• New Defects reported by Coverity Scan for Synchronet

    From scan-admin@coverity.com@VERT to cov-scan@synchro.net on Mon Feb 13 13:37:11 2023
    Hi,

    Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

    1 new defect(s) introduced to Synchronet found with Coverity Scan.


    New defect(s) Reported-by: Coverity Scan
    Showing 1 of 1 defect(s)


    ** CID 436064: Error handling issues (CHECKED_RETURN)
    /scfg/scfg.c: 2266 in bail()


    ________________________________________________________________________________________________________
    *** CID 436064: Error handling issues (CHECKED_RETURN)
    /scfg/scfg.c: 2266 in bail()
    2260 if(code) {
    2261 printf("\nHit enter to continue...");
    2262 (void)getchar();
    2263 }
    2264 else if(forcesave) {
    2265 load_main_cfg(&cfg, error, sizeof(error));
    CID 436064: Error handling issues (CHECKED_RETURN)
    Calling "load_msgs_cfg" without checking return value (as is done elsewhere 4 out of 5 times).
    2266 load_msgs_cfg(&cfg, error, sizeof(error));
    2267 load_file_cfg(&cfg, error, sizeof(error));
    2268 load_chat_cfg(&cfg, error, sizeof(error));
    2269 load_xtrn_cfg(&cfg, error, sizeof(error));
    2270 cfg.new_install=new_install;
    2271 save_main_cfg(&cfg,backup_level);


    ________________________________________________________________________________________________________
    To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yp-2FP9gGRhvFklLaQKuBylUrkMFB3WMR2p7qIYKYTZrh4BbWTBf-2B-2Fi5ZUVF-2Fo-2B6flxo-3DD5MO_g4j7BHlu96plUOfCQsO0yRjoWZCZl8YGnZ-2FUtT39hrDTaDtSmOw-2Bk-2F2GY9-2Fd2mdj1kV98qMuZQMWgSaq-2FKJTpW1JmDNOWTqgrbhAT5Uu1FeAUx9pihjmNzRCgsVATSDaJVNi1-2Fy70syPCKRY-2FmYivvscQV3ejVXXYul1-2BVLFI3iZ6Tr68ZR3M-2FuWbVS2FOTtToDy4GMZVGnWexi0ASRqfA-3D-3D



    ---
    þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
  • From scan-admin@coverity.com@VERT to cov-scan@synchro.net on Sun Feb 19 13:37:56 2023
    Hi,

    Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

    21 new defect(s) introduced to Synchronet found with Coverity Scan.
    16 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

    New defect(s) Reported-by: Coverity Scan
    Showing 20 of 21 defect(s)


    ** CID 436320: (SIGN_EXTENSION)
    /writemsg.cpp: 679 in sbbs_t::writemsg(const char *, const char *, char *, int, unsigned int, const char *, const char *, const char **, const char **)()
    /writemsg.cpp: 680 in sbbs_t::writemsg(const char *, const char *, char *, int, unsigned int, const char *, const char *, const char **, const char **)()
    /writemsg.cpp: 657 in sbbs_t::writemsg(const char *, const char *, char *, int, unsigned int, const char *, const char *, const char **, const char **)()
    /writemsg.cpp: 294 in sbbs_t::writemsg(const char *, const char *, char *, int, unsigned int, const char *, const char *, const char **, const char **)()
    /writemsg.cpp: 656 in sbbs_t::writemsg(const char *, const char *, char *, int, unsigned int, const char *, const char *, const char **, const char **)()


    ________________________________________________________________________________________________________
    *** CID 436320: (SIGN_EXTENSION)
    /writemsg.cpp: 679 in sbbs_t::writemsg(const char *, const char *, char *, int, unsigned int, const char *, const char *, const char **, const char **)()
    673 *editor = "Synchronet msgeditor " GIT_BRANCH "/" GIT_HASH;
    674
    675 buf[0]=0;
    676 if(linesquoted || draft_restored) {
    677 if((file=nopen(msgtmp,O_RDONLY))!=-1) {
    678 length=(long)filelength(file);
    CID 436320: (SIGN_EXTENSION)
    Suspicious implicit sign extension: "this->cfg.level_linespermsg[useron_level]" with type "uint16_t" (16 bits, unsigned) is promoted in "this->cfg.level_linespermsg[useron_level] * (this->cols - 1) - 1" to type "int" (32 bits, signed), then sign-extended to type "long" (64 bits, signed). If "this->cfg.level_linespermsg[useron_level] * (this->cols - 1) - 1" is greater than 0x7FFFFFFF, the upper bits of the result will all be 1.
    679 l=length>(cfg.level_linespermsg[useron_level]*MAX_LINE_LEN)-1
    680 ? (cfg.level_linespermsg[useron_level]*MAX_LINE_LEN)-1 : length;
    681 lread(file,buf,l);
    682 buf[l]=0;
    683 close(file);
    684 // remove(msgtmp);
    /writemsg.cpp: 680 in sbbs_t::writemsg(const char *, const char *, char *, int, unsigned int, const char *, const char *, const char **, const char **)()
    674
    675 buf[0]=0;
    676 if(linesquoted || draft_restored) {
    677 if((file=nopen(msgtmp,O_RDONLY))!=-1) {
    678 length=(long)filelength(file);
    679 l=length>(cfg.level_linespermsg[useron_level]*MAX_LINE_LEN)-1
    CID 436320: (SIGN_EXTENSION)
    Suspicious implicit sign extension: "this->cfg.level_linespermsg[useron_level]" with type "uint16_t" (16 bits, unsigned) is promoted in "this->cfg.level_linespermsg[useron_level] * (this->cols - 1) - 1" to type "int" (32 bits, signed), then sign-extended to type "long" (64 bits, signed). If "this->cfg.level_linespermsg[useron_level] * (this->cols - 1) - 1" is greater than 0x7FFFFFFF, the upper bits of the result will all be 1.
    680 ? (cfg.level_linespermsg[useron_level]*MAX_LINE_LEN)-1 : length;
    681 lread(file,buf,l);
    682 buf[l]=0;
    683 close(file);
    684 // remove(msgtmp);
    685 }
    /writemsg.cpp: 657 in sbbs_t::writemsg(const char *, const char *, char *, int, unsigned int, const char *, const char *, const char **, const char **)()
    651 free(buf);
    652 return false;
    653 }
    654 l=strlen((char *)buf); /* reserve space for top and terminating null */
    655 /* truncate if too big */
    656 if(length>(long)((cfg.level_linespermsg[useron_level]*MAX_LINE_LEN)-(l+1))) {
    CID 436320: (SIGN_EXTENSION)
    Suspicious implicit sign extension: "this->cfg.level_linespermsg[useron_level]" with type "uint16_t" (16 bits, unsigned) is promoted in "this->cfg.level_linespermsg[useron_level] * (this->cols - 1)" to type "int" (32 bits, signed), then sign-extended to type "unsigned long" (64 bits, unsigned). If "this->cfg.level_linespermsg[useron_level] * (this->cols - 1)" is greater than 0x7FFFFFFF, the upper bits of the result will all be 1.
    657 length=(cfg.level_linespermsg[useron_level]*MAX_LINE_LEN)-(l+1);
    658 bputs(text[OutOfBytes]);
    659 }
    660 long rd = read(file,buf+l,length);
    661 close(file);
    662 if(rd != length) {
    /writemsg.cpp: 294 in sbbs_t::writemsg(const char *, const char *, char *, int, unsigned int, const char *, const char *, const char **, const char **)()
    288
    289 useron_level=useron.level;
    290
    291 if(editor!=NULL)
    292 *editor=NULL;
    293
    CID 436320: (SIGN_EXTENSION)
    Suspicious implicit sign extension: "this->cfg.level_linespermsg[useron_level]" with type "uint16_t" (16 bits, unsigned) is promoted in "this->cfg.level_linespermsg[useron_level] * (this->cols - 1) + 1" to type "int" (32 bits, signed), then sign-extended to type "unsigned long" (64 bits, unsigned). If "this->cfg.level_linespermsg[useron_level] * (this->cols - 1) + 1" is greater than 0x7FFFFFFF, the upper bits of the result will all be 1.
    294 if((buf=(char*)malloc((cfg.level_linespermsg[useron_level]*MAX_LINE_LEN) + 1))
    295 ==NULL) {
    296 errormsg(WHERE,ERR_ALLOC,fname
    297 ,(cfg.level_linespermsg[useron_level]*MAX_LINE_LEN) +1);
    298 return(false);
    299 }
    /writemsg.cpp: 656 in sbbs_t::writemsg(const char *, const char *, char *, int, unsigned int, const char *, const char *, const char **, const char **)()
    650 errormsg(WHERE, ERR_LEN, msgtmp, length);
    651 free(buf);
    652 return false;
    653 }
    654 l=strlen((char *)buf); /* reserve space for top and terminating null */
    655 /* truncate if too big */
    CID 436320: (SIGN_EXTENSION)
    Suspicious implicit sign extension: "this->cfg.level_linespermsg[useron_level]" with type "uint16_t" (16 bits, unsigned) is promoted in "this->cfg.level_linespermsg[useron_level] * (this->cols - 1)" to type "int" (32 bits, signed), then sign-extended to type "unsigned long" (64 bits, unsigned). If "this->cfg.level_linespermsg[useron_level] * (this->cols - 1)" is greater than 0x7FFFFFFF, the upper bits of the result will all be 1.
    656 if(length>(long)((cfg.level_linespermsg[useron_level]*MAX_LINE_LEN)-(l+1))) {
    657 length=(cfg.level_linespermsg[useron_level]*MAX_LINE_LEN)-(l+1);
    658 bputs(text[OutOfBytes]);
    659 }
    660 long rd = read(file,buf+l,length);
    661 close(file);

