fp, "Created = 0x%x\n", (int)time(NULL));
    2034 fclose(fp);
    2035 }
    2036 SAFEPRINTF(str,"%s.sda",smb->file);
    2037 (void)remove(str); /* if it exists, delete it */
    2038 SAFEPRINTF(str,"%s.sha",smb->file);


    ________________________________________________________________________________________________________
    To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yp-2FP9gGRhvFklLaQKuBylUrkMFB3WMR2p7qIYKYTZrh4BbWTBf-2B-2Fi5ZUVF-2Fo-2B6flxo-3D6NZ4_g4j7BHlu96plUOfCQsO0yRjoWZCZl8YGnZ-2FUtT39hrB-2BSws-2BCbxlcVNPlCMlu3BJhlBm9ihxGUC5HVYM0IVOs04Kz9bZ0eoogx9vF3V4RK7H-2FAqguVEOaGqUDhn-2BkizHNIhtSAreEeh-2FFRCp4Cd-2BnjQP8DEfNeZ9f9ZPjHBz4mF3SSPlmrjqNIqJn1YzLbAFkkez3JgMfD0h7jKBCjInFw-3D-3D



    ---
    Synchronet Vertrauen Home of Synchronet [vert/cvs/bbs].synchro.net
  • From scan-admin@coverity.com@VERT to cov-scan@synchro.net on Sun Mar 5 13:47:46 2023
    Hi,

    Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

    2 new defect(s) introduced to Synchronet found with Coverity Scan.
    1 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

    New defect(s) Reported-by: Coverity Scan
    Showing 2 of 2 defect(s)


    ** CID 446269: Error handling issues (CHECKED_RETURN)
    /download.cpp: 118 in sbbs_t::protocol(prot_t *, XFER_TYPE, const char *, const char *, bool, bool, long *)()


    ________________________________________________________________________________________________________
    *** CID 446269: Error handling issues (CHECKED_RETURN)
    /download.cpp: 118 in sbbs_t::protocol(prot_t *, XFER_TYPE, const char *, const char *, bool, bool, long *)()
    112 char msg[256];
    113 int i;
    114 long ex_mode;
    115 FILE* stream;
    116
    117 SAFEPRINTF(protlog,"%sPROTOCOL.LOG",cfg.node_dir);
    CID 446269: Error handling issues (CHECKED_RETURN)
    Calling "remove(protlog)" without checking return value. This library function may fail and return an error code.
    118 remove(protlog); /* Deletes the protocol log */
    119 autohang=false;
    120 if(autohangup) {
    121 if(useron.misc&AUTOHANG)
    122 autohang=true;
    123 else if(text[HangUpAfterXferQ][0])

    ** CID 446268: High impact quality (Y2K38_SAFETY)
    /download.cpp: 75 in sbbs_t::notdownloaded(long, long)()


    ________________________________________________________________________________________________________
    *** CID 446268: High impact quality (Y2K38_SAFETY)
    /download.cpp: 75 in sbbs_t::notdownloaded(long, long)()
    69 /****************************************************************************/
    70 void sbbs_t::notdownloaded(off_t size, time_t elapsed)
    71 {
    72 char str[256],tmp2[256];
    73 char tmp[512];
    74
    CID 446268: High impact quality (Y2K38_SAFETY)
    A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "elapsed" is cast to "uint".
    75 SAFEPRINTF2(str,"Estimated Time: %s Transfer Time: %s"
    76 ,sectostr(cur_cps ? (uint)(size/cur_cps) : 0,tmp)
    77 ,sectostr((uint)(elapsed),tmp2));
    78 logline(nulstr,str);
    79 if(cfg.leech_pct && cur_cps /* leech detection */
    80 && elapsed>=cfg.leech_sec


    ________________________________________________________________________________________________________
    To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yp-2FP9gGRhvFklLaQKuBylUrkMFB3WMR2p7qIYKYTZrh4BbWTBf-2B-2Fi5ZUVF-2Fo-2B6flxo-3D0CIb_g4j7BHlu96plUOfCQsO0yRjoWZCZl8YGnZ-2FUtT39hrDsLibgv2fl5LZs5fAQNGsZiCzF58zgFnZOT-2BlAwIBwcfoIFtkbk55EV3j6VxmkZw2I9Fj-2BLI35zSUrIN0KShaRGuiHzricb5Wsx-2BB-2BhnhGtOrWPGOz2109TMcJgLBqc5aFWaJOutaTnzR1bYeWA4E8s00cQ8HSd2ZyQUokgP9TtQ-3D-3D



    ---
    Synchronet Vertrauen Home of Synchronet [vert/cvs/bbs].synchro.net
  • From scan-admin@coverity.com@VERT to cov-scan@synchro.net on Tue Mar 21 12:39:57 2023
    Hi,

    Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

    3 new defect(s) introduced to Synchronet found with Coverity Scan.
    3 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

    New defect(s) Reported-by: Coverity Scan
    Showing 3 of 3 defect(s)


    ** CID 451020: Resource leaks (RESOURCE_LEAK)
    /pack_qwk.cpp: 130 in sbbs_t::pack_qwk(char *, unsigned int *, bool)()


    ________________________________________________________________________________________________________
    *** CID 451020: Resource leaks (RESOURCE_LEAK)
    /pack_qwk.cpp: 130 in sbbs_t::pack_qwk(char *, unsigned int *, bool)()
    124 return(false);
    125 }
    126
    127 now=time(NULL);
    128 if(localtime_r(&now,&tm)==NULL) {
    129 errormsg(WHERE, ERR_CHK, "time", (uint)now); >>> CID 451020: Resource leaks (RESOURCE_LEAK)
    Variable "stream" going out of scope leaks the storage it points to. 130 return(false);
    131 }
    132
    133 fprintf(stream,"%s\r\n%s\r\n%s\r\n%s, Sysop\r\n0000,%s\r\n"
    134 "%02u-%02u-%u,%02u:%02u:%02u\r\n"
    135 ,cfg.sys_name

    ** CID 451019: (NEGATIVE_RETURNS)


    ________________________________________________________________________________________________________
    *** CID 451019: (NEGATIVE_RETURNS)
    /main.cpp: 3434 in sbbs_t::init()()
    3428 }
    3429
    3430 /* Shared NODE files */
    3431 SAFEPRINTF2(str,"%s%s",cfg.ctrl_dir,"node.dab");
    3432 pthread_mutex_lock(&nodefile_mutex);
    3433 if((nodefile=nopen(str,O_DENYNONE|O_RDWR|O_CREAT))==-1) {
    CID 451019: (NEGATIVE_RETURNS)
    "this->client_socket" is passed to a parameter that cannot be negative. 3434 errormsg(WHERE, ERR_OPEN, str, cfg.node_num);
    3435 pthread_mutex_unlock(&nodefile_mutex);
    3436 return(false);
    3437 }
    3438 memset(&node,0,sizeof(node_t)); /* write NULL to node struct */
    3439 node.status=NODE_OFFLINE;
    /main.cpp: 3443 in sbbs_t::init()()
    3437 }
    3438 memset(&node,0,sizeof(node_t)); /* write NULL to node struct */
    3439 node.status=NODE_OFFLINE;
    3440 while(filelength(nodefile)<(int)(cfg.sys_nodes*sizeof(node_t))) {
    3441 lseek(nodefile,0L,SEEK_END);
    3442 if(write(nodefile,&node,sizeof(node_t))!=sizeof(node_t)) {
    CID 451019: (NEGATIVE_RETURNS)
    "this->client_socket" is passed to a parameter that cannot be negative. 3443 errormsg(WHERE,ERR_WRITE,str,sizeof(node_t)); 3444 break;
    3445 }
    3446 }
    3447 if(chsize(nodefile, (off_t)(cfg.sys_nodes*sizeof(node_t))) != 0)
    3448 errormsg(WHERE, ERR_LEN, str, cfg.sys_nodes*sizeof(node_t));

    ** CID 451018: (LOCK)
    /xtrn_sec.cpp: 1437 in sbbs_t::exec_xtrn(unsigned int, bool)()
    /xtrn_sec.cpp: 1437 in sbbs_t::exec_xtrn(unsigned int, bool)()


    ________________________________________________________________________________________________________
    *** CID 451018: (LOCK)
    /xtrn_sec.cpp: 1437 in sbbs_t::exec_xtrn(unsigned int, bool)()
    1431 ,cfg.xtrn[xtrnnum]->path);
    1432 end=time(NULL);
    1433
    1434 if(cfg.xtrn[xtrnnum]->misc&FREETIME)
    1435 starttime+=end-start;
    1436 if(cfg.xtrn[xtrnnum]->clean[0]) {
    CID 451018: (LOCK)
    "external" locks "this->input_thread_mutex" while it is locked.
    1437 external(cmdstr(cfg.xtrn[xtrnnum]->clean, drop_file, startup_dir, NULL, mode)
    1438 ,mode&~(EX_STDIN|EX_CONIO), cfg.xtrn[xtrnnum]->path);
    1439 }
    1440 max_socket_inactivity = startup->max_session_inactivity;
    1441 /* Re-open the logfile */
    1442 if(logfile_fp==NULL) {
    /xtrn_sec.cpp: 1437 in sbbs_t::exec_xtrn(unsigned int, bool)()
    1431 ,cfg.xtrn[xtrnnum]->path);
    1432 end=time(NULL);
    1433
    1434 if(cfg.xtrn[xtrnnum]->misc&FREETIME)
    1435 starttime+=end-start;
    1436 if(cfg.xtrn[xtrnnum]->clean[0]) {
    CID 451018: (LOCK)
    "external" unlocks "this->input_thread_mutex" while it is unlocked. 1437 external(cmdstr(cfg.xtrn[xtrnnum]->clean, drop_file, startup_dir, NULL, mode)
    1438 ,mode&~(EX_STDIN|EX_CONIO), cfg.xtrn[xtrnnum]->path);
    1439 }
    1440 max_socket_inactivity = startup->max_session_inactivity;
    1441 /* Re-open the logfile */
    1442 if(logfile_fp==NULL) {


    ________________________________________________________________________________________________________
    To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yp-2FP9gGRhvFklLaQKuBylUrkMFB3WMR2p7qIYKYTZrh4BbWTBf-2B-2Fi5ZUVF-2Fo-2B6flxo-3DwQj4_g4j7BHlu96plUOfCQsO0yRjoWZCZl8YGnZ-2FUtT39hrDdlFiTOYvOJ3q-2BXCmV5b82oIz6FZIN1OLfaOQTbpP8Gh-2F1BFBTVkQlZPmP-2FlpwdRVEElckq3ePaiX56HFlC4oTk3mo4UgkSGq0kVxPTfv2czS2IOfkwROgSnRu-2B3z34jIHguj-2BgdMQEhL57e4KO1qNvBjyCV-2FH1A5pF0aNBb218Q-3D-3D



    ---
    Synchronet Vertrauen Home of Synchronet [vert/cvs/bbs].synchro.net
  • From scan-admin@coverity.com@VERT to cov-scan@synchro.net on Sun Mar 26 12:39:18 2023
    Hi,

    Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

    2 new defect(s) introduced to Synchronet found with Coverity Scan.


    New defect(s) Reported-by: Coverity Scan
    Showing 2 of 2 defect(s)


    ** CID 451057: Uninitialized variables (UNINIT) /tmp/sbbs-Mar-26-2023/src/uifc/uifcx.c: 218 in ulist()


    ________________________________________________________________________________________________________
    *** CID 451057: Uninitialized variables (UNINIT) /tmp/sbbs-Mar-26-2023/src/uifc/uifcx.c: 218 in ulist()
    212 cur = &tmpcur;
    213
    214 for(opts=0;opts<MAX_OPTS;opts++)
    215 if(option[opts]==NULL || option[opts][0]==0)
    216 break;
    217
    CID 451057: Uninitialized variables (UNINIT)
    Using uninitialized value "*cur".
    218 if((*cur)>=opts)
    219 (*cur)=opts-1; /* returned after scrolled */ 220
    221 if((*cur)<0)
    222 (*cur)=0;
    223

    ** CID 451056: Error handling issues (CHECKED_RETURN)
    /umonitor/umonitor.c: 872 in main()


    ________________________________________________________________________________________________________
    *** CID 451056: Error handling issues (CHECKED_RETURN)
    /umonitor/umonitor.c: 872 in main()
    866 );
    867
    868 /* close .ini file here */
    869 if(fp!=NULL)
    870 fclose(fp);
    871
    CID 451056: Error handling issues (CHECKED_RETURN)
    Calling "chdir" without checking return value (as is done elsewhere 18 out of 21 times).
    872 chdir(bbs_startup.ctrl_dir);
    873
    874 /* Read .cfg files here */
    875 memset(&cfg,0,sizeof(cfg));
    876 cfg.size=sizeof(cfg);
    877 SAFECOPY(cfg.ctrl_dir,bbs_startup.ctrl_dir);


    ________________________________________________________________________________________________________
    To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yp-2FP9gGRhvFklLaQKuBylUrkMFB3WMR2p7qIYKYTZrh4BbWTBf-2B-2Fi5ZUVF-2Fo-2B6flxo-3DQ4kK_g4j7BHlu96plUOfCQsO0yRjoWZCZl8YGnZ-2FUtT39hrDg36x62girPn1zYBhcccXwhYdDfdMRepLksuDfaAvd4bat4-2FUDdrJDqZKFgkT5rhTEpd1i-2F-2F-2Bt12VuLwisIe8fgC5UgDGF2gzRbivh2YT2HQfxF8BKGqVwBOdsLqq8RDB0gsCQJzB5reNTbkfkMIUprGduJhT4EnW8bblt9BSyQw-3D-3D



    ---
    Synchronet Vertrauen Home of Synchronet [vert/cvs/bbs].synchro.net
  • From scan-admin@coverity.com@VERT to cov-scan@synchro.net on Mon Mar 27 12:40:01 2023
    Hi,

    Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

    1 new defect(s) introduced to Synchronet found with Coverity Scan.
    4 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

    New defect(s) Reported-by: Coverity Scan
    Showing 1 of 1 defect(s)


    ** CID 451084: Error handling issues (CHECKED_RETURN)
    /scfg/scfg.c: 2498 in bail()


    ________________________________________________________________________________________________________
    *** CID 451084: Error handling issues (CHECKED_RETURN)
    /scfg/scfg.c: 2498 in bail()
    2492 ,&web_startup
    2493 ,&run_mail
    2494 ,&mail_startup
    2495 ,&run_services
    2496 ,&services_startup
    2497 );
    CID 451084: Error handling issues (CHECKED_RETURN)
    Calling "sbbs_write_ini" without checking return value (as is done elsewhere 6 out of 7 times).
    2498 sbbs_write_ini(
    2499 fp
    2500 ,&cfg
    2501 ,&global_startup
    2502 ,run_bbs
    2503 ,&bbs_startup


    ________________________________________________________________________________________________________
    To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yp-2FP9gGRhvFklLaQKuBylUrkMFB3WMR2p7qIYKYTZrh4BbWTBf-2B-2Fi5ZUVF-2Fo-2B6flxo-3DnMb9_g4j7BHlu96plUOfCQsO0yRjoWZCZl8YGnZ-2FUtT39hrD976-2FEjTE38STs1icREVMHniwNML6xZBdisRM-2BSa9a9nOxrT2-2FUUbpxDSqWvLS9bN6TGb-2FePVmC2NMTMzChJMlqHPiU-2Bv9-2FtIhNAHUUgzS1WPYTXv043GMHq3ZP4-2FQ5jrThKDjIa1z5hefsmxu160ET8xl2XIZjs04KQ8YG62aAw-3D-3D



    ---
    Synchronet Vertrauen Home of Synchronet [vert/cvs/bbs].synchro.net
  • From scan-admin@coverity.com@VERT to cov-scan@synchro.net on Sat Apr 1 12:40:10 2023
    Hi,

    Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

    1 new defect(s) introduced to Synchronet found with Coverity Scan.


    New defect(s) Reported-by: Coverity Scan
    Showing 1 of 1 defect(s)


    ** CID 451182: Null pointer dereferences (NULL_RETURNS)


    ________________________________________________________________________________________________________
    *** CID 451182: Null pointer dereferences (NULL_RETURNS)
    /scfg/scfgnode.c: 50 in adjust_last_node()
    44 uint last_node = iniGetUInteger(ini, section, key, cfg.sys_nodes);
    45 char prompt[128];
    46 SAFEPRINTF(prompt, "Update Terminal Server 'LastNode' value to %u", cfg.sys_nodes);
    47 if(last_node < cfg.sys_nodes && uifc.confirm(prompt)) {
    48 fp = iniOpenFile(ini_fname, /* modify */true);
    49 iniSetUInteger(&ini, section, key, cfg.sys_nodes, NULL);
    CID 451182: Null pointer dereferences (NULL_RETURNS)
    Dereferencing a pointer that might be "NULL" "fp" when calling "iniWriteFile".
    50 iniWriteFile(fp, ini);
    51 iniCloseFile(fp);
    52 }
    53 iniFreeStringList(ini);
    54 }
    55


    ________________________________________________________________________________________________________
    To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yp-2FP9gGRhvFklLaQKuBylUrkMFB3WMR2p7qIYKYTZrh4BbWTBf-2B-2Fi5ZUVF-2Fo-2B6flxo-3DpuyQ_g4j7BHlu96plUOfCQsO0yRjoWZCZl8YGnZ-2FUtT39hrAa7nggF92-2FRxsLcvm87CK4-2Bto78Azi3yyX9qWek6JmUtnehJGAtrvzJBvO1d9nD-2Bg0GKKa4GqYzEva6Siznl2xJXy-2FjPn1uZ-2BKvYX68NoiQd5tzVJKUFlPrALUGvlehbzHDUYDbzILFgmSfjOdYWlAKHa0sR-2FUDtT5FufQM-2BrMyA-3D-3D



    ---
    Synchronet Vertrauen Home of Synchronet [vert/cvs/bbs].synchro.net
  • From scan-admin@coverity.com@VERT to cov-scan@synchro.net on Fri Apr 14 12:38:41 2023
    Hi,

    Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

    2 new defect(s) introduced to Synchronet found with Coverity Scan.
    1 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

    New defect(s) Reported-by: Coverity Scan
    Showing 2 of 2 defect(s)


    ** CID 452331: Incorrect expression (SIZEOF_MISMATCH)
    /writemsg.cpp: 936 in sbbs_t::msgeditor(char *, const char *, char *, unsigned int, unsigned int)()


    ________________________________________________________________________________________________________
    *** CID 452331: Incorrect expression (SIZEOF_MISMATCH)
    /writemsg.cpp: 936 in sbbs_t::msgeditor(char *, const char *, char *, unsigned int, unsigned int)()
    930 }
    931
    932 rioctl(IOCM|ABORT);
    933 rioctl(IOCS|ABORT);
    934
    935 if((str = strListDivide(NULL, buf, "\n")) == NULL) {
    CID 452331: Incorrect expression (SIZEOF_MISMATCH)
    Passing argument "getfname("writemsg.cpp")" of type "char *" and argument "8UL /* sizeof (char *) */ * (maxlines + 1)" to function "errormsg" is suspicious.
    936 errormsg(WHERE,ERR_ALLOC,"msgeditor",sizeof(char *)*(maxlines+1));
    937 return(0);
    938 }
    939 lines = strListCount(str);
    940 while(lines > maxlines)
    941 free(str[--lines]);

    ** CID 452330: Control flow issues (NO_EFFECT)
    /writemsg.cpp: 966 in sbbs_t::msgeditor(char *, const char *, char *, unsigned int, unsigned int)()


    ________________________________________________________________________________________________________
    *** CID 452330: Control flow issues (NO_EFFECT)
    /writemsg.cpp: 966 in sbbs_t::msgeditor(char *, const char *, char *, unsigned int, unsigned int)()
    960 cleartoeol(); /* delete to end of line */
    961 CRLF;
    962 }
    963 sync();
    964 rioctl(IOSM|ABORT);
    965 while(online) {
    CID 452330: Control flow issues (NO_EFFECT)
    This less-than-zero comparison of an unsigned value is never true. "line < 0U".
    966 if(line < 0)
    967 line = 0;
    968 if((int)line>(int)maxlines-10) {
    969 if(line >= maxlines)
    970 bprintf(text[NoMoreLines],line);
    971 else


    ________________________________________________________________________________________________________
    To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yp-2FP9gGRhvFklLaQKuBylUrkMFB3WMR2p7qIYKYTZrh4BbWTBf-2B-2Fi5ZUVF-2Fo-2B6flxo-3DXYWj_g4j7BHlu96plUOfCQsO0yRjoWZCZl8YGnZ-2FUtT39hrCe3xJD-2By2cfraguiJlF6Q3ggv-2BQewqXHCAM-2Fbq0fOod1rV0SghwSJAQLLY7JR2Xg22UoJpTPmAA7i9XkIaQJXzZ-2BbJXoY-2BCdAkcnvE60sKg-2BPS6l7v-2FKFZFOwbcriVbnnje-2BbNcxdGeVrvLCQd8h-2BSecIZPgzSL8PiXCCNGI8f5Q-3D-3D



    ---
    Synchronet Vertrauen Home of Synchronet [vert/cvs/bbs].synchro.net
  • From scan-admin@coverity.com@VERT to cov-scan@synchro.net on Sat Apr 22 12:39:06 2023
    Hi,

    Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

    1 new defect(s) introduced to Synchronet found with Coverity Scan.
    3 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

    New defect(s) Reported-by: Coverity Scan
    Showing 1 of 1 defect(s)


    ** CID 452566: Concurrent data access violations (MISSING_LOCK) /tmp/sbbs-Apr-22-2023/src/conio/sdl_con.c: 636 in setup_surfaces_locked()


    ________________________________________________________________________________________________________
    *** CID 452566: Concurrent data access violations (MISSING_LOCK) /tmp/sbbs-Apr-22-2023/src/conio/sdl_con.c: 636 in setup_surfaces_locked()
    630 sdl.SetHint(SDL_HINT_RENDER_SCALE_QUALITY, internal_scaling ? "0" : "2");
    631
    632 if (win == NULL) {
    633 // SDL2: This is slow sometimes... not sure why.
    634 if (sdl.CreateWindowAndRenderer(vs->winwidth, vs->winheight, flags, &win, &renderer) == 0) {
    635 sdl.GetWindowSize(win, &idealw, &idealh);
    CID 452566: Concurrent data access violations (MISSING_LOCK)
    Accessing "vs->winwidth" without holding lock "vstatlock". Elsewhere, "video_stats.winwidth" is accessed with "vstatlock" held 6 out of 9 times (1 of these accesses strongly imply that it is necessary).
    636 vs->winwidth = idealw;
    637 vs->winheight = idealh;
    638 sdl.RenderClear(renderer);
    639 if (internal_scaling)
    640 newtexture = sdl.CreateTexture(renderer, SDL_PIXELFORMAT_ARGB8888, SDL_TEXTUREACCESS_STREAMING, idealw, idealh);
    641 else


    ________________________________________________________________________________________________________
    To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yp-2FP9gGRhvFklLaQKuBylUrkMFB3WMR2p7qIYKYTZrh4BbWTBf-2B-2Fi5ZUVF-2Fo-2B6flxo-3DN0Qc_g4j7BHlu96plUOfCQsO0yRjoWZCZl8YGnZ-2FUtT39hrDLFN7DabHG6aWM4wdfcqyFofwc0J38vQSMkCa4C-2Fn1N6Wj9IncPgqMVdR4cE24U-2FJpH1QYRv5aOH5-2FuiKTSVbfEwso1DL4WyWml5jydp92Rz-2B7A9cEiM6tQVeXRTuV4CWEOD86K4lmM1ZvAA4wQOq8iO6E2w2DDJuKvkIRCppQ5A-3D-3D



    ---
    Synchronet Vertrauen Home of Synchronet [vert/cvs/bbs].synchro.net
  • From scan-admin@coverity.com@VERT to cov-scan@synchro.net on Mon Apr 24 12:38:45 2023
    Hi,

    Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

    7 new defect(s) introduced to Synchronet found with Coverity Scan.
    2 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

    New defect(s) Reported-by: Coverity Scan
    Showing 7 of 7 defect(s)


    ** CID 452578: Concurrent data access violations (ATOMICITY) /tmp/sbbs-Apr-24-2023/src/conio/bitmap_con.c: 288 in bitmap_vmem_puttext_locked()


    ________________________________________________________________________________________________________
    *** CID 452578: Concurrent data access violations (ATOMICITY) /tmp/sbbs-Apr-24-2023/src/conio/bitmap_con.c: 288 in bitmap_vmem_puttext_locked()
    282 for(x=sx-1;x<ex;x++) {
    283 memcpy(&vmem_ptr->vmem[y*cio_textinfo.screenwidth+x], fill++, sizeof(*fill));
    284 bitmap_draw_one_char(x+1, y+1);
    285 }
    286 }
    287 pthread_mutex_lock(&vstatlock);
    CID 452578: Concurrent data access violations (ATOMICITY)
    Using an unreliable value of "vmem_ptr" inside the second locked section. If the data that "vmem_ptr" depends on was changed by another thread, this use might be incorrect.
    288 release_vmem(vmem_ptr);
    289 pthread_mutex_unlock(&vstatlock);
    290 return(1);
    291 }
    292
    293 static void

    ** CID 452577: Concurrent data access violations (ATOMICITY) /tmp/sbbs-Apr-24-2023/src/conio/bitmap_con.c: 850 in update_from_vmem()


    ________________________________________________________________________________________________________
    *** CID 452577: Concurrent data access violations (ATOMICITY) /tmp/sbbs-Apr-24-2023/src/conio/bitmap_con.c: 850 in update_from_vmem()
    844 bitmap_draw_one_char(x+1,y+1);
    845 }
    846 pos++;
    847 }
    848 }
    849 pthread_mutex_lock(&vstatlock);
    CID 452577: Concurrent data access violations (ATOMICITY)
    Using an unreliable value of "vmem_ptr" inside the second locked section. If the data that "vmem_ptr" depends on was changed by another thread, this use might be incorrect.
    850 release_vmem(vmem_ptr);
    851 pthread_mutex_unlock(&vstatlock);
    852
    853 vs = vstat;
    854
    855 return(0);

    ** CID 452576: Concurrent data access violations (ATOMICITY) /tmp/sbbs-Apr-24-2023/src/conio/bitmap_con.c: 1239 in bitmap_movetext()


    ________________________________________________________________________________________________________
    *** CID 452576: Concurrent data access violations (ATOMICITY) /tmp/sbbs-Apr-24-2023/src/conio/bitmap_con.c: 1239 in bitmap_movetext()
    1233 }
    1234
    1235 bitmap_movetext_screen(&screena, x, y, tox, toy, direction, height, width);
    1236 bitmap_movetext_screen(&screenb, x, y, tox, toy, direction, height, width);
    1237
    1238 pthread_mutex_lock(&vstatlock);
    CID 452576: Concurrent data access violations (ATOMICITY)
    Using an unreliable value of "vmem_ptr" inside the second locked section. If the data that "vmem_ptr" depends on was changed by another thread, this use might be incorrect.
    1239 release_vmem(vmem_ptr);
    1240 pthread_mutex_unlock(&vstatlock);
    1241 pthread_mutex_unlock(&blinker_lock);
    1242
    1243 return(1);
    1244 }

    ** CID 452575: Concurrent data access violations (ATOMICITY) /tmp/sbbs-Apr-24-2023/src/conio/bitmap_con.c: 1264 in bitmap_clreol()


    ________________________________________________________________________________________________________
    *** CID 452575: Concurrent data access violations (ATOMICITY) /tmp/sbbs-Apr-24-2023/src/conio/bitmap_con.c: 1264 in bitmap_clreol()
    1258 pthread_mutex_unlock(&vstatlock);
    1259 for(x=cio_textinfo.curx+cio_textinfo.winleft-2; x<cio_textinfo.winright; x++) {
    1260 set_vmem_cell(vmem_ptr, pos+x, fill, ciolib_fg, ciolib_bg);
    1261 bitmap_draw_one_char(x+1, row);
    1262 }
    1263 pthread_mutex_lock(&vstatlock);
    CID 452575: Concurrent data access violations (ATOMICITY)
    Using an unreliable value of "vmem_ptr" inside the second locked section. If the data that "vmem_ptr" depends on was changed by another thread, this use might be incorrect.
    1264 release_vmem(vmem_ptr);
    1265 pthread_mutex_unlock(&vstatlock);
    1266 pthread_mutex_unlock(&blinker_lock);
    1267 }
    1268
    1269 void bitmap_clrscr(void)

    ** CID 452574: Concurrent data access violations (ATOMICITY) /tmp/sbbs-Apr-24-2023/src/conio/bitmap_con.c: 1289 in bitmap_clrscr()


    ________________________________________________________________________________________________________
    *** CID 452574: Concurrent data access violations (ATOMICITY) /tmp/sbbs-Apr-24-2023/src/conio/bitmap_con.c: 1289 in bitmap_clrscr()
    1283 for(x=cio_textinfo.winleft-1; x<cio_textinfo.winright && x < cols; x++) {
    1284 set_vmem_cell(vmem_ptr, y*cio_textinfo.screenwidth+x, fill, ciolib_fg, ciolib_bg);
    1285 bitmap_draw_one_char(x+1, y+1);
    1286 }
    1287 }
    1288 pthread_mutex_lock(&vstatlock);
    CID 452574: Concurrent data access violations (ATOMICITY)
    Using an unreliable value of "vmem_ptr" inside the second locked section. If the data that "vmem_ptr" depends on was changed by another thread, this use might be incorrect.
    1289 release_vmem(vmem_ptr);
    1290 pthread_mutex_unlock(&vstatlock);
    1291 pthread_mutex_unlock(&blinker_lock);
    1292 }
    1293
    1294 void bitmap_getcustomcursor(int *s, int *e, int *r, int *b, int *v)

    ** CID 452573: Concurrent data access violations (ATOMICITY) /tmp/sbbs-Apr-24-2023/src/conio/bitmap_con.c: 882 in bitmap_puttext()


    ________________________________________________________________________________________________________
    *** CID 452573: Concurrent data access violations (ATOMICITY) /tmp/sbbs-Apr-24-2023/src/conio/bitmap_con.c: 882 in bitmap_puttext()
    876 for(x=sx-1;x<ex;x++) {
    877 set_vmem_cell(vmem_ptr, y*cio_textinfo.screenwidth+x, *(buf++), 0x00ffffff, 0x00ffffff);
    878 bitmap_draw_one_char(x+1, y+1);
    879 }
    880 }
    881 pthread_mutex_lock(&vstatlock);
    CID 452573: Concurrent data access violations (ATOMICITY)
    Using an unreliable value of "vmem_ptr" inside the second locked section. If the data that "vmem_ptr" depends on was changed by another thread, this use might be incorrect.
    882 release_vmem(vmem_ptr);
    883 pthread_mutex_unlock(&vstatlock);
    884 pthread_mutex_unlock(&blinker_lock);
    885 return ret;
    886 }
    887

