2266 load_msgs_cfg(&cfg, error, sizeof(error));CID 436064: Error handling issues (CHECKED_RETURN)
Calling "load_msgs_cfg" without checking return value (as is done elsewhere 4 out of 5 times).
679 l=length>(cfg.level_linespermsg[useron_level]*MAX_LINE_LEN)-1CID 436320: (SIGN_EXTENSION)
Suspicious implicit sign extension: "this->cfg.level_linespermsg[useron_level]" with type "uint16_t" (16 bits, unsigned) is promoted in "this->cfg.level_linespermsg[useron_level] * (this->cols - 1) - 1" to type "int" (32 bits, signed), then sign-extended to type "long" (64 bits, signed). If "this->cfg.level_linespermsg[useron_level] * (this->cols - 1) - 1" is greater than 0x7FFFFFFF, the upper bits of the result will all be 1.
680 ? (cfg.level_linespermsg[useron_level]*MAX_LINE_LEN)-1 : length;CID 436320: (SIGN_EXTENSION)
Suspicious implicit sign extension: "this->cfg.level_linespermsg[useron_level]" with type "uint16_t" (16 bits, unsigned) is promoted in "this->cfg.level_linespermsg[useron_level] * (this->cols - 1) - 1" to type "int" (32 bits, signed), then sign-extended to type "long" (64 bits, signed). If "this->cfg.level_linespermsg[useron_level] * (this->cols - 1) - 1" is greater than 0x7FFFFFFF, the upper bits of the result will all be 1.
657 length=(cfg.level_linespermsg[useron_level]*MAX_LINE_LEN)-(l+1);CID 436320: (SIGN_EXTENSION)
Suspicious implicit sign extension: "this->cfg.level_linespermsg[useron_level]" with type "uint16_t" (16 bits, unsigned) is promoted in "this->cfg.level_linespermsg[useron_level] * (this->cols - 1)" to type "int" (32 bits, signed), then sign-extended to type "unsigned long" (64 bits, unsigned). If "this->cfg.level_linespermsg[useron_level] * (this->cols - 1)" is greater than 0x7FFFFFFF, the upper bits of the result will all be 1.
294 if((buf=(char*)malloc((cfg.level_linespermsg[useron_level]*MAX_LINE_LEN) + 1))CID 436320: (SIGN_EXTENSION)
Suspicious implicit sign extension: "this->cfg.level_linespermsg[useron_level]" with type "uint16_t" (16 bits, unsigned) is promoted in "this->cfg.level_linespermsg[useron_level] * (this->cols - 1) + 1" to type "int" (32 bits, signed), then sign-extended to type "unsigned long" (64 bits, unsigned). If "this->cfg.level_linespermsg[useron_level] * (this->cols - 1) + 1" is greater than 0x7FFFFFFF, the upper bits of the result will all be 1.
656 if(length>(long)((cfg.level_linespermsg[useron_level]*MAX_LINE_LEN)-(l+1))) {CID 436320: (SIGN_EXTENSION)
Suspicious implicit sign extension: "this->cfg.level_linespermsg[useron_level]" with type "uint16_t" (16 bits, unsigned) is promoted in "this->cfg.level_linespermsg[useron_level] * (this->cols - 1)" to type "int" (32 bits, signed), then sign-extended to type "unsigned long" (64 bits, unsigned). If "this->cfg.level_linespermsg[useron_level] * (this->cols - 1)" is greater than 0x7FFFFFFF, the upper bits of the result will all be 1.
49 msg->hdr.when_written.time=(uint32_t)xpDateTime_to_localtime(dt);CID 436319: High impact quality (Y2K38_SAFETY)
A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "xpDateTime_to_localtime(dt)" is cast to "uint32_t".
88 remove(str);CID 436318: Error handling issues (CHECKED_RETURN)
Calling "remove(str)" without checking return value. This library function may fail and return an error code.
198 msg->hdr.when_written.time=(uint32_t)sane_mktime(&tm); 199 }CID 436317: High impact quality (Y2K38_SAFETY)
A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "sane_mktime(&tm)" is cast to "uint32_t".