    ** CID 436319: High impact quality (Y2K38_SAFETY)
    /qwktomsg.cpp: 49 in qwk_parse_header_list(sbbs_t *, unsigned int, smbmsg_t *, char ***, bool, bool)()


    ________________________________________________________________________________________________________
    *** CID 436319: High impact quality (Y2K38_SAFETY)
    /qwktomsg.cpp: 49 in qwk_parse_header_list(sbbs_t *, unsigned int, smbmsg_t *, char ***, bool, bool)()
    43 msg->hdr.auxattr |= MSG_HFIELDS_UTF8;
    44 }
    45
    46 if((p=iniPopKey(headers,ROOT_SECTION,"WhenWritten",value))!=NULL) {
    47 xpDateTime_t dt=isoDateTimeStr_parse(p);
    48
    CID 436319: High impact quality (Y2K38_SAFETY)
    A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "xpDateTime_to_localtime(dt)" is cast to "uint32_t".
    49 msg->hdr.when_written.time=(uint32_t)xpDateTime_to_localtime(dt);
    50 msg->hdr.when_written.zone=dt.zone;
    51 sscanf(p,"%*s %s",zone);
    52 if(zone[0])
    53 msg->hdr.when_written.zone=(ushort)strtoul(zone,NULL,16);
    54 }

    ** CID 436318: Error handling issues (CHECKED_RETURN)
    /tmp_xfer.cpp: 88 in sbbs_t::create_filelist(const char *, int)()


    ________________________________________________________________________________________________________
    *** CID 436318: Error handling issues (CHECKED_RETURN)
    /tmp_xfer.cpp: 88 in sbbs_t::create_filelist(const char *, int)()
    82 if(k)
    83 bprintf(text[CreatedFileList],name);
    84 else {
    85 if(online == ON_REMOTE)
    86 bputs(text[NoFiles]);
    87 SAFEPRINTF2(str,"%s%s",cfg.temp_dir,name);
    CID 436318: Error handling issues (CHECKED_RETURN)
    Calling "remove(str)" without checking return value. This library function may fail and return an error code.
    88 remove(str);
    89 }
    90 return(k);
    91 }
    92
    93 /****************************************************************************/

    ** CID 436317: High impact quality (Y2K38_SAFETY)
    /qwktomsg.cpp: 198 in sbbs_t::qwk_new_msg(unsigned int, smbmsg_t *, char *, int, char **, bool)()


    ________________________________________________________________________________________________________
    *** CID 436317: High impact quality (Y2K38_SAFETY)
    /qwktomsg.cpp: 198 in sbbs_t::qwk_new_msg(unsigned int, smbmsg_t *, char *, int, char **, bool)()
    192 tm.tm_year=((hdrblk[14]&0xf)*10)+(hdrblk[15]&0xf);
    193 if(tm.tm_year<Y2K_2DIGIT_WINDOW)
    194 tm.tm_year+=100;
    195 tm.tm_hour=((hdrblk[16]&0xf)*10)+(hdrblk[17]&0xf);
    196 tm.tm_min=((hdrblk[19]&0xf)*10)+(hdrblk[20]&0xf);
    197
    CID 436317: High impact quality (Y2K38_SAFETY)
    A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "sane_mktime(&tm)" is cast to "uint32_t".
    198 msg->hdr.when_written.time=(uint32_t)sane_mktime(&tm); 199 }
    200
    201 if(msg->to==NULL)
    202 smb_hfield_str(msg,RECIPIENT,strip_ctrl(to, to));
    203

    ** CID 436316: Error handling issues (CHECKED_RETURN)
    /netmail.cpp: 1382 in sbbs_t::qnetmail(const char *, const char *, int, smb_t *, smbmsg_t *)()