    ** CID 452572: Concurrent data access violations (ATOMICITY) /tmp/sbbs-Apr-24-2023/src/conio/bitmap_con.c: 931 in bitmap_vmem_gettext()


    ________________________________________________________________________________________________________
    *** CID 452572: Concurrent data access violations (ATOMICITY) /tmp/sbbs-Apr-24-2023/src/conio/bitmap_con.c: 931 in bitmap_vmem_gettext()
    925 pthread_mutex_unlock(&vstatlock);
    926 for(y=sy-1;y<ey;y++) {
    927 for(x=sx-1;x<ex;x++)
    928 memcpy(fill++, &vmem_ptr->vmem[y*cio_textinfo.screenwidth+x], sizeof(*fill));
    929 }
    930 pthread_mutex_lock(&vstatlock);
    CID 452572: Concurrent data access violations (ATOMICITY)
    Using an unreliable value of "vmem_ptr" inside the second locked section. If the data that "vmem_ptr" depends on was changed by another thread, this use might be incorrect.
    931 release_vmem(vmem_ptr);
    932 pthread_mutex_unlock(&vstatlock);
    933 pthread_mutex_unlock(&blinker_lock);
    934 return(1);
    935 }
    936


    ________________________________________________________________________________________________________
    To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yp-2FP9gGRhvFklLaQKuBylUrkMFB3WMR2p7qIYKYTZrh4BbWTBf-2B-2Fi5ZUVF-2Fo-2B6flxo-3Dr6L5_g4j7BHlu96plUOfCQsO0yRjoWZCZl8YGnZ-2FUtT39hrCXbrQFMtiQ7qKe-2BTRon-2FCE8v1liTsiFwBEYDEbQeWWd5eZFVeKpMGKUHmhD6LW8krne8DUx7vgGCgrnLZMbGKkkWrW3z-2FgyVLPDteaRWQpPZNj5xcazMwdijg8SS9WNZMtlsLir5gcOguFdBqjgvNYLOs-2BIw-2BtaMoNy3gAeALwzA-3D-3D



    ---
    Synchronet Vertrauen Home of Synchronet [vert/cvs/bbs].synchro.net
  • From scan-admin@coverity.com@VERT to cov-scan@synchro.net on Tue Apr 25 12:57:18 2023
    Hi,

    Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

    2 new defect(s) introduced to Synchronet found with Coverity Scan.
    1 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

    New defect(s) Reported-by: Coverity Scan
    Showing 2 of 2 defect(s)


    ** CID 452582: (ATOMICITY)
    /tmp/sbbs-Apr-25-2023/src/conio/bitmap_con.c: 562 in bitmap_draw_one_char() /tmp/sbbs-Apr-25-2023/src/conio/bitmap_con.c: 647 in bitmap_draw_one_char() /tmp/sbbs-Apr-25-2023/src/conio/bitmap_con.c: 584 in bitmap_draw_one_char()


    ________________________________________________________________________________________________________
    *** CID 452582: (ATOMICITY)
    /tmp/sbbs-Apr-25-2023/src/conio/bitmap_con.c: 562 in bitmap_draw_one_char()
    556 break;
    557 case 16:
    558 this_font = (unsigned char *)conio_fontdata[vmem_ptr->vmem[vmo].font].eight_by_sixteen;
    559 break;
    560 default:
    561 pthread_mutex_lock(&vstatlock); >>> CID 452582: (ATOMICITY)
    Using an unreliable value of "vmem_ptr" inside the second locked section. If the data that "vmem_ptr" depends on was changed by another thread, this use might be incorrect.
    562 release_vmem(vmem_ptr);
    563 pthread_mutex_unlock(&vstatlock);
    564 return(-1);
    565 }
    566 }
    567 }
    /tmp/sbbs-Apr-25-2023/src/conio/bitmap_con.c: 647 in bitmap_draw_one_char()
    641 if (x & 0x07)
    642 fontoffset++;
    643 pixeloffset += rsz;
    644 }
    645 pthread_mutex_unlock(&screenlock);
    646 pthread_mutex_lock(&vstatlock);
    CID 452582: (ATOMICITY)
    Using an unreliable value of "vmem_ptr" inside the second locked section. If the data that "vmem_ptr" depends on was changed by another thread, this use might be incorrect.
    647 release_vmem(vmem_ptr);
    648 pthread_mutex_unlock(&vstatlock);
    649
    650 return(0);
    651 }
    652
    /tmp/sbbs-Apr-25-2023/src/conio/bitmap_con.c: 584 in bitmap_draw_one_char()
    578 return(-1);
    579 }
    580
    581 if((!screena.rect) || (!screenb.rect)) {
    582 pthread_mutex_unlock(&screenlock);
    583 pthread_mutex_lock(&vstatlock);
    CID 452582: (ATOMICITY)
    Using an unreliable value of "vmem_ptr" inside the second locked section. If the data that "vmem_ptr" depends on was changed by another thread, this use might be incorrect.
    584 release_vmem(vmem_ptr);
    585 pthread_mutex_unlock(&vstatlock);
    586 return(-1);
    587 }
    588
    589 pixeloffset = PIXEL_OFFSET(screena, xoffset, yoffset);

    ** CID 452581: Program hangs (ORDER_REVERSAL)


    ________________________________________________________________________________________________________
    *** CID 452581: Program hangs (ORDER_REVERSAL) /tmp/sbbs-Apr-25-2023/src/conio/bitmap_con.c: 1608 in bitmap_replace_font() 1602 conio_fontdata[id].desc=name;
    1603 break;
    1604 default:
    1605 free(name);
    1606 free(data);
    1607 }
    CID 452581: Program hangs (ORDER_REVERSAL)
    Calling "request_redraw" acquires lock "vstatlock" while holding lock "screenlock" (count: 1 / 2).
    1608 request_redraw();
    1609 pthread_mutex_unlock(&screenlock);
    1610 }
    1611
    1612 int bitmap_setpalette(uint32_t index, uint16_t r, uint16_t g, uint16_t b)
    1613 {


    ________________________________________________________________________________________________________
    To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yp-2FP9gGRhvFklLaQKuBylUrkMFB3WMR2p7qIYKYTZrh4BbWTBf-2B-2Fi5ZUVF-2Fo-2B6flxo-3DUSpV_g4j7BHlu96plUOfCQsO0yRjoWZCZl8YGnZ-2FUtT39hrDmDz-2FisU4CybMTa4AFdNqjWoDadrImI2uOf58ArG-2FffJ7seqZM-2Bl84or1w-2BzxkvZYcPQITxGrgDJGv16GZTsMIutD2gv437SrvMcUM-2F5l3-2BKCAbVD4eiDR8izGVmzfzthTmQymbENGNMMEUITS2aGvAfi-2BZKEdNWTnMrEIlvUiBQ-3D-3D



    ---
    Synchronet Vertrauen Home of Synchronet [vert/cvs/bbs].synchro.net
  • From scan-admin@coverity.com@VERT to cov-scan@synchro.net on Sat May 6 12:39:53 2023
    Hi,

    Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

    1 new defect(s) introduced to Synchronet found with Coverity Scan.
    2 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

    New defect(s) Reported-by: Coverity Scan
    Showing 1 of 1 defect(s)


    ** CID 453600: (NULL_RETURNS)
    /tmp/sbbs-May-06-2023/src/conio/genmap.c: 88 in main() /tmp/sbbs-May-06-2023/src/conio/genmap.c: 89 in main() /tmp/sbbs-May-06-2023/src/conio/genmap.c: 69 in main() /tmp/sbbs-May-06-2023/src/conio/genmap.c: 78 in main()


    ________________________________________________________________________________________________________
    *** CID 453600: (NULL_RETURNS)
    /tmp/sbbs-May-06-2023/src/conio/genmap.c: 88 in main()
    82 "#include <inttypes.h>\n"
    83 "\n"
    84 "extern const uint32_t r2y[16777216];\n"
    85 "extern const uint32_t y2r[16777216];\n"
    86 "\n"
    87 "#endif\n");
    CID 453600: (NULL_RETURNS)
    Dereferencing a pointer that might be "NULL" "r" when calling "fwrite". 88 fwrite(r2y, 4, 1 << 24, r);
    89 fwrite(y2r, 4, 1 << 24, y);
    90 fclose(s);
    91 fclose(h);
    92 fclose(r);
    93 fclose(y);
    94 return 0;
    /tmp/sbbs-May-06-2023/src/conio/genmap.c: 89 in main()
    83 "\n"
    84 "extern const uint32_t r2y[16777216];\n"
    85 "extern const uint32_t y2r[16777216];\n"
    86 "\n"
    87 "#endif\n");
    88 fwrite(r2y, 4, 1 << 24, r);
    CID 453600: (NULL_RETURNS)
    Dereferencing a pointer that might be "NULL" "y" when calling "fwrite". 89 fwrite(y2r, 4, 1 << 24, y);
    90 fclose(s);
    91 fclose(h);
    92 fclose(r);
    93 fclose(y);
    94 return 0;
    /tmp/sbbs-May-06-2023/src/conio/genmap.c: 69 in main()
    63 char *mangle = "";
    64
    65 init_r2y();
    66 if (argc > 1 && strcmp(argv[1], "win32") == 0)
    67 mangle = "_";
    68
    CID 453600: (NULL_RETURNS)
    Dereferencing a pointer that might be "NULL" "s" when calling "fprintf". [Note: The source code implementation of the function has been overridden by a builtin model.]
    69 fprintf(s,
    70 ".section .rodata\n"
    71 ".global %sr2y\n"
    72 ".global %sy2r\n"
    73 ".align 4\n"
    74 "%sr2y:\n"
    /tmp/sbbs-May-06-2023/src/conio/genmap.c: 78 in main()
    72 ".global %sy2r\n"
    73 ".align 4\n"
    74 "%sr2y:\n"
    75 " .incbin \"r2y.bin\"\n"
    76 "%sy2r:\n"
    77 " .incbin \"y2r.bin\"\n", mangle, mangle, mangle, mangle);
    CID 453600: (NULL_RETURNS)
    Dereferencing a pointer that might be "NULL" "h" when calling "fprintf". [Note: The source code implementation of the function has been overridden by a builtin model.]
    78 fprintf(h,
    79 "#ifndef RGBMAP_H\n"
    80 "#define RGBMAP_H\n"
    81 "\n"
    82 "#include <inttypes.h>\n"
    83 "\n"


    ________________________________________________________________________________________________________
    To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yp-2FP9gGRhvFklLaQKuBylUrkMFB3WMR2p7qIYKYTZrh4BbWTBf-2B-2Fi5ZUVF-2Fo-2B6flxo-3D2OWw_g4j7BHlu96plUOfCQsO0yRjoWZCZl8YGnZ-2FUtT39hrA5TNjzrU6Rq5Mo9xdbzDwsTpy-2Bb09EocMoAjAvUXI0dqN9FjhoAs2WQX-2BupKjspvk11pluxiTxKgTDHQAhwzsXbwAERPEnGsAxkUULs14dstkoKyyk63U-2FI43vTGDPDLB-2BN8f1fqC8LeCf2cycw746w3RIwm3fIqgqrnx-2F8Y8WZA-3D-3D



    ---
    Synchronet Vertrauen Home of Synchronet [vert/cvs/bbs].synchro.net
  • From scan-admin@coverity.com@VERT to cov-scan@synchro.net on Sun May 7 14:09:59 2023
    Hi,

    Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

    3 new defect(s) introduced to Synchronet found with Coverity Scan.


    New defect(s) Reported-by: Coverity Scan
    Showing 3 of 3 defect(s)


    ** CID 453850: Memory - corruptions (OVERRUN)


    ________________________________________________________________________________________________________
    *** CID 453850: Memory - corruptions (OVERRUN)
    /main.cpp: 2135 in input_thread(void *)()
    2129 else
    2130 wrbuf=telnet_interpret(sbbs, inbuf, rd, telbuf, wr);
    2131 if(wr > (int)sizeof(telbuf))
    2132 lprintf(LOG_ERR,"!TELBUF OVERFLOW (%d>%d)",wr,(int)sizeof(telbuf));
    2133
    2134 if(!(sbbs->console & CON_RAW_IN))
    CID 453850: Memory - corruptions (OVERRUN)
    Overrunning buffer pointed to by "wrbuf" of 4000 bytes by passing it to a function which accesses it at byte offset 4000 using argument "wr" (which evaluates to 4001).
    2135 sbbs->translate_input(wrbuf, wr);
    2136
    2137 if(sbbs->passthru_socket_active == true) {
    2138 BOOL writable = FALSE;
    2139 if(socket_check(sbbs->passthru_socket, NULL, &writable, 1000) && writable)
    2140 (void)sendsocket(sbbs->passthru_socket, (char*)wrbuf, wr);

    ** CID 453849: (STRING_SIZE)
    /tmp/sbbs-May-07-2023/src/conio/genmap.c: 72 in main() /tmp/sbbs-May-07-2023/src/conio/genmap.c: 74 in main() /tmp/sbbs-May-07-2023/src/conio/genmap.c: 68 in main() /tmp/sbbs-May-07-2023/src/conio/genmap.c: 70 in main()


    ________________________________________________________________________________________________________
    *** CID 453849: (STRING_SIZE)
    /tmp/sbbs-May-07-2023/src/conio/genmap.c: 72 in main()
    66 return EXIT_FAILURE;
    67 }
    68 sprintf(path, "%s/rgbmap.s", argv[2]);
    69 s = fopen(path, "w");
    70 sprintf(path, "%s/rgbmap.h", argv[2]);
    71 h = fopen(path, "w");
    CID 453849: (STRING_SIZE)
    Passing string "argv[2]" of unknown size to "sprintf".
    72 sprintf(path, "%s/r2y.bin", argv[2]);
    73 r = fopen(path, "wb");
    74 sprintf(path, "%s/y2r.bin", argv[2]);
    75 y = fopen(path, "wb");
    76 init_r2y();
    77 if (argc > 1 && strcmp(argv[1], "win32") == 0) /tmp/sbbs-May-07-2023/src/conio/genmap.c: 74 in main()
    68 sprintf(path, "%s/rgbmap.s", argv[2]);
    69 s = fopen(path, "w");
    70 sprintf(path, "%s/rgbmap.h", argv[2]);
    71 h = fopen(path, "w");
    72 sprintf(path, "%s/r2y.bin", argv[2]);
    73 r = fopen(path, "wb");
    CID 453849: (STRING_SIZE)
    Passing string "argv[2]" of unknown size to "sprintf".
    74 sprintf(path, "%s/y2r.bin", argv[2]);
    75 y = fopen(path, "wb");
    76 init_r2y();
    77 if (argc > 1 && strcmp(argv[1], "win32") == 0)
    78 mangle = "_";
    79
    /tmp/sbbs-May-07-2023/src/conio/genmap.c: 68 in main()
    62 char *mangle = "";
    63
    64 if (argc != 3) {
    65 fprintf(stderr, "Usage: %s <os> <path>\n", argv[0]);
    66 return EXIT_FAILURE;
    67 }
    CID 453849: (STRING_SIZE)
    Passing string "argv[2]" of unknown size to "sprintf".
    68 sprintf(path, "%s/rgbmap.s", argv[2]);
    69 s = fopen(path, "w");
    70 sprintf(path, "%s/rgbmap.h", argv[2]);
    71 h = fopen(path, "w");
    72 sprintf(path, "%s/r2y.bin", argv[2]);
    73 r = fopen(path, "wb");
    /tmp/sbbs-May-07-2023/src/conio/genmap.c: 70 in main()
    64 if (argc != 3) {
    65 fprintf(stderr, "Usage: %s <os> <path>\n", argv[0]);
    66 return EXIT_FAILURE;
    67 }
    68 sprintf(path, "%s/rgbmap.s", argv[2]);
    69 s = fopen(path, "w");
    CID 453849: (STRING_SIZE)
    Passing string "argv[2]" of unknown size to "sprintf".
    70 sprintf(path, "%s/rgbmap.h", argv[2]);
    71 h = fopen(path, "w");
    72 sprintf(path, "%s/r2y.bin", argv[2]);
    73 r = fopen(path, "wb");
    74 sprintf(path, "%s/y2r.bin", argv[2]);
    75 y = fopen(path, "wb");

    ** CID 453848: Concurrent data access violations (MISSING_LOCK) /tmp/sbbs-May-07-2023/src/conio/x_events.c: 562 in video_init()


    ________________________________________________________________________________________________________
    *** CID 453848: Concurrent data access violations (MISSING_LOCK) /tmp/sbbs-May-07-2023/src/conio/x_events.c: 562 in video_init()
    556 if (x_cvstat.scaling < 1 || vstat.scaling < 1)
    557 x_cvstat.scaling = vstat.scaling = 1;
    558 pthread_mutex_unlock(&vstatlock);
    559 /* Initialize mode 3 (text, 80x25, 16 colors) */
    560 if(load_vmode(&vstat, ciolib_initial_mode))
    561 return(-1);
    CID 453848: Concurrent data access violations (MISSING_LOCK)
    Accessing "x_cvstat" without holding lock "vstatlock". Elsewhere, "x_cvstat" is accessed with "vstatlock" held 3 out of 4 times (1 of these accesses strongly imply that it is necessary).
    562 x_cvstat = vstat;
    563 if(init_window())
    564 return(-1);
    565 bitmap_drv_init(x11_drawrect, x11_flush);
    566 pthread_mutex_lock(&vstatlock);
    567 bitmap_drv_init_mode(vstat.mode, NULL, NULL, 0, 0);


    ________________________________________________________________________________________________________
    To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yp-2FP9gGRhvFklLaQKuBylUrkMFB3WMR2p7qIYKYTZrh4BbWTBf-2B-2Fi5ZUVF-2Fo-2B6flxo-3DHCK2_g4j7BHlu96plUOfCQsO0yRjoWZCZl8YGnZ-2FUtT39hrCrnxZlR95qbad06mHzW16hipyALzV0mFuj3ay6pFxYR0eStfRzX4PFZA0tGWVeDEIjb6ggx0scvHBcaLMTSmWKTHh-2BY-2F-2FJXVJUS-2FMWWRke5EcHM57k-2F70xISfOM2XGn-2F4aK35uR43soY3XaxM-2BxoxpO-2BmFSex4uKhKezwAhOx42w-3D-3D



    ---
    Synchronet Vertrauen Home of Synchronet [vert/cvs/bbs].synchro.net
  • From scan-admin@coverity.com@VERT to cov-scan@synchro.net on Fri May 12 12:39:17 2023
    Hi,

    Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

    3 new defect(s) introduced to Synchronet found with Coverity Scan.
    4 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

    New defect(s) Reported-by: Coverity Scan
    Showing 3 of 3 defect(s)


    ** CID 454698: Incorrect expression (IDENTICAL_BRANCHES) /tmp/sbbs-May-12-2023/src/conio/x_events.c: 336 in map_window()


    ________________________________________________________________________________________________________
    *** CID 454698: Incorrect expression (IDENTICAL_BRANCHES) /tmp/sbbs-May-12-2023/src/conio/x_events.c: 336 in map_window()
    330 }
    331
    332 bitmap_get_scaled_win_size(x_cvstat.scaling, &sh->base_width, &sh->base_height, 0, 0);
    333 bitmap_get_scaled_win_size(1.0, &sh->min_width, &sh->min_height, 0, 0);
    334 pthread_mutex_unlock(&vstatlock);
    335
    CID 454698: Incorrect expression (IDENTICAL_BRANCHES)
    The same code is executed regardless of whether "x_cvstat.aspect_width != 0 && x_cvstat.aspect_height != 0" is true, because the 'then' and 'else' branches are identical. Should one of the branches be modified, or the entire 'if' statement replaced?
    336 if (x_cvstat.aspect_width != 0 && x_cvstat.aspect_height != 0) {
    337 sh->min_aspect.x = sh->max_aspect.x = sh->min_width; 338 sh->min_aspect.y = sh->max_aspect.y = sh->min_height; 339 }
    340 else {
    341 sh->min_aspect.x = sh->max_aspect.x = sh->min_width;

    ** CID 454697: Program hangs (LOCK) /tmp/sbbs-May-12-2023/src/conio/x_events.c: 565 in video_init()


    ________________________________________________________________________________________________________
    *** CID 454697: Program hangs (LOCK) /tmp/sbbs-May-12-2023/src/conio/x_events.c: 565 in video_init()
    559 if (ciolib_initial_scaling != 0.0)
    560 x_cvstat.scaling = vstat.scaling = ciolib_initial_scaling;
    561 if (x_cvstat.scaling < 1.0 || vstat.scaling < 1.0)
    562 x_cvstat.scaling = vstat.scaling = 1;
    563 /* Initialize mode 3 (text, 80x25, 16 colors) */
    564 if(load_vmode(&vstat, ciolib_initial_mode))
    CID 454697: Program hangs (LOCK)
    Returning without unlocking "vstatlock".
    565 return(-1);
    566 x_cvstat = vstat;
    567 pthread_mutex_unlock(&vstatlock);
    568 if(init_window())
    569 return(-1);
    570 bitmap_drv_init(x11_drawrect, x11_flush);

    ** CID 454696: Control flow issues (UNREACHABLE) /tmp/sbbs-May-12-2023/src/conio/sdl_con.c: 346 in window_can_scale_internally()


    ________________________________________________________________________________________________________
    *** CID 454696: Control flow issues (UNREACHABLE) /tmp/sbbs-May-12-2023/src/conio/sdl_con.c: 346 in window_can_scale_internally() 340 {
    341 double ival;
    342 double fval = modf(vstat.scaling, &ival);
    343
    344 // TODO: Add toggle for software scaling
    345 return true;
    CID 454696: Control flow issues (UNREACHABLE)
    This code cannot be reached: "if (fval == 0.)
    return true;".
    346 if (fval == 0.0)
    347 return true;
    348 return false;
    349 }
    350
    351 static int sdl_init_mode(int mode, bool init)


    ________________________________________________________________________________________________________
    To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yp-2FP9gGRhvFklLaQKuBylUrkMFB3WMR2p7qIYKYTZrh4BbWTBf-2B-2Fi5ZUVF-2Fo-2B6flxo-3DX8P7_g4j7BHlu96plUOfCQsO0yRjoWZCZl8YGnZ-2FUtT39hrCo7meCvjTSwgjNWxh8U4aDHxfQHmMxsciENSIBRXp67uLEWOz8jwu3lZFR4uCjFHkbCONAY52JqWDBe66S35SQOx1f4wXv2LsZa7IQA5vCXFuyr8zmKHpG3m8Wuig8iyc7ux-2BQD0YVshzWBetWEqE7uzFZr9D2LkWv7T-2FSd8bmyg-3D-3D



    ---
    Synchronet Vertrauen Home of Synchronet [vert/cvs/bbs].synchro.net
  • From scan-admin@coverity.com@VERT to cov-scan@synchro.net on Sat Jun 3 12:40:58 2023
    Hi,

    Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

    7 new defect(s) introduced to Synchronet found with Coverity Scan.


    New defect(s) Reported-by: Coverity Scan
    Showing 7 of 7 defect(s)


    ** CID 462165: Null pointer dereferences (FORWARD_NULL) /tmp/sbbs-Jun-03-2023/src/conio/x_events.c: 904 in local_draw_rect()


    ________________________________________________________________________________________________________
    *** CID 462165: Null pointer dereferences (FORWARD_NULL) /tmp/sbbs-Jun-03-2023/src/conio/x_events.c: 904 in local_draw_rect()
    898 x11.XFillRectangle(dpy, win, gc, 0, yoff, xoff, yoff + xim->height);
    899 x11.XFillRectangle(dpy, win, gc, xoff+xim->width, yoff, w, yoff + xim->height);
    900 x11.XFillRectangle(dpy, win, gc, 0, yoff + xim->height, w, h);
    901 }
    902 if (x_internal_scaling || xrender_found == false) {
    903 if (last == NULL)
    CID 462165: Null pointer dereferences (FORWARD_NULL)
    Dereferencing null pointer "source".
    904 x11.XPutImage(dpy, win, gc, xim, 0, 0, xoff, yoff, source->w, source->h);
    905 else {
    906 release_buffer(last);
    907 last = NULL;
    908 }
    909 }

    ** CID 462164: Concurrent data access violations (MISSING_LOCK) /tmp/sbbs-Jun-03-2023/src/conio/sdl_con.c: 448 in internal_setwinsize()


    ________________________________________________________________________________________________________
    *** CID 462164: Concurrent data access violations (MISSING_LOCK) /tmp/sbbs-Jun-03-2023/src/conio/sdl_con.c: 448 in internal_setwinsize()
    442 pthread_mutex_lock(&win_mutex);
    443 sdl.GetWindowSize(win, &w, &h);
    444 pthread_mutex_unlock(&win_mutex);
    445 if (w != vs->winwidth || h != vs->winheight)
    446 changed = true;
    447 pthread_mutex_unlock(&vstatlock);
    CID 462164: Concurrent data access violations (MISSING_LOCK)
    Accessing "vstat.scaling" without holding lock "vstatlock". Elsewhere, "video_stats.scaling" is accessed with "vstatlock" held 13 out of 18 times (1 of these accesses strongly imply that it is necessary).
    448 vstat.scaling = sdl_getscaling();
    449 }
    450 if (changed)
    451 setup_surfaces(vs);
    452 }
    453

    ** CID 462163: Concurrent data access violations (MISSING_LOCK) /tmp/sbbs-Jun-03-2023/src/conio/sdl_con.c: 408 in update_cvstat()


    ________________________________________________________________________________________________________
    *** CID 462163: Concurrent data access violations (MISSING_LOCK) /tmp/sbbs-Jun-03-2023/src/conio/sdl_con.c: 408 in update_cvstat()
    402 }
    403
    404 static void
    405 update_cvstat(struct video_stats *vs)
    406 {
    407 if (vs != NULL && vs != &vstat) {
    CID 462163: Concurrent data access violations (MISSING_LOCK)
    Accessing "vstat.scaling" without holding lock "vstatlock". Elsewhere, "video_stats.scaling" is accessed with "vstatlock" held 13 out of 18 times (1 of these accesses strongly imply that it is necessary).
    408 vstat.scaling = sdl_getscaling();
    409 pthread_mutex_lock(&vstatlock);
    410 *vs = vstat;
    411 pthread_mutex_unlock(&vstatlock);
    412 }
    413 }

    ** CID 462162: Concurrent data access violations (MISSING_LOCK) /tmp/sbbs-Jun-03-2023/src/conio/sdl_con.c: 657 in setup_surfaces()


    ________________________________________________________________________________________________________
    *** CID 462162: Concurrent data access violations (MISSING_LOCK) /tmp/sbbs-Jun-03-2023/src/conio/sdl_con.c: 657 in setup_surfaces()
    651 else if(sdl_init_good) {
    652 ev.type=SDL_QUIT;
    653 sdl_exitcode=1;
    654 sdl.PeepEvents(&ev, 1, SDL_ADDEVENT, SDL_FIRSTEVENT, SDL_LASTEVENT);
    655 }
    656 pthread_mutex_unlock(&win_mutex);
    CID 462162: Concurrent data access violations (MISSING_LOCK)
    Accessing "vstat.scaling" without holding lock "vstatlock". Elsewhere, "video_stats.scaling" is accessed with "vstatlock" held 13 out of 18 times (1 of these accesses strongly imply that it is necessary).
    657 vstat.scaling = sdl_getscaling();
    658 }
    659
    660 /* Called from event thread only */
    661 static void sdl_add_key(unsigned int keyval, struct video_stats *vs) 662 {

    ** CID 462161: Null pointer dereferences (FORWARD_NULL) /tmp/sbbs-Jun-03-2023/src/conio/x_cio.c: 511 in x_init()


    ________________________________________________________________________________________________________
    *** CID 462161: Null pointer dereferences (FORWARD_NULL) /tmp/sbbs-Jun-03-2023/src/conio/x_cio.c: 511 in x_init()
    505 xp_dlclose(dl);
    506 return(-1);
    507 }
    508 #ifdef WITH_XRENDER
    509 xrender_found = true;
    510 if ((dl2 = xp_dlopen(libnames2,RTLD_LAZY,7)) == NULL) {
    CID 462161: Null pointer dereferences (FORWARD_NULL)
    Passing null pointer "dl2" to "dlclose", which dereferences it.
    511 xp_dlclose(dl2);
    512 xrender_found = false;
    513 }
    514 if (xrender_found && ((x11.XRenderFindStandardFormat = xp_dlsym(dl2, XRenderFindStandardFormat)) == NULL)) {
    515 xp_dlclose(dl);
    516 xrender_found = false;

    ** CID 462160: Null pointer dereferences (REVERSE_INULL) /tmp/sbbs-Jun-03-2023/src/conio/x_events.c: 589 in init_window()


    ________________________________________________________________________________________________________
    *** CID 462160: Null pointer dereferences (REVERSE_INULL) /tmp/sbbs-Jun-03-2023/src/conio/x_events.c: 589 in init_window()
    583 if (classhints) {
    584 classhints->res_name = (char *)ciolib_initial_program_name;
    585 classhints->res_class = (char *)ciolib_initial_program_class;
    586 }
    587 wmhints=x11.XAllocWMHints();
    588 wmhints->flags = 0;
    CID 462160: Null pointer dereferences (REVERSE_INULL)
    Null-checking "wmhints" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
    589 if(wmhints) {
    590 wmhints->initial_state=NormalState;
    591 wmhints->flags |= (StateHint | InputHint);
    592 wmhints->input = True;
    593 set_icon(ciolib_initial_icon, ciolib_initial_icon_width, wmhints);
    594 x11.XSetWMProperties(dpy, win, NULL, NULL, 0, 0, NULL, wmhints, classhints);

    ** CID 462159: (RESOURCE_LEAK)
    /tmp/sbbs-Jun-03-2023/src/conio/x_cio.c: 591 in x_init() /tmp/sbbs-Jun-03-2023/src/conio/x_cio.c: 552 in x_init() /tmp/sbbs-Jun-03-2023/src/conio/x_cio.c: 552 in x_init() /tmp/sbbs-Jun-03-2023/src/conio/x_cio.c: 557 in x_init() /tmp/sbbs-Jun-03-2023/src/conio/x_cio.c: 552 in x_init() /tmp/sbbs-Jun-03-2023/src/conio/x_cio.c: 563 in x_init() /tmp/sbbs-Jun-03-2023/src/conio/x_cio.c: 570 in x_init()