1382 fseeko(smb.sdt_fp,offset,SEEK_SET);CID 436316: Error handling issues (CHECKED_RETURN)
Calling "fseeko(this->smb.sdt_fp, offset, 0)" without checking return value. This library function may fail and return an error code.
406 min=min*10+(buf[++m]&0xf);CID 436315: Code maintainability issues (UNUSED_VALUE)
Assigning value from "min * 10 + (buf[++m] & 0xf)" to "min" here, but that stored value is overwritten before it can be used.
1692 }CID 436314: (RESOURCE_LEAK)
Handle variable "fd" going out of scope leaks the handle.
1692 }CID 436314: (RESOURCE_LEAK)
Handle variable "fd" going out of scope leaks the handle.
4383 if(sbbs->exec(&sbbs->main_csi))CID 436313: (OVERRUN)
Calling "exec" with "sbbs->main_csi.cs" and "sbbs->main_csi.length" is suspicious because of the very large index, 18446744073709551615. The index may be due to a negative parameter being interpreted as unsigned.
4367 if(lread(file,sbbs->main_csi.cs,sbbs->main_csi.length)CID 436313: (OVERRUN)
Calling "read" with "sbbs->main_csi.cs" and "sbbs->main_csi.length" is suspicious because of the very large index, 18446744073709551615. The index may be due to a negative parameter being interpreted as unsigned. [Note: The source code implementation of the function has been overridden by a builtin model.]
1750 poll(fds, 1, 1);CID 436312: Error handling issues (CHECKED_RETURN)
Calling "poll(fds, 1UL, 1)" without checking return value. This library function may fail and return an error code. [Note: The source code implementation of the function has been overridden by a builtin model.]
812 if(lread(file,bin.cs,bin.length)!=(ssize_t)bin.length) {CID 436311: (OVERRUN)
Calling "read" with "bin.cs" and "bin.length" is suspicious because of the very large index, 18446744073709551615. The index may be due to a negative parameter being interpreted as unsigned. [Note: The source code implementation of the function has been overridden by a builtin model.]
825 while(exec(&bin)==0)CID 436311: (OVERRUN)
Calling "exec" with "bin.cs" and "bin.length" is suspicious because of the very large index, 18446744073709551615. The index may be due to a negative parameter being interpreted as unsigned.
1114 useron.expire=(time32_t)juliantounix(i);CID 436310: High impact quality (Y2K38_SAFETY)
A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "juliantounix(i)" is cast to "time32_t".
294 remove(str);CID 436309: Error handling issues (CHECKED_RETURN)
Calling "remove(str)" without checking return value. This library function may fail and return an error code.
619 remove(str);CID 436308: (CHECKED_RETURN)
Calling "remove(str)" without checking return value. This library function may fail and return an error code.
745 remove(packet);CID 436308: (CHECKED_RETURN)
Calling "remove(packet)" without checking return value. This library function may fail and return an error code.
733 remove(packet);CID 436308: (CHECKED_RETURN)
Calling "remove(packet)" without checking return value. This library function may fail and return an error code.
4407 fprintf(fp, "done=%u\n", (uint)now);CID 436307: High impact quality (Y2K38_SAFETY)
A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "now" is cast to "uint".
1235 return(unixtodstr(&cfg,(time32_t)ns_time,str));CID 436306: High impact quality (Y2K38_SAFETY)
A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "this->ns_time" is cast to "time32_t".
128 errormsg(WHERE, ERR_CHK, "time", (uint)now); 129 return(false);CID 436305: (Y2K38_SAFETY)
A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "this->now" is cast to "uint".
598 ,(uint)elapsedCID 436305: (Y2K38_SAFETY)
A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "elapsed" is cast to "uint".
603 ,(uint)elapsedCID 436305: (Y2K38_SAFETY)
A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "elapsed" is cast to "uint".
242 fread(buf,len,sizeof(char),fp);CID 436304: Error handling issues (CHECKED_RETURN)
"fread(void * restrict, size_t, size_t, FILE * restrict)" returns the number of bytes read, but it is ignored.