    ________________________________________________________________________________________________________
    *** CID 436316: Error handling issues (CHECKED_RETURN)
    /netmail.cpp: 1382 in sbbs_t::qnetmail(const char *, const char *, int, smb_t *, smbmsg_t *)()
    1376 smb_close(&smb);
    1377 smb_stack(&smb,SMB_STACK_POP);
    1378 errormsg(WHERE,ERR_OPEN,msgpath,O_RDONLY|O_BINARY); 1379 return(false);
    1380 }
    1381
    CID 436316: Error handling issues (CHECKED_RETURN)
    Calling "fseeko(this->smb.sdt_fp, offset, 0)" without checking return value. This library function may fail and return an error code.
    1382 fseeko(smb.sdt_fp,offset,SEEK_SET);
    1383 xlat=XLAT_NONE;
    1384 fwrite(&xlat,2,1,smb.sdt_fp);
    1385 x=SDT_BLOCK_LEN-2; /* Don't read/write more than 255 */
    1386 while(!feof(instream)) {
    1387 memset(buf,0,x);

    ** CID 436315: Code maintainability issues (UNUSED_VALUE)
    /str.cpp: 406 in sbbs_t::sof(char *, char *, int)()


    ________________________________________________________________________________________________________
    *** CID 436315: Code maintainability issues (UNUSED_VALUE)
    /str.cpp: 406 in sbbs_t::sof(char *, char *, int)()
    400 max=max*10+(buf[++m]&0xf);
    401 }
    402 if(buf[m+1]=='.' && IS_DIGIT(buf[m+2])) {
    403 m++;
    404 min=buf[++m]&0xf;
    405 if(IS_DIGIT(buf[m+1]))
    CID 436315: Code maintainability issues (UNUSED_VALUE)
    Assigning value from "min * 10 + (buf[++m] & 0xf)" to "min" here, but that stored value is overwritten before it can be used.
    406 min=min*10+(buf[++m]&0xf);
    407 }
    408 if(buf[m+1]=='"') {
    409 max=0;
    410 m++;
    411 while(buf[++m]!='"' && max<80)

    ** CID 436314: (RESOURCE_LEAK)
    /xtrn.cpp: 1692 in sbbs_t::external(const char *, int, const char *)() /xtrn.cpp: 1692 in sbbs_t::external(const char *, int, const char *)()


    ________________________________________________________________________________________________________
    *** CID 436314: (RESOURCE_LEAK)
    /xtrn.cpp: 1692 in sbbs_t::external(const char *, int, const char *)()
    1686 dup2(fd, STDOUT_FILENO);
    1687 if(!(mode&EX_NOLOG))
    1688 dup2(fd, STDERR_FILENO);
    1689 if (fd > 2)
    1690 close(fd);
    1691 }
    CID 436314: (RESOURCE_LEAK)
    Handle variable "fd" going out of scope leaks the handle.
    1692 }
    1693
    1694 if(mode&EX_BG) /* background execution, detach child */
    1695 {
    1696 lprintf(LOG_INFO,"Detaching external process"); 1697 daemon(TRUE,FALSE);
    /xtrn.cpp: 1692 in sbbs_t::external(const char *, int, const char *)()
    1686 dup2(fd, STDOUT_FILENO);
    1687 if(!(mode&EX_NOLOG))
    1688 dup2(fd, STDERR_FILENO);
    1689 if (fd > 2)
    1690 close(fd);
    1691 }
    CID 436314: (RESOURCE_LEAK)
    Handle variable "fd" going out of scope leaks the handle.
    1692 }
    1693
    1694 if(mode&EX_BG) /* background execution, detach child */
    1695 {
    1696 lprintf(LOG_INFO,"Detaching external process"); 1697 daemon(TRUE,FALSE);

    ** CID 436313: (OVERRUN)
    /main.cpp: 4367 in node_thread(void *)()


    ________________________________________________________________________________________________________
    *** CID 436313: (OVERRUN)
    /main.cpp: 4383 in node_thread(void *)()
    4377
    4378 curshell=sbbs->useron.shell;
    4379 sbbs->main_csi.ip=sbbs->main_csi.cs; 4380 sbbs->menu_dir[0]=0;
    4381 sbbs->menu_file[0]=0;
    4382 }
    CID 436313: (OVERRUN)
    Calling "exec" with "sbbs->main_csi.cs" and "sbbs->main_csi.length" is suspicious because of the very large index, 18446744073709551615. The index may be due to a negative parameter being interpreted as unsigned.
    4383 if(sbbs->exec(&sbbs->main_csi))
    4384 break;
    4385 }
    4386 listRemoveTaggedNode(&current_logins, sbbs->cfg.node_num, /* free_data */TRUE);
    4387 }
    4388
    /main.cpp: 4367 in node_thread(void *)()
    4361 close(file);
    4362 sbbs->errormsg(WHERE,ERR_ALLOC,str,sbbs->main_csi.length);
    4363 sbbs->hangup();
    4364 break;
    4365 }
    4366
    CID 436313: (OVERRUN)
    Calling "read" with "sbbs->main_csi.cs" and "sbbs->main_csi.length" is suspicious because of the very large index, 18446744073709551615. The index may be due to a negative parameter being interpreted as unsigned. [Note: The source code implementation of the function has been overridden by a builtin model.]
    4367 if(lread(file,sbbs->main_csi.cs,sbbs->main_csi.length)
    4368 !=(int)sbbs->main_csi.length) { 4369 sbbs->errormsg(WHERE,ERR_READ,str,sbbs->main_csi.length);
    4370 close(file);
    4371 free(sbbs->main_csi.cs);
    4372 sbbs->main_csi.cs=NULL;

    ** CID 436312: Error handling issues (CHECKED_RETURN)
    /xtrn.cpp: 1750 in sbbs_t::external(const char *, int, const char *)()


    ________________________________________________________________________________________________________
    *** CID 436312: Error handling issues (CHECKED_RETURN)
    /xtrn.cpp: 1750 in sbbs_t::external(const char *, int, const char *)()
    1744 write(in_pipe[1],buf,wr);
    1745 }
    1746
    1747 bp=buf;
    1748 i=0;
    1749 if(mode&EX_NOLOG)
    CID 436312: Error handling issues (CHECKED_RETURN)
    Calling "poll(fds, 1UL, 1)" without checking return value. This library function may fail and return an error code. [Note: The source code implementation of the function has been overridden by a builtin model.]
    1750 poll(fds, 1, 1);
    1751 else {
    1752 while (poll(fds, 2, 1) > 0 && (fds[1].revents)
    1753 && (i < (int)sizeof(buf) - 1)) { 1754 if((rd=read(err_pipe[0],bp,1))>0) {
    1755 i+=rd;