    ________________________________________________________________________________________________________
    *** CID 462159: (RESOURCE_LEAK)
    /tmp/sbbs-Jun-03-2023/src/conio/x_cio.c: 591 in x_init()
    585 xp_dlclose(dl);
    586 sem_destroy(&pastebuf_set);
    587 sem_destroy(&pastebuf_used);
    588 sem_destroy(&init_complete);
    589 sem_destroy(&mode_set);
    590 pthread_mutex_destroy(&copybuf_mutex);
    CID 462159: (RESOURCE_LEAK)
    Variable "dl2" going out of scope leaks the storage it points to.
    591 return(-1);
    592 }
    593 _beginthread(x11_mouse_thread,1<<16,NULL);
    594 cio_api.options |= CONIO_OPT_SET_TITLE | CONIO_OPT_SET_NAME | CONIO_OPT_SET_ICON;
    595 return(0);
    596 }
    /tmp/sbbs-Jun-03-2023/src/conio/x_cio.c: 552 in x_init()
    546 #endif
    547 setlocale(LC_ALL, "");
    548 x11.XSetLocaleModifiers("@im=none");
    549
    550 if(sem_init(&pastebuf_set, 0, 0)) {
    551 xp_dlclose(dl);
    CID 462159: (RESOURCE_LEAK)
    Variable "dl2" going out of scope leaks the storage it points to.
    552 return(-1);
    553 }
    554 if(sem_init(&pastebuf_used, 0, 0)) {
    555 xp_dlclose(dl);
    556 sem_destroy(&pastebuf_set);
    557 return(-1);
    /tmp/sbbs-Jun-03-2023/src/conio/x_cio.c: 552 in x_init()
    546 #endif
    547 setlocale(LC_ALL, "");
    548 x11.XSetLocaleModifiers("@im=none");
    549
    550 if(sem_init(&pastebuf_set, 0, 0)) {
    551 xp_dlclose(dl);
    CID 462159: (RESOURCE_LEAK)
    Variable "dl2" going out of scope leaks the storage it points to.
    552 return(-1);
    553 }
    554 if(sem_init(&pastebuf_used, 0, 0)) {
    555 xp_dlclose(dl);
    556 sem_destroy(&pastebuf_set);
    557 return(-1);
    /tmp/sbbs-Jun-03-2023/src/conio/x_cio.c: 557 in x_init()
    551 xp_dlclose(dl);
    552 return(-1);
    553 }
    554 if(sem_init(&pastebuf_used, 0, 0)) {
    555 xp_dlclose(dl);
    556 sem_destroy(&pastebuf_set);
    CID 462159: (RESOURCE_LEAK)
    Variable "dl2" going out of scope leaks the storage it points to.
    557 return(-1);
    558 }
    559 if(sem_init(&init_complete, 0, 0)) {
    560 xp_dlclose(dl);
    561 sem_destroy(&pastebuf_set);
    562 sem_destroy(&pastebuf_used); /tmp/sbbs-Jun-03-2023/src/conio/x_cio.c: 552 in x_init()
    546 #endif
    547 setlocale(LC_ALL, "");
    548 x11.XSetLocaleModifiers("@im=none");
    549
    550 if(sem_init(&pastebuf_set, 0, 0)) {
    551 xp_dlclose(dl);
    CID 462159: (RESOURCE_LEAK)
    Variable "dl2" going out of scope leaks the storage it points to.
    552 return(-1);
    553 }
    554 if(sem_init(&pastebuf_used, 0, 0)) {
    555 xp_dlclose(dl);
    556 sem_destroy(&pastebuf_set);
    557 return(-1);
    /tmp/sbbs-Jun-03-2023/src/conio/x_cio.c: 563 in x_init()
    557 return(-1);
    558 }
    559 if(sem_init(&init_complete, 0, 0)) {
    560 xp_dlclose(dl);
    561 sem_destroy(&pastebuf_set);
    562 sem_destroy(&pastebuf_used);
    CID 462159: (RESOURCE_LEAK)
    Variable "dl2" going out of scope leaks the storage it points to.
    563 return(-1);
    564 }
    565 if(sem_init(&mode_set, 0, 0)) {
    566 xp_dlclose(dl);
    567 sem_destroy(&pastebuf_set);
    568 sem_destroy(&pastebuf_used); /tmp/sbbs-Jun-03-2023/src/conio/x_cio.c: 570 in x_init()
    564 }
    565 if(sem_init(&mode_set, 0, 0)) {
    566 xp_dlclose(dl);
    567 sem_destroy(&pastebuf_set);
    568 sem_destroy(&pastebuf_used);
    569 sem_destroy(&init_complete);
    CID 462159: (RESOURCE_LEAK)
    Variable "dl2" going out of scope leaks the storage it points to.
    570 return(-1);
    571 }
    572
    573 if(pthread_mutex_init(&copybuf_mutex, 0)) {
    574 xp_dlclose(dl);
    575 sem_destroy(&pastebuf_set);


    ________________________________________________________________________________________________________
    To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yp-2FP9gGRhvFklLaQKuBylUrkMFB3WMR2p7qIYKYTZrh4BbWTBf-2B-2Fi5ZUVF-2Fo-2B6flxo-3DIG4__g4j7BHlu96plUOfCQsO0yRjoWZCZl8YGnZ-2FUtT39hrBPyDfdctenEpBqzGZNVHs42ttgLTzzOGVhZnCvXDhpCF9jzW-2Bs67lHgn4mRJqKpKp0lKywESuC-2B8aPwq-2BHoGo6NvVv2XtDxVwk0ttDNXD70ZWDHBkynCZQ-2FnfDOJmi8gjr3lodcSxrI82eFAdcseucYkY4oNbs56dG5-2FpY2OKpzQ-3D-3D



    ---
    Synchronet Vertrauen Home of Synchronet [vert/cvs/bbs].synchro.net
  • From scan-admin@coverity.com@VERT to cov-scan@synchro.net on Sun Jun 4 12:43:02 2023
    Hi,

    Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

    6 new defect(s) introduced to Synchronet found with Coverity Scan.
    9 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

    New defect(s) Reported-by: Coverity Scan
    Showing 6 of 6 defect(s)


    ** CID 462184: (RESOURCE_LEAK)
    /smbutil.c: 1166 in packmsgs()
    /smbutil.c: 1161 in packmsgs()
    /smbutil.c: 1249 in packmsgs()


    ________________________________________________________________________________________________________
    *** CID 462184: (RESOURCE_LEAK)
    /smbutil.c: 1166 in packmsgs()
    1160 if(fread(&hdr,1,sizeof(smbhdr_t),smb.shd_fp) < 1)
    1161 return;
    1162 fwrite(&hdr,1,sizeof(smbhdr_t),tmp_shd);
    1163 fwrite(&(smb.status),1,sizeof(smbstatus_t),tmp_shd);
    1164 for(l=sizeof(smbhdr_t)+sizeof(smbstatus_t);l<smb.status.header_offset;l++) {
    1165 if(fread(&ch,1,1,smb.shd_fp) < 1) /* copy additional base header records */
    CID 462184: (RESOURCE_LEAK)
    Variable "datoffset" going out of scope leaks the storage it points to. 1166 return;
    1167 fwrite(&ch,1,1,tmp_shd);
    1168 }
    1169 total=0;
    1170 for(l=0;l<smb.status.total_msgs;l++) {
    1171 ZERO_VAR(msg);
    /smbutil.c: 1161 in packmsgs()
    1155 fclose(tmp_sid);
    1156 fprintf(errfp,"\n%s!Error allocating memory\n",beep); 1157 return;
    1158 }
    1159 fseek(smb.shd_fp,0L,SEEK_SET);
    1160 if(fread(&hdr,1,sizeof(smbhdr_t),smb.shd_fp) < 1)
    CID 462184: (RESOURCE_LEAK)
    Variable "datoffset" going out of scope leaks the storage it points to. 1161 return;
    1162 fwrite(&hdr,1,sizeof(smbhdr_t),tmp_shd);
    1163 fwrite(&(smb.status),1,sizeof(smbstatus_t),tmp_shd);
    1164 for(l=sizeof(smbhdr_t)+sizeof(smbstatus_t);l<smb.status.header_offset;l++) {
    1165 if(fread(&ch,1,1,smb.shd_fp) < 1) /* copy additional base header records */
    1166 return;
    /smbutil.c: 1249 in packmsgs()
    1243
    1244 /* Actually copy the data */
    1245
    1246 n=smb_datblocks(m);
    1247 for(m=0;m<n;m++) {
    1248 if(fread(buf,1,SDT_BLOCK_LEN,smb.sdt_fp) < 1)
    CID 462184: (RESOURCE_LEAK)
    Variable "datoffset" going out of scope leaks the storage it points to. 1249 return;
    1250 if(!m && *(ushort *)buf!=XLAT_NONE && *(ushort *)buf!=XLAT_LZH) {
    1251 printf("\nUnsupported translation type (%04X)\n"
    1252 ,*(ushort *)buf);
    1253 break;
    1254 }

    ** CID 462183: Null pointer dereferences (FORWARD_NULL) /tmp/sbbs-Jun-04-2023/src/conio/x_cio.c: 564 in x_init()


    ________________________________________________________________________________________________________
    *** CID 462183: Null pointer dereferences (FORWARD_NULL) /tmp/sbbs-Jun-04-2023/src/conio/x_cio.c: 564 in x_init()
    558 xrender_found = false;
    559 }
    560 #endif
    561 #ifdef WITH_XINERAMA
    562 xinerama_found = true;
    563 if ((dl3 = xp_dlopen(libnames3,RTLD_LAZY,1)) == NULL) {
    CID 462183: Null pointer dereferences (FORWARD_NULL)
    Passing null pointer "dl3" to "dlclose", which dereferences it.
    564 xp_dlclose(dl3);
    565 xinerama_found = false;
    566 }
    567 if (xinerama_found && ((x11.XineramaQueryVersion = xp_dlsym(dl3, XineramaQueryVersion)) == NULL)) {
    568 xp_dlclose(dl3);
    569 xinerama_found = false;

    ** CID 462182: (RESOURCE_LEAK)
    /tmp/sbbs-Jun-04-2023/src/conio/x_cio.c: 619 in x_init() /tmp/sbbs-Jun-04-2023/src/conio/x_cio.c: 608 in x_init() /tmp/sbbs-Jun-04-2023/src/conio/x_cio.c: 613 in x_init() /tmp/sbbs-Jun-04-2023/src/conio/x_cio.c: 626 in x_init() /tmp/sbbs-Jun-04-2023/src/conio/x_cio.c: 647 in x_init()


    ________________________________________________________________________________________________________
    *** CID 462182: (RESOURCE_LEAK)
    /tmp/sbbs-Jun-04-2023/src/conio/x_cio.c: 619 in x_init()
    613 return(-1);
    614 }
    615 if(sem_init(&init_complete, 0, 0)) {
    616 xp_dlclose(dl);
    617 sem_destroy(&pastebuf_set);
    618 sem_destroy(&pastebuf_used);
    CID 462182: (RESOURCE_LEAK)
    Variable "dl4" going out of scope leaks the storage it points to.
    619 return(-1);
    620 }
    621 if(sem_init(&mode_set, 0, 0)) {
    622 xp_dlclose(dl);
    623 sem_destroy(&pastebuf_set);
    624 sem_destroy(&pastebuf_used); /tmp/sbbs-Jun-04-2023/src/conio/x_cio.c: 608 in x_init()
    602 #endif
    603 setlocale(LC_ALL, "");
    604 x11.XSetLocaleModifiers("@im=none");
    605
    606 if(sem_init(&pastebuf_set, 0, 0)) {
    607 xp_dlclose(dl);
    CID 462182: (RESOURCE_LEAK)
    Variable "dl4" going out of scope leaks the storage it points to.
    608 return(-1);
    609 }
    610 if(sem_init(&pastebuf_used, 0, 0)) {
    611 xp_dlclose(dl);
    612 sem_destroy(&pastebuf_set);
    613 return(-1);
    /tmp/sbbs-Jun-04-2023/src/conio/x_cio.c: 613 in x_init()
    607 xp_dlclose(dl);
    608 return(-1);
    609 }
    610 if(sem_init(&pastebuf_used, 0, 0)) {
    611 xp_dlclose(dl);
    612 sem_destroy(&pastebuf_set);
    CID 462182: (RESOURCE_LEAK)
    Variable "dl4" going out of scope leaks the storage it points to.
    613 return(-1);
    614 }
    615 if(sem_init(&init_complete, 0, 0)) {
    616 xp_dlclose(dl);
    617 sem_destroy(&pastebuf_set);
    618 sem_destroy(&pastebuf_used); /tmp/sbbs-Jun-04-2023/src/conio/x_cio.c: 626 in x_init()
    620 }
    621 if(sem_init(&mode_set, 0, 0)) {
    622 xp_dlclose(dl);
    623 sem_destroy(&pastebuf_set);
    624 sem_destroy(&pastebuf_used);
    625 sem_destroy(&init_complete);
    CID 462182: (RESOURCE_LEAK)
    Variable "dl4" going out of scope leaks the storage it points to.
    626 return(-1);
    627 }
    628
    629 if(pthread_mutex_init(&copybuf_mutex, 0)) {
    630 xp_dlclose(dl);
    631 sem_destroy(&pastebuf_set); /tmp/sbbs-Jun-04-2023/src/conio/x_cio.c: 647 in x_init()
    641 xp_dlclose(dl);
    642 sem_destroy(&pastebuf_set);
    643 sem_destroy(&pastebuf_used);
    644 sem_destroy(&init_complete);
    645 sem_destroy(&mode_set);
    646 pthread_mutex_destroy(&copybuf_mutex);
    CID 462182: (RESOURCE_LEAK)
    Variable "dl4" going out of scope leaks the storage it points to.
    647 return(-1);
    648 }
    649 _beginthread(x11_mouse_thread,1<<16,NULL);
    650 cio_api.options |= CONIO_OPT_SET_TITLE | CONIO_OPT_SET_NAME | CONIO_OPT_SET_ICON;
    651 return(0);
    652 }

    ** CID 462181: Resource leaks (RESOURCE_LEAK) /tmp/sbbs-Jun-04-2023/src/conio/x_cio.c: 608 in x_init()


    ________________________________________________________________________________________________________
    *** CID 462181: Resource leaks (RESOURCE_LEAK) /tmp/sbbs-Jun-04-2023/src/conio/x_cio.c: 608 in x_init()
    602 #endif
    603 setlocale(LC_ALL, "");
    604 x11.XSetLocaleModifiers("@im=none");
    605
    606 if(sem_init(&pastebuf_set, 0, 0)) {
    607 xp_dlclose(dl);
    CID 462181: Resource leaks (RESOURCE_LEAK)
    Variable "dl3" going out of scope leaks the storage it points to.
    608 return(-1);
    609 }
    610 if(sem_init(&pastebuf_used, 0, 0)) {
    611 xp_dlclose(dl);
    612 sem_destroy(&pastebuf_set);
    613 return(-1);

    ** CID 462180: Null pointer dereferences (FORWARD_NULL) /tmp/sbbs-Jun-04-2023/src/conio/x_cio.c: 579 in x_init()


    ________________________________________________________________________________________________________
    *** CID 462180: Null pointer dereferences (FORWARD_NULL) /tmp/sbbs-Jun-04-2023/src/conio/x_cio.c: 579 in x_init()
    573 xinerama_found = false;
    574 }
    575 #endif
    576 #ifdef WITH_XRANDR
    577 xrandr_found = true;
    578 if ((dl4 = xp_dlopen(libnames4,RTLD_LAZY,2)) == NULL) {
    CID 462180: Null pointer dereferences (FORWARD_NULL)
    Passing null pointer "dl4" to "dlclose", which dereferences it.
    579 xp_dlclose(dl4);
    580 xrandr_found = false;
    581 }
    582 if (xinerama_found && ((x11.XRRQueryVersion = xp_dlsym(dl4, XRRQueryVersion)) == NULL)) {
    583 xp_dlclose(dl4);
    584 xrandr_found = false;

    ** CID 462179: Control flow issues (DEADCODE) /tmp/sbbs-Jun-04-2023/src/conio/x_events.c: 304 in fullscreen_geometry()


    ________________________________________________________________________________________________________
    *** CID 462179: Control flow issues (DEADCODE) /tmp/sbbs-Jun-04-2023/src/conio/x_events.c: 304 in fullscreen_geometry()
    298 *height = xrrci->height;
    299 if (xrrci != NULL)
    300 x11.XRRFreeCrtcInfo(xrrci);
    301 return true;
    302 }
    303 if (xrrci != NULL)
    CID 462179: Control flow issues (DEADCODE)
    Execution cannot reach this statement: "x11.XRRFreeCrtcInfo(xrrci);". 304 x11.XRRFreeCrtcInfo(xrrci);
    305 }
    306 #endif
    307 #ifdef WITH_XINERAMA
    308 if (xinerama_found) {
    309 // NOTE: Xinerama is limited to a short for the entire screen dimensions.


    ________________________________________________________________________________________________________
    To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yp-2FP9gGRhvFklLaQKuBylUrkMFB3WMR2p7qIYKYTZrh4BbWTBf-2B-2Fi5ZUVF-2Fo-2B6flxo-3DlE0W_g4j7BHlu96plUOfCQsO0yRjoWZCZl8YGnZ-2FUtT39hrCCsYoL8-2BRAB8pSd-2BoykiJD4ftNgwReCmSBDHZUsIOaydl7n91VpHFpH-2B-2B6udD22Zx0rJjM18W-2BwzJlbPPHAhfNuJskDA1GbbK5bVcFums-2B-2FM-2F0YW6XnLxiKz5gFyKgOgNGYfroq20XOP9rDSr4aT-2Fr9-2BqXnGFlm6brcyj727rBsg-3D-3D



    ---
    Synchronet Vertrauen Home of Synchronet [vert/cvs/bbs].synchro.net
  • From scan-admin@coverity.com@VERT to cov-scan@synchro.net on Tue Jun 6 12:40:22 2023
    Hi,

    Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

    6 new defect(s) introduced to Synchronet found with Coverity Scan.
    38 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

    New defect(s) Reported-by: Coverity Scan
    Showing 6 of 6 defect(s)


    ** CID 462239: (CHECKED_RETURN) /tmp/sbbs-Jun-06-2023/3rdp/src/mozjs/js-1.8.5/js/src/ctypes/libffi/src/closures.c: 428 in dlmmap_locked()
    /tmp/sbbs-Jun-06-2023/3rdp/src/mozjs/js-1.8.5/js/src/ctypes/libffi/src/closures.c: 416 in dlmmap_locked()


    ________________________________________________________________________________________________________
    *** CID 462239: (CHECKED_RETURN) /tmp/sbbs-Jun-06-2023/3rdp/src/mozjs/js-1.8.5/js/src/ctypes/libffi/src/closures.c: 428 in dlmmap_locked()
    422
    423 start = mmap (start, length, prot, flags, execfd, offset);
    424
    425 if (start == MFAIL)
    426 {
    427 munmap (ptr, length);
    CID 462239: (CHECKED_RETURN)
    Calling "ftruncate" without checking return value (as is done elsewhere 45 out of 52 times).
    428 ftruncate (execfd, offset);
    429 return start;
    430 }
    431
    432 mmap_exec_offset ((char *)start, length) = (char*)ptr - (char*)start; 433 /tmp/sbbs-Jun-06-2023/3rdp/src/mozjs/js-1.8.5/js/src/ctypes/libffi/src/closures.c: 416 in dlmmap_locked()
    410 {
    411 if (!offset)
    412 {
    413 close (execfd);
    414 goto retry_open;
    415 }
    CID 462239: (CHECKED_RETURN)
    Calling "ftruncate" without checking return value (as is done elsewhere 45 out of 52 times).
    416 ftruncate (execfd, offset);
    417 return MFAIL;
    418 }
    419 else if (!offset
    420 && open_temp_exec_file_opts[open_temp_exec_file_opts_idx].repeat)
    421 open_temp_exec_file_opts_next ();

    ** CID 462238: (RESOURCE_LEAK)
    /writemsg.cpp: 1731 in sbbs_t::editmsg(smb_t *, smbmsg_t *)()
    /writemsg.cpp: 1717 in sbbs_t::editmsg(smb_t *, smbmsg_t *)()


    ________________________________________________________________________________________________________
    *** CID 462238: (RESOURCE_LEAK)
    /writemsg.cpp: 1731 in sbbs_t::editmsg(smb_t *, smbmsg_t *)()
    1725 if(j>1 && (j!=x || feof(instream)) && buf[j-1]==LF && buf[j-2]==CR)
    1726 buf[j-1]=buf[j-2]=0; /* Convert to NULL */ 1727 if(fwrite(buf,j,1,smb->sdt_fp) != 1) {
    1728 errormsg(WHERE, ERR_WRITE, smb->file, j);
    1729 smb_unlocksmbhdr(smb);
    1730 smb_freemsgdat(smb,offset,length,1);
    CID 462238: (RESOURCE_LEAK)
    Variable "instream" going out of scope leaks the storage it points to. 1731 return false;
    1732 }
    1733 x=SDT_BLOCK_LEN;
    1734 }
    1735 fflush(smb->sdt_fp);
    1736 fclose(instream);
    /writemsg.cpp: 1717 in sbbs_t::editmsg(smb_t *, smbmsg_t *)()
    1711 fseeko(smb->sdt_fp,offset,SEEK_SET);
    1712 xlat=XLAT_NONE;
    1713 if(fwrite(&xlat,2,1,smb->sdt_fp) != 1) {
    1714 errormsg(WHERE, ERR_WRITE, smb->file, 2);
    1715 smb_unlocksmbhdr(smb);
    1716 smb_freemsgdat(smb,offset,length,1);
    CID 462238: (RESOURCE_LEAK)
    Variable "instream" going out of scope leaks the storage it points to. 1717 return false;
    1718 }
    1719 x=SDT_BLOCK_LEN-2; /* Don't read/write more than 255 */
    1720 while(!feof(instream)) {
    1721 memset(buf,0,x);
    1722 j=fread(buf,1,x,instream);

    ** CID 462237: Resource leaks (RESOURCE_LEAK)
    /writemsg.cpp: 244 in sbbs_t::process_edited_file(const char *, const char *, int, unsigned int *, unsigned int)()


    ________________________________________________________________________________________________________
    *** CID 462237: Resource leaks (RESOURCE_LEAK)
    /writemsg.cpp: 244 in sbbs_t::process_edited_file(const char *, const char *, int, unsigned int *, unsigned int)()
    238 }
    239
    240 memset(buf,0,len+1);
    241 int rd = fread(buf,len,1,fp);
    242 fclose(fp);
    243 if(rd != 1)
    CID 462237: Resource leaks (RESOURCE_LEAK)
    Variable "buf" going out of scope leaks the storage it points to.
    244 return -4;
    245
    246 if((fp=fopen(dest,"wb"))!=NULL) {
    247 len=process_edited_text(buf, fp, mode, lines, maxlines);
    248 fclose(fp);
    249 }

    ** CID 462236: Null pointer dereferences (FORWARD_NULL) /tmp/sbbs-Jun-06-2023/src/conio/x_cio.c: 588 in x_initciolib()


    ________________________________________________________________________________________________________
    *** CID 462236: Null pointer dereferences (FORWARD_NULL) /tmp/sbbs-Jun-06-2023/src/conio/x_cio.c: 588 in x_initciolib()
    582 }
    583 #endif
    584 #ifdef WITH_XRANDR
    585 xrandr_found = true;
    586 if ((dl4 = xp_dlopen(libnames4,RTLD_LAZY,2)) == NULL)
    587 xrandr_found = false;
    CID 462236: Null pointer dereferences (FORWARD_NULL)
    Passing null pointer "dl4" to "dlsym", which dereferences it.
    588 if (xinerama_found && ((x11.XRRQueryVersion = xp_dlsym(dl4, XRRQueryVersion)) == NULL)) {
    589 xp_dlclose(dl4);
    590 xrandr_found = false;
    591 }
    592 if (xinerama_found && ((x11.XRRGetScreenResources = xp_dlsym(dl4, XRRGetScreenResources)) == NULL)) {
    593 xp_dlclose(dl4);

    ** CID 462235: Resource leaks (RESOURCE_LEAK)
    /fmsgdump.c: 114 in msgdump()


    ________________________________________________________________________________________________________
    *** CID 462235: Resource leaks (RESOURCE_LEAK)
    /fmsgdump.c: 114 in msgdump()
    108 fprintf(stderr, "!MALLOC failure\n");
    109 return __COUNTER__;
    110 }
    111 fseek(fp, sizeof(hdr), SEEK_SET);
    112 if(fread(body, len, 1, fp) != 1) {
    113 perror("reading body text");
    CID 462235: Resource leaks (RESOURCE_LEAK)
    Variable "body" going out of scope leaks the storage it points to.
    114 return __COUNTER__;
    115 }
    116 fprintf(bodyfp, "\n-start of message text-\n");
    117 char* p = body;
    118 while(*p && p < body + len) {
    119 if((p == body || *(p - 1) == '\r') && *p == 1) {

    ** CID 462234: Resource leaks (RESOURCE_LEAK)
    /netmail.cpp: 303 in sbbs_t::netmail(const char *, const char *, int, smb_t *, smbmsg_t *, char **)()


    ________________________________________________________________________________________________________
    *** CID 462234: Resource leaks (RESOURCE_LEAK)
    /netmail.cpp: 303 in sbbs_t::netmail(const char *, const char *, int, smb_t *, smbmsg_t *, char **)()
    297 errormsg(WHERE,ERR_ALLOC,str,length);
    298 return(false);
    299 }
    300 if(read(file,buf,length) != length) {
    301 close(file);
    302 errormsg(WHERE, ERR_READ, str, length);
    CID 462234: Resource leaks (RESOURCE_LEAK)
    Variable "buf" going out of scope leaks the storage it points to.
    303 return false;
    304 }
    305 close(file);
    306
    307 smb_net_type_t nettype = NET_FIDO;
    308 smb_hfield_str(&msg,SENDER, from);


    ________________________________________________________________________________________________________
    To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yp-2FP9gGRhvFklLaQKuBylUrkMFB3WMR2p7qIYKYTZrh4BbWTBf-2B-2Fi5ZUVF-2Fo-2B6flxo-3DcBRy_g4j7BHlu96plUOfCQsO0yRjoWZCZl8YGnZ-2FUtT39hrB-2FxlaM9N-2BytN4abAlhxBOfL2Gc48Kht9DWsIw0TGq4KCIUCjvrRsYhjbSc3n6GrPlyk6u8jzpB0aqRS4dcNK81E-2FeN0SyAuTTv987PncAi-2FzopZuXT78jKuoT04lLRnCeEbfBKD6ahQnLeiOpkIZgmfmv57IglbC4RNT9dRkvaUQ-3D-3D



    ---
    Synchronet Vertrauen Home of Synchronet [vert/cvs/bbs].synchro.net
  • From scan-admin@coverity.com@VERT to cov-scan@synchro.net on Fri Jun 9 12:40:16 2023
    Hi,

    Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

    14 new defect(s) introduced to Synchronet found with Coverity Scan.
    28 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

    New defect(s) Reported-by: Coverity Scan
    Showing 14 of 14 defect(s)


    ** CID 462300: Control flow issues (MISSING_BREAK) /tmp/sbbs-Jun-09-2023/src/conio/cterm.c: 3525 in do_ansi()


    ________________________________________________________________________________________________________
    *** CID 462300: Control flow issues (MISSING_BREAK) /tmp/sbbs-Jun-09-2023/src/conio/cterm.c: 3525 in do_ansi()
    3519 case 'e': /* Line Position Forward */
    3520 seq_default(seq, 0, 1);
    3521 if (seq->param_int[0] < 1)
    3522 break; 3523 adjust_currpos(cterm, 0, seq->param_int[0], 0);
    3524 break;
    CID 462300: Control flow issues (MISSING_BREAK)
    The case for value "'a'" is not terminated by a "break" statement.
    3525 case 'a': /* Character Position Forward */
    3526 clear_lcf(cterm);
    3527 case 'C': /* Cursor Right */
    3528 seq_default(seq, 0, 1);
    3529 if (seq->param_int[0] < 1)
    3530 break;

    ** CID 462299: Control flow issues (MISSING_BREAK) /tmp/sbbs-Jun-09-2023/src/conio/cterm.c: 3533 in do_ansi()


    ________________________________________________________________________________________________________
    *** CID 462299: Control flow issues (MISSING_BREAK) /tmp/sbbs-Jun-09-2023/src/conio/cterm.c: 3533 in do_ansi()
    3527 case 'C': /* Cursor Right */
    3528 seq_default(seq, 0, 1);
    3529 if (seq->param_int[0] < 1)
    3530 break; 3531 adjust_currpos(cterm, seq->param_int[0], 0, 0);
    3532 break;
    CID 462299: Control flow issues (MISSING_BREAK)
    The case for value "'j'" is not terminated by a "break" statement.
    3533 case 'j': /* Character Position Backward */
    3534 clear_lcf(cterm);
    3535 case 'D': /* Cursor Left */
    3536 seq_default(seq, 0, 1);
    3537 if (seq->param_int[0] < 1)
    3538 break;