218 if(!smb_getmsghdr(&smb,&msg)) {CID 436303: Uninitialized variables (UNINIT)
Using uninitialized value "msg.idx_offset" when calling "smb_getmsghdr".
194 SAFECAT(buf,crlf);CID 436302: Memory - illegal accesses (STRING_NULL)
Passing unterminated string "buf" to "strlen", which expects a null-terminated string.
752 cp437_to_utf8_str(str, buf, sizeof(buf) - 1, /* minval: */'\x02');CID 436301: Insecure data handling (TAINTED_SCALAR)
Passing tainted expression "str" to "cp437_to_utf8_str", which uses it as an offset.
2033 fprintf(fp, "Created = 0x%x\n", (int)time(NULL));CID 436563: High impact quality (Y2K38_SAFETY)
A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "time(NULL)" is cast to "int".
118 remove(protlog); /* Deletes the protocol log */CID 446269: Error handling issues (CHECKED_RETURN)
Calling "remove(protlog)" without checking return value. This library function may fail and return an error code.
75 SAFEPRINTF2(str,"Estimated Time: %s Transfer Time: %s"CID 446268: High impact quality (Y2K38_SAFETY)
A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "elapsed" is cast to "uint".
131 }Variable "stream" going out of scope leaks the storage it points to. 130 return(false);
3435 pthread_mutex_unlock(&nodefile_mutex);CID 451019: (NEGATIVE_RETURNS)
"this->client_socket" is passed to a parameter that cannot be negative. 3434 errormsg(WHERE, ERR_OPEN, str, cfg.node_num);
3445 }CID 451019: (NEGATIVE_RETURNS)
"this->client_socket" is passed to a parameter that cannot be negative. 3443 errormsg(WHERE,ERR_WRITE,str,sizeof(node_t)); 3444 break;
1437 external(cmdstr(cfg.xtrn[xtrnnum]->clean, drop_file, startup_dir, NULL, mode)CID 451018: (LOCK)
"external" locks "this->input_thread_mutex" while it is locked.
1438 ,mode&~(EX_STDIN|EX_CONIO), cfg.xtrn[xtrnnum]->path);CID 451018: (LOCK)
"external" unlocks "this->input_thread_mutex" while it is unlocked. 1437 external(cmdstr(cfg.xtrn[xtrnnum]->clean, drop_file, startup_dir, NULL, mode)
218 if((*cur)>=opts)CID 451057: Uninitialized variables (UNINIT)
Using uninitialized value "*cur".
872 chdir(bbs_startup.ctrl_dir);CID 451056: Error handling issues (CHECKED_RETURN)
Calling "chdir" without checking return value (as is done elsewhere 18 out of 21 times).
2498 sbbs_write_ini(CID 451084: Error handling issues (CHECKED_RETURN)
Calling "sbbs_write_ini" without checking return value (as is done elsewhere 6 out of 7 times).
50 iniWriteFile(fp, ini);CID 451182: Null pointer dereferences (NULL_RETURNS)
Dereferencing a pointer that might be "NULL" "fp" when calling "iniWriteFile".
936 errormsg(WHERE,ERR_ALLOC,"msgeditor",sizeof(char *)*(maxlines+1));CID 452331: Incorrect expression (SIZEOF_MISMATCH)
Passing argument "getfname("writemsg.cpp")" of type "char *" and argument "8UL /* sizeof (char *) */ * (maxlines + 1)" to function "errormsg" is suspicious.
966 if(line < 0)CID 452330: Control flow issues (NO_EFFECT)
This less-than-zero comparison of an unsigned value is never true. "line < 0U".
636 vs->winwidth = idealw;CID 452566: Concurrent data access violations (MISSING_LOCK)
Accessing "vs->winwidth" without holding lock "vstatlock". Elsewhere, "video_stats.winwidth" is accessed with "vstatlock" held 6 out of 9 times (1 of these accesses strongly imply that it is necessary).