    ** CID 436311: (OVERRUN)
    /exec.cpp: 812 in sbbs_t::exec_bin(const char *, csi_t *, const char *)()


    ________________________________________________________________________________________________________
    *** CID 436311: (OVERRUN)
    /exec.cpp: 812 in sbbs_t::exec_bin(const char *, csi_t *, const char *)()
    806 }
    807 if((bin.cs=(uchar *)malloc(bin.length))==NULL) {
    808 close(file);
    809 errormsg(WHERE,ERR_ALLOC,str,bin.length);
    810 return(-1);
    811 }
    CID 436311: (OVERRUN)
    Calling "read" with "bin.cs" and "bin.length" is suspicious because of the very large index, 18446744073709551615. The index may be due to a negative parameter being interpreted as unsigned. [Note: The source code implementation of the function has been overridden by a builtin model.]
    812 if(lread(file,bin.cs,bin.length)!=(ssize_t)bin.length) {
    813 close(file);
    814 errormsg(WHERE,ERR_READ,str,bin.length);
    815 free(bin.cs);
    816 return(-1);
    817 }
    /exec.cpp: 825 in sbbs_t::exec_bin(const char *, csi_t *, const char *)()
    819
    820 bin.ip=bin.cs;
    821 bin.rets=0;
    822 bin.cmdrets=0;
    823 bin.misc=0;
    824
    CID 436311: (OVERRUN)
    Calling "exec" with "bin.cs" and "bin.length" is suspicious because of the very large index, 18446744073709551615. The index may be due to a negative parameter being interpreted as unsigned.
    825 while(exec(&bin)==0)
    826 if(!(bin.misc&CS_OFFLINE_EXEC)) {
    827 checkline();
    828 if(!online)
    829 break;
    830 }

    ** CID 436310: High impact quality (Y2K38_SAFETY)
    /xtrn_sec.cpp: 1114 in sbbs_t::moduserdat(unsigned int)()


    ________________________________________________________________________________________________________
    *** CID 436310: High impact quality (Y2K38_SAFETY)
    /xtrn_sec.cpp: 1114 in sbbs_t::moduserdat(unsigned int)()
    1108 useron.level=(uint8_t)i;
    1109 putuserdec32(useron.number, USER_LEVEL, useron.level);
    1110 }
    1111 lseek(file,75,SEEK_CUR); /* read in expiration date */
    1112 read(file,&i,2); /* convert from julian to unix */
    1113 i = LE_INT(i);
    CID 436310: High impact quality (Y2K38_SAFETY)
    A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "juliantounix(i)" is cast to "time32_t".
    1114 useron.expire=(time32_t)juliantounix(i);
    1115 putuserdatetime(useron.number, USER_EXPIRE, useron.expire);
    1116 }
    1117 close(file);
    1118 }
    1119 return;

    ** CID 436309: Error handling issues (CHECKED_RETURN)
    /qwk.cpp: 294 in sbbs_t::qwk_success(unsigned int, char, char)()


    ________________________________________________________________________________________________________
    *** CID 436309: Error handling issues (CHECKED_RETURN)
    /qwk.cpp: 294 in sbbs_t::qwk_success(unsigned int, char, char)()
    288 SAFECOPY(str, "downloaded QWK packet");
    289 logline("D-",str);
    290 posts_read+=msgcnt;
    291
    292 sprintf(str,"%sfile/%04u.qwk",cfg.data_dir,useron.number);
    293 if(fexistcase(str))
    CID 436309: Error handling issues (CHECKED_RETURN)
    Calling "remove(str)" without checking return value. This library function may fail and return an error code.
    294 remove(str);
    295
    296 if(!bi) {
    297 batch_download(-1);
    298 delfiles(cfg.temp_dir,ALLFILES);
    299 }

    ** CID 436308: (CHECKED_RETURN)
    /pack_qwk.cpp: 619 in sbbs_t::pack_qwk(char *, unsigned int *, bool)() /pack_qwk.cpp: 745 in sbbs_t::pack_qwk(char *, unsigned int *, bool)() /pack_qwk.cpp: 733 in sbbs_t::pack_qwk(char *, unsigned int *, bool)()


    ________________________________________________________________________________________________________
    *** CID 436308: (CHECKED_RETURN)
    /pack_qwk.cpp: 619 in sbbs_t::pack_qwk(char *, unsigned int *, bool)()
    613 fclose(voting);
    614 }
    615 if(personal) {
    616 fclose(personal); /* close PERSONAL.NDX */
    617 SAFEPRINTF(str,"%sPERSONAL.NDX",cfg.temp_dir);
    618 if(!flength(str))
    CID 436308: (CHECKED_RETURN)
    Calling "remove(str)" without checking return value. This library function may fail and return an error code.
    619 remove(str);
    620 }
    621 CRLF;
    622
    623 if(!prepack && online!=ON_LOCAL && ((sys_status&SS_ABORT) || !online)) {
    624 bputs(text[Aborted]);
    /pack_qwk.cpp: 745 in sbbs_t::pack_qwk(char *, unsigned int *, bool)()
    739 if(file_count < 0)
    740 lprintf(LOG_ERR, "libarchive error (%s) creating %s", error, packet);
    741 else
    742 lprintf(LOG_INFO, "libarchive created %s from %d files", packet, file_count);
    743 }
    744 if(flength(packet) < 1) {
    CID 436308: (CHECKED_RETURN)
    Calling "remove(packet)" without checking return value. This library function may fail and return an error code.
    745 remove(packet);
    746 if((i = external(cmdstr(temp_cmd(),packet,path,NULL), ex|EX_WILDCARD)) != 0)
    747 errormsg(WHERE,ERR_EXEC,cmdstr(temp_cmd(),packet,path,NULL),i);
    748 if(flength(packet) < 1) {
    749 bputs(text[QWKCompressionFailed]);
    750 return(false);
    /pack_qwk.cpp: 733 in sbbs_t::pack_qwk(char *, unsigned int *, bool)()
    727 }
    728 }
    729
    730 /*******************/
    731 /* Compress Packet */
    732 /*******************/
    CID 436308: (CHECKED_RETURN)
    Calling "remove(packet)" without checking return value. This library function may fail and return an error code.
    733 remove(packet);
    734 SAFEPRINTF2(path,"%s%s",cfg.temp_dir,ALLFILES);
    735 if(strListFind((str_list_t)supported_archive_formats, useron.tmpext, /* case_sensitive */FALSE) >= 0) {
    736 str_list_t file_list = directory(path);
    737 int file_count = create_archive(packet, useron.tmpext, /* with_path: */false, file_list, error, sizeof(error));
    738 strListFree(&file_list);