    ** CID 462298: (NEGATIVE_RETURNS)


    ________________________________________________________________________________________________________
    *** CID 462298: (NEGATIVE_RETURNS)
    /exec.cpp: 1892 in sbbs_t::exec(csi_t *)()
    1886 }
    1887 else
    1888 csi->logic=LOGIC_FALSE;
    1889 return(0);
    1890
    1891 case CS_SELECT_EDITOR:
    CID 462298: (NEGATIVE_RETURNS)
    "this->curdirnum" is passed to a parameter that cannot be negative. 1892 csi->logic=select_editor() ? LOGIC_TRUE:LOGIC_FALSE;
    1893 return(0);
    1894 case CS_SET_EDITOR:
    1895 csi->logic=LOGIC_TRUE;
    1896 for(i=0;i<cfg.total_xedits;i++)
    1897 if(!stricmp(csi->str,cfg.xedit[i]->code)
    /exec.cpp: 1880 in sbbs_t::exec(csi_t *)()
    1874 case CS_SELECT_SHELL:
    1875 csi->logic=select_shell() ? LOGIC_TRUE:LOGIC_FALSE;
    1876 return(0);
    1877 case CS_SET_SHELL:
    1878 csi->logic=LOGIC_TRUE;
    1879 for(i=0;i<cfg.total_shells;i++)
    CID 462298: (NEGATIVE_RETURNS)
    "this->curdirnum" is passed to a parameter that cannot be negative. 1880 if(!stricmp(csi->str,cfg.shell[i]->code)
    1881 && chk_ar(cfg.shell[i]->ar,&useron,&client))
    1882 break;
    1883 if(i<cfg.total_shells) {
    1884 useron.shell=i;
    1885 putuserstr(useron.number, USER_SHELL, cfg.shell[i]->code);
    /exec.cpp: 1181 in sbbs_t::exec(csi_t *)()
    1175 now=time(NULL);
    1176
    1177 if(csi->ip>=csi->cs+csi->length)
    1178 return(1);
    1179
    1180 if(*csi->ip>=CS_FUNCTIONS)
    CID 462298: (NEGATIVE_RETURNS)
    "this->curdirnum" is passed to a parameter that cannot be negative. 1181 return(exec_function(csi));
    1182
    1183 /**********************************************/
    1184 /* Miscellaneous variable length instructions */
    1185 /**********************************************/
    1186
    /exec.cpp: 1499 in sbbs_t::exec(csi_t *)()
    1493
    1494 if(*csi->ip>=CS_TWO_BYTE) {
    1495 switch(*(csi->ip++)) {
    1496 case CS_TWO_MORE_BYTES:
    1497 switch(*(csi->ip++)) {
    1498 case CS_USER_EVENT:
    CID 462298: (NEGATIVE_RETURNS)
    "this->curdirnum" is passed to a parameter that cannot be negative. 1499 user_event((user_event_t)*(csi->ip++));
    1500 return(0);
    1501 }
    1502 errormsg(WHERE,ERR_CHK,"shell instruction",*(csi->ip-1));
    1503 return(0);
    1504 case CS_SETLOGIC:
    /exec.cpp: 1181 in sbbs_t::exec(csi_t *)()
    1175 now=time(NULL);
    1176
    1177 if(csi->ip>=csi->cs+csi->length)
    1178 return(1);
    1179
    1180 if(*csi->ip>=CS_FUNCTIONS)
    CID 462298: (NEGATIVE_RETURNS)
    "this->cursubnum" is passed to a parameter that cannot be negative. 1181 return(exec_function(csi));
    1182
    1183 /**********************************************/
    1184 /* Miscellaneous variable length instructions */
    1185 /**********************************************/
    1186
    /exec.cpp: 1761 in sbbs_t::exec(csi_t *)()
    1755 if(logon())
    1756 csi->logic=LOGIC_TRUE; 1757 else
    1758 csi->logic=LOGIC_FALSE; 1759 return(0);
    1760 case CS_LOGOUT:
    CID 462298: (NEGATIVE_RETURNS)
    "this->curdirnum" is passed to a parameter that cannot be negative. 1761 logout();
    1762 return(0);
    1763 case CS_EXIT:
    1764 return(1);
    1765 case CS_LOOP_BEGIN:
    1766 if(csi->loops<MAX_LOOPDEPTH) /exec.cpp: 1538 in sbbs_t::exec(csi_t *)()
    1532 thisnode.status=*csi->ip++; 1533 putnodedat(cfg.node_num,&thisnode);
    1534 } else
    1535 csi->ip++;
    1536 return(0);
    1537 case CS_MULTINODE_CHAT:
    CID 462298: (NEGATIVE_RETURNS)
    "this->curdirnum" is passed to a parameter that cannot be negative. 1538 multinodechat(*csi->ip++);
    1539 return(0);
    1540 case CS_GETSTR:
    1541 csi->logic=LOGIC_TRUE;
    1542 getstr(csi->str,*csi->ip++,0);
    1543 if(sys_status&SS_ABORT) {
    /exec.cpp: 1875 in sbbs_t::exec(csi_t *)()
    1869 saveline();
    1870 return(0);
    1871 case CS_RESTORELINE:
    1872 restoreline();
    1873 return(0);
    1874 case CS_SELECT_SHELL:
    CID 462298: (NEGATIVE_RETURNS)
    "this->curdirnum" is passed to a parameter that cannot be negative. 1875 csi->logic=select_shell() ? LOGIC_TRUE:LOGIC_FALSE;
    1876 return(0);
    1877 case CS_SET_SHELL:
    1878 csi->logic=LOGIC_TRUE;
    1879 for(i=0;i<cfg.total_shells;i++)
    1880 if(!stricmp(csi->str,cfg.shell[i]->code)
    /exec.cpp: 1897 in sbbs_t::exec(csi_t *)()
    1891 case CS_SELECT_EDITOR:
    1892 csi->logic=select_editor() ? LOGIC_TRUE:LOGIC_FALSE;
    1893 return(0);
    1894 case CS_SET_EDITOR:
    1895 csi->logic=LOGIC_TRUE;
    1896 for(i=0;i<cfg.total_xedits;i++)
    CID 462298: (NEGATIVE_RETURNS)
    "this->curdirnum" is passed to a parameter that cannot be negative. 1897 if(!stricmp(csi->str,cfg.xedit[i]->code)
    1898 && chk_ar(cfg.xedit[i]->ar,&useron,&client))
    1899 break;
    1900 if(i<cfg.total_xedits) {
    1901 useron.xedit=i+1;
    1902 putuserstr(useron.number, USER_XEDIT, cfg.xedit[i]->code);

    ** CID 462297: Uninitialized variables (UNINIT)


    ________________________________________________________________________________________________________
    *** CID 462297: Uninitialized variables (UNINIT)
    /readmsgs.cpp: 218 in sbbs_t::loadposts(unsigned int *, int, unsigned int, int, unsigned int *, unsigned int *)()
    212 if(idx.to!=namecrc && idx.from!=namecrc
    213 && idx.to!=aliascrc && idx.from!=aliascrc
    214 && (useron.number!=1 || idx.to!=sysop)) 215 continue;
    216 msg.idx=idx;
    217 if(!smb_lockmsghdr(&smb,&msg)) {
    CID 462297: Uninitialized variables (UNINIT)
    Using uninitialized value "msg.idx_offset" when calling "smb_getmsghdr".
    218 if(!smb_getmsghdr(&smb,&msg)) {
    219 if(stricmp(msg.to,useron.alias) 220 && stricmp(msg.from,useron.alias)
    221 && stricmp(msg.to,useron.name)
    222 && stricmp(msg.from,useron.name)
    223 && (useron.number!=1 || stricmp(msg.to,"sysop")

    ** CID 462296: Integer handling issues (SIGN_EXTENSION)
    /writemsg.cpp: 296 in sbbs_t::writemsg(const char *, const char *, char *, int, int, const char *, const char *, const char **, const char **)()


    ________________________________________________________________________________________________________
    *** CID 462296: Integer handling issues (SIGN_EXTENSION)
    /writemsg.cpp: 296 in sbbs_t::writemsg(const char *, const char *, char *, int, int, const char *, const char *, const char **, const char **)()
    290
    291 useron_level=useron.level;
    292
    293 if(editor!=NULL)
    294 *editor=NULL;
    295
    CID 462296: Integer handling issues (SIGN_EXTENSION)
    Suspicious implicit sign extension: "this->cfg.level_linespermsg[useron_level]" with type "uint16_t" (16 bits, unsigned) is promoted in "this->cfg.level_linespermsg[useron_level] * (this->cols - 1 + 2) + 1" to type "int" (32 bits, signed), then sign-extended to type "unsigned long" (64 bits, unsigned). If "this->cfg.level_linespermsg[useron_level] * (this->cols - 1 + 2) + 1" is greater than 0x7FFFFFFF, the upper bits of the result will all be 1.
    296 if((buf=(char*)malloc((cfg.level_linespermsg[useron_level]*MAX_LINE_LEN) + 1))
    297 ==NULL) {
    298 errormsg(WHERE,ERR_ALLOC,fname
    299 ,(cfg.level_linespermsg[useron_level]*MAX_LINE_LEN) +1);
    300 return(false);
    301 }

    ** CID 462295: Control flow issues (MISSING_BREAK) /tmp/sbbs-Jun-09-2023/src/conio/cterm.c: 3509 in do_ansi()


    ________________________________________________________________________________________________________
    *** CID 462295: Control flow issues (MISSING_BREAK) /tmp/sbbs-Jun-09-2023/src/conio/cterm.c: 3509 in do_ansi()
    3503 seq->param_int[0] = cterm->width - j;
    3504 MOVETEXT(col, row, max_col - seq->param_int[0], row, col + seq->param_int[0], row);
    3505 for(l=0; l < seq->param_int[0]; l++)
    3506 PUTCH(' ');
    3507 cterm_gotoxy(cterm, i, j);
    3508 break;
    CID 462295: Control flow issues (MISSING_BREAK)
    The case for value "'A'" is not terminated by a "break" statement.
    3509 case 'A': /* Cursor Up */
    3510 clear_lcf(cterm);
    3511 case 'k': /* Line Position Backward */
    3512 seq_default(seq, 0, 1);
    3513 if (seq->param_int[0] < 1)
    3514 break;

    ** CID 462294: Integer handling issues (NEGATIVE_RETURNS)


    ________________________________________________________________________________________________________
    *** CID 462294: Integer handling issues (NEGATIVE_RETURNS)
    /netmail.cpp: 1038 in sbbs_t::inetmail(const char *, const char *, int, smb_t *, smbmsg_t *, char **)()
    1032 if(remsg != NULL && resmb != NULL && !(mode&WM_QUOTE)) {
    1033 if(quotemsg(resmb, remsg, /* include tails: */true)) 1034 mode |= WM_QUOTE;
    1035 }
    1036
    1037 SAFEPRINTF(msgpath,"%snetmail.msg",cfg.node_dir);
    CID 462294: Integer handling issues (NEGATIVE_RETURNS)
    A negative constant "-1" is passed as an argument to a parameter that cannot be negative.
    1038 if(!writemsg(msgpath,nulstr,title,WM_NETMAIL|mode,INVALID_SUB, to_list, /* from: */your_addr, &editor, &charset)) {
    1039 strListFree(&rcpt_list);
    1040 bputs(text[Aborted]);
    1041 return(false);
    1042 }
    1043

    ** CID 462293: Integer handling issues (NEGATIVE_RETURNS)


    ________________________________________________________________________________________________________
    *** CID 462293: Integer handling issues (NEGATIVE_RETURNS)
    /netmail.cpp: 200 in sbbs_t::netmail(const char *, const char *, int, smb_t *, smbmsg_t *, char **)()
    194 if(remsg != NULL && resmb != NULL && !(mode&WM_QUOTE)) {
    195 if(quotemsg(resmb, remsg, /* include tails: */true)) 196 mode |= WM_QUOTE;
    197 }
    198
    199 msg_tmp_fname(useron.xedit, msgpath, sizeof(msgpath));
    CID 462293: Integer handling issues (NEGATIVE_RETURNS)
    A negative constant "-1" is passed as an argument to a parameter that cannot be negative.
    200 if(!writemsg(msgpath,nulstr,subj,WM_NETMAIL|mode,INVALID_SUB, to, from, &editor, &charset)) {
    201 bputs(text[Aborted]);
    202 return(false);
    203 }
    204
    205 if(mode&WM_FILE) {

    ** CID 462292: (NULL_RETURNS)
    /execmisc.cpp: 526 in sbbs_t::exec_misc(csi_t *, const char *)()
    /execmisc.cpp: 526 in sbbs_t::exec_misc(csi_t *, const char *)()


    ________________________________________________________________________________________________________
    *** CID 462292: (NULL_RETURNS)
    /execmisc.cpp: 526 in sbbs_t::exec_misc(csi_t *, const char *)()
    520 if(*pp1!=csi->str && (!*pp1 || i==MAX_SYSVARS)) {
    521 if(*pp1)
    522 *pp1=(char *)realloc(*pp1,strlen(*pp1)+strlen(*pp2)+1);
    523 else
    524 *pp1=(char *)realloc(*pp1,strlen(*pp2)+1);
    525 }
    CID 462292: (NULL_RETURNS)
    Dereferencing a pointer that might be "nullptr" "*pp1" when calling "strcat". [Note: The source code implementation of the function has been overridden by a builtin model.]
    526 strcat(*pp1,*pp2);
    527 return(0);
    528 case FORMAT_STR_VAR:
    529 pp=getstrvar(csi,*(int32_t *)csi->ip);
    530 csi->ip+=4; /* Skip variable name */
    531 p=format_string(this, csi); /execmisc.cpp: 526 in sbbs_t::exec_misc(csi_t *, const char *)()
    520 if(*pp1!=csi->str && (!*pp1 || i==MAX_SYSVARS)) {
    521 if(*pp1)
    522 *pp1=(char *)realloc(*pp1,strlen(*pp1)+strlen(*pp2)+1);
    523 else
    524 *pp1=(char *)realloc(*pp1,strlen(*pp2)+1);
    525 }
    CID 462292: (NULL_RETURNS)
    Dereferencing a pointer that might be "nullptr" "*pp1" when calling "strcat". [Note: The source code implementation of the function has been overridden by a builtin model.]
    526 strcat(*pp1,*pp2);
    527 return(0);
    528 case FORMAT_STR_VAR:
    529 pp=getstrvar(csi,*(int32_t *)csi->ip);
    530 csi->ip+=4; /* Skip variable name */
    531 p=format_string(this, csi);

    ** CID 462291: Control flow issues (MISSING_BREAK) /tmp/sbbs-Jun-09-2023/src/conio/cterm.c: 3517 in do_ansi()


    ________________________________________________________________________________________________________
    *** CID 462291: Control flow issues (MISSING_BREAK) /tmp/sbbs-Jun-09-2023/src/conio/cterm.c: 3517 in do_ansi()
    3511 case 'k': /* Line Position Backward */
    3512 seq_default(seq, 0, 1);
    3513 if (seq->param_int[0] < 1)
    3514 break; 3515 adjust_currpos(cterm, 0, 0 - seq->param_int[0], 0);
    3516 break;
    CID 462291: Control flow issues (MISSING_BREAK)
    The case for value "'B'" is not terminated by a "break" statement.
    3517 case 'B': /* Cursor Down */
    3518 clear_lcf(cterm);
    3519 case 'e': /* Line Position Forward */
    3520 seq_default(seq, 0, 1);
    3521 if (seq->param_int[0] < 1)
    3522 break;

    ** CID 462290: Integer handling issues (NEGATIVE_RETURNS)


    ________________________________________________________________________________________________________
    *** CID 462290: Integer handling issues (NEGATIVE_RETURNS)
    /netmail.cpp: 1316 in sbbs_t::qnetmail(const char *, const char *, int, smb_t *, smbmsg_t *)()
    1310 if(remsg != NULL && resmb != NULL && !(mode&WM_QUOTE)) {
    1311 if(quotemsg(resmb, remsg, /* include tails: */true)) 1312 mode |= WM_QUOTE;
    1313 }
    1314
    1315 SAFEPRINTF(msgpath,"%snetmail.msg",cfg.node_dir);
    CID 462290: Integer handling issues (NEGATIVE_RETURNS)
    A negative constant "-1" is passed as an argument to a parameter that cannot be negative.
    1316 if(!writemsg(msgpath,nulstr,title, (mode|WM_QWKNET|WM_NETMAIL) ,INVALID_SUB,to,/* from: */useron.alias, &editor, &charset)) {
    1317 bputs(text[Aborted]);
    1318 return(false);
    1319 }
    1320
    1321 if((i=smb_stack(&smb,SMB_STACK_PUSH))!=SMB_SUCCESS) {

    ** CID 462289: Integer handling issues (NEGATIVE_RETURNS)


    ________________________________________________________________________________________________________
    *** CID 462289: Integer handling issues (NEGATIVE_RETURNS)
    /bulkmail.cpp: 53 in sbbs_t::bulkmail(unsigned char *)()
    47 && !noyes(text[AnonymousQ])) {
    48 msg.hdr.attr|=MSG_ANONYMOUS;
    49 wm_mode|=WM_ANON;
    50 }
    51
    52 msg_tmp_fname(useron.xedit, msgpath, sizeof(msgpath));
    CID 462289: Integer handling issues (NEGATIVE_RETURNS)
    A negative constant "-1" is passed as an argument to a parameter that cannot be negative.
    53 if(!writemsg(msgpath,nulstr,title,wm_mode,INVALID_SUB,"Bulk Mailing"
    54 ,/* From: */useron.alias
    55 ,&editor
    56 ,&charset)) {
    57 bputs(text[Aborted]);
    58 return(false);

    ** CID 462288: High impact quality (Y2K38_SAFETY)
    /upload.cpp: 351 in sbbs_t::upload(int)()


    ________________________________________________________________________________________________________
    *** CID 462288: High impact quality (Y2K38_SAFETY)
    /upload.cpp: 351 in sbbs_t::upload(int)()
    345 SAFEPRINTF(descbeg,text[Rated],toupper(ch));
    346 }
    347 if(cfg.dir[dirnum]->misc&DIR_ULDATE) {
    348 now=time(NULL);
    349 if(descbeg[0])
    350 strcat(descbeg," ");
    CID 462288: High impact quality (Y2K38_SAFETY)
    A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "this->now" is cast to "time32_t".
    351 SAFEPRINTF(str,"%s ",unixtodstr(&cfg,(time32_t)now,tmp));
    352 strcat(descbeg,str);
    353 }
    354 if(cfg.dir[dirnum]->misc&DIR_MULT) {
    355 sync();
    356 if(!noyes(text[MultipleDiskQ])) {

    ** CID 462287: Insecure data handling (TAINTED_SCALAR)


    ________________________________________________________________________________________________________
    *** CID 462287: Insecure data handling (TAINTED_SCALAR)
    /writemsg.cpp: 762 in sbbs_t::writemsg(const char *, const char *, char *, int, int, const char *, const char *, const char **, const char **)()
    756 while(!feof(tag)) {
    757 if(!fgets(str,sizeof(str),tag)) 758 break;
    759 truncsp(str);
    760 if(utf8) {
    761 char buf[sizeof(str)*4];
    CID 462287: Insecure data handling (TAINTED_SCALAR)
    Passing tainted expression "str" to "cp437_to_utf8_str", which uses it as an offset.
    762 cp437_to_utf8_str(str, buf, sizeof(buf) - 1, /* minval: */'\x02');
    763 l+=fprintf(stream,"%s\r\n", buf);
    764 } else
    765 l+=fprintf(stream,"%s\r\n",str);
    766 lines++; /* line counter */
    767 }


    ________________________________________________________________________________________________________
    To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yp-2FP9gGRhvFklLaQKuBylUrkMFB3WMR2p7qIYKYTZrh4BbWTBf-2B-2Fi5ZUVF-2Fo-2B6flxo-3DtLKg_g4j7BHlu96plUOfCQsO0yRjoWZCZl8YGnZ-2FUtT39hrAqovISQpoxJCpfGf5WxBSwicKqoI1-2FF-2FaRmTPl-2BdVuGdSUZJZL-2FtmrL2VG6EaSuRynvnKTam4RxYwMKuXCyGzW07U-2FihjT83mqDNq6SOIYF1Sr-2FPyTE6vlrslg0L6d5zkvnLZ7buAIgjMdQW0NPYYLOxV54tcIwBqmxUNrcgSYSA-3D-3D



    ---
    Synchronet Vertrauen Home of Synchronet [vert/cvs/bbs].synchro.net
  • From scan-admin@coverity.com@VERT to cov-scan@synchro.net on Fri Jul 21 12:39:32 2023
    Hi,

    Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

    1 new defect(s) introduced to Synchronet found with Coverity Scan.


    New defect(s) Reported-by: Coverity Scan
    Showing 1 of 1 defect(s)


    ** CID 462777: Error handling issues (CHECKED_RETURN)
    /sbbsecho.c: 1796 in alter_areas()


    ________________________________________________________________________________________________________
    *** CID 462777: Error handling issues (CHECKED_RETURN)
    /sbbsecho.c: 1796 in alter_areas()
    1790 chmod(outpath, st.st_mode);
    1791 if(cfg.areafile_backups == 0 || !backup(cfg.areafile, cfg.areafile_backups, /* ren: */TRUE))
    1792 delfile(cfg.areafile, __LINE__); /* Delete AREAS.BBS */
    1793 if(rename(outpath,cfg.areafile)) /* Rename new AREAS.BBS file */
    1794 lprintf(LOG_ERR,"ERROR line %d renaming %s to %s",__LINE__,outpath,cfg.areafile);
    1795 }
    CID 462777: Error handling issues (CHECKED_RETURN)
    Calling "remove(outpath)" without checking return value. This library function may fail and return an error code.
    1796 remove(outpath); // expected to fail (file does not exist) much of the time
    1797 }
    1798
    1799 bool add_sub_to_arealist(sub_t* sub, fidoaddr_t uplink)
    1800 {
    1801 FILE* fp = NULL;


    ________________________________________________________________________________________________________
    To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yp-2FP9gGRhvFklLaQKuBylUrkMFB3WMR2p7qIYKYTZrh4BbWTBf-2B-2Fi5ZUVF-2Fo-2B6flxo-3D9Jsa_g4j7BHlu96plUOfCQsO0yRjoWZCZl8YGnZ-2FUtT39hrBb4277PBgEvmZlC-2F75f6Wn0OW7OlFk2c1B-2BHtshOYvFkBSQP9EqEdk2ezaBaEw-2BucLGwfFouHIfPe-2Fyudqe7-2BvtImpG7nG3GNHNovDhmEdP7PSdTfD3wACCQeKNpizxWyAzNP4xAGsoa5IGtqS3OShzACd7MFIxkk2Y7iSTOvrLw-3D-3D



    ---
    Synchronet Vertrauen Home of Synchronet [vert/cvs/bbs].synchro.net
  • From scan-admin@coverity.com@VERT to cov-scan@synchro.net on Wed Sep 6 12:42:06 2023
    Hi,

    Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

    2 new defect(s) introduced to Synchronet found with Coverity Scan.
    2 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

    New defect(s) Reported-by: Coverity Scan
    Showing 2 of 2 defect(s)


    ** CID 465170: Resource leaks (RESOURCE_LEAK)
    /scfg/scfg.c: 2447 in new_item()


    ________________________________________________________________________________________________________
    *** CID 465170: Resource leaks (RESOURCE_LEAK)
    /scfg/scfg.c: 2447 in new_item()
    2441 void** p;
    2442 void* item;
    2443
    2444 if((item = calloc(size, 1)) == NULL)
    2445 return NULL;
    2446 if((p = realloc(list, size * ((*total) + 1))) == NULL)
    CID 465170: Resource leaks (RESOURCE_LEAK)
    Variable "item" going out of scope leaks the storage it points to.
    2447 return NULL;
    2448 list = p;
    2449 for(int i = *total; i > index; --i)
    2450 list[i] = list[i - 1];
    2451 list[index] = item;
    2452 ++(*total);

    ** CID 465169: (SIZEOF_MISMATCH)
    /scfg/scfgxfr1.c: 544 in xfer_opts()
    /scfg/scfgxfr1.c: 698 in xfer_opts()
    /scfg/scfgxfr1.c: 1124 in xfer_opts()
    /scfg/scfgxfr1.c: 844 in xfer_opts()
    /scfg/scfgxfr1.c: 412 in xfer_opts()
    /scfg/scfgxfr1.c: 982 in xfer_opts()


    ________________________________________________________________________________________________________
    *** CID 465169: (SIZEOF_MISMATCH)
    /scfg/scfgxfr1.c: 544 in xfer_opts()
    538 }
    539 if(msk == MSK_COPY) {
    540 savftest=*cfg.ftest[i]; 541 continue;
    542 }
    543 if(msk == MSK_PASTE) {
    CID 465169: (SIZEOF_MISMATCH)
    Passing argument "240UL /* sizeof (ftest_t) */" to function "new_item" and then casting the return value to "ftest_t **" is suspicious.
    544 if((cfg.ftest = (ftest_t**)new_item(cfg.ftest, sizeof(ftest_t), i, &cfg.total_ftests)) == NULL) {
    545 errormsg(WHERE, ERR_ALLOC, "ftests", sizeof(ftest_t) * (cfg.total_ftests + 1));
    546 cfg.total_ftests = 0;
    547 bail(1);
    548 }
    549 *cfg.ftest[i]=savftest; /scfg/scfgxfr1.c: 698 in xfer_opts()
    692 }
    693 if(msk == MSK_COPY) {
    694 savdlevent=*cfg.dlevent[i];
    695 continue;
    696 }
    697 if(msk == MSK_PASTE) {
    CID 465169: (SIZEOF_MISMATCH)
    Passing argument "240UL /* sizeof (dlevent_t) */" to function "new_item" and then casting the return value to "dlevent_t **" is suspicious.
    698 if((cfg.dlevent = (dlevent_t**)new_item(cfg.dlevent, sizeof(dlevent_t), i, &cfg.total_dlevents)) == NULL) {
    699 errormsg(WHERE, ERR_ALLOC, "dlevents", sizeof(dlevent_t) * (cfg.total_dlevents + 1));
    700 cfg.total_dlevents = 0;
    701 bail(1);
    702 }
    703 *cfg.dlevent[i]=savdlevent;
    /scfg/scfgxfr1.c: 1124 in xfer_opts()
    1118 }
    1119 if(msk == MSK_COPY) {
    1120 savprot=*cfg.prot[i]; 1121 continue;
    1122 }
    1123 if(msk == MSK_PASTE) {
    CID 465169: (SIZEOF_MISMATCH)
    Passing argument "720UL /* sizeof (prot_t) */" to function "new_item" and then casting the return value to "prot_t **" is suspicious.
    1124 if((cfg.prot = (prot_t**)new_item(cfg.prot, sizeof(prot_t), i, &cfg.total_prots)) == NULL) {
    1125 errormsg(WHERE, ERR_ALLOC, "prots", sizeof(prot_t) * (cfg.total_prots + 1));
    1126 cfg.total_prots=0;
    1127 bail(1);
    1128 }
    1129 *cfg.prot[i]=savprot; /scfg/scfgxfr1.c: 844 in xfer_opts()
    838 }
    839 if(msk == MSK_COPY) {
    840 savfextr=*cfg.fextr[i]; 841 continue;
    842 }
    843 if(msk == MSK_PASTE) {
    CID 465169: (SIZEOF_MISMATCH)
    Passing argument "199UL /* sizeof (fextr_t) */" to function "new_item" and then casting the return value to "fextr_t **" is suspicious.
    844 if((cfg.fextr = (fextr_t**)new_item(cfg.fextr, sizeof(fextr_t), i, &cfg.total_fextrs)) == NULL) {
    845 errormsg(WHERE, ERR_ALLOC, "fextrs", sizeof(fextr_t) * (cfg.total_fextrs + 1));
    846 cfg.total_fextrs = 0;
    847 bail(1);
    848 }
    849 *cfg.fextr[i]=savfextr; /scfg/scfgxfr1.c: 412 in xfer_opts()
    406 }
    407 if(msk == MSK_COPY) {
    408 savfview=*cfg.fview[i]; 409 continue;
    410 }
    411 if(msk == MSK_PASTE) {
    CID 465169: (SIZEOF_MISMATCH)
    Passing argument "199UL /* sizeof (fview_t) */" to function "new_item" and then casting the return value to "fview_t **" is suspicious.
    412 if((cfg.fview = (fview_t**)new_item(cfg.fview, sizeof(fview_t), i, &cfg.total_fviews)) == NULL) {
    413 errormsg(WHERE, ERR_ALLOC, "fviews", sizeof(fview_t) * (cfg.total_fviews + 1));
    414 cfg.total_fviews = 0;
    415 bail(1);
    416 }
    417 *cfg.fview[i]=savfview; /scfg/scfgxfr1.c: 982 in xfer_opts()
    976 }
    977 if(msk == MSK_COPY) {
    978 savfcomp=*cfg.fcomp[i]; 979 continue;
    980 }
    981 if(msk == MSK_PASTE) {
    CID 465169: (SIZEOF_MISMATCH)
    Passing argument "199UL /* sizeof (fcomp_t) */" to function "new_item" and then casting the return value to "fcomp_t **" is suspicious.
    982 if((cfg.fcomp = (fcomp_t**)new_item(cfg.fcomp, sizeof(fcomp_t), i, &cfg.total_fcomps)) == NULL) {
    983 errormsg(WHERE, ERR_ALLOC, "fcomps", sizeof(fcomp_t) * (cfg.total_fcomps + 1));
    984 cfg.total_fcomps = 0;
    985 bail(1);
    986 }
    987 *cfg.fcomp[i]=savfcomp;


    ________________________________________________________________________________________________________
    To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yp-2FP9gGRhvFklLaQKuBylUrkMFB3WMR2p7qIYKYTZrh4BbWTBf-2B-2Fi5ZUVF-2Fo-2B6flxo-3D5wZ8_g4j7BHlu96plUOfCQsO0yRjoWZCZl8YGnZ-2FUtT39hrCnsQIL3fFmuqL7faauDZIkRsjaF7SdWuX9-2F6F0cLhQPK2eigoJW5CI-2BTBbzcwuB-2Fnb9gU96N518jXtyrLldNWW25I5ASjWizI9KxhCsvWXL8lcGsg-2BB04X9jrEFEkrP4hbjq1CPbLr3dEPsMh2-2BJD6OG7PFXOCZ8vIf02fm0mzeA-3D-3D



    ---
    Synchronet Vertrauen Home of Synchronet [vert/cvs/bbs].synchro.net
  • From scan-admin@coverity.com@VERT to cov-scan@synchro.net on Tue Sep 26 12:41:14 2023
    Hi,

    Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

    1 new defect(s) introduced to Synchronet found with Coverity Scan.
    3 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

    New defect(s) Reported-by: Coverity Scan
    Showing 1 of 1 defect(s)


    ** CID 465835: High impact quality (Y2K38_SAFETY)
    /atcodes.cpp: 1344 in sbbs_t::atcode(const char *, char *, unsigned long, int *, bool, JSObject *)()


    ________________________________________________________________________________________________________
    *** CID 465835: High impact quality (Y2K38_SAFETY)
    /atcodes.cpp: 1344 in sbbs_t::atcode(const char *, char *, unsigned long, int *, bool, JSObject *)()
    1338 f = (float)useron.dls / useron.uls;
    1339 safe_snprintf(str, maxlen, "%u", f ? (uint)(100 / f) : 0);
    1340 return str;
    1341 }
    1342
    1343 if(!strcmp(sp,"LASTNEW"))
    CID 465835: High impact quality (Y2K38_SAFETY)
    A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "this->ns_time" is cast to "time32_t".
    1344 return(unixtodstr(&cfg,(time32_t)ns_time,str));
    1345
    1346 if(strncmp(sp, "LASTNEW:", 8) == 0) {
    1347 SAFECOPY(tmp, sp + 8);
    1348 c_unescape_str(tmp);
    1349 memset(&tm, 0, sizeof(tm));


    ________________________________________________________________________________________________________
    To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yp-2FP9gGRhvFklLaQKuBylUrkMFB3WMR2p7qIYKYTZrh4BbWTBf-2B-2Fi5ZUVF-2Fo-2B6flxo-3DUPeu_g4j7BHlu96plUOfCQsO0yRjoWZCZl8YGnZ-2FUtT39hrC3rkJOOdMBm7nMBMgGcmpBP39czlPogoepUuUAf0jPqohwQMNy1ulVEkqUkOGShQTw40WBv406LhOm367tfkxK7FUNIoQlZBuwZ1omfunbNxXxVCmVw8GO3npVkZ3YxshRBZDZsP1O5VMLZ6DNCGvJ679Mp4a2XGGuVrVV7McBrQ-3D-3D