288 release_vmem(vmem_ptr);CID 452578: Concurrent data access violations (ATOMICITY)
Using an unreliable value of "vmem_ptr" inside the second locked section. If the data that "vmem_ptr" depends on was changed by another thread, this use might be incorrect.
850 release_vmem(vmem_ptr);CID 452577: Concurrent data access violations (ATOMICITY)
Using an unreliable value of "vmem_ptr" inside the second locked section. If the data that "vmem_ptr" depends on was changed by another thread, this use might be incorrect.
1239 release_vmem(vmem_ptr);CID 452576: Concurrent data access violations (ATOMICITY)
Using an unreliable value of "vmem_ptr" inside the second locked section. If the data that "vmem_ptr" depends on was changed by another thread, this use might be incorrect.
1264 release_vmem(vmem_ptr);CID 452575: Concurrent data access violations (ATOMICITY)
Using an unreliable value of "vmem_ptr" inside the second locked section. If the data that "vmem_ptr" depends on was changed by another thread, this use might be incorrect.
1289 release_vmem(vmem_ptr);CID 452574: Concurrent data access violations (ATOMICITY)
Using an unreliable value of "vmem_ptr" inside the second locked section. If the data that "vmem_ptr" depends on was changed by another thread, this use might be incorrect.
882 release_vmem(vmem_ptr);CID 452573: Concurrent data access violations (ATOMICITY)
Using an unreliable value of "vmem_ptr" inside the second locked section. If the data that "vmem_ptr" depends on was changed by another thread, this use might be incorrect.
931 release_vmem(vmem_ptr);CID 452572: Concurrent data access violations (ATOMICITY)
Using an unreliable value of "vmem_ptr" inside the second locked section. If the data that "vmem_ptr" depends on was changed by another thread, this use might be incorrect.
562 release_vmem(vmem_ptr);Using an unreliable value of "vmem_ptr" inside the second locked section. If the data that "vmem_ptr" depends on was changed by another thread, this use might be incorrect.
647 release_vmem(vmem_ptr);CID 452582: (ATOMICITY)
Using an unreliable value of "vmem_ptr" inside the second locked section. If the data that "vmem_ptr" depends on was changed by another thread, this use might be incorrect.
584 release_vmem(vmem_ptr);CID 452582: (ATOMICITY)
Using an unreliable value of "vmem_ptr" inside the second locked section. If the data that "vmem_ptr" depends on was changed by another thread, this use might be incorrect.
1608 request_redraw();CID 452581: Program hangs (ORDER_REVERSAL)
Calling "request_redraw" acquires lock "vstatlock" while holding lock "screenlock" (count: 1 / 2).
89 fwrite(y2r, 4, 1 << 24, y);CID 453600: (NULL_RETURNS)
Dereferencing a pointer that might be "NULL" "r" when calling "fwrite". 88 fwrite(r2y, 4, 1 << 24, r);
90 fclose(s);CID 453600: (NULL_RETURNS)
Dereferencing a pointer that might be "NULL" "y" when calling "fwrite". 89 fwrite(y2r, 4, 1 << 24, y);
69 fprintf(s,CID 453600: (NULL_RETURNS)
Dereferencing a pointer that might be "NULL" "s" when calling "fprintf". [Note: The source code implementation of the function has been overridden by a builtin model.]
78 fprintf(h,CID 453600: (NULL_RETURNS)
Dereferencing a pointer that might be "NULL" "h" when calling "fprintf". [Note: The source code implementation of the function has been overridden by a builtin model.]
2135 sbbs->translate_input(wrbuf, wr);CID 453850: Memory - corruptions (OVERRUN)
Overrunning buffer pointed to by "wrbuf" of 4000 bytes by passing it to a function which accesses it at byte offset 4000 using argument "wr" (which evaluates to 4001).
72 sprintf(path, "%s/r2y.bin", argv[2]);CID 453849: (STRING_SIZE)
Passing string "argv[2]" of unknown size to "sprintf".