    ** CID 436307: High impact quality (Y2K38_SAFETY)
    /main.cpp: 4407 in node_thread(void *)()


    ________________________________________________________________________________________________________
    *** CID 436307: High impact quality (Y2K38_SAFETY)
    /main.cpp: 4407 in node_thread(void *)()
    4401 time_t now = time(NULL);
    4402 SAFEPRINTF(str, "%sclient.ini", sbbs->cfg.node_dir);
    4403 FILE* fp = fopen(str, "at");
    4404 if(fp != NULL) {
    4405 fprintf(fp, "user=%u\n", sbbs->useron.number);
    4406 fprintf(fp, "name=%s\n", sbbs->useron.alias);
    CID 436307: High impact quality (Y2K38_SAFETY)
    A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "now" is cast to "uint".
    4407 fprintf(fp, "done=%u\n", (uint)now);
    4408 fclose(fp);
    4409 }
    4410
    4411 if(sbbs->sys_status&SS_DAILY) { // New day, run daily events/maintenance
    4412 sbbs->daily_maint();

    ** CID 436306: High impact quality (Y2K38_SAFETY)
    /atcodes.cpp: 1235 in sbbs_t::atcode(char *, char *, unsigned long, int *, bool, JSObject *)()


    ________________________________________________________________________________________________________
    *** CID 436306: High impact quality (Y2K38_SAFETY)
    /atcodes.cpp: 1235 in sbbs_t::atcode(char *, char *, unsigned long, int *, bool, JSObject *)()
    1229 f = (float)useron.dls / useron.uls;
    1230 safe_snprintf(str, maxlen, "%u", f ? (uint)(100 / f) : 0);
    1231 return str;
    1232 }
    1233
    1234 if(!strcmp(sp,"LASTNEW"))
    CID 436306: High impact quality (Y2K38_SAFETY)
    A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "this->ns_time" is cast to "time32_t".
    1235 return(unixtodstr(&cfg,(time32_t)ns_time,str));
    1236
    1237 if(strncmp(sp, "LASTNEW:", 8) == 0) {
    1238 sp += 8;
    1239 c_unescape_str(sp);
    1240 memset(&tm, 0, sizeof(tm));

    ** CID 436305: (Y2K38_SAFETY)
    /pack_qwk.cpp: 128 in sbbs_t::pack_qwk(char *, unsigned int *, bool)() /pack_qwk.cpp: 598 in sbbs_t::pack_qwk(char *, unsigned int *, bool)() /pack_qwk.cpp: 603 in sbbs_t::pack_qwk(char *, unsigned int *, bool)()


    ________________________________________________________________________________________________________
    *** CID 436305: (Y2K38_SAFETY)
    /pack_qwk.cpp: 128 in sbbs_t::pack_qwk(char *, unsigned int *, bool)()
    122 errormsg(WHERE,ERR_OPEN,str,0);
    123 return(false);
    124 }
    125
    126 now=time(NULL);
    127 if(localtime_r(&now,&tm)==NULL) {
    CID 436305: (Y2K38_SAFETY)
    A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "this->now" is cast to "uint".
    128 errormsg(WHERE, ERR_CHK, "time", (uint)now); 129 return(false);
    130 }
    131
    132 fprintf(stream,"%s\r\n%s\r\n%s\r\n%s, Sysop\r\n0000,%s\r\n"
    133 "%02u-%02u-%u,%02u:%02u:%02u\r\n" /pack_qwk.cpp: 598 in sbbs_t::pack_qwk(char *, unsigned int *, bool)()
    592 byte_estimate_to_str(ftell(qwk), tmp, sizeof(tmp), 1024, 1);
    593 if(online == ON_REMOTE)
    594 bprintf("\r\n\r\n\1n\1hPacked %u messages (%s bytes) in %u seconds "
    595 "(%lu messages/second)."
    596 ,(*msgcnt)+mailmsgs
    597 ,tmp
    CID 436305: (Y2K38_SAFETY)
    A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "elapsed" is cast to "uint".
    598 ,(uint)elapsed
    599 ,((*msgcnt)+mailmsgs) / elapsed);
    600 lprintf(LOG_INFO, "packed %u messages (%s bytes) in %u seconds (%u msgs/sec)"
    601 ,(*msgcnt)+mailmsgs
    602 ,tmp
    603 ,(uint)elapsed
    /pack_qwk.cpp: 603 in sbbs_t::pack_qwk(char *, unsigned int *, bool)()
    597 ,tmp
    598 ,(uint)elapsed
    599 ,((*msgcnt)+mailmsgs) / elapsed);
    600 lprintf(LOG_INFO, "packed %u messages (%s bytes) in %u seconds (%u msgs/sec)"
    601 ,(*msgcnt)+mailmsgs
    602 ,tmp
    CID 436305: (Y2K38_SAFETY)
    A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "elapsed" is cast to "uint".
    603 ,(uint)elapsed
    604 ,(uint)(((*msgcnt)+mailmsgs)/elapsed));
    605 }
    606
    607 BOOL voting_data = FALSE;
    608 fclose(qwk); /* close MESSAGE.DAT */

    ** CID 436304: Error handling issues (CHECKED_RETURN)
    /writemsg.cpp: 242 in sbbs_t::process_edited_file(const char *, const char *, int, unsigned int *, unsigned int)()


    ________________________________________________________________________________________________________
    *** CID 436304: Error handling issues (CHECKED_RETURN)
    /writemsg.cpp: 242 in sbbs_t::process_edited_file(const char *, const char *, int, unsigned int *, unsigned int)()
    236 if((fp=fopen(src,"rb"))==NULL) {
    237 free(buf);
    238 return -3;
    239 }
    240
    241 memset(buf,0,len+1);
    CID 436304: Error handling issues (CHECKED_RETURN)
    "fread(void * restrict, size_t, size_t, FILE * restrict)" returns the number of bytes read, but it is ignored.
    242 fread(buf,len,sizeof(char),fp);
    243 fclose(fp);
    244
    245 if((fp=fopen(dest,"wb"))!=NULL) {
    246 len=process_edited_text(buf, fp, mode, lines, maxlines);
    247 fclose(fp);

    ** CID 436303: Uninitialized variables (UNINIT)


    ________________________________________________________________________________________________________
    *** CID 436303: Uninitialized variables (UNINIT)
    /readmsgs.cpp: 218 in sbbs_t::loadposts(unsigned int *, unsigned int, unsigned int, int, unsigned int *, unsigned int *)()
    212 if(idx.to!=namecrc && idx.from!=namecrc
    213 && idx.to!=aliascrc && idx.from!=aliascrc
    214 && (useron.number!=1 || idx.to!=sysop)) 215 continue;
    216 msg.idx=idx;
    217 if(!smb_lockmsghdr(&smb,&msg)) {
    CID 436303: Uninitialized variables (UNINIT)
    Using uninitialized value "msg.idx_offset" when calling "smb_getmsghdr".
    218 if(!smb_getmsghdr(&smb,&msg)) {
    219 if(stricmp(msg.to,useron.alias) 220 && stricmp(msg.from,useron.alias)
    221 && stricmp(msg.to,useron.name)
    222 && stricmp(msg.from,useron.name)
    223 && (useron.number!=1 || stricmp(msg.to,"sysop")