    ---
    Synchronet Vertrauen Home of Synchronet [vert/cvs/bbs].synchro.net
  • From scan-admin@coverity.com@VERT to cov-scan@synchro.net on Wed Nov 22 13:38:53 2023
    Hi,

    Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

    39 new defect(s) introduced to Synchronet found with Coverity Scan.
    12 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

    New defect(s) Reported-by: Coverity Scan
    Showing 20 of 39 defect(s)


    ** CID 469141: Data race undermines locking (LOCK_EVASION)
    /answer.cpp: 450 in sbbs_t::answer()()


    ________________________________________________________________________________________________________
    *** CID 469141: Data race undermines locking (LOCK_EVASION)
    /answer.cpp: 450 in sbbs_t::answer()()
    444 if(telnet_cols >= TERM_COLS_MIN && telnet_cols <= TERM_COLS_MAX)
    445 cols = telnet_cols;
    446 if(telnet_rows >= TERM_ROWS_MIN && telnet_rows <= TERM_ROWS_MAX)
    447 rows = telnet_rows;
    448 } else {
    449 lprintf(LOG_NOTICE, "no Telnet commands received, reverting to Raw TCP mode");
    CID 469141: Data race undermines locking (LOCK_EVASION)
    Thread1 sets "telnet_mode" to a new value. Now the two threads have an inconsistent view of "telnet_mode" and updates to fields correlated with "telnet_mode" may be lost.
    450 telnet_mode |= TELNET_MODE_OFF;
    451 client.protocol = "Raw";
    452 client_on(client_socket, &client,/* update: */true);
    453 SAFECOPY(connection, client.protocol);
    454 node_connection = NODE_CONNECTION_RAW;
    455 }

    ** CID 469140: Error handling issues (CHECKED_RETURN)
    /mqtt.c: 521 in mqtt_message_received()


    ________________________________________________________________________________________________________
    *** CID 469140: Error handling issues (CHECKED_RETURN)
    /mqtt.c: 521 in mqtt_message_received()
    515 if(bbs_startup->node_inbuf != NULL && bbs_startup->node_inbuf[i - 1] != NULL)
    516 RingBufWrite(bbs_startup->node_inbuf[i - 1], msg->payload, msg->payloadlen);
    517 return;
    518 }
    519 for(int i = bbs_startup->first_node; i <= bbs_startup->last_node; i++) {
    520 if(strcmp(msg->topic, mqtt_topic(mqtt, TOPIC_BBS, topic, sizeof(topic), "node/%d/msg", i)) == 0) {
    CID 469140: Error handling issues (CHECKED_RETURN)
    Calling "putnmsg" without checking return value (as is done elsewhere 4 out of 5 times).
    521 putnmsg(mqtt->cfg, i, msg->payload); 522 return;
    523 }
    524 if(strcmp(msg->topic, mqtt_topic(mqtt, TOPIC_BBS, topic, sizeof(topic), "node/%d/set/status", i)) == 0) {
    525 set_node_status(mqtt->cfg, i, mqtt_message_value(msg, 0));
    526 return;

    ** CID 469139: Resource leaks (RESOURCE_LEAK) /tmp/sbbs-Nov-22-2023/3rdp/src/mozjs/js-1.8.5/js/src/jscntxt.h: 1376 in JSRuntime::realloc(void *, unsigned long, unsigned long, JSContext *)()


    ________________________________________________________________________________________________________
    *** CID 469139: Resource leaks (RESOURCE_LEAK) /tmp/sbbs-Nov-22-2023/3rdp/src/mozjs/js-1.8.5/js/src/jscntxt.h: 1376 in JSRuntime::realloc(void *, unsigned long, unsigned long, JSContext *)()
    1370 }
    1371
    1372 void* realloc(void* p, size_t oldBytes, size_t newBytes, JSContext *cx = NULL) {
    1373 JS_ASSERT(oldBytes < newBytes);
    1374 updateMallocCounter(newBytes - oldBytes);
    1375 void *p2 = ::js_realloc(p, newBytes);
    CID 469139: Resource leaks (RESOURCE_LEAK)
    Failing to save or free storage allocated by "this->onOutOfMemory(p, newBytes, cx)" leaks it.
    1376 return JS_LIKELY(!!p2) ? p2 : onOutOfMemory(p, newBytes, cx); 1377 }
    1378
    1379 void* realloc(void* p, size_t bytes, JSContext *cx = NULL) {
    1380 /*
    1381 * For compatibility we do not account for realloc that increases

    ** CID 469138: Uninitialized variables (UNINIT)
    /getkey.cpp: 354 in sbbs_t::getkeys(const char *, unsigned int, int)()


    ________________________________________________________________________________________________________
    *** CID 469138: Uninitialized variables (UNINIT)
    /getkey.cpp: 354 in sbbs_t::getkeys(const char *, unsigned int, int)()
    348 attr(LIGHTGRAY);
    349 CRLF;
    350 }
    351 lncntr=0;
    352 return(-1);
    353 }
    CID 469138: Uninitialized variables (UNINIT)
    Using uninitialized value "*str" when calling "strchr". [Note: The source code implementation of the function has been overridden by a builtin model.]
    354 if(ch && !n && ((keys == NULL && !IS_DIGIT(ch)) || (strchr(str,ch)))) { /* return character if in string */
    355 if(ch > ' ') {
    356 if(!(mode&K_NOECHO))
    357 outchar(ch);
    358 if(useron.misc&COLDKEYS) {
    359 while(online && !(sys_status&SS_ABORT)) {

    ** CID 469137: Concurrent data access violations (MISSING_LOCK) /tmp/sbbs-Nov-22-2023/3rdp/src/mozjs/js-1.8.5/js/src/ctypes/libffi/src/dlmalloc.c: 3549 in sys_alloc()


    ________________________________________________________________________________________________________
    *** CID 469137: Concurrent data access violations (MISSING_LOCK) /tmp/sbbs-Nov-22-2023/3rdp/src/mozjs/js-1.8.5/js/src/ctypes/libffi/src/dlmalloc.c: 3549 in sys_alloc()
    3543 m->max_footprint = m->footprint;
    3544
    3545 if (!is_initialized(m)) { /* first-time initialization */
    3546 m->seg.base = m->least_addr = tbase;
    3547 m->seg.size = tsize;
    3548 set_segment_flags(&m->seg, mmap_flag);
    CID 469137: Concurrent data access violations (MISSING_LOCK)
    Accessing "mparams.magic" without holding lock "magic_init_mutex". Elsewhere, "malloc_params.magic" is written to with "magic_init_mutex" held 1 out of 1 times.
    3549 m->magic = mparams.magic;
    3550 init_bins(m);
    3551 if (is_global(m))
    3552 init_top(m, (mchunkptr)tbase, tsize - TOP_FOOT_SIZE);
    3553 else {
    3554 /* Offset top by embedded malloc_state */

    ** CID 469136: Program hangs (LOCK)
    /js_console.cpp: 2175 in js_lock_input(JSContext *, unsigned int, unsigned long *)()


    ________________________________________________________________________________________________________
    *** CID 469136: Program hangs (LOCK)
    /js_console.cpp: 2175 in js_lock_input(JSContext *, unsigned int, unsigned long *)()
    2169 pthread_mutex_lock(&sbbs->input_thread_mutex);
    2170 } else {
    2171 pthread_mutex_unlock(&sbbs->input_thread_mutex);
    2172 }
    2173 JS_RESUMEREQUEST(cx, rc);
    2174
    CID 469136: Program hangs (LOCK)
    Returning without unlocking "sbbs->input_thread_mutex".
    2175 return(JS_TRUE);
    2176 }
    2177
    2178 static JSBool
    2179 js_telnet_cmd(JSContext *cx, uintN argc, jsval *arglist)
    2180 {

    ** CID 469135: Concurrent data access violations (MISSING_LOCK)
    /js_rtpool.c: 35 in jsrt_GetNew()


    ________________________________________________________________________________________________________
    *** CID 469135: Concurrent data access violations (MISSING_LOCK) /js_rtpool.c: 35 in jsrt_GetNew()
    29 {
    30 JSRuntime *ret;
    31
    32 if(!initialized) {
    33 initialized=TRUE;
    34 pthread_mutex_init(&jsrt_mutex, NULL);
    CID 469135: Concurrent data access violations (MISSING_LOCK)
    Accessing "rt_list" without holding lock "jsrt_mutex". Elsewhere, "rt_list" is written to with "jsrt_mutex" held 4 out of 5 times.
    35 listInit(&rt_list, 0);
    36 _beginthread(trigger_thread, TRIGGER_THREAD_STACK_SIZE, NULL); 37 }
    38 pthread_mutex_lock(&jsrt_mutex);
    39 ret=JS_NewRuntime(maxbytes);
    40 listPushNode(&rt_list, ret);

    ** CID 469134: Program hangs (LOCK)
    /writemsg.cpp: 1274 in sbbs_t::editfile(char *, unsigned int)()


    ________________________________________________________________________________________________________
    *** CID 469134: Program hangs (LOCK)
    /writemsg.cpp: 1274 in sbbs_t::editfile(char *, unsigned int)()
    1268 if(cfg.xedit[useron_xedit-1]->misc&WWIVCOLOR) 1269 mode|=EX_WWIV;
    1270 }
    1271 CLS;
    1272 rioctl(IOCM|PAUSE|ABORT);
    1273 if(external(cmdstr(cfg.xedit[useron_xedit-1]->rcmd,msgtmp,nulstr,NULL,mode), mode, cfg.node_dir)!=0)
    CID 469134: Program hangs (LOCK)
    Returning without unlocking "this->input_thread_mutex".
    1274 return false;
    1275 l=process_edited_file(msgtmp, path, /* mode: */WM_EDIT, &lines,maxlines);
    1276 if(l>0) {
    1277 SAFEPRINTF3(str,"created or edited file: %s (%ld bytes, %u lines)"
    1278 ,path, l, lines);
    1279 logline(LOG_NOTICE,nulstr,str);

    ** CID 469133: Memory - corruptions (OVERRUN)


    ________________________________________________________________________________________________________
    *** CID 469133: Memory - corruptions (OVERRUN) /tmp/sbbs-Nov-22-2023/3rdp/src/mozjs/js-1.8.5/js/src/jsobjinlines.h: 952 in js::NewNativeClassInstance(JSContext *, js::Class *, JSObject *, JSObject *)()
    946 }
    947
    948 static inline JSObject *
    949 NewNativeClassInstance(JSContext *cx, Class *clasp, JSObject *proto, JSObject *parent)
    950 {
    951 gc::FinalizeKind kind = gc::GetGCObjectKind(JSCLASS_RESERVED_SLOTS(clasp));
    CID 469133: Memory - corruptions (OVERRUN)
    Overrunning callee's array of size 11 by passing argument "kind" (which evaluates to 11) in call to "NewNativeClassInstance".
    952 return NewNativeClassInstance(cx, clasp, proto, parent, kind);
    953 }
    954
    955 bool
    956 FindClassPrototype(JSContext *cx, JSObject *scope, JSProtoKey protoKey, JSObject **protop,
    957 Class *clasp);

    ** CID 469132: Concurrent data access violations (MISSING_LOCK) /tmp/sbbs-Nov-22-2023/src/conio/sdl_con.c: 692 in sdl_add_key()


    ________________________________________________________________________________________________________
    *** CID 469132: Concurrent data access violations (MISSING_LOCK) /tmp/sbbs-Nov-22-2023/src/conio/sdl_con.c: 692 in sdl_add_key()
    686 static void sdl_add_key(unsigned int keyval, struct video_stats *vs) 687 {
    688 if(keyval==0xa600 && vs != NULL) {
    689 fullscreen=!fullscreen;
    690 cio_api.mode=fullscreen?CIOLIB_MODE_SDL_FULLSCREEN:CIOLIB_MODE_SDL;
    691 update_cvstat(vs);
    CID 469132: Concurrent data access violations (MISSING_LOCK)
    Accessing "win" without holding lock "win_mutex". Elsewhere, "win" is written to with "win_mutex" held 1 out of 1 times.
    692 sdl.SetWindowFullscreen(win, fullscreen ? SDL_WINDOW_FULLSCREEN_DESKTOP : 0);
    693 if (!fullscreen) {
    694 int w, h;
    695
    696 // Get current window size
    697 sdl.GetWindowSize(win, &w, &h);

    ** CID 469131: Concurrent data access violations (MISSING_LOCK)
    /exec.cpp: 848 in sbbs_t::skipto(csi_t *, unsigned char)()


    ________________________________________________________________________________________________________
    *** CID 469131: Concurrent data access violations (MISSING_LOCK)
    /exec.cpp: 848 in sbbs_t::skipto(csi_t *, unsigned char)()
    842 /* Skcsi->ip to a specific instruction */
    843 /****************************************************************************/
    844 void sbbs_t::skipto(csi_t *csi, uchar inst)
    845 {
    846 int i,j;
    847
    CID 469131: Concurrent data access violations (MISSING_LOCK)
    Accessing "csi->cs" without holding lock "sbbs_t.input_thread_mutex". Elsewhere, "csi_t.cs" is written to with "sbbs_t.input_thread_mutex" held 3 out of 3 times.
    848 while(csi->ip<csi->cs+csi->length && ((inst&0x80) || *csi->ip!=inst)) {
    849
    850 if(*csi->ip==CS_IF_TRUE || *csi->ip==CS_IF_FALSE
    851 || (*csi->ip>=CS_IF_GREATER && *csi->ip<=CS_IF_LESS_OR_EQUAL)) {
    852 csi->ip++;
    853 skipto(csi,CS_ENDIF);

    ** CID 469130: Program hangs (LOCK)
    /writemsg.cpp: 628 in sbbs_t::writemsg(const char *, const char *, char *, int, int, const char *, const char *, const char **, const char **)()


    ________________________________________________________________________________________________________
    *** CID 469130: Program hangs (LOCK)
    /writemsg.cpp: 628 in sbbs_t::writemsg(const char *, const char *, char *, int, int, const char *, const char *, const char **, const char **)()
    622 lprintf(LOG_ERR, "ERROR %d (%s) saving draft message: %s", errno, strerror(errno), draft);
    623 }
    624
    625 if(result != EXIT_SUCCESS || !fexistcase(msgtmp) || !online
    626 || (linesquoted && qlen==flength(msgtmp) && qtime==fdate(msgtmp))) {
    627 free(buf);
    CID 469130: Program hangs (LOCK)
    Returning without unlocking "this->input_thread_mutex".
    628 return(false);
    629 }
    630 SAFEPRINTF(str,"%sRESULT.ED",cfg.node_dir);
    631 if(!(mode&(WM_EXTDESC|WM_FILE))
    632 && fexistcase(str)) {
    633 if((fp=fopen(str,"r")) != NULL) {

    ** CID 469129: Data race undermines locking (LOCK_EVASION)
    /main.cpp: 3908 in sbbs_t::hangup()()


    ________________________________________________________________________________________________________
    *** CID 469129: Data race undermines locking (LOCK_EVASION)
    /main.cpp: 3908 in sbbs_t::hangup()()
    3902 if(client_socket!=INVALID_SOCKET) {
    3903 mswait(1000); /* Give socket output buffer time to flush */
    3904 client_off(client_socket);
    3905 if(ssh_mode) {
    3906 pthread_mutex_lock(&ssh_mutex);
    3907 ssh_session_destroy(client_socket, ssh_session, __LINE__);
    CID 469129: Data race undermines locking (LOCK_EVASION)
    Thread1 sets "ssh_mode" to a new value. Now the two threads have an inconsistent view of "ssh_mode" and updates to fields correlated with "ssh_mode" may be lost.
    3908 ssh_mode = false;
    3909 pthread_mutex_unlock(&ssh_mutex);
    3910 }
    3911 close_socket(client_socket);
    3912 client_socket=INVALID_SOCKET;
    3913 }

    ** CID 469128: Code maintainability issues (UNUSED_VALUE)
    /scfg/scfgchat.c: 716 in guru_cfg()


    ________________________________________________________________________________________________________
    *** CID 469128: Code maintainability issues (UNUSED_VALUE)
    /scfg/scfgchat.c: 716 in guru_cfg()
    710 *cfg.guru[i]=savguru;
    711 uifc.changes=1;
    712 continue;
    713 }
    714 if (msk != 0)
    715 continue;
    CID 469128: Code maintainability issues (UNUSED_VALUE)
    Assigning value "0" to "j" here, but that stored value is overwritten before it can be used.
    716 j=0;
    717 done=0;
    718 while(!done) {
    719 k=0;
    720 snprintf(opt[k++],MAX_OPLN,"%-27.27s%s","Guru Name",cfg.guru[i]->name);
    721 snprintf(opt[k++],MAX_OPLN,"%-27.27s%s","Guru Internal Code",cfg.guru[i]->code);

    ** CID 469127: Code maintainability issues (UNUSED_VALUE)
    /scfg/scfgchat.c: 873 in actsets_cfg()


    ________________________________________________________________________________________________________
    *** CID 469127: Code maintainability issues (UNUSED_VALUE)
    /scfg/scfgchat.c: 873 in actsets_cfg()
    867 uifc.changes=1;
    868 continue;
    869 }
    870 if (msk != 0)
    871 continue;
    872
    CID 469127: Code maintainability issues (UNUSED_VALUE)
    Assigning value "0" to "j" here, but that stored value is overwritten before it can be used.
    873 j=0;
    874 done=0;
    875 while(!done) {
    876 k=0;
    877 snprintf(opt[k++],MAX_OPLN,"%-27.27s%s","Action Set Name",cfg.actset[i]->name);
    878 snprintf(opt[k++],MAX_OPLN,"%-27.27s","Configure Chat Actions...");

    ** CID 469126: Data race undermines locking (LOCK_EVASION) /tmp/sbbs-Nov-22-2023/src/conio/sdl_con.c: 1196 in sdl_video_event_thread()


    ________________________________________________________________________________________________________
    *** CID 469126: Data race undermines locking (LOCK_EVASION) /tmp/sbbs-Nov-22-2023/src/conio/sdl_con.c: 1196 in sdl_video_event_thread() 1190 break;
    1191 case SDL_USEREVENT_INIT:
    1192 if(!sdl_init_good) { 1193 if(sdl.WasInit(SDL_INIT_VIDEO)==SDL_INIT_VIDEO) {
    1194 pthread_mutex_lock(&win_mutex);
    1195 _beginthread(sdl_mouse_thread, 0, NULL);
    CID 469126: Data race undermines locking (LOCK_EVASION)
    Thread1 sets "sdl_init_good" to a new value. Now the two threads have an inconsistent view of "sdl_init_good" and updates to fields correlated with "sdl_init_good" may be lost.
    1196 sdl_init_good=1;
    1197 pthread_mutex_unlock(&win_mutex);
    1198 }
    1199 }
    1200 sdl_ufunc_retval=0; 1201 sem_post(&sdl_ufunc_ret);

    ** CID 469125: Program hangs (LOCK)
    /js_console.cpp: 2149 in js_do_lock_input()


    ________________________________________________________________________________________________________
    *** CID 469125: Program hangs (LOCK)
    /js_console.cpp: 2149 in js_do_lock_input()
    2143
    2144 if(lock) {
    2145 pthread_mutex_lock(&sbbs->input_thread_mutex);
    2146 } else {
    2147 pthread_mutex_unlock(&sbbs->input_thread_mutex);
    2148 }
    CID 469125: Program hangs (LOCK)
    Returning without unlocking "sbbs->input_thread_mutex".
    2149 }
    2150
    2151 static JSBool
    2152 js_lock_input(JSContext *cx, uintN argc, jsval *arglist)
    2153 {
    2154 jsval *argv=JS_ARGV(cx, arglist);

    ** CID 469124: Resource leaks (RESOURCE_LEAK) /tmp/sbbs-Nov-22-2023/3rdp/src/mozjs/js-1.8.5/js/src/jscntxt.h: 1387 in JSRuntime::realloc(void *, unsigned long, JSContext *)()


    ________________________________________________________________________________________________________
    *** CID 469124: Resource leaks (RESOURCE_LEAK) /tmp/sbbs-Nov-22-2023/3rdp/src/mozjs/js-1.8.5/js/src/jscntxt.h: 1387 in JSRuntime::realloc(void *, unsigned long, JSContext *)()
    1381 * For compatibility we do not account for realloc that increases
    1382 * previously allocated memory.
    1383 */
    1384 if (!p)
    1385 updateMallocCounter(bytes);
    1386 void *p2 = ::js_realloc(p, bytes);
    CID 469124: Resource leaks (RESOURCE_LEAK)
    Failing to save or free storage allocated by "this->onOutOfMemory(p, bytes, cx)" leaks it.
    1387 return JS_LIKELY(!!p2) ? p2 : onOutOfMemory(p, bytes, cx); 1388 }
    1389
    1390 void free(void* p) { ::js_free(p); }
    1391
    1392 bool isGCMallocLimitReached() const { return gcMallocBytes <= 0; }

    ** CID 469123: Memory - corruptions (USE_AFTER_FREE) /tmp/sbbs-Nov-22-2023/3rdp/src/mozjs/js-1.8.5/js/src/ctypes/libffi/src/dlmalloc.c: 3642 in release_unused_segments()


    ________________________________________________________________________________________________________
    *** CID 469123: Memory - corruptions (USE_AFTER_FREE) /tmp/sbbs-Nov-22-2023/3rdp/src/mozjs/js-1.8.5/js/src/ctypes/libffi/src/dlmalloc.c: 3642 in release_unused_segments()
    3636 m->footprint -= size;
    3637 /* unlink obsoleted record */
    3638 sp = pred;
    3639 sp->next = next;
    3640 }
    3641 else { /* back out if cannot unmap */
    CID 469123: Memory - corruptions (USE_AFTER_FREE)
    Dereferencing freed pointer "tp".
    3642 insert_large_chunk(m, tp, psize);
    3643 }
    3644 }
    3645 }
    3646 pred = sp;
    3647 sp = next;

    ** CID 469122: Concurrent data access violations (MISSING_LOCK) /tmp/sbbs-Nov-22-2023/src/conio/bitmap_con.c: 1945 in bitmap_drv_init()


    ________________________________________________________________________________________________________
    *** CID 469122: Concurrent data access violations (MISSING_LOCK) /tmp/sbbs-Nov-22-2023/src/conio/bitmap_con.c: 1945 in bitmap_drv_init()
    1939 }
    1940 pthread_mutex_unlock(&screenlock);
    1941 pthread_mutex_unlock(&vstatlock);
    1942
    1943 callbacks.drawrect=drawrect_cb;
    1944 callbacks.flush=flush_cb;
    CID 469122: Concurrent data access violations (MISSING_LOCK)
    Accessing "callbacks.rects" without holding lock "bitmap_callbacks.lock". Elsewhere, "bitmap_callbacks.rects" is written to with "bitmap_callbacks.lock" held 2 out of 3 times.
    1945 callbacks.rects = 0;
    1946 bitmap_initialized=1;
    1947 _beginthread(blinker_thread,0,NULL);
    1948
    1949 return(0);
    1950 }


    ________________________________________________________________________________________________________
    To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yp-2FP9gGRhvFklLaQKuBylUrkMFB3WMR2p7qIYKYTZrh4E6fW2ok94RcmG1J20ETIf4-3DezJc_g4j7BHlu96plUOfCQsO0yRjoWZCZl8YGnZ-2FUtT39hrDT3F0wM8qs717Yj7QnFBvYyAUS7vXZd5Pzj9EaE-2FCuUUR9NEokXV0L9QGkQnwKG-2F4JnYcm1wvoWK2grpdczQI6n7wuX-2Bi09RPQD8-2Fo5FYqgA3L383Nxk-2F3tA3xct0exbA8dNWXjcBJFMBco67mM0qFopWSHsWYNweS2rfwVJx4JQ-3D-3D



    ---
    Synchronet Vertrauen Home of Synchronet [vert/cvs/bbs].synchro.net
  • From scan-admin@coverity.com@VERT to cov-scan@synchro.net on Thu Nov 23 13:39:20 2023
    Hi,

    Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

    1 new defect(s) introduced to Synchronet found with Coverity Scan.
    11 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

    New defect(s) Reported-by: Coverity Scan
    Showing 1 of 1 defect(s)


    ** CID 469167: (SLEEP)


    ________________________________________________________________________________________________________
    *** CID 469167: (SLEEP)
    /main.cpp: 2494 in output_thread(void *)()
    2488 */
    2489 size_t sendbytes = buftop-bufbot;
    2490 if (sendbytes > 0x2000)
    2491 sendbytes = 0x2000;
    2492 if(cryptStatusError((err=cryptPushData(sbbs->ssh_session, (char*)buf+bufbot, buftop-bufbot, &i)))) {
    2493 /* Handle the SSH error here... */
    CID 469167: (SLEEP)
    Call to "lprintf" might sleep while holding lock "sbbs->ssh_mutex". 2494 GCESSTR(err, node, sbbs->ssh_session, "pushing data");
    2495 ssh_errors++;
    2496 sbbs->online=FALSE;
    2497 i=buftop-bufbot; // Pretend we sent it all
    2498 }
    2499 else {
    /main.cpp: 2479 in output_thread(void *)()
    2473 }
    2474 if(!sbbs->ssh_mode) {
    2475 pthread_mutex_unlock(&sbbs->ssh_mutex); 2476 continue;
    2477 }
    2478 if (cryptStatusError((err=cryptSetAttribute(sbbs->ssh_session, CRYPT_SESSINFO_SSH_CHANNEL, sbbs->session_channel)))) {
    CID 469167: (SLEEP)
    Call to "lprintf" might sleep while holding lock "sbbs->ssh_mutex". 2479 GCESSTR(err, node, sbbs->ssh_session, "setting channel");
    2480 ssh_errors++;
    2481 sbbs->online=FALSE;
    2482 i=buftop-bufbot; // Pretend we sent it all
    2483 }
    2484 else {


    ________________________________________________________________________________________________________
    To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yp-2FP9gGRhvFklLaQKuBylUrkMFB3WMR2p7qIYKYTZrh4E6fW2ok94RcmG1J20ETIf4-3D5OUN_g4j7BHlu96plUOfCQsO0yRjoWZCZl8YGnZ-2FUtT39hrAWre6lEuRZshFB9v23oRHfb6cJViSmU6jeWo6H6qjr2TD-2FKFU3E7Wk43r5o6gE3xpEUu2LCxXDEO7eIcPPMxFL1Nq6AhOVschJGcr-2Bj9V3IL2-2BV5MIEfM79IRScL2ukizExtyrX8BpZAnSaCd3CJdrnZtJg68NUadTHcpkaQqA0A-3D-3D



    ---
    Synchronet Vertrauen Home of Synchronet [vert/cvs/bbs].synchro.net
  • From scan-admin@coverity.com@VERT to cov-scan@synchro.net on Sat Dec 9 13:46:36 2023
    Hi,

    Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

    5 new defect(s) introduced to Synchronet found with Coverity Scan.
    5 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

    New defect(s) Reported-by: Coverity Scan
    Showing 5 of 5 defect(s)


    ** CID 470390: Program hangs (LOCK)
    /viewfile.cpp: 111 in sbbs_t::viewfile(const char *)()


    ________________________________________________________________________________________________________
    *** CID 470390: Program hangs (LOCK)
    /viewfile.cpp: 111 in sbbs_t::viewfile(const char *)()
    105 if(i >= cfg.total_fviews) {
    106 bprintf(text[NonviewableFile], getfname(path));
    107 return false;
    108 }
    109 if((i=external(cmdstr(viewcmd, path, path, NULL), EX_STDIO|EX_SH))!=0) {
    110 errormsg(WHERE,ERR_EXEC,viewcmd,i); /* must have EX_SH to ^C */
    CID 470390: Program hangs (LOCK)
    Returning without unlocking "this->input_thread_mutex".
    111 return false;
    112 }
    113 return true;
    114 }
    115
    116 /****************************************************************************/

    ** CID 470389: (SLEEP)


    ________________________________________________________________________________________________________
    *** CID 470389: (SLEEP)
    /upload.cpp: 84 in sbbs_t::uploadfile(smbmsg_t *)()
    78 safe_snprintf(str,sizeof(str),"attempted to upload %s to %s %s (%s error code %d)"
    79 ,f->name
    80 ,cfg.lib[cfg.dir[f->dir]->lib]->sname,cfg.dir[f->dir]->sname,cfg.ftest[i]->ext
    81 ,result);
    82 logline(LOG_NOTICE,"U!",str);
    83 bprintf(text[FileHadErrors],f->name,cfg.ftest[i]->ext);
    CID 470389: (SLEEP)
    Call to "yesno" might sleep while holding lock "this->input_thread_mutex".
    84 if(!SYSOP || yesno(text[DeleteFileQ]))
    85 remove(path);
    86 return false;
    87 }
    88 SAFEPRINTF(str,"%ssbbsfile.nam",cfg.node_dir);
    89 if((stream=fopen(str,"r"))!=NULL) {
    /upload.cpp: 76 in sbbs_t::uploadfile(smbmsg_t *)()
    70 if(f->desc != NULL)
    71 fprintf(stream, "%s", f->desc);
    72 fclose(stream);
    73 }
    74 // Note: str (%s) is path/to/sbbsfile.des (used to be the description itself)
    75 int result = external(cmdstr(cfg.ftest[i]->cmd, path, str, NULL), EX_OFFLINE);
    CID 470389: (SLEEP)
    Call to "clearline" might sleep while holding lock "this->input_thread_mutex".
    76 clearline();
    77 if(result != 0) {
    78 safe_snprintf(str,sizeof(str),"attempted to upload %s to %s %s (%s error code %d)"
    79 ,f->name
    80 ,cfg.lib[cfg.dir[f->dir]->lib]->sname,cfg.dir[f->dir]->sname,cfg.ftest[i]->ext
    81 ,result);

    ** CID 470388: Program hangs (SLEEP)


    ________________________________________________________________________________________________________
    *** CID 470388: Program hangs (SLEEP)
    /inkey.cpp: 203 in sbbs_t::handle_ctrlkey(char, int)()
    197 }
    198 js_execfile(cmdstr(cfg.hotkey[i]->cmd+1,nulstr,nulstr,tmp), /* startup_dir: */NULL, /* scope: */js_hotkey_glob, js_hotkey_cx, js_hotkey_glob);
    199 } else
    200 external(cmdstr(cfg.hotkey[i]->cmd,nulstr,nulstr,tmp),0);
    201 if(!(sys_status&SS_SPLITP)) {
    202 CRLF;
    CID 470388: Program hangs (SLEEP)
    Call to "restoreline" might sleep while holding lock "this->input_thread_mutex".
    203 restoreline();
    204 }
    205 lncntr=0;
    206 hotkey_inside &= ~(1<<ch);
    207 return(0);
    208 }

    ** CID 470387: Program hangs (LOCK)
    /chat.cpp: 654 in sbbs_t::sysop_page()()


    ________________________________________________________________________________________________________
    *** CID 470387: Program hangs (LOCK)
    /chat.cpp: 654 in sbbs_t::sysop_page()()
    648 ,sys_status&SS_SYSPAGE ? text[On] : text[Off]);
    649 nosound();
    650 }
    651 if(!(sys_status&SS_SYSPAGE))
    652 remove(syspage_semfile);
    653
    CID 470387: Program hangs (LOCK)
    Returning without unlocking "this->input_thread_mutex".
    654 return(true);
    655 }
    656
    657 bprintf(text[SysopIsNotAvailable],cfg.sys_op);
    658
    659 return(false);

    ** CID 470386: Program hangs (LOCK)
    /upload.cpp: 86 in sbbs_t::uploadfile(smbmsg_t *)()


    ________________________________________________________________________________________________________
    *** CID 470386: Program hangs (LOCK)
    /upload.cpp: 86 in sbbs_t::uploadfile(smbmsg_t *)()
    80 ,cfg.lib[cfg.dir[f->dir]->lib]->sname,cfg.dir[f->dir]->sname,cfg.ftest[i]->ext
    81 ,result);
    82 logline(LOG_NOTICE,"U!",str);
    83 bprintf(text[FileHadErrors],f->name,cfg.ftest[i]->ext);
    84 if(!SYSOP || yesno(text[DeleteFileQ]))
    85 remove(path);
    CID 470386: Program hangs (LOCK)
    Returning without unlocking "this->input_thread_mutex".
    86 return false;
    87 }
    88 SAFEPRINTF(str,"%ssbbsfile.nam",cfg.node_dir);
    89 if((stream=fopen(str,"r"))!=NULL) {
    90 if(fgets(str, sizeof(str), stream)) {
    91 truncsp(str);


    ________________________________________________________________________________________________________
    To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yp-2FP9gGRhvFklLaQKuBylUrkMFB3WMR2p7qIYKYTZrh4E6fW2ok94RcmG1J20ETIf4-3DH5pk_g4j7BHlu96plUOfCQsO0yRjoWZCZl8YGnZ-2FUtT39hrA21pPFXGEfXQOHUavDSOcBiYGiM9SWkNBClk7lfGbusFiEUl9SxTFTJ4pQ4-2BlyM1UpLT55ROOl-2F1zOiBksbquFQPYPy5IMrVblt0Rt7EqhjGmGGXslDjsDDEmF37IS-2FgX2UOIpLYk00zJWe4Ps-2Bw7o9YA3yT5trQhVa4wKyo5Ljw-3D-3D



    ---
    Synchronet Vertrauen Home of Synchronet [vert/cvs/bbs].synchro.net
  • From scan-admin@coverity.com@VERT to cov-scan@synchro.net on Mon Dec 11 13:38:31 2023
    Hi,

    Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

    1 new defect(s) introduced to Synchronet found with Coverity Scan.