74 sprintf(path, "%s/y2r.bin", argv[2]);CID 453849: (STRING_SIZE)
Passing string "argv[2]" of unknown size to "sprintf".
68 sprintf(path, "%s/rgbmap.s", argv[2]);CID 453849: (STRING_SIZE)
Passing string "argv[2]" of unknown size to "sprintf".
70 sprintf(path, "%s/rgbmap.h", argv[2]);CID 453849: (STRING_SIZE)
Passing string "argv[2]" of unknown size to "sprintf".
562 x_cvstat = vstat;CID 453848: Concurrent data access violations (MISSING_LOCK)
Accessing "x_cvstat" without holding lock "vstatlock". Elsewhere, "x_cvstat" is accessed with "vstatlock" held 3 out of 4 times (1 of these accesses strongly imply that it is necessary).
336 if (x_cvstat.aspect_width != 0 && x_cvstat.aspect_height != 0) {CID 454698: Incorrect expression (IDENTICAL_BRANCHES)
The same code is executed regardless of whether "x_cvstat.aspect_width != 0 && x_cvstat.aspect_height != 0" is true, because the 'then' and 'else' branches are identical. Should one of the branches be modified, or the entire 'if' statement replaced?
565 return(-1);CID 454697: Program hangs (LOCK)
Returning without unlocking "vstatlock".
return true;".CID 454696: Control flow issues (UNREACHABLE)
This code cannot be reached: "if (fval == 0.)
904 x11.XPutImage(dpy, win, gc, xim, 0, 0, xoff, yoff, source->w, source->h);CID 462165: Null pointer dereferences (FORWARD_NULL)
Dereferencing null pointer "source".
448 vstat.scaling = sdl_getscaling();CID 462164: Concurrent data access violations (MISSING_LOCK)
Accessing "vstat.scaling" without holding lock "vstatlock". Elsewhere, "video_stats.scaling" is accessed with "vstatlock" held 13 out of 18 times (1 of these accesses strongly imply that it is necessary).
408 vstat.scaling = sdl_getscaling();CID 462163: Concurrent data access violations (MISSING_LOCK)
Accessing "vstat.scaling" without holding lock "vstatlock". Elsewhere, "video_stats.scaling" is accessed with "vstatlock" held 13 out of 18 times (1 of these accesses strongly imply that it is necessary).
657 vstat.scaling = sdl_getscaling();CID 462162: Concurrent data access violations (MISSING_LOCK)
Accessing "vstat.scaling" without holding lock "vstatlock". Elsewhere, "video_stats.scaling" is accessed with "vstatlock" held 13 out of 18 times (1 of these accesses strongly imply that it is necessary).
511 xp_dlclose(dl2);CID 462161: Null pointer dereferences (FORWARD_NULL)
Passing null pointer "dl2" to "dlclose", which dereferences it.
589 if(wmhints) {CID 462160: Null pointer dereferences (REVERSE_INULL)
Null-checking "wmhints" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
591 return(-1);CID 462159: (RESOURCE_LEAK)
Variable "dl2" going out of scope leaks the storage it points to.
552 return(-1);CID 462159: (RESOURCE_LEAK)
Variable "dl2" going out of scope leaks the storage it points to.
552 return(-1);CID 462159: (RESOURCE_LEAK)
Variable "dl2" going out of scope leaks the storage it points to.
557 return(-1);CID 462159: (RESOURCE_LEAK)
Variable "dl2" going out of scope leaks the storage it points to.
552 return(-1);CID 462159: (RESOURCE_LEAK)
Variable "dl2" going out of scope leaks the storage it points to.
563 return(-1);CID 462159: (RESOURCE_LEAK)
Variable "dl2" going out of scope leaks the storage it points to.
570 return(-1);CID 462159: (RESOURCE_LEAK)
Variable "dl2" going out of scope leaks the storage it points to.
Sysop: | Lmorchard |
---|---|
Location: | Portland, OR |
Users: | 52 |
Nodes: | 16 (0 / 16) |
Uptime: | 60:03:04 |
Calls: | 135 |
Messages: | 10,063 |