    ** CID 436302: Memory - illegal accesses (STRING_NULL)
    /telgate.cpp: 194 in sbbs_t::telnet_gate(char *, unsigned int, unsigned int, char *, char *, char *)()


    ________________________________________________________________________________________________________
    *** CID 436302: Memory - illegal accesses (STRING_NULL)
    /telgate.cpp: 194 in sbbs_t::telnet_gate(char *, unsigned int, unsigned int, char *, char *, char *)()
    188 l=K_CHAT;
    189 if(!(mode&TG_ECHO))
    190 l|=K_NOECHO;
    191 rd=getstr((char*)buf,sizeof(buf)-1,l);
    192 if(!rd)
    193 continue;
    CID 436302: Memory - illegal accesses (STRING_NULL)
    Passing unterminated string "buf" to "strlen", which expects a null-terminated string.
    194 SAFECAT(buf,crlf);
    195 rd+=2;
    196 gotline=true;
    197 }
    198 if((mode&TG_CRLF) && buf[rd-1]=='\r') 199 buf[rd++]='\n';

    ** CID 436301: Insecure data handling (TAINTED_SCALAR)


    ________________________________________________________________________________________________________
    *** CID 436301: Insecure data handling (TAINTED_SCALAR)
    /writemsg.cpp: 752 in sbbs_t::writemsg(const char *, const char *, char *, int, unsigned int, const char *, const char *, const char **, const char **)()
    746 while(!feof(tag)) {
    747 if(!fgets(str,sizeof(str),tag)) 748 break;
    749 truncsp(str);
    750 if(utf8) {
    751 char buf[sizeof(str)*4];
    CID 436301: Insecure data handling (TAINTED_SCALAR)
    Passing tainted expression "str" to "cp437_to_utf8_str", which uses it as an offset.
    752 cp437_to_utf8_str(str, buf, sizeof(buf) - 1, /* minval: */'\x02');
    753 l+=fprintf(stream,"%s\r\n", buf);
    754 } else
    755 l+=fprintf(stream,"%s\r\n",str);
    756 lines++; /* line counter */
    757 }


    ________________________________________________________________________________________________________
    To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yp-2FP9gGRhvFklLaQKuBylUrkMFB3WMR2p7qIYKYTZrh4BbWTBf-2B-2Fi5ZUVF-2Fo-2B6flxo-3Drgn4_g4j7BHlu96plUOfCQsO0yRjoWZCZl8YGnZ-2FUtT39hrBgI3c58nn-2BM3pe4vcfOmT008rEPNCgcySL-2BxLmEpv67QM-2F5FYfBWKXdLuapzG8Uw08lzNE-2FII55Z3TUX6jcFlwAq3AECQ-2BNvq5LcItSQXmz87wTP5IweENV-2Fec52OWXZ5z-2Bkfj7gccdDWHh5Lsy5qHClX0MJc5hcJeyhGduvOrMQ-3D-3D



    ---
    þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
  • From scan-admin@coverity.com@VERT to cov-scan@synchro.net on Tue Feb 21 13:36:08 2023
    Hi,

    Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

    1 new defect(s) introduced to Synchronet found with Coverity Scan.


    New defect(s) Reported-by: Coverity Scan
    Showing 1 of 1 defect(s)


    ** CID 436563: High impact quality (Y2K38_SAFETY) /tmp/sbbs-Feb-21-2023/src/smblib/smblib.c: 2033 in smb_create()


    ________________________________________________________________________________________________________
    *** CID 436563: High impact quality (Y2K38_SAFETY) /tmp/sbbs-Feb-21-2023/src/smblib/smblib.c: 2033 in smb_create()
    2027 rewind(smb->sid_fp);
    2028 if(chsize(fileno(smb->sid_fp),0L) != 0)
    2029 return SMB_ERR_TRUNCATE;
    2030
    2031 SAFEPRINTF(str,"%s.ini",smb->file);
    2032 if((fp = fopen(str, "w")) != NULL) {
    CID 436563: High impact quality (Y2K38_SAFETY)
    A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "time(NULL)" is cast to "int".
    2033 fprintf(fp, "Created = 0x%x\n", (int)time(NULL));
    2034 fclose(fp);
    2035 }
    2036 SAFEPRINTF(str,"%s.sda",smb->file);
    2037 (void)remove(str); /* if it exists, delete it */
    2038 SAFEPRINTF(str,"%s.sha",smb->file);


    ________________________________________________________________________________________________________
    To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yp-2FP9gGRhvFklLaQKuBylUrkMFB3WMR2p7qIYKYTZrh4BbWTBf-2B-2Fi5ZUVF-2Fo-2B6flxo-3D6NZ4_g4j7BHlu96plUOfCQsO0yRjoWZCZl8YGnZ-2FUtT39hrB-2BSws-2BCbxlcVNPlCMlu3BJhlBm9ihxGUC5HVYM0IVOs04Kz9bZ0eoogx9vF3V4RK7H-2FAqguVEOaGqUDhn-2BkizHNIhtSAreEeh-2FFRCp4Cd-2BnjQP8DEfNeZ9f9ZPjHBz4mF3SSPlmrjqNIqJn1YzLbAFkkez3JgMfD0h7jKBCjInFw-3D-3D



    ---
    þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
  • From scan-admin@coverity.com@VERT to cov-scan@synchro.net on Sun Mar 5 13:47:46 2023
    Hi,

    Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

    2 new defect(s) introduced to Synchronet found with Coverity Scan.
    1 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

    New defect(s) Reported-by: Coverity Scan
    Showing 2 of 2 defect(s)


    ** CID 446269: Error handling issues (CHECKED_RETURN)
    /download.cpp: 118 in sbbs_t::protocol(prot_t *, XFER_TYPE, const char *, const char *, bool, bool, long *)()


    ________________________________________________________________________________________________________
    *** CID 446269: Error handling issues (CHECKED_RETURN)
    /download.cpp: 118 in sbbs_t::protocol(prot_t *, XFER_TYPE, const char *, const char *, bool, bool, long *)()
    112 char msg[256];
    113 int i;
    114 long ex_mode;
    115 FILE* stream;
    116
    117 SAFEPRINTF(protlog,"%sPROTOCOL.LOG",cfg.node_dir);
    CID 446269: Error handling issues (CHECKED_RETURN)
    Calling "remove(protlog)" without checking return value. This library function may fail and return an error code.
    118 remove(protlog); /* Deletes the protocol log */
    119 autohang=false;
    120 if(autohangup) {
    121 if(useron.misc&AUTOHANG)
    122 autohang=true;
    123 else if(text[HangUpAfterXferQ][0])