    New defect(s) Reported-by: Coverity Scan
    Showing 1 of 1 defect(s)


    ** CID 470457: Incorrect expression (SIZEOF_MISMATCH)
    /umonitor/chat.c: 201 in chat()


    ________________________________________________________________________________________________________
    *** CID 470457: Incorrect expression (SIZEOF_MISMATCH)
    /umonitor/chat.c: 201 in chat()
    195 in=-1;
    196 }
    197
    198 utime(inpath,NULL);
    199 _setcursortype(_NORMALCURSOR);
    200 while(1) {
    CID 470457: Incorrect expression (SIZEOF_MISMATCH)
    Passing argument "&ch" of type "int *" and argument "1UL" to function "read" is suspicious because "sizeof (int) /*4*/" is expected.
    201 switch(read(in,&ch,1)) {
    202 case -1:
    203 close(in);
    204 in=-1;
    205 break;
    206


    ________________________________________________________________________________________________________
    To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yp-2FP9gGRhvFklLaQKuBylUrkMFB3WMR2p7qIYKYTZrh4E6fW2ok94RcmG1J20ETIf4-3Dn7r8_g4j7BHlu96plUOfCQsO0yRjoWZCZl8YGnZ-2FUtT39hrC64hJyXzK3aRg-2FOh461xBPdPC3vMQG8wDm6SWRjPpByDWCbozrDoO3h7iN9haQ83FqvIEsneqqmYW1iHtvLfyFr9U7fTJVs-2FgzA-2B3NTVwG-2FkEOdCKTFxrJHyVvcaeKfjx-2FNRzmWtNl3SJh8ILqS8rD31VNGhVX-2F4wDJ-2F-2FhL0JK9w-3D-3D



    ---
    Synchronet Vertrauen Home of Synchronet [vert/cvs/bbs].synchro.net
  • From scan-admin@coverity.com@VERT to cov-scan@synchro.net on Thu Dec 14 13:44:11 2023
    Hi,

    Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

    5 new defect(s) introduced to Synchronet found with Coverity Scan.
    6 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

    New defect(s) Reported-by: Coverity Scan
    Showing 5 of 5 defect(s)


    ** CID 470557: Resource leaks (RESOURCE_LEAK)
    /mailsrvr.c: 3122 in smtp_client_thread()


    ________________________________________________________________________________________________________
    *** CID 470557: Resource leaks (RESOURCE_LEAK)
    /mailsrvr.c: 3122 in smtp_client_thread()
    3116 }
    3117
    3118 BOOL* mailproc_to_match = calloc(sizeof(*mailproc_to_match), mailproc_count);
    3119 if(mailproc_to_match == NULL) {
    3120 lprintf(LOG_CRIT,"%04d %s !ERROR allocating memory for mailproc_to_match", socket, client.protocol);
    3121 sockprintf(socket,client.protocol,session,smtp_error, "malloc failure");
    CID 470557: Resource leaks (RESOURCE_LEAK)
    Variable "spy" going out of scope leaks the storage it points to.
    3122 return false;
    3123 }
    3124
    3125 /* SMTP session active: */
    3126
    3127 sockprintf(socket,client.protocol,session,"220 %s Synchronet %s Server %s%c-%s Ready"

    ** CID 470556: (DC.WEAK_CRYPTO)
    /mailsrvr.c: 1157 in pop3_client_thread()
    /mailsrvr.c: 1159 in pop3_client_thread()


    ________________________________________________________________________________________________________
    *** CID 470556: (DC.WEAK_CRYPTO)
    /mailsrvr.c: 1157 in pop3_client_thread()
    1151 memset(&smb,0,sizeof(smb));
    1152 memset(&msg,0,sizeof(msg));
    1153 memset(&user,0,sizeof(user));
    1154 password[0]=0;
    1155
    1156 srand((unsigned int)(time(NULL) ^ (time_t)GetCurrentThreadId())); /* seed random number generator */
    CID 470556: (DC.WEAK_CRYPTO)
    "rand" should not be used for security-related applications, because linear congruential algorithms are too easy to break.
    1157 rand(); /* throw-away first result */
    1158 safe_snprintf(challenge,sizeof(challenge),"<%x%x%lx%lx@%.128s>"
    1159 ,rand(),socket,(ulong)time(NULL),(ulong)clock(), server_host_name());
    1160
    1161 sockprintf(socket,client.protocol,session,"+OK Synchronet %s Server %s%c-%s Ready %s"
    1162 ,client.protocol, VERSION, REVISION, PLATFORM_DESC, challenge);
    /mailsrvr.c: 1159 in pop3_client_thread()
    1153 memset(&user,0,sizeof(user));
    1154 password[0]=0;
    1155
    1156 srand((unsigned int)(time(NULL) ^ (time_t)GetCurrentThreadId())); /* seed random number generator */
    1157 rand(); /* throw-away first result */
    1158 safe_snprintf(challenge,sizeof(challenge),"<%x%x%lx%lx@%.128s>"
    CID 470556: (DC.WEAK_CRYPTO)
    "rand" should not be used for security-related applications, because linear congruential algorithms are too easy to break.
    1159 ,rand(),socket,(ulong)time(NULL),(ulong)clock(), server_host_name());
    1160
    1161 sockprintf(socket,client.protocol,session,"+OK Synchronet %s Server %s%c-%s Ready %s"
    1162 ,client.protocol, VERSION, REVISION, PLATFORM_DESC, challenge);
    1163
    1164 /* Requires USER or APOP command first */

    ** CID 470555: Error handling issues (CHECKED_RETURN)
    /mailsrvr.c: 1089 in pop3_client_thread()


    ________________________________________________________________________________________________________
    *** CID 470555: Error handling issues (CHECKED_RETURN)
    /mailsrvr.c: 1089 in pop3_client_thread()
    1083 if ((stat=cryptSetAttribute(session, CRYPT_SESSINFO_PRIVATEKEY, scfg.tls_certificate)) != CRYPT_OK) {
    1084 unlock_ssl_cert();
    1085 GCESH(stat, client.protocol, socket, host_ip, session, "setting private key");
    1086 return false;
    1087 }
    1088 nodelay = TRUE;
    CID 470555: Error handling issues (CHECKED_RETURN)
    Calling "setsockopt(socket, IPPROTO_TCP, 1, (char *)&nodelay, 4U)" without checking return value. This library function may fail and return an error code.
    1089 setsockopt(socket,IPPROTO_TCP,TCP_NODELAY,(char*)&nodelay,sizeof(nodelay));
    1090 nb=0;
    1091 ioctlsocket(socket,FIONBIO,&nb);
    1092 if ((stat = cryptSetAttribute(session, CRYPT_SESSINFO_NETWORKSOCKET, socket)) != CRYPT_OK) {
    1093 unlock_ssl_cert();
    1094 GCESH(stat, client.protocol, socket, host_ip, session, "setting session socket");

    ** CID 470554: Resource leaks (RESOURCE_LEAK)
    /mailsrvr.c: 3122 in smtp_client_thread()


    ________________________________________________________________________________________________________
    *** CID 470554: Resource leaks (RESOURCE_LEAK)
    /mailsrvr.c: 3122 in smtp_client_thread()
    3116 }
    3117
    3118 BOOL* mailproc_to_match = calloc(sizeof(*mailproc_to_match), mailproc_count);
    3119 if(mailproc_to_match == NULL) {
    3120 lprintf(LOG_CRIT,"%04d %s !ERROR allocating memory for mailproc_to_match", socket, client.protocol);
    3121 sockprintf(socket,client.protocol,session,smtp_error, "malloc failure");
    CID 470554: Resource leaks (RESOURCE_LEAK)
    Variable "rcptlst" going out of scope leaks the storage it points to. 3122 return false;
    3123 }
    3124
    3125 /* SMTP session active: */
    3126
    3127 sockprintf(socket,client.protocol,session,"220 %s Synchronet %s Server %s%c-%s Ready"

    ** CID 470553: (DC.WEAK_CRYPTO)
    /mailsrvr.c: 4204 in smtp_client_thread()
    /mailsrvr.c: 3078 in smtp_client_thread()
    /mailsrvr.c: 3079 in smtp_client_thread()


    ________________________________________________________________________________________________________
    *** CID 470553: (DC.WEAK_CRYPTO)
    /mailsrvr.c: 4204 in smtp_client_thread()
    4198 }
    4199 if(!stricmp(buf,"AUTH CRAM-MD5")) {
    4200 ZERO_VAR(relay_user);
    4201 listRemoveTaggedNode(&current_logins, socket, /* free_data */TRUE);
    4202
    4203 safe_snprintf(challenge,sizeof(challenge),"<%x%x%lx%lx@%s>"
    CID 470553: (DC.WEAK_CRYPTO)
    "rand" should not be used for security-related applications, because linear congruential algorithms are too easy to break.
    4204 ,rand(),socket,(ulong)time(NULL),(ulong)clock(),server_host_name());
    4205 #if 0
    4206 lprintf(LOG_DEBUG,"%04d SMTP CRAM-MD5 challenge: %s"
    4207 ,socket,challenge);
    4208 #endif
    4209 b64_encode(str,sizeof(str),challenge,strlen(challenge));
    /mailsrvr.c: 3078 in smtp_client_thread()
    3072 }
    3073 SAFEPRINTF(spam.file,"%sspam",scfg.data_dir);
    3074 spam.retry_time=scfg.smb_retry_time;
    3075 spam.subnum=INVALID_SUB;
    3076
    3077 srand((unsigned int)(time(NULL) ^ (time_t)GetCurrentThreadId())); /* seed random number generator */
    CID 470553: (DC.WEAK_CRYPTO)
    "rand" should not be used for security-related applications, because linear congruential algorithms are too easy to break.
    3078 rand(); /* throw-away first result */
    3079 SAFEPRINTF4(session_id,"%x%x%x%lx",getpid(),socket,rand(),(long)clock());
    3080 lprintf(LOG_DEBUG,"%04d %s [%s] Session ID=%s", socket, client.protocol, host_ip, session_id);
    3081 SAFEPRINTF3(msgtxt_fname,"%sSBBS_%s.%s.msg", scfg.temp_dir, client.protocol, session_id);
    3082 SAFEPRINTF3(newtxt_fname,"%sSBBS_%s.%s.new", scfg.temp_dir, client.protocol, session_id);
    3083 SAFEPRINTF3(logtxt_fname,"%sSBBS_%s.%s.log", scfg.temp_dir, client.protocol, session_id);
    /mailsrvr.c: 3079 in smtp_client_thread()
    3073 SAFEPRINTF(spam.file,"%sspam",scfg.data_dir);
    3074 spam.retry_time=scfg.smb_retry_time;
    3075 spam.subnum=INVALID_SUB;
    3076
    3077 srand((unsigned int)(time(NULL) ^ (time_t)GetCurrentThreadId())); /* seed random number generator */
    3078 rand(); /* throw-away first result */
    CID 470553: (DC.WEAK_CRYPTO)
    "rand" should not be used for security-related applications, because linear congruential algorithms are too easy to break.
    3079 SAFEPRINTF4(session_id,"%x%x%x%lx",getpid(),socket,rand(),(long)clock());
    3080 lprintf(LOG_DEBUG,"%04d %s [%s] Session ID=%s", socket, client.protocol, host_ip, session_id);
    3081 SAFEPRINTF3(msgtxt_fname,"%sSBBS_%s.%s.msg", scfg.temp_dir, client.protocol, session_id);
    3082 SAFEPRINTF3(newtxt_fname,"%sSBBS_%s.%s.new", scfg.temp_dir, client.protocol, session_id);
    3083 SAFEPRINTF3(logtxt_fname,"%sSBBS_%s.%s.log", scfg.temp_dir, client.protocol, session_id);
    3084 SAFEPRINTF3(rcptlst_fname,"%sSBBS_%s.%s.lst", scfg.temp_dir, client.protocol, session_id);


    ________________________________________________________________________________________________________
    To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yp-2FP9gGRhvFklLaQKuBylUrkMFB3WMR2p7qIYKYTZrh4E6fW2ok94RcmG1J20ETIf4-3DMQd3_g4j7BHlu96plUOfCQsO0yRjoWZCZl8YGnZ-2FUtT39hrCHTmGHVnVaZLqSbII6djd5LCfNN4WsVVM-2FraC40TFEmwnFiU15BSJwMmbqsO51yAB8H1Xj6zJDPHok6MSfH6DLipAvEvqiECGEj92Ja08CPuUfomEyNGrm6oICWjy04z9LEXD-2FV3t10gYjDHAgXUzBxC2US2YfoE3y-2FXo4-2F5AMeg-3D-3D



    ---
    Synchronet Vertrauen Home of Synchronet [vert/cvs/bbs].synchro.net
  • From scan-admin@coverity.com@VERT to cov-scan@synchro.net on Mon Dec 18 13:39:50 2023
    Hi,

    Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

    1 new defect(s) introduced to Synchronet found with Coverity Scan.


    New defect(s) Reported-by: Coverity Scan
    Showing 1 of 1 defect(s)


    ** CID 470929: Error handling issues (CHECKED_RETURN)
    /js_system.c: 1474 in js_filter_ip()


    ________________________________________________________________________________________________________
    *** CID 470929: Error handling issues (CHECKED_RETURN)
    /js_system.c: 1474 in js_filter_ip()
    1468 js_system_private_t* sys;
    1469 if((sys = (js_system_private_t*)js_GetClassPrivate(cx,obj,&js_system_class))==NULL)
    1470 return JS_FALSE;
    1471
    1472 for(i=0; i<argc && fname == NULL; i++) {
    1473 if(JSVAL_IS_NUMBER(argv[i])) {
    CID 470929: Error handling issues (CHECKED_RETURN)
    Calling "JS_ValueToInt32" without checking return value (as is done elsewhere 261 out of 293 times).
    1474 JS_ValueToInt32(cx, argv[i], &duration);
    1475 continue;
    1476 }
    1477 if(!JSVAL_IS_STRING(argv[i]))
    1478 continue;
    1479 JSVALUE_TO_MSTRING(cx, argv[i], p, NULL);


    ________________________________________________________________________________________________________
    To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yp-2FP9gGRhvFklLaQKuBylUrkMFB3WMR2p7qIYKYTZrh4E6fW2ok94RcmG1J20ETIf4-3Dx5vI_g4j7BHlu96plUOfCQsO0yRjoWZCZl8YGnZ-2FUtT39hrD-2FFZVvmg9UFbNVSslGQHixwK2gY0JhpVYuBk-2BPEk2wVNUawfpNFUquIquIwrbnMLyXyOL-2Bbdyy88jhCHaZkpnLltM6SvZPalWR8uvzHGJLXvipDKrDTZ6KfbbjJDM-2B9TK-2Bfg-2Bntn7n3JXz8-2BbuvXtlotoQiRFNfFKyqSao3USU5A-3D-3D



    ---
    Synchronet Vertrauen Home of Synchronet [vert/cvs/bbs].synchro.net
  • From scan-admin@coverity.com@VERT to cov-scan@synchro.net on Thu Dec 21 15:17:37 2023
    Hi,

    Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

    1 new defect(s) introduced to Synchronet found with Coverity Scan.
    1 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

    New defect(s) Reported-by: Coverity Scan
    Showing 1 of 1 defect(s)


    ** CID 471381: Null pointer dereferences (NULL_RETURNS)
    /ssl.c: 412 in get_ssl_cert()


    ________________________________________________________________________________________________________
    *** CID 471381: Null pointer dereferences (NULL_RETURNS)
    /ssl.c: 412 in get_ssl_cert()
    406
    407 if(!do_cryptInit())
    408 return -1;
    409 ssl_sync(cfg);
    410 lock_ssl_cert_write();
    411 cert_entry = malloc(sizeof(*cert_entry));
    CID 471381: Null pointer dereferences (NULL_RETURNS)
    Dereferencing "cert_entry", which is known to be "NULL".
    412 cert_entry->sess = -1;
    413 cert_entry->epoch = cert_epoch;
    414 cert_entry->next = NULL;
    415
    416 /* Get the certificate... first try loading it from a file... */
    417 if(cryptStatusOK(cryptKeysetOpen(&ssl_keyset, CRYPT_UNUSED, CRYPT_KEYSET_FILE, cert_path, CRYPT_KEYOPT_READONLY))) {


    ________________________________________________________________________________________________________
    To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yp-2FP9gGRhvFklLaQKuBylUrkMFB3WMR2p7qIYKYTZrh4E6fW2ok94RcmG1J20ETIf4-3DNVYG_g4j7BHlu96plUOfCQsO0yRjoWZCZl8YGnZ-2FUtT39hrAIQBrbLtBWXBu7NOIgqUVW-2FO9u7UhLy-2BFNLgqIU41zpqPfBM73Awa3dQxk3-2F184GO6VUS7KkG6sPhNBuQiQ4Keqf56uFZ5RoDxe4X35uihMatLZZvu1DTj5op2mLHIzl6CugzzedJw-2FjcHjqyoRYDdN5cjuB-2Bi1UXQGnATKvNQkg-3D-3D



    ---
    Synchronet Vertrauen Home of Synchronet [vert/cvs/bbs].synchro.net
  • From scan-admin@coverity.com@VERT to cov-scan@synchro.net on Tue Dec 26 13:39:07 2023
    Hi,

    Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

    1 new defect(s) introduced to Synchronet found with Coverity Scan.
    3 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

    New defect(s) Reported-by: Coverity Scan
    Showing 1 of 1 defect(s)


    ** CID 471656: Memory - corruptions (OVERRUN)


    ________________________________________________________________________________________________________
    *** CID 471656: Memory - corruptions (OVERRUN) /tmp/sbbs-Dec-26-2023/src/smblib/smbfile.c: 367 in smb_addfile_withlist()
    361
    362 if(list != NULL && *list != NULL) {
    363 size_t size = strListCount(list) * 1024;
    364 auxdata = calloc(1, size);
    365 if(auxdata == NULL)
    366 return SMB_ERR_MEM;
    CID 471656: Memory - corruptions (OVERRUN)
    Calling "strListCombine" with "auxdata" and "size - 1UL" is suspicious because of the very large index, 18446744073709551615. The index may be due to a negative parameter being interpreted as unsigned.
    367 strListCombine(list, auxdata, size - 1, "\r\n");
    368 }
    369 result = smb_addfile(smb, file, storage, extdesc, auxdata, path);
    370 free(auxdata);
    371 return result;
    372 }


    ________________________________________________________________________________________________________
    To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yp-2FP9gGRhvFklLaQKuBylUrkMFB3WMR2p7qIYKYTZrh4E6fW2ok94RcmG1J20ETIf4-3D2BKI_g4j7BHlu96plUOfCQsO0yRjoWZCZl8YGnZ-2FUtT39hrCT6x0GAlc7xThQfLCGiCZdmR4qZP1NcowX1yNXO3dy1e3iYdu3LqPMf8Ps-2BXyXIS9z1-2BExxr9YuMCEQ-2FkgG8-2FT0EoCNRZOLQUTkkQaenBh-2FjMptDjEjYYaLSTPN90hBdPvbODU2Cx91ZtvmuRMrZszCSUsoWukacGJvvm4ij2thw-3D-3D



    ---
    Synchronet Vertrauen Home of Synchronet [vert/cvs/bbs].synchro.net
  • From scan-admin@coverity.com@VERT to cov-scan@synchro.net on Sat Dec 30 13:39:01 2023
    Hi,

    Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

    2 new defect(s) introduced to Synchronet found with Coverity Scan.
    3 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

    New defect(s) Reported-by: Coverity Scan
    Showing 2 of 2 defect(s)


    ** CID 476254: (NULL_RETURNS) /tmp/sbbs-Dec-30-2023/3rdp/src/cl/session/ssh2_chn.c: 505 in getChannelAttribute()
    /tmp/sbbs-Dec-30-2023/3rdp/src/cl/session/ssh2_chn.c: 517 in getChannelAttribute()
    /tmp/sbbs-Dec-30-2023/3rdp/src/cl/session/ssh2_chn.c: 511 in getChannelAttribute()
    /tmp/sbbs-Dec-30-2023/3rdp/src/cl/session/ssh2_chn.c: 525 in getChannelAttribute()


    ________________________________________________________________________________________________________
    *** CID 476254: (NULL_RETURNS) /tmp/sbbs-Dec-30-2023/3rdp/src/cl/session/ssh2_chn.c: 505 in getChannelAttribute()
    499 if( isNullChannel( channelInfoPtr ) )
    500 return( CRYPT_ERROR_NOTFOUND );
    501 *value = channelInfoPtr->channelID;
    502 return( CRYPT_OK );
    503
    504 case CRYPT_SESSINFO_SSH_CHANNEL_ACTIVE:
    CID 476254: (NULL_RETURNS)
    Dereferencing "writeChannelInfoPtr", which is known to be "NULL".
    505 if( isNullChannel( writeChannelInfoPtr ) )
    506 return( CRYPT_ERROR_NOTFOUND );
    507 *value = isActiveChannel( writeChannelInfoPtr ) ? TRUE : FALSE;
    508 return( CRYPT_OK );
    509
    510 case CRYPT_SESSINFO_SSH_CHANNEL_OPEN: /tmp/sbbs-Dec-30-2023/3rdp/src/cl/session/ssh2_chn.c: 517 in getChannelAttribute()
    511 if( isNullChannel( writeChannelInfoPtr ) )
    512 return( CRYPT_ERROR_NOTFOUND );
    513 *value = ( writeChannelInfoPtr->flags & CHANNEL_FLAG_READCLOSED ) ? FALSE : TRUE;
    514 return( CRYPT_OK );
    515
    516 case CRYPT_SESSINFO_SSH_CHANNEL_WIDTH:
    CID 476254: (NULL_RETURNS)
    Dereferencing "writeChannelInfoPtr", which is known to be "NULL".
    517 if( isNullChannel( writeChannelInfoPtr ) )
    518 return( CRYPT_ERROR_NOTFOUND );
    519 if (writeChannelInfoPtr->width == 0)
    520 return CRYPT_ERROR_NOTFOUND;
    521 *value = channelInfoPtr->width;
    522 return( CRYPT_OK ); /tmp/sbbs-Dec-30-2023/3rdp/src/cl/session/ssh2_chn.c: 511 in getChannelAttribute()
    505 if( isNullChannel( writeChannelInfoPtr ) )
    506 return( CRYPT_ERROR_NOTFOUND );
    507 *value = isActiveChannel( writeChannelInfoPtr ) ? TRUE : FALSE;
    508 return( CRYPT_OK );
    509
    510 case CRYPT_SESSINFO_SSH_CHANNEL_OPEN:
    CID 476254: (NULL_RETURNS)
    Dereferencing "writeChannelInfoPtr", which is known to be "NULL".
    511 if( isNullChannel( writeChannelInfoPtr ) )
    512 return( CRYPT_ERROR_NOTFOUND );
    513 *value = ( writeChannelInfoPtr->flags & CHANNEL_FLAG_READCLOSED ) ? FALSE : TRUE;
    514 return( CRYPT_OK );
    515
    516 case CRYPT_SESSINFO_SSH_CHANNEL_WIDTH: /tmp/sbbs-Dec-30-2023/3rdp/src/cl/session/ssh2_chn.c: 525 in getChannelAttribute()
    519 if (writeChannelInfoPtr->width == 0)
    520 return CRYPT_ERROR_NOTFOUND;
    521 *value = channelInfoPtr->width;
    522 return( CRYPT_OK );
    523
    524 case CRYPT_SESSINFO_SSH_CHANNEL_HEIGHT:
    CID 476254: (NULL_RETURNS)
    Dereferencing "writeChannelInfoPtr", which is known to be "NULL".
    525 if( isNullChannel( writeChannelInfoPtr ) )
    526 return( CRYPT_ERROR_NOTFOUND );
    527 if (writeChannelInfoPtr->height == 0)
    528 return CRYPT_ERROR_NOTFOUND;
    529 *value = channelInfoPtr->height;
    530 return( CRYPT_OK );

    ** CID 476253: Resource leaks (RESOURCE_LEAK)
    /jsdebug.c: 335 in script_debug_prompt()


    ________________________________________________________________________________________________________
    *** CID 476253: Resource leaks (RESOURCE_LEAK)
    /jsdebug.c: 335 in script_debug_prompt()
    329 JS_SetInterrupt(JS_GetRuntime(dbg->cx), finish_handler, NULL);
    330 return DEBUG_CONTINUE;
    331 }
    332 if(strncmp(line, "quit\n", 5)==0 ||
    333 strncmp(line, "q\n", 2)==0
    334 ) {
    CID 476253: Resource leaks (RESOURCE_LEAK)
    Variable "line" going out of scope leaks the storage it points to.
    335 return (DEBUG_EXIT);
    336 }
    337 if(strncmp(line, "eval ", 5)==0 ||
    338 strncmp(line, "e ", 2)==0
    339 ) {
    340 jsval ret;


    ________________________________________________________________________________________________________
    To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yp-2FP9gGRhvFklLaQKuBylUrkMFB3WMR2p7qIYKYTZrh4E6fW2ok94RcmG1J20ETIf4-3Dk6EJ_g4j7BHlu96plUOfCQsO0yRjoWZCZl8YGnZ-2FUtT39hrA-2FX8i-2FapdB1BvZRHSxZvnvG9Gt4EGgnMOyOKJdrt0Ow7WO8U9rY3qdLrGQhhG9KhbgCqQ-2BdjF-2FCZbP8g3Gc1r4QsbMjorELhC-2FfCV8hEXjaVc-2BoAqZ2-2FQeAkDjxFrK3m04is-2FE5aOQcl1hrivcYLiwVEHyHlsUWiqdJNrqtFX4OA-3D-3D



    ---
    Synchronet Vertrauen Home of Synchronet [vert/cvs/bbs].synchro.net
  • From scan-admin@coverity.com@VERT to cov-scan@synchro.net on Tue Jan 9 13:51:54 2024
    Hi,

    Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

    1 new defect(s) introduced to Synchronet found with Coverity Scan.


    New defect(s) Reported-by: Coverity Scan
    Showing 1 of 1 defect(s)


    ** CID 477525: Error handling issues (CHECKED_RETURN)
    /ssl.c: 413 in get_ssl_cert()


    ________________________________________________________________________________________________________
    *** CID 477525: Error handling issues (CHECKED_RETURN)
    /ssl.c: 413 in get_ssl_cert()
    407 CRYPT_CERTIFICATE ssl_cert;
    408 char sysop_email[sizeof(cfg->sys_inetaddr)+6];
    409 struct cert_list *cert_entry;
    410
    411 if(!do_cryptInit(lprintf))
    412 return -1;
    CID 477525: Error handling issues (CHECKED_RETURN)
    Calling "ssl_sync" without checking return value (as is done elsewhere 6 out of 7 times).
    413 ssl_sync(cfg, lprintf);
    414 lock_ssl_cert_write();
    415 cert_entry = malloc(sizeof(*cert_entry));
    416 if(cert_entry == NULL) {
    417 unlock_ssl_cert_write(lprintf);
    418 free(cert_entry);


    ________________________________________________________________________________________________________
    To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yp-2FP9gGRhvFklLaQKuBylUrkMFB3WMR2p7qIYKYTZrh4E6fW2ok94RcmG1J20ETIf4-3DG04V_g4j7BHlu96plUOfCQsO0yRjoWZCZl8YGnZ-2FUtT39hrDEpEnmlDe-2FjbKZ4LOKbSyZqFRJl-2FW97DzLqL9YhzmfB5NVnMDaFqAVAu8sqMXAtM7gluOaLuz78sK9hLjatBB8CSJ6nN9iJHgKoglAvkWzF0D2D3-2FP2KvQ4r0FVsLXVQDobxZi1VHS1fHv1o1JN4QuvSLew5iAWvpjb3EkIuqiHp61IxzA0v1Q4zB-2F2vdQH-2Fs-3D



    ---
    Synchronet Vertrauen Home of Synchronet [vert/cvs/bbs].synchro.net
  • From scan-admin@coverity.com@VERT to cov-scan@synchro.net on Wed Jan 24 13:43:19 2024
    Hi,

    Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

    40 new defect(s) introduced to Synchronet found with Coverity Scan.
    65 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

    New defect(s) Reported-by: Coverity Scan
    Showing 20 of 40 defect(s)


    ** CID 479110: Program hangs (LOCK)
    /pack_qwk.cpp: 753 in sbbs_t::pack_qwk(char *, unsigned int *, bool)()


    ________________________________________________________________________________________________________
    *** CID 479110: Program hangs (LOCK)
    /pack_qwk.cpp: 753 in sbbs_t::pack_qwk(char *, unsigned int *, bool)()
    747 if(flength(packet) < 1) {
    748 remove(packet);
    749 if((i = external(cmdstr(temp_cmd(),packet,path,NULL), ex|EX_WILDCARD)) != 0)
    750 errormsg(WHERE,ERR_EXEC,cmdstr(temp_cmd(),packet,path,NULL),i);
    751 if(flength(packet) < 1) {
    752 bputs(text[QWKCompressionFailed]);
    CID 479110: Program hangs (LOCK)
    Returning without unlocking "this->input_thread_mutex".
    753 return(false);
    754 }
    755 }
    756
    757 if(!prepack && useron.rest&FLAG('Q')) {
    758 dir=opendir(cfg.temp_dir);

    ** CID 479109: (DEADCODE) /tmp/sbbs-Jan-24-2024/3rdp/src/cl/session/cmp_err.c: 349 in readPkiStatusInfo() /tmp/sbbs-Jan-24-2024/3rdp/src/cl/session/cmp_err.c: 364 in readPkiStatusInfo()


    ________________________________________________________________________________________________________
    *** CID 479109: (DEADCODE) /tmp/sbbs-Jan-24-2024/3rdp/src/cl/session/cmp_err.c: 349 in readPkiStatusInfo() 343 ( status, errorInfo,
    344 "Invalid PKI status string" ) );
    345 }
    346 hasErrorMessage = TRUE;
    347 }
    348 if( cryptStatusError( status ) )
    CID 479109: (DEADCODE)
    Execution cannot reach this statement: "return status;".
    349 return( status ); /* Residual error from peekTag() */
    350
    351 /* Read the failure information */
    352 if( checkStatusLimitsPeekTag( stream, status, tag, endPos ) && \
    353 tag == BER_BITSTRING )
    354 {
    /tmp/sbbs-Jan-24-2024/3rdp/src/cl/session/cmp_err.c: 364 in readPkiStatusInfo() 358 retExt( status,
    359 ( status, errorInfo,
    360 "Invalid PKI failure information" ) );
    361 }
    362 }
    363 if( cryptStatusError( status ) )
    CID 479109: (DEADCODE)
    Execution cannot reach this statement: "return status;".
    364 return( status ); /* Residual error from peekTag() */
    365
    366 /* If everything's OK, we're done */
    367 if( cmpStatusOK( errorCode ) )
    368 return( CRYPT_OK );
    369

    ** CID 479108: Control flow issues (MISSING_BREAK) /tmp/sbbs-Jan-24-2024/3rdp/src/cl/context/ctx_attr.c: 425 in getContextAttributeS()


    ________________________________________________________________________________________________________
    *** CID 479108: Control flow issues (MISSING_BREAK) /tmp/sbbs-Jan-24-2024/3rdp/src/cl/context/ctx_attr.c: 425 in getContextAttributeS()
    419 out */
    420 return( attributeCopy( msgData, contextInfoPtr->ctxPKC->publicKeyInfo,
    421 contextInfoPtr->ctxPKC->publicKeyInfoSize ) );
    422 }
    423 STDC_FALLTHROUGH;
    424
    CID 479108: Control flow issues (MISSING_BREAK)
    The case for value "CRYPT_CTXINFO_SSH_PUBLIC_KEY" is not terminated by a "break" statement.
    425 case CRYPT_CTXINFO_SSH_PUBLIC_KEY:
    426 if ( needsKey( contextInfoPtr ) )
    427 return CRYPT_ERROR_NOTFOUND;
    428 if (contextType != CONTEXT_PKC)
    429 return CRYPT_ERROR_NOTFOUND;
    430 case CRYPT_IATTRIBUTE_KEY_PGP:

    ** CID 479107: Control flow issues (DEADCODE) /tmp/sbbs-Jan-24-2024/3rdp/src/cl/session/session.c: 857 in activateSession()


    ________________________________________________________________________________________________________
    *** CID 479107: Control flow issues (DEADCODE) /tmp/sbbs-Jan-24-2024/3rdp/src/cl/session/session.c: 857 in activateSession() 851 {
    852 const SES_ACTIVATESUBPROTOCOL_FUNCTION activateSubprotocolFunction = \
    853 ( SES_ACTIVATESUBPROTOCOL_FUNCTION ) \
    854 FNPTR_GET( sessionInfoPtr->activateInnerSubprotocolFunction );
    855 REQUIRES( activateSubprotocolFunction != NULL );
    856
    CID 479107: Control flow issues (DEADCODE)
    Execution cannot reach this statement: "status = activateSubprotoco...".
    857 status = activateSubprotocolFunction( sessionInfoPtr );
    858 if( cryptStatusError( status ) )
    859 return( status );
    860
    861 /* Record the fact that the layered protocol has been
    862 activated */

    ** CID 479106: Error handling issues (CHECKED_RETURN) /tmp/sbbs-Jan-24-2024/3rdp/src/cl/session/scvp_cli.c: 621 in readScvpResponse()


    ________________________________________________________________________________________________________
    *** CID 479106: Error handling issues (CHECKED_RETURN) /tmp/sbbs-Jan-24-2024/3rdp/src/cl/session/scvp_cli.c: 621 in readScvpResponse() 615 assert( isWritePtr( stream, sizeof( STREAM ) ) );
    616 assert( isWritePtr( sessionInfoPtr, sizeof( SESSION_INFO ) ) ); 617 assert( isWritePtr( protocolInfo, sizeof( SCVP_PROTOCOL_INFO ) ) );
    618
    619 /* Skip the wrapper, version, and server configuration ID */ 620 readSequence( stream, NULL );
    CID 479106: Error handling issues (CHECKED_RETURN)
    Calling "readShortIntegerTag" without checking return value (as is done elsewhere 36 out of 45 times).
    621 readShortInteger( stream, &value );
    622 status = readShortInteger( stream, &value );
    623 if( cryptStatusError( status ) )
    624 {
    625 retExt( status,
    626 ( status, SESSION_ERRINFO,

    ** CID 479105: Control flow issues (DEADCODE) /tmp/sbbs-Jan-24-2024/3rdp/src/cl/session/session.c: 1030 in closeSession()


    ________________________________________________________________________________________________________
    *** CID 479105: Control flow issues (DEADCODE) /tmp/sbbs-Jan-24-2024/3rdp/src/cl/session/session.c: 1030 in closeSession() 1024 #if defined( USE_WEBSOCKETS ) || defined( USE_EAP )
    1025 if( sessionInfoPtr->subProtocol != CRYPT_SUBPROTOCOL_NONE ) 1026 {
    1027 /* If there's an inner protocol present, shut that down as well */
    1028 if( FNPTR_ISSET( sessionInfoPtr->closeInnerSubprotocolFunction ) )
    1029 {
    CID 479105: Control flow issues (DEADCODE)
    Execution cannot reach the expression "sessionInfoPtr->closeInnerSubprotocolFunction.fnPtr" inside this statement: "closeSubprotocolFunction = ...".
    1030 const SES_CLOSESUBPROTOCOL_FUNCTION closeSubprotocolFunction = \
    1031 ( SES_CLOSESUBPROTOCOL_FUNCTION ) \
    1032 FNPTR_GET( sessionInfoPtr->closeInnerSubprotocolFunction );
    1033 REQUIRES( closeSubprotocolFunction != NULL ); 1034
    1035 ( void ) closeSubprotocolFunction( sessionInfoPtr );

    ** CID 479104: (BAD_SHIFT) /tmp/sbbs-Jan-24-2024/3rdp/src/cl/cert/dn_string.c: 220 in getWidechar() /tmp/sbbs-Jan-24-2024/3rdp/src/cl/cert/dn_string.c: 220 in getWidechar()


    ________________________________________________________________________________________________________
    *** CID 479104: (BAD_SHIFT) /tmp/sbbs-Jan-24-2024/3rdp/src/cl/cert/dn_string.c: 220 in getWidechar()
    214 non-char values can only be accessed on word-aligned boundaries */
    215 LOOP_SMALL( i = 0, i < WCHAR_SIZE, i++ )
    216 {
    217 ENSURES_EXT( LOOP_INVARIANT_SMALL( i, 0, WCHAR_SIZE - 1 ), 0 );
    218
    219 #ifdef DATA_LITTLEENDIAN
    CID 479104: (BAD_SHIFT)
    In expression "string[i] << shiftAmt", left shifting by more than 31 bits has undefined behavior. The shift amount, "shiftAmt", is at least 72.
    220 ch |= string[ i ] << shiftAmt;
    221 shiftAmt += 8;
    222 #else
    223 ch = ( ch << 8 ) | string[ i ];
    224 #endif /* DATA_LITTLEENDIAN */
    225 }
    /tmp/sbbs-Jan-24-2024/3rdp/src/cl/cert/dn_string.c: 220 in getWidechar()
    214 non-char values can only be accessed on word-aligned boundaries */
    215 LOOP_SMALL( i = 0, i < WCHAR_SIZE, i++ )
    216 {
    217 ENSURES_EXT( LOOP_INVARIANT_SMALL( i, 0, WCHAR_SIZE - 1 ), 0 );
    218
    219 #ifdef DATA_LITTLEENDIAN
    CID 479104: (BAD_SHIFT)
    In expression "string[i] << shiftAmt", left shifting by more than 31 bits has undefined behavior. The shift amount, "shiftAmt", is at least 72.
    220 ch |= string[ i ] << shiftAmt;
    221 shiftAmt += 8;
    222 #else
    223 ch = ( ch << 8 ) | string[ i ];
    224 #endif /* DATA_LITTLEENDIAN */
    225 }

    ** CID 479103: (SLEEP)


    ________________________________________________________________________________________________________
    *** CID 479103: (SLEEP)
    /pack_rep.cpp: 120 in sbbs_t::pack_rep(unsigned int)()
    114 /*********************/
    115 /* Pack new messages */
    116 /*********************/
    117 SAFEPRINTF(smb.file,"%smail",cfg.data_dir);
    118 smb.retry_time=cfg.smb_retry_time;
    119 smb.subnum=INVALID_SUB;
    CID 479103: (SLEEP)
    Call to "smb_open" might sleep while holding lock "this->input_thread_mutex".
    120 if((i=smb_open(&smb))!=0) {
    121 fclose(rep);
    122 if(hdrs!=NULL)
    123 fclose(hdrs);
    124 if(voting!=NULL)
    125 fclose(voting);
    /pack_rep.cpp: 112 in sbbs_t::pack_rep(unsigned int)()
    106 errormsg(WHERE,ERR_CREATE,str,0);
    107 }
    108 if(!(cfg.qhub[hubnum]->misc&QHUB_NOVOTING)) {
    109 SAFEPRINTF(str,"%sVOTING.DAT",cfg.temp_dir);
    110 fexistcase(str);
    111 if((voting=fopen(str,"a"))==NULL)
    CID 479103: (SLEEP)
    Call to "errormsg" might sleep while holding lock "this->input_thread_mutex".
    112 errormsg(WHERE,ERR_CREATE,str,0);
    113 }
    114 /*********************/
    115 /* Pack new messages */
    116 /*********************/
    117 SAFEPRINTF(smb.file,"%smail",cfg.data_dir);
    /pack_rep.cpp: 106 in sbbs_t::pack_rep(unsigned int)()
    100 ,QWK_BLOCK_LEN, hubid_upper); /* So write header */
    101 }
    102 if(!(cfg.qhub[hubnum]->misc&QHUB_NOHEADERS)) {
    103 SAFEPRINTF(str,"%sHEADERS.DAT",cfg.temp_dir);
    104 fexistcase(str);
    105 if((hdrs=fopen(str,"a"))==NULL)
    CID 479103: (SLEEP)
    Call to "errormsg" might sleep while holding lock "this->input_thread_mutex".
    106 errormsg(WHERE,ERR_CREATE,str,0);
    107 }
    108 if(!(cfg.qhub[hubnum]->misc&QHUB_NOVOTING)) {
    109 SAFEPRINTF(str,"%sVOTING.DAT",cfg.temp_dir);
    110 fexistcase(str);
    111 if((voting=fopen(str,"a"))==NULL)

    ** CID 479102: Error handling issues (CHECKED_RETURN) /tmp/sbbs-Jan-24-2024/3rdp/src/cl/enc_dec/asn1_algoenc.c: 662 in readCryptAlgoParams()


    ________________________________________________________________________________________________________
    *** CID 479102: Error handling issues (CHECKED_RETURN) /tmp/sbbs-Jan-24-2024/3rdp/src/cl/enc_dec/asn1_algoenc.c: 662 in readCryptAlgoParams()
    656 RC2_KEYSIZE_MAGIC (corresponding to a 128-bit key) but in
    657 practice this doesn't really matter, we just use whatever we
    658 find inside the PKCS #1 padding */
    659 readSequence( stream, NULL );
    660 if( queryInfo->cryptMode != CRYPT_MODE_CBC ) 661 return( readShortInteger( stream, NULL ) );
    CID 479102: Error handling issues (CHECKED_RETURN)
    Calling "readShortIntegerTag" without checking return value (as is done elsewhere 36 out of 45 times).
    662 readShortInteger( stream, NULL );
    663 return( readOctetString( stream, queryInfo->iv, 664 &queryInfo->ivLength,
    665 MIN_IVSIZE, CRYPT_MAX_IVSIZE ) );
    666 #endif /* USE_RC2 */
    667

    ** CID 479101: (CHECKED_RETURN)
    /ssl.c: 353 in internal_do_cryptInit()
    /ssl.c: 345 in internal_do_cryptInit()


    ________________________________________________________________________________________________________
    *** CID 479101: (CHECKED_RETURN)
    /ssl.c: 353 in internal_do_cryptInit()
    347 }
    348 ret = cryptGetAttributeString(CRYPT_UNUSED, CRYPT_OPTION_INFO_PATCHES, patches, &stp);
    349 if (cryptStatusError(ret) || stp != 32 || memcmp(patches, CRYPTLIB_PATCHES, 32) != 0) {
    350 cryptInit_error = ret;
    351 cryptlib_initialized = false;
    352 cryptEnd();
    CID 479101: (CHECKED_RETURN)
    Calling "asprintf" without checking return value (as is done elsewhere 19 out of 21 times).
    353 asprintf(&cryptfail, "Incorrect cryptlib patch set %.32s (expected %s)", patches, CRYPTLIB_PATCHES);
    354 return;
    355 }
    356 return;
    357 }
    358
    /ssl.c: 345 in internal_do_cryptInit()
    339 }
    340 tmp = (maj * 100) + (min * 10) + stp;
    341 if (tmp != CRYPTLIB_VERSION) {
    342 cryptInit_error = CRYPT_ERROR_INVALID;
    343 cryptlib_initialized = false;
    344 cryptEnd();
    CID 479101: (CHECKED_RETURN)
    Calling "asprintf" without checking return value (as is done elsewhere 19 out of 21 times).
    345 asprintf(&cryptfail, "Incorrect cryptlib version %d (expected %d)", tmp, CRYPTLIB_VERSION);
    346 return;
    347 }
    348 ret = cryptGetAttributeString(CRYPT_UNUSED, CRYPT_OPTION_INFO_PATCHES, patches, &stp);
    349 if (cryptStatusError(ret) || stp != 32 || memcmp(patches, CRYPTLIB_PATCHES, 32) != 0) {
    350 cryptInit_error = ret;

    ** CID 479100: (ATOMICITY)
    /ssl.c: 659 in destroy_session()
    /ssl.c: 659 in destroy_session()


    ________________________________________________________________________________________________________
    *** CID 479100: (ATOMICITY)
    /ssl.c: 659 in destroy_session()
    653 lprintf(LOG_ERR, "Unable to unlock cert_epoch_lock for write at %d", __LINE__);
    654 return CRYPT_ERROR_INTERNAL;
    655 }
    656 sess->sess = -1;
    657 pthread_mutex_lock(&ssl_cert_list_mutex);
    658 sess->next = cert_list;
    CID 479100: (ATOMICITY)
    Using an unreliable value of "sess" inside the second locked section. If the data that "sess" depends on was changed by another thread, this use might be incorrect.
    659 cert_list = sess;
    660 pthread_mutex_unlock(&ssl_cert_list_mutex);
    661 ret = cryptDestroySession(csess);
    662 }
    663 else {
    664 if (!rwlock_unlock(&cert_epoch_lock)) {
    /ssl.c: 659 in destroy_session()
    653 lprintf(LOG_ERR, "Unable to unlock cert_epoch_lock for write at %d", __LINE__);
    654 return CRYPT_ERROR_INTERNAL;
    655 }
    656 sess->sess = -1;
    657 pthread_mutex_lock(&ssl_cert_list_mutex);
    658 sess->next = cert_list;
    CID 479100: (ATOMICITY)
    Using an unreliable value of "sess" inside the second locked section. If the data that "sess" depends on was changed by another thread, this use might be incorrect.
    659 cert_list = sess;
    660 pthread_mutex_unlock(&ssl_cert_list_mutex);
    661 ret = cryptDestroySession(csess);
    662 }
    663 else {
    664 if (!rwlock_unlock(&cert_epoch_lock)) {

    ** CID 479099: Control flow issues (DEADCODE) /tmp/sbbs-Jan-24-2024/3rdp/src/cl/session/cmp_rdmsg.c: 495 in readResponseBody()


    ________________________________________________________________________________________________________
    *** CID 479099: Control flow issues (DEADCODE) /tmp/sbbs-Jan-24-2024/3rdp/src/cl/session/cmp_rdmsg.c: 495 in readResponseBody()
    489 ( status, SESSION_ERRINFO,
    490 "Invalid caPubs field in %s", 491 getCMPMessageName( messageType ) ) );
    492 }
    493 }
    494 if( cryptStatusError( status ) )
    CID 479099: Control flow issues (DEADCODE)
    Execution cannot reach this statement: "return status;".
    495 return( status ); /* Residual error from checkStatusPeekTag() */
    496
    497 /* If it's a revocation response then the only returned data is the
    498 status value */
    499 if( protocolInfo->operation == CTAG_PB_RR )
    500 {

    ** CID 479098: Program hangs (LOCK)
    /pack_rep.cpp: 95 in sbbs_t::pack_rep(unsigned int)()


    ________________________________________________________________________________________________________
    *** CID 479098: Program hangs (LOCK)
    /pack_rep.cpp: 95 in sbbs_t::pack_rep(unsigned int)()
    89 if(fexistcase(str))
    90 fmode="r+b";
    91 else
    92 fmode="w+b";
    93 if((rep=fopen(str, fmode))==NULL) {
    94 errormsg(WHERE, ERR_CREATE, str, 0, fmode);
    CID 479098: Program hangs (LOCK)
    Returning without unlocking "this->input_thread_mutex".
    95 return false;
    96 }
    97 fseek(rep, 0, SEEK_END);
    98 if(ftell(rep) < 1) { /* New REP packet */
    99 fprintf(rep, "%-*s"
    100 ,QWK_BLOCK_LEN, hubid_upper); /* So write header */

    ** CID 479097: Control flow issues (DEADCODE) /tmp/sbbs-Jan-24-2024/3rdp/src/cl/session/session.c: 1035 in closeSession()


    ________________________________________________________________________________________________________
    *** CID 479097: Control flow issues (DEADCODE) /tmp/sbbs-Jan-24-2024/3rdp/src/cl/session/session.c: 1035 in closeSession() 1029 {
    1030 const SES_CLOSESUBPROTOCOL_FUNCTION closeSubprotocolFunction = \
    1031 ( SES_CLOSESUBPROTOCOL_FUNCTION ) \
    1032 FNPTR_GET( sessionInfoPtr->closeInnerSubprotocolFunction );
    1033 REQUIRES( closeSubprotocolFunction != NULL ); 1034
    CID 479097: Control flow issues (DEADCODE)
    Execution cannot reach this statement: "(void)closeSubprotocolFunct...".
    1035 ( void ) closeSubprotocolFunction( sessionInfoPtr );
    1036 }
    1037
    1038 /* If protocol management is handled by an outer protocol, don't
    1039 perform a session shutdown. This is in theory rather nasty in
    1040 that an attacker who can spoof an unsecured outer protocol packet

    ** CID 479096: Control flow issues (DEADCODE) /tmp/sbbs-Jan-24-2024/3rdp/src/cl/session/session.c: 685 in activateConnection()


    ________________________________________________________________________________________________________
    *** CID 479096: Control flow issues (DEADCODE) /tmp/sbbs-Jan-24-2024/3rdp/src/cl/session/session.c: 685 in activateConnection()
    679
    680 /* If there's sub-protocol selected, activate that as well */ 681 #if defined( USE_WEBSOCKETS ) || defined( USE_EAP )
    682 if( sessionInfoPtr->subProtocol != CRYPT_SUBPROTOCOL_NONE && \ 683 FNPTR_ISSET( sessionInfoPtr->activateOuterSubprotocolFunction ) )
    684 {
    CID 479096: Control flow issues (DEADCODE)
    Execution cannot reach the expression "sessionInfoPtr->activateOuterSubprotocolFunction.fnPtr" inside this statement: "activateSubprotocolFunction...".
    685 const SES_ACTIVATESUBPROTOCOL_FUNCTION activateSubprotocolFunction = \
    686 ( SES_ACTIVATESUBPROTOCOL_FUNCTION ) \
    687 FNPTR_GET( sessionInfoPtr->activateOuterSubprotocolFunction );
    688 REQUIRES( activateSubprotocolFunction != NULL );
    689
    690 status = activateSubprotocolFunction( sessionInfoPtr );

    ** CID 479095: Control flow issues (DEADCODE) /tmp/sbbs-Jan-24-2024/3rdp/src/cl/kernel/selftest.c: 130 in testSafetyMechanisms()


    ________________________________________________________________________________________________________
    *** CID 479095: Control flow issues (DEADCODE) /tmp/sbbs-Jan-24-2024/3rdp/src/cl/kernel/selftest.c: 130 in testSafetyMechanisms()
    124 tmrIntB |= 0x800;
    125 tmrIntC |= 0x01;
    126 if( TMR_VALID( tmrInt ) || TMR_GET( tmrInt ) != 20 )
    127 return( FALSE );
    128 TMR_SCRUB( tmrInt );
    129 if( tmrIntA != 20 || tmrIntB != 20 || tmrIntC != 20 )
    CID 479095: Control flow issues (DEADCODE)
    Execution cannot reach this statement: "return 0;".
    130 return( FALSE );
    131 CFI_CHECK_UPDATE( "TMR" );
    132
    133 /* Test the overflow-checking mechanisms. These checks will probably
    134 fall prey to optimiser inlining but it'll still statically check that
    135 they work as expected.

    ** CID 479094: (DEADCODE)
    /tmp/sbbs-Jan-24-2024/3rdp/src/cl/cert/read.c: 720 in readAttributeCertInfo() /tmp/sbbs-Jan-24-2024/3rdp/src/cl/cert/read.c: 668 in readAttributeCertInfo() /tmp/sbbs-Jan-24-2024/3rdp/src/cl/cert/read.c: 641 in readAttributeCertInfo()


    ________________________________________________________________________________________________________
    *** CID 479094: (DEADCODE)
    /tmp/sbbs-Jan-24-2024/3rdp/src/cl/cert/read.c: 720 in readAttributeCertInfo() 714 {
    715 return( certErrorReturn( certInfoPtr, "issuer unique ID",
    716 status ) );
    717 }
    718 }
    719 if( cryptStatusError( status ) )
    CID 479094: (DEADCODE)
    Execution cannot reach this statement: "return status;".
    720 return( status ); /* Residual error from peekTag() */
    721
    722 /* If there are no extensions present, we're done */
    723 if( stell( stream ) >= endPos )
    724 return( CRYPT_OK );
    725
    /tmp/sbbs-Jan-24-2024/3rdp/src/cl/cert/read.c: 668 in readAttributeCertInfo() 662 if( cryptStatusOK( status ) )
    663 status = readIssuerDN( stream, certInfoPtr ); 664 if( cryptStatusError( status ) )
    665 return( certErrorReturn( certInfoPtr, "issuer name", status ) );
    666 }
    667 if( cryptStatusError( status ) )
    CID 479094: (DEADCODE)
    Execution cannot reach this statement: "return status;".
    668 return( status ); /* Residual error from peekTag() */
    669 if( checkStatusLimitsPeekTag( stream, status, tag, innerEndPos ) && \
    670 tag == MAKE_CTAG( CTAG_AC_ISSUER_BASECERTIFICATEID ) ) 671 {
    672 status = readUniversal( stream );
    673 }
    /tmp/sbbs-Jan-24-2024/3rdp/src/cl/cert/read.c: 641 in readAttributeCertInfo() 635 if( cryptStatusOK( status ) )
    636 status = readSubjectDN( stream, certInfoPtr ); 637 if( cryptStatusError( status ) )
    638 return( certErrorReturn( certInfoPtr, "holder name", status ) );
    639 }
    640 if( cryptStatusError( status ) )
    CID 479094: (DEADCODE)
    Execution cannot reach this statement: "return status;".
    641 return( status ); /* Residual error from peekTag() */
    642 if( checkStatusLimitsPeekTag( stream, status, tag, innerEndPos ) && \
    643 tag == MAKE_CTAG( CTAG_AC_HOLDER_OBJECTDIGESTINFO ) ) 644 {
    645 /* This is a complicated structure that in effect encodes a generic
    646 hole reference to "other", for now we just skip it until we can

    ** CID 479093: (DEADCODE)
    /tmp/sbbs-Jan-24-2024/3rdp/src/cl/cryptkey.c: 1779 in openKeyset() /tmp/sbbs-Jan-24-2024/3rdp/src/cl/cryptkey.c: 1770 in openKeyset() /tmp/sbbs-Jan-24-2024/3rdp/src/cl/cryptkey.c: 1771 in openKeyset()


    ________________________________________________________________________________________________________
    *** CID 479093: (DEADCODE)
    /tmp/sbbs-Jan-24-2024/3rdp/src/cl/cryptkey.c: 1779 in openKeyset()
    1773 break;
    1774
    1775 case CRYPT_KEYSET_HTTP:
    1776 status = setAccessMethodHTTP( keysetInfoPtr ); 1777 break;
    1778
    CID 479093: (DEADCODE)
    Execution cannot reach this statement: "case CRYPT_KEYSET_LDAP:".
    1779 case CRYPT_KEYSET_LDAP:
    1780 status = setAccessMethodLDAP( keysetInfoPtr ); 1781 break;
    1782
    1783 default:
    1784 retIntError(); /tmp/sbbs-Jan-24-2024/3rdp/src/cl/cryptkey.c: 1770 in openKeyset()
    1764 }
    1765
    1766 /* It's a specific type of keyset, set up the access information for it
    1767 and connect to it */
    1768 switch( keysetType )
    1769 {
    CID 479093: (DEADCODE)
    Execution cannot reach this statement: "case CRYPT_KEYSET_DATABASE:". 1770 case CRYPT_KEYSET_DATABASE:
    1771 case CRYPT_KEYSET_DATABASE_STORE:
    1772 status = setAccessMethodDBMS( keysetInfoPtr, keysetType );
    1773 break;
    1774
    1775 case CRYPT_KEYSET_HTTP: /tmp/sbbs-Jan-24-2024/3rdp/src/cl/cryptkey.c: 1771 in openKeyset()
    1765
    1766 /* It's a specific type of keyset, set up the access information for it
    1767 and connect to it */
    1768 switch( keysetType )
    1769 {
    1770 case CRYPT_KEYSET_DATABASE:
    CID 479093: (DEADCODE)
    Execution cannot reach this statement: "case CRYPT_KEYSET_DATABASE_...".
    1771 case CRYPT_KEYSET_DATABASE_STORE:
    1772 status = setAccessMethodDBMS( keysetInfoPtr, keysetType );
    1773 break;
    1774
    1775 case CRYPT_KEYSET_HTTP:
    1776 status = setAccessMethodHTTP( keysetInfoPtr );

    ** CID 479092: Resource leaks (RESOURCE_LEAK) /tmp/sbbs-Jan-24-2024/3rdp/src/cl/cert/ext_copy.c: 285 in copyAttribute()


    ________________________________________________________________________________________________________
    *** CID 479092: Resource leaks (RESOURCE_LEAK) /tmp/sbbs-Jan-24-2024/3rdp/src/cl/cert/ext_copy.c: 285 in copyAttribute()
    279 if( DATAPTR_ISSET_PTR( newAttributeHeadPtr ) ) 280 deleteAttributes( newAttributeHeadPtr );
    281 return( status );
    282 }
    283
    284 /* Append the new field to the new attribute list */ >>> CID 479092: Resource leaks (RESOURCE_LEAK)
    Variable "newAttributeField" going out of scope leaks the storage it points to.
    285 insertDoubleListElement( newAttributeHeadPtr, newAttributeListTail,
    286 newAttributeField, ATTRIBUTE_LIST );
    287 newAttributeListTail = newAttributeField;
    288 }
    289 ENSURES( LOOP_BOUND_OK );
    290 ENSURES( DATAPTR_ISSET_PTR( newAttributeHeadPtr ) );

    ** CID 479091: Integer handling issues (CONSTANT_EXPRESSION_RESULT) /tmp/sbbs-Jan-24-2024/3rdp/src/cl/session/ssh2_msgcli.c: 707 in processChannelOpenConfirmation()


    ________________________________________________________________________________________________________
    *** CID 479091: Integer handling issues (CONSTANT_EXPRESSION_RESULT) /tmp/sbbs-Jan-24-2024/3rdp/src/cl/session/ssh2_msgcli.c: 707 in processChannelOpenConfirmation()
    701 done */
    702 if( serviceType == SERVICE_PORTFORWARD ) {
    703 selectChannel( sessionInfoPtr, origWriteChannelNo, CHANNEL_WRITE );
    704 return( CRYPT_OK );
    705 }
    706
    CID 479091: Integer handling issues (CONSTANT_EXPRESSION_RESULT)
    "255612575 || channelNo == 0 || !waitforWindow" is always true regardless of the values of its operands. This occurs as the logical operand of "if".
    707 if ( TRUE || channelNo == 0 || !waitforWindow )
    708 {
    709 /* It's a session open request that requires additional messages to do
    710 anything useful, create and send the extra packets. Unlike the
    711 overall open request, we can't wrap and send the packets in one go
    712 because serviceType == SERVICE_SHELL has to send multiple packets,


    ________________________________________________________________________________________________________
    To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yp-2FP9gGRhvFklLaQKuBylUrkMFB3WMR2p7qIYKYTZrh4E6fW2ok94RcmG1J20ETIf4-3D_Ob8_g4j7BHlu96plUOfCQsO0yRjoWZCZl8YGnZ-2FUtT39hrDXsFtzU0G-2FWPcCSE76ga65FpTOVnlTg2HlohxKy4ePNmfAvcTgQHzRuwjEUPYcoNsjv51yTcWgn-2B5ZoKEZbHKDuJHZyg4oYm-2B85r0HAuyVfWOvaujD7HGzC-2Bi-2BJJr4c31Rz-2B5noR-2FnEcQw4pO0lSZx8Qbg6Ydb9v-2FQISXmWX5vnA-3D-3D



    ---
    Synchronet Vertrauen Home of Synchronet [vert/cvs/bbs].synchro.net
  • From scan-admin@coverity.com@VERT to cov-scan@synchro.net on Thu Feb 1 13:40:37 2024
    Hi,

    Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

    1 new defect(s) introduced to Synchronet found with Coverity Scan.