    ** CID 446268: High impact quality (Y2K38_SAFETY)
    /download.cpp: 75 in sbbs_t::notdownloaded(long, long)()


    ________________________________________________________________________________________________________
    *** CID 446268: High impact quality (Y2K38_SAFETY)
    /download.cpp: 75 in sbbs_t::notdownloaded(long, long)()
    69 /****************************************************************************/
    70 void sbbs_t::notdownloaded(off_t size, time_t elapsed)
    71 {
    72 char str[256],tmp2[256];
    73 char tmp[512];
    74
    CID 446268: High impact quality (Y2K38_SAFETY)
    A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "elapsed" is cast to "uint".
    75 SAFEPRINTF2(str,"Estimated Time: %s Transfer Time: %s"
    76 ,sectostr(cur_cps ? (uint)(size/cur_cps) : 0,tmp)
    77 ,sectostr((uint)(elapsed),tmp2));
    78 logline(nulstr,str);
    79 if(cfg.leech_pct && cur_cps /* leech detection */
    80 && elapsed>=cfg.leech_sec


    ________________________________________________________________________________________________________
    To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yp-2FP9gGRhvFklLaQKuBylUrkMFB3WMR2p7qIYKYTZrh4BbWTBf-2B-2Fi5ZUVF-2Fo-2B6flxo-3D0CIb_g4j7BHlu96plUOfCQsO0yRjoWZCZl8YGnZ-2FUtT39hrDsLibgv2fl5LZs5fAQNGsZiCzF58zgFnZOT-2BlAwIBwcfoIFtkbk55EV3j6VxmkZw2I9Fj-2BLI35zSUrIN0KShaRGuiHzricb5Wsx-2BB-2BhnhGtOrWPGOz2109TMcJgLBqc5aFWaJOutaTnzR1bYeWA4E8s00cQ8HSd2ZyQUokgP9TtQ-3D-3D



    ---
    þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
  • From scan-admin@coverity.com@VERT to cov-scan@synchro.net on Tue Mar 21 12:39:57 2023
    Hi,

    Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

    3 new defect(s) introduced to Synchronet found with Coverity Scan.
    3 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

    New defect(s) Reported-by: Coverity Scan
    Showing 3 of 3 defect(s)


    ** CID 451020: Resource leaks (RESOURCE_LEAK)
    /pack_qwk.cpp: 130 in sbbs_t::pack_qwk(char *, unsigned int *, bool)()


    ________________________________________________________________________________________________________
    *** CID 451020: Resource leaks (RESOURCE_LEAK)
    /pack_qwk.cpp: 130 in sbbs_t::pack_qwk(char *, unsigned int *, bool)()
    124 return(false);
    125 }
    126
    127 now=time(NULL);
    128 if(localtime_r(&now,&tm)==NULL) {
    129 errormsg(WHERE, ERR_CHK, "time", (uint)now); >>> CID 451020: Resource leaks (RESOURCE_LEAK)
    Variable "stream" going out of scope leaks the storage it points to. 130 return(false);
    131 }
    132
    133 fprintf(stream,"%s\r\n%s\r\n%s\r\n%s, Sysop\r\n0000,%s\r\n"
    134 "%02u-%02u-%u,%02u:%02u:%02u\r\n"
    135 ,cfg.sys_name

    ** CID 451019: (NEGATIVE_RETURNS)


    ________________________________________________________________________________________________________
    *** CID 451019: (NEGATIVE_RETURNS)
    /main.cpp: 3434 in sbbs_t::init()()
    3428 }
    3429
    3430 /* Shared NODE files */
    3431 SAFEPRINTF2(str,"%s%s",cfg.ctrl_dir,"node.dab");
    3432 pthread_mutex_lock(&nodefile_mutex);
    3433 if((nodefile=nopen(str,O_DENYNONE|O_RDWR|O_CREAT))==-1) {
    CID 451019: (NEGATIVE_RETURNS)
    "this->client_socket" is passed to a parameter that cannot be negative. 3434 errormsg(WHERE, ERR_OPEN, str, cfg.node_num);
    3435 pthread_mutex_unlock(&nodefile_mutex);
    3436 return(false);
    3437 }
    3438 memset(&node,0,sizeof(node_t)); /* write NULL to node struct */
    3439 node.status=NODE_OFFLINE;
    /main.cpp: 3443 in sbbs_t::init()()
    3437 }
    3438 memset(&node,0,sizeof(node_t)); /* write NULL to node struct */
    3439 node.status=NODE_OFFLINE;
    3440 while(filelength(nodefile)<(int)(cfg.sys_nodes*sizeof(node_t))) {
    3441 lseek(nodefile,0L,SEEK_END);
    3442 if(write(nodefile,&node,sizeof(node_t))!=sizeof(node_t)) {
    CID 451019: (NEGATIVE_RETURNS)
    "this->client_socket" is passed to a parameter that cannot be negative. 3443 errormsg(WHERE,ERR_WRITE,str,sizeof(node_t)); 3444 break;
    3445 }
    3446 }
    3447 if(chsize(nodefile, (off_t)(cfg.sys_nodes*sizeof(node_t))) != 0)
    3448 errormsg(WHERE, ERR_LEN, str, cfg.sys_nodes*sizeof(node_t));

    ** CID 451018: (LOCK)
    /xtrn_sec.cpp: 1437 in sbbs_t::exec_xtrn(unsigned int, bool)()
    /xtrn_sec.cpp: 1437 in sbbs_t::exec_xtrn(unsigned int, bool)()


    ________________________________________________________________________________________________________
    *** CID 451018: (LOCK)
    /xtrn_sec.cpp: 1437 in sbbs_t::exec_xtrn(unsigned int, bool)()
    1431 ,cfg.xtrn[xtrnnum]->path);
    1432 end=time(NULL);
    1433
    1434 if(cfg.xtrn[xtrnnum]->misc&FREETIME)
    1435 starttime+=end-start;
    1436 if(cfg.xtrn[xtrnnum]->clean[0]) {
    CID 451018: (LOCK)
    "external" locks "this->input_thread_mutex" while it is locked.
    1437 external(cmdstr(cfg.xtrn[xtrnnum]->clean, drop_file, startup_dir, NULL, mode)
    1438 ,mode&~(EX_STDIN|EX_CONIO), cfg.xtrn[xtrnnum]->path);
    1439 }
    1440 max_socket_inactivity = startup->max_session_inactivity;
    1441 /* Re-open the logfile */
    1442 if(logfile_fp==NULL) {
    /xtrn_sec.cpp: 1437 in sbbs_t::exec_xtrn(unsigned int, bool)()
    1431 ,cfg.xtrn[xtrnnum]->path);
    1432 end=time(NULL);
    1433
    1434 if(cfg.xtrn[xtrnnum]->misc&FREETIME)
    1435 starttime+=end-start;
    1436 if(cfg.xtrn[xtrnnum]->clean[0]) {
    CID 451018: (LOCK)
    "external" unlocks "this->input_thread_mutex" while it is unlocked. 1437 external(cmdstr(cfg.xtrn[xtrnnum]->clean, drop_file, startup_dir, NULL, mode)
    1438 ,mode&~(EX_STDIN|EX_CONIO), cfg.xtrn[xtrnnum]->path);
    1439 }
    1440 max_socket_inactivity = startup->max_session_inactivity;
    1441 /* Re-open the logfile */
    1442 if(logfile_fp==NULL) {