    New defect(s) Reported-by: Coverity Scan
    Showing 1 of 1 defect(s)


    ** CID 480410: Uninitialized variables (UNINIT) /tmp/sbbs-Feb-01-2024/src/conio/ciolib.c: 2152 in ciolib_rgb_to_legacyattr()


    ________________________________________________________________________________________________________
    *** CID 480410: Uninitialized variables (UNINIT) /tmp/sbbs-Feb-01-2024/src/conio/ciolib.c: 2152 in ciolib_rgb_to_legacyattr() 2146 }
    2147 }
    2148 }
    2149 }
    2150
    2151 return (bestb << 4) | bestf;
    CID 480410: Uninitialized variables (UNINIT)
    Using uninitialized value "bestf".


    ________________________________________________________________________________________________________
    To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yp-2FP9gGRhvFklLaQKuBylUrkMFB3WMR2p7qIYKYTZrh4E6fW2ok94RcmG1J20ETIf4-3D0Whj_g4j7BHlu96plUOfCQsO0yRjoWZCZl8YGnZ-2FUtT39hrCGuXH-2F8nbk79WMe2MJx6-2FI9exgVraqIoXRfw5t191-2Fkv7cvlCW07dWiwEkebe6LE7W-2FqT6ZfpHP5InVb8zXpzOgZvf4Ur9-2BJrsFE50Fqk6iSfX0glKX5AlD-2FYPX7BWAafhUDNW6RVuwz3H5dgusXmMWB9WTfpkkhCog7HEgqDjmg-3D-3D



    ---
    Synchronet Vertrauen Home of Synchronet [vert/cvs/bbs].synchro.net
  • From scan-admin@coverity.com@VERT to cov-scan@synchro.net on Sun Feb 4 15:09:08 2024
    Hi,

    Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

    1 new defect(s) introduced to Synchronet found with Coverity Scan.


    New defect(s) Reported-by: Coverity Scan
    Showing 1 of 1 defect(s)


    ** CID 483188: Memory - corruptions (OVERRUN)
    /ssl.c: 349 in internal_do_cryptInit()


    ________________________________________________________________________________________________________
    *** CID 483188: Memory - corruptions (OVERRUN)
    /ssl.c: 349 in internal_do_cryptInit()
    343 cryptlib_initialized = false;
    344 cryptEnd();
    345 asprintf(&cryptfail, "Incorrect cryptlib version %d (expected %d)", tmp, CRYPTLIB_VERSION);
    346 return;
    347 }
    348 ret = cryptGetAttributeString(CRYPT_UNUSED, CRYPT_OPTION_INFO_PATCHES, patches, &stp);
    CID 483188: Memory - corruptions (OVERRUN)
    Overrunning array """" of 1 bytes by passing it to a function which accesses it at byte offset 31 using argument "32UL".
    349 if (cryptStatusError(ret) || stp != 32 || memcmp(patches, CRYPTLIB_PATCHES, 32) != 0) {
    350 cryptInit_error = ret;
    351 cryptlib_initialized = false;
    352 cryptEnd();
    353 asprintf(&cryptfail, "Incorrect cryptlib patch set %.32s (expected %s)", patches, CRYPTLIB_PATCHES);
    354 return;


    ________________________________________________________________________________________________________
    To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yp-2FP9gGRhvFklLaQKuBylUrkMFB3WMR2p7qIYKYTZrh4E6fW2ok94RcmG1J20ETIf4-3DoE8P_g4j7BHlu96plUOfCQsO0yRjoWZCZl8YGnZ-2FUtT39hrCgaHhvhfxqmGN-2F2MOiNHiXAXmmE5-2BoMir72-2FKS-2B4CChPr-2B6DUEcHFnW2fJcB9K-2BLqjLkG6SOds2KKoiOogAgt4kivLp-2Bbv0MawXscaXZ6U3zKSU8zPaw8llzmAMgAx1EcIlUZ9-2Faak-2B54E1Z-2BGSHEscOAt6ClVWnKMr9zoYGJFvw-3D-3D



    ---
    Synchronet Vertrauen Home of Synchronet [vert/cvs/bbs].synchro.net
  • From scan-admin@coverity.com@VERT to cov-scan@synchro.net on Mon Feb 5 13:39:54 2024
    Hi,

    Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

    1 new defect(s) introduced to Synchronet found with Coverity Scan.
    8 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

    New defect(s) Reported-by: Coverity Scan
    Showing 1 of 1 defect(s)


    ** CID 483249: Error handling issues (CHECKED_RETURN)
    /main.cpp: 3570 in sbbs_t::init()()


    ________________________________________________________________________________________________________
    *** CID 483249: Error handling issues (CHECKED_RETURN)
    /main.cpp: 3570 in sbbs_t::init()()
    3564 thisnode.misc&=(NODE_EVENT|NODE_LOCK|NODE_RRUN);
    3565 criterrs=thisnode.errors;
    3566 putnodedat(cfg.node_num,&thisnode);
    3567
    3568 // remove any pending node messages
    3569 safe_snprintf(str, sizeof(str), "%smsgs/n%3.3u.msg",cfg.data_dir,cfg.node_num);
    CID 483249: Error handling issues (CHECKED_RETURN)
    Calling "remove(str)" without checking return value. This library function may fail and return an error code.
    3570 remove(str);
    3571 // Delete any stale temporary files (with potentially sensitive content)
    3572 delfiles(cfg.temp_dir,ALLFILES);
    3573 safe_snprintf(str, sizeof(str), "%sMSGTMP", cfg.node_dir);
    3574 removecase(str);
    3575 safe_snprintf(str, sizeof(str), "%sQUOTES.TXT", cfg.node_dir);


    ________________________________________________________________________________________________________
    To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yp-2FP9gGRhvFklLaQKuBylUrkMFB3WMR2p7qIYKYTZrh4E6fW2ok94RcmG1J20ETIf4-3DuxM4_g4j7BHlu96plUOfCQsO0yRjoWZCZl8YGnZ-2FUtT39hrDlWnKXqUo4ko-2BswZDnU0KThZlBPhv1kFyIVU6rRp9K48otOTA5WQm5qg8o-2FY8FDqYkPfgDhKOyoUIQMv1mPwAY7yKStOAqjn6xloHvMgh0mRG0DJXpuxyIOkTyi2gGZzdoTshBDw9gCNjiMqTW3IeGxtntX-2B4oBRMrCvut8dx1Kg-3D-3D



    ---
    Synchronet Vertrauen Home of Synchronet [vert/cvs/bbs].synchro.net
  • From scan-admin@coverity.com@VERT to cov-scan@synchro.net on Wed Feb 7 13:48:34 2024
    Hi,

    Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

    1 new defect(s) introduced to Synchronet found with Coverity Scan.
    1 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

    New defect(s) Reported-by: Coverity Scan
    Showing 1 of 1 defect(s)


    ** CID 486181: (RESOURCE_LEAK)
    /js_bbs.cpp: 1730 in js_expand_atcodes(JSContext *, unsigned int, unsigned long *)()
    /js_bbs.cpp: 1732 in js_expand_atcodes(JSContext *, unsigned int, unsigned long *)()


    ________________________________________________________________________________________________________
    *** CID 486181: (RESOURCE_LEAK)
    /js_bbs.cpp: 1730 in js_expand_atcodes(JSContext *, unsigned int, unsigned long *)()
    1724 if (instr == NULL)
    1725 return JS_FALSE;
    1726
    1727 if(JSVAL_IS_OBJECT(argv[1]) && !JSVAL_IS_NULL(argv[1])) {
    1728 JSObject* hdrobj;
    1729 if((hdrobj = JSVAL_TO_OBJECT(argv[1])) == NULL)
    CID 486181: (RESOURCE_LEAK)
    Variable "instr" going out of scope leaks the storage it points to. 1730 return JS_FALSE;
    1731 if(!js_GetMsgHeaderObjectPrivates(cx, hdrobj, /* smb_t: */NULL, &msg, /* post: */NULL))
    1732 return JS_FALSE;
    1733 }
    1734
    1735 rc = JS_SUSPENDREQUEST(cx);
    /js_bbs.cpp: 1732 in js_expand_atcodes(JSContext *, unsigned int, unsigned long *)()
    1726
    1727 if(JSVAL_IS_OBJECT(argv[1]) && !JSVAL_IS_NULL(argv[1])) {
    1728 JSObject* hdrobj;
    1729 if((hdrobj = JSVAL_TO_OBJECT(argv[1])) == NULL)
    1730 return JS_FALSE;
    1731 if(!js_GetMsgHeaderObjectPrivates(cx, hdrobj, /* smb_t: */NULL, &msg, /* post: */NULL))
    CID 486181: (RESOURCE_LEAK)
    Variable "instr" going out of scope leaks the storage it points to. 1732 return JS_FALSE;
    1733 }
    1734
    1735 rc = JS_SUSPENDREQUEST(cx);
    1736 sbbs->expand_atcodes(instr, result, sizeof result, msg);
    1737 free(instr);


    ________________________________________________________________________________________________________
    To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yp-2FP9gGRhvFklLaQKuBylUrkMFB3WMR2p7qIYKYTZrh4E6fW2ok94RcmG1J20ETIf4-3DmylI_g4j7BHlu96plUOfCQsO0yRjoWZCZl8YGnZ-2FUtT39hrDXJXQdHoPdhvgvF0Vb847O95f-2F78EIoUagepOVq0LGxVFLDoLOCCiMG-2Fo4JxZOKwjHbMnoOXJKKkCjtFcCkE7VRLhxJ-2FNLJW4jwAN0Jl-2F3no6moASPMez-2F6bxuKm8Qy55QwIHngsrpIdU6tJlGz6f2tQot6J2A4fn-2FWICSVomHTA-3D-3D



    ---
    Synchronet Vertrauen Home of Synchronet [vert/cvs/bbs].synchro.net
  • From scan-admin@coverity.com@VERT to cov-scan@synchro.net on Fri Feb 9 13:39:53 2024
    Hi,

    Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

    1 new defect(s) introduced to Synchronet found with Coverity Scan.
    2 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

    New defect(s) Reported-by: Coverity Scan
    Showing 1 of 1 defect(s)


    ** CID 486276: (USE_AFTER_FREE)
    /tmp/sbbs-Feb-09-2024/src/xpdev/xpprintf.c: 1378 in xp_vasprintf() /tmp/sbbs-Feb-09-2024/src/xpdev/xpprintf.c: 1378 in xp_vasprintf() /tmp/sbbs-Feb-09-2024/src/xpdev/xpprintf.c: 1378 in xp_vasprintf() /tmp/sbbs-Feb-09-2024/src/xpdev/xpprintf.c: 1378 in xp_vasprintf() /tmp/sbbs-Feb-09-2024/src/xpdev/xpprintf.c: 1378 in xp_vasprintf() /tmp/sbbs-Feb-09-2024/src/xpdev/xpprintf.c: 1378 in xp_vasprintf() /tmp/sbbs-Feb-09-2024/src/xpdev/xpprintf.c: 1378 in xp_vasprintf() /tmp/sbbs-Feb-09-2024/src/xpdev/xpprintf.c: 1378 in xp_vasprintf() /tmp/sbbs-Feb-09-2024/src/xpdev/xpprintf.c: 1378 in xp_vasprintf() /tmp/sbbs-Feb-09-2024/src/xpdev/xpprintf.c: 1378 in xp_vasprintf() /tmp/sbbs-Feb-09-2024/src/xpdev/xpprintf.c: 1378 in xp_vasprintf() /tmp/sbbs-Feb-09-2024/src/xpdev/xpprintf.c: 1378 in xp_vasprintf() /tmp/sbbs-Feb-09-2024/src/xpdev/xpprintf.c: 1378 in xp_vasprintf() /tmp/sbbs-Feb-09-2024/src/xpdev/xpprintf.c: 1378 in xp_vasprintf() /tmp/sbbs-Feb-09-2024/src/xpdev/xpprintf.c: 1378 in xp_vasprintf()


    ________________________________________________________________________________________________________
    *** CID 486276: (USE_AFTER_FREE)
    /tmp/sbbs-Feb-09-2024/src/xpdev/xpprintf.c: 1378 in xp_vasprintf()
    1372 break;
    1373 case XP_PRINTF_TYPE_SIZET:
    1374 next=xp_asprintf_next(working, type, va_arg(va, size_t));
    1375 break;
    1376 }
    1377 if(next==NULL) {
    CID 486276: (USE_AFTER_FREE)
    Calling "free" frees pointer "working" which has already been freed. 1378 free(working);
    1379 return(NULL);
    1380 }
    1381 working=next;
    1382 }
    1383 next=xp_asprintf_end(working, NULL); /tmp/sbbs-Feb-09-2024/src/xpdev/xpprintf.c: 1378 in xp_vasprintf()
    1372 break;
    1373 case XP_PRINTF_TYPE_SIZET:
    1374 next=xp_asprintf_next(working, type, va_arg(va, size_t));
    1375 break;
    1376 }
    1377 if(next==NULL) {
    CID 486276: (USE_AFTER_FREE)
    Calling "free" frees pointer "working" which has already been freed. 1378 free(working);
    1379 return(NULL);
    1380 }
    1381 working=next;
    1382 }
    1383 next=xp_asprintf_end(working, NULL); /tmp/sbbs-Feb-09-2024/src/xpdev/xpprintf.c: 1378 in xp_vasprintf()
    1372 break;
    1373 case XP_PRINTF_TYPE_SIZET:
    1374 next=xp_asprintf_next(working, type, va_arg(va, size_t));
    1375 break;
    1376 }
    1377 if(next==NULL) {
    CID 486276: (USE_AFTER_FREE)
    Calling "free" frees pointer "working" which has already been freed. 1378 free(working);
    1379 return(NULL);
    1380 }
    1381 working=next;
    1382 }
    1383 next=xp_asprintf_end(working, NULL); /tmp/sbbs-Feb-09-2024/src/xpdev/xpprintf.c: 1378 in xp_vasprintf()
    1372 break;
    1373 case XP_PRINTF_TYPE_SIZET:
    1374 next=xp_asprintf_next(working, type, va_arg(va, size_t));
    1375 break;
    1376 }
    1377 if(next==NULL) {
    CID 486276: (USE_AFTER_FREE)
    Calling "free" frees pointer "working" which has already been freed. 1378 free(working);
    1379 return(NULL);
    1380 }
    1381 working=next;
    1382 }
    1383 next=xp_asprintf_end(working, NULL); /tmp/sbbs-Feb-09-2024/src/xpdev/xpprintf.c: 1378 in xp_vasprintf()
    1372 break;
    1373 case XP_PRINTF_TYPE_SIZET:
    1374 next=xp_asprintf_next(working, type, va_arg(va, size_t));
    1375 break;
    1376 }
    1377 if(next==NULL) {
    CID 486276: (USE_AFTER_FREE)
    Calling "free" frees pointer "working" which has already been freed. 1378 free(working);
    1379 return(NULL);
    1380 }
    1381 working=next;
    1382 }
    1383 next=xp_asprintf_end(working, NULL); /tmp/sbbs-Feb-09-2024/src/xpdev/xpprintf.c: 1378 in xp_vasprintf()
    1372 break;
    1373 case XP_PRINTF_TYPE_SIZET:
    1374 next=xp_asprintf_next(working, type, va_arg(va, size_t));
    1375 break;
    1376 }
    1377 if(next==NULL) {
    CID 486276: (USE_AFTER_FREE)
    Calling "free" frees pointer "working" which has already been freed. 1378 free(working);
    1379 return(NULL);
    1380 }
    1381 working=next;
    1382 }
    1383 next=xp_asprintf_end(working, NULL); /tmp/sbbs-Feb-09-2024/src/xpdev/xpprintf.c: 1378 in xp_vasprintf()
    1372 break;
    1373 case XP_PRINTF_TYPE_SIZET:
    1374 next=xp_asprintf_next(working, type, va_arg(va, size_t));
    1375 break;
    1376 }
    1377 if(next==NULL) {
    CID 486276: (USE_AFTER_FREE)
    Calling "free" frees pointer "working" which has already been freed. 1378 free(working);
    1379 return(NULL);
    1380 }
    1381 working=next;
    1382 }
    1383 next=xp_asprintf_end(working, NULL); /tmp/sbbs-Feb-09-2024/src/xpdev/xpprintf.c: 1378 in xp_vasprintf()
    1372 break;
    1373 case XP_PRINTF_TYPE_SIZET:
    1374 next=xp_asprintf_next(working, type, va_arg(va, size_t));
    1375 break;
    1376 }
    1377 if(next==NULL) {
    CID 486276: (USE_AFTER_FREE)
    Calling "free" frees pointer "working" which has already been freed. 1378 free(working);
    1379 return(NULL);
    1380 }
    1381 working=next;
    1382 }
    1383 next=xp_asprintf_end(working, NULL); /tmp/sbbs-Feb-09-2024/src/xpdev/xpprintf.c: 1378 in xp_vasprintf()
    1372 break;
    1373 case XP_PRINTF_TYPE_SIZET:
    1374 next=xp_asprintf_next(working, type, va_arg(va, size_t));
    1375 break;
    1376 }
    1377 if(next==NULL) {
    CID 486276: (USE_AFTER_FREE)
    Calling "free" frees pointer "working" which has already been freed. 1378 free(working);
    1379 return(NULL);
    1380 }
    1381 working=next;
    1382 }
    1383 next=xp_asprintf_end(working, NULL); /tmp/sbbs-Feb-09-2024/src/xpdev/xpprintf.c: 1378 in xp_vasprintf()
    1372 break;
    1373 case XP_PRINTF_TYPE_SIZET:
    1374 next=xp_asprintf_next(working, type, va_arg(va, size_t));
    1375 break;
    1376 }
    1377 if(next==NULL) {
    CID 486276: (USE_AFTER_FREE)
    Calling "free" frees pointer "working" which has already been freed. 1378 free(working);
    1379 return(NULL);
    1380 }
    1381 working=next;
    1382 }
    1383 next=xp_asprintf_end(working, NULL); /tmp/sbbs-Feb-09-2024/src/xpdev/xpprintf.c: 1378 in xp_vasprintf()
    1372 break;
    1373 case XP_PRINTF_TYPE_SIZET:
    1374 next=xp_asprintf_next(working, type, va_arg(va, size_t));
    1375 break;
    1376 }
    1377 if(next==NULL) {
    CID 486276: (USE_AFTER_FREE)
    Calling "free" frees pointer "working" which has already been freed. 1378 free(working);
    1379 return(NULL);
    1380 }
    1381 working=next;
    1382 }
    1383 next=xp_asprintf_end(working, NULL); /tmp/sbbs-Feb-09-2024/src/xpdev/xpprintf.c: 1378 in xp_vasprintf()
    1372 break;
    1373 case XP_PRINTF_TYPE_SIZET:
    1374 next=xp_asprintf_next(working, type, va_arg(va, size_t));
    1375 break;
    1376 }
    1377 if(next==NULL) {
    CID 486276: (USE_AFTER_FREE)
    Calling "free" frees pointer "working" which has already been freed. 1378 free(working);
    1379 return(NULL);
    1380 }
    1381 working=next;
    1382 }
    1383 next=xp_asprintf_end(working, NULL); /tmp/sbbs-Feb-09-2024/src/xpdev/xpprintf.c: 1378 in xp_vasprintf()
    1372 break;
    1373 case XP_PRINTF_TYPE_SIZET:
    1374 next=xp_asprintf_next(working, type, va_arg(va, size_t));
    1375 break;
    1376 }
    1377 if(next==NULL) {
    CID 486276: (USE_AFTER_FREE)
    Calling "free" frees pointer "working" which has already been freed. 1378 free(working);
    1379 return(NULL);
    1380 }
    1381 working=next;
    1382 }
    1383 next=xp_asprintf_end(working, NULL); /tmp/sbbs-Feb-09-2024/src/xpdev/xpprintf.c: 1378 in xp_vasprintf()
    1372 break;
    1373 case XP_PRINTF_TYPE_SIZET:
    1374 next=xp_asprintf_next(working, type, va_arg(va, size_t));
    1375 break;
    1376 }
    1377 if(next==NULL) {
    CID 486276: (USE_AFTER_FREE)
    Calling "free" frees pointer "working" which has already been freed. 1378 free(working);
    1379 return(NULL);
    1380 }
    1381 working=next;
    1382 }
    1383 next=xp_asprintf_end(working, NULL); /tmp/sbbs-Feb-09-2024/src/xpdev/xpprintf.c: 1378 in xp_vasprintf()
    1372 break;
    1373 case XP_PRINTF_TYPE_SIZET:
    1374 next=xp_asprintf_next(working, type, va_arg(va, size_t));
    1375 break;
    1376 }
    1377 if(next==NULL) {
    CID 486276: (USE_AFTER_FREE)
    Calling "free" frees pointer "working" which has already been freed. 1378 free(working);
    1379 return(NULL);
    1380 }
    1381 working=next;
    1382 }
    1383 next=xp_asprintf_end(working, NULL);


    ________________________________________________________________________________________________________
    To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yp-2FP9gGRhvFklLaQKuBylUrkMFB3WMR2p7qIYKYTZrh4E6fW2ok94RcmG1J20ETIf4-3DIHvH_g4j7BHlu96plUOfCQsO0yRjoWZCZl8YGnZ-2FUtT39hrCP2NMkGTJz9ej0zbFZSaut2su5O4d-2FdeN5YNfhO3vr5iN7SLkyWMmA-2BkVBoBNMCMtjp4F5UOP3BhPg-2B0yHPx-2BA66plmcHqc3TbhObiquLp-2FeS-2BJifVzCXGlHdvyg4PHEaoR6LUO7c-2FqTSbtEkku9P0EYfxZeeo5KgjMqT4aVuFYw-3D-3D



    ---
    Synchronet Vertrauen Home of Synchronet [vert/cvs/bbs].synchro.net
  • From scan-admin@coverity.com@VERT to cov-scan@synchro.net on Wed Feb 14 13:40:33 2024
    Hi,

    Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

    1 new defect(s) introduced to Synchronet found with Coverity Scan.


    New defect(s) Reported-by: Coverity Scan
    Showing 1 of 1 defect(s)


    ** CID 486477: Error handling issues (CHECKED_RETURN)
    /writemsg.cpp: 416 in sbbs_t::writemsg(const char *, const char *, char *, int, int, const char *, const char *, const char **, const char **)()


    ________________________________________________________________________________________________________
    *** CID 486477: Error handling issues (CHECKED_RETURN)
    /writemsg.cpp: 416 in sbbs_t::writemsg(const char *, const char *, char *, int, int, const char *, const char *, const char **, const char **)()
    410 free(buf);
    411 return(false);
    412 }
    413 if(!i && linesquoted)
    414 break;
    415 if(!i || quote[0]==all_key()) { /* Quote all */
    CID 486477: Error handling issues (CHECKED_RETURN)
    Calling "fseek(stream, l, 0)" without checking return value. This library function may fail and return an error code.
    416 fseek(stream,l,SEEK_SET);
    417 while(!feof(stream) && !ferror(stream)) {
    418 if(!fgets(str,sizeof(str),stream))
    419 break;
    420 quotestr(str);
    421 SAFEPRINTF2(tmp,quote_fmt,cols-4,str);


    ________________________________________________________________________________________________________
    To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yp-2FP9gGRhvFklLaQKuBylUrkMFB3WMR2p7qIYKYTZrh4E6fW2ok94RcmG1J20ETIf4-3D2gqt_g4j7BHlu96plUOfCQsO0yRjoWZCZl8YGnZ-2FUtT39hrDyBxF-2BuedSB2oLaNTy6psp3Cor4F0rz-2B4SwaIkEVyFE7FwRjEukPY43bM1L1Hi7YMYgyrb0V1krz3N47RLZR8GIqMuk2Z3RqE2OO4o9y0KvmmLDJLp5jbtMBebo-2FmfheUw1RP41SRg-2FK16Oi1OoUubPmh6iPKTPVX1V81t13b6sA-3D-3D



    ---
    Synchronet Vertrauen Home of Synchronet [vert/cvs/bbs].synchro.net
  • From scan-admin@coverity.com@VERT to cov-scan@synchro.net on Fri Feb 16 13:40:21 2024
    Hi,

    Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

    1 new defect(s) introduced to Synchronet found with Coverity Scan.
    4 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

    New defect(s) Reported-by: Coverity Scan
    Showing 1 of 1 defect(s)


    ** CID 486496: (CHECKED_RETURN)
    /writemsg.cpp: 382 in sbbs_t::writemsg(const char *, const char *, char *, int, int, const char *, const char *, const char **, const char **)()
    /writemsg.cpp: 344 in sbbs_t::writemsg(const char *, const char *, char *, int, int, const char *, const char *, const char **, const char **)()


    ________________________________________________________________________________________________________
    *** CID 486496: (CHECKED_RETURN)
    /writemsg.cpp: 382 in sbbs_t::writemsg(const char *, const char *, char *, int, int, const char *, const char *, const char **, const char **)()
    376
    377 else if(useron_xedit && cfg.xedit[useron_xedit-1]->misc&QUOTENONE)
    378 ;
    379
    380 else if(yesno(text[QuoteMessageQ])) {
    381 if(!fexist(quotes_fname(useron_xedit, path, sizeof(path))))
    CID 486496: (CHECKED_RETURN)
    Calling "fexistcase" without checking return value (as is done elsewhere 117 out of 130 times).
    382 fexistcase(path);
    383 if((stream=fnopen(&file,path,O_RDONLY))==NULL) {
    384 errormsg(WHERE,ERR_OPEN,path,O_RDONLY); 385 free(buf);
    386 return(false);
    387 }
    /writemsg.cpp: 344 in sbbs_t::writemsg(const char *, const char *, char *, int, int, const char *, const char *, const char **, const char **)()
    338 && cfg.sub[subnum]->misc&SUB_QUOTE))) {
    339
    340 /* Quote entire message to MSGTMP or INPUT.MSG */
    341
    342 if(useron_xedit && cfg.xedit[useron_xedit-1]->misc&QUOTEALL) {
    343 if(!fexist(quotes_fname(useron_xedit, path, sizeof(path))))
    CID 486496: (CHECKED_RETURN)
    Calling "fexistcase" without checking return value (as is done elsewhere 117 out of 130 times).
    344 fexistcase(path);
    345 if((stream=fnopen(NULL,path,O_RDONLY))==NULL) { 346 errormsg(WHERE,ERR_OPEN,path,O_RDONLY); 347 free(buf);
    348 return(false);
    349 }


    ________________________________________________________________________________________________________
    To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yp-2FP9gGRhvFklLaQKuBylUrkMFB3WMR2p7qIYKYTZrh4E6fW2ok94RcmG1J20ETIf4-3Dzn-5_g4j7BHlu96plUOfCQsO0yRjoWZCZl8YGnZ-2FUtT39hrDPrVkNTVRB68tnZKkkXRCkPUT71LTHn8QopE1tYVp-2FX-2Br08qA1yywGwU3c4MVrlWG-2BFbxw1q-2Fo2e8fear09VrdxSTaZYVAh-2F7Xjhpabc-2Bcxm1n9Xbtacc4z9BZManLJqZ02pp-2F9yM96t7IgwLb1rxOxJKJoizd1NnBghDuRAiDsQ-3D-3D



    ---
    Synchronet Vertrauen Home of Synchronet [vert/cvs/bbs].synchro.net
  • From scan-admin@coverity.com@VERT to cov-scan@synchro.net on Wed Feb 21 13:39:50 2024
    Hi,

    Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

    1 new defect(s) introduced to Synchronet found with Coverity Scan.


    New defect(s) Reported-by: Coverity Scan
    Showing 1 of 1 defect(s)


    ** CID 486966: Memory - illegal accesses (RETURN_LOCAL) /tmp/sbbs-Feb-21-2024/src/xpdev/ini_file.c: 1073 in iniGetSString()


    ________________________________________________________________________________________________________
    *** CID 486966: Memory - illegal accesses (RETURN_LOCAL) /tmp/sbbs-Feb-21-2024/src/xpdev/ini_file.c: 1073 in iniGetSString()
    1067 size_t pos;
    1068
    1069 ret = iniGetString(list, section, key, deflt, fval);
    1070 if (ret == NULL)
    1071 return ret;
    1072 if (ret == deflt)
    CID 486966: Memory - illegal accesses (RETURN_LOCAL)
    Returning pointer "ret" which points to local variable "fval".
    1073 return ret;
    1074 if (sz < 1 || value == NULL)
    1075 return value;
    1076 for (pos = 0; ret[pos]; pos++) {
    1077 if (pos == sz - 1)
    1078 break;


    ________________________________________________________________________________________________________
    To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yp-2FP9gGRhvFklLaQKuBylUrkMFB3WMR2p7qIYKYTZrh4E6fW2ok94RcmG1J20ETIf4-3DCYsZ_g4j7BHlu96plUOfCQsO0yRjoWZCZl8YGnZ-2FUtT39hrB1fCECxNjHKDEt971XvCYyugWw34HvI84c7ZyY-2BmycHBmh3Jr1qZj7bY0gisTp5UvajQDEP9IZaQTdaMfzHs9DaKL5izWrIdkGSbov-2BkvcK5JM0MeIsMOKIH6vPln5vf0C7XQzN4AL02tzLGZGEYX2inJEOXX8A46m4M4faN8zLQ-3D-3D



    ---
    Synchronet Vertrauen Home of Synchronet [vert/cvs/bbs].synchro.net