    ________________________________________________________________________________________________________
    To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yp-2FP9gGRhvFklLaQKuBylUrkMFB3WMR2p7qIYKYTZrh4BbWTBf-2B-2Fi5ZUVF-2Fo-2B6flxo-3DwQj4_g4j7BHlu96plUOfCQsO0yRjoWZCZl8YGnZ-2FUtT39hrDdlFiTOYvOJ3q-2BXCmV5b82oIz6FZIN1OLfaOQTbpP8Gh-2F1BFBTVkQlZPmP-2FlpwdRVEElckq3ePaiX56HFlC4oTk3mo4UgkSGq0kVxPTfv2czS2IOfkwROgSnRu-2B3z34jIHguj-2BgdMQEhL57e4KO1qNvBjyCV-2FH1A5pF0aNBb218Q-3D-3D



    ---
    þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
  • From scan-admin@coverity.com@VERT to cov-scan@synchro.net on Sun Mar 26 12:39:18 2023
    Hi,

    Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

    2 new defect(s) introduced to Synchronet found with Coverity Scan.


    New defect(s) Reported-by: Coverity Scan
    Showing 2 of 2 defect(s)


    ** CID 451057: Uninitialized variables (UNINIT) /tmp/sbbs-Mar-26-2023/src/uifc/uifcx.c: 218 in ulist()


    ________________________________________________________________________________________________________
    *** CID 451057: Uninitialized variables (UNINIT) /tmp/sbbs-Mar-26-2023/src/uifc/uifcx.c: 218 in ulist()
    212 cur = &tmpcur;
    213
    214 for(opts=0;opts<MAX_OPTS;opts++)
    215 if(option[opts]==NULL || option[opts][0]==0)
    216 break;
    217
    CID 451057: Uninitialized variables (UNINIT)
    Using uninitialized value "*cur".
    218 if((*cur)>=opts)
    219 (*cur)=opts-1; /* returned after scrolled */ 220
    221 if((*cur)<0)
    222 (*cur)=0;
    223

    ** CID 451056: Error handling issues (CHECKED_RETURN)
    /umonitor/umonitor.c: 872 in main()


    ________________________________________________________________________________________________________
    *** CID 451056: Error handling issues (CHECKED_RETURN)
    /umonitor/umonitor.c: 872 in main()
    866 );
    867
    868 /* close .ini file here */
    869 if(fp!=NULL)
    870 fclose(fp);
    871
    CID 451056: Error handling issues (CHECKED_RETURN)
    Calling "chdir" without checking return value (as is done elsewhere 18 out of 21 times).
    872 chdir(bbs_startup.ctrl_dir);
    873
    874 /* Read .cfg files here */
    875 memset(&cfg,0,sizeof(cfg));
    876 cfg.size=sizeof(cfg);
    877 SAFECOPY(cfg.ctrl_dir,bbs_startup.ctrl_dir);


    ________________________________________________________________________________________________________
    To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yp-2FP9gGRhvFklLaQKuBylUrkMFB3WMR2p7qIYKYTZrh4BbWTBf-2B-2Fi5ZUVF-2Fo-2B6flxo-3DQ4kK_g4j7BHlu96plUOfCQsO0yRjoWZCZl8YGnZ-2FUtT39hrDg36x62girPn1zYBhcccXwhYdDfdMRepLksuDfaAvd4bat4-2FUDdrJDqZKFgkT5rhTEpd1i-2F-2F-2Bt12VuLwisIe8fgC5UgDGF2gzRbivh2YT2HQfxF8BKGqVwBOdsLqq8RDB0gsCQJzB5reNTbkfkMIUprGduJhT4EnW8bblt9BSyQw-3D-3D



    ---
    þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
  • From scan-admin@coverity.com@VERT to cov-scan@synchro.net on Mon Mar 27 12:40:01 2023
    Hi,

    Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

    1 new defect(s) introduced to Synchronet found with Coverity Scan.
    4 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

    New defect(s) Reported-by: Coverity Scan
    Showing 1 of 1 defect(s)


    ** CID 451084: Error handling issues (CHECKED_RETURN)
    /scfg/scfg.c: 2498 in bail()


    ________________________________________________________________________________________________________
    *** CID 451084: Error handling issues (CHECKED_RETURN)
    /scfg/scfg.c: 2498 in bail()
    2492 ,&web_startup
    2493 ,&run_mail
    2494 ,&mail_startup
    2495 ,&run_services
    2496 ,&services_startup
    2497 );
    CID 451084: Error handling issues (CHECKED_RETURN)
    Calling "sbbs_write_ini" without checking return value (as is done elsewhere 6 out of 7 times).
    2498 sbbs_write_ini(
    2499 fp
    2500 ,&cfg
    2501 ,&global_startup
    2502 ,run_bbs
    2503 ,&bbs_startup


    ________________________________________________________________________________________________________
    To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yp-2FP9gGRhvFklLaQKuBylUrkMFB3WMR2p7qIYKYTZrh4BbWTBf-2B-2Fi5ZUVF-2Fo-2B6flxo-3DnMb9_g4j7BHlu96plUOfCQsO0yRjoWZCZl8YGnZ-2FUtT39hrD976-2FEjTE38STs1icREVMHniwNML6xZBdisRM-2BSa9a9nOxrT2-2FUUbpxDSqWvLS9bN6TGb-2FePVmC2NMTMzChJMlqHPiU-2Bv9-2FtIhNAHUUgzS1WPYTXv043GMHq3ZP4-2FQ5jrThKDjIa1z5hefsmxu160ET8xl2XIZjs04KQ8YG62aAw-3D-3D



    ---
    þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
  • From scan-admin@coverity.com@VERT to cov-scan@synchro.net on Sat Apr 1 12:40:10 2023
    Hi,

    Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

    1 new defect(s) introduced to Synchronet found with Coverity Scan.


    New defect(s) Reported-by: Coverity Scan
    Showing 1 of 1 defect(s)


    ** CID 451182: Null pointer dereferences (NULL_RETURNS)


    ________________________________________________________________________________________________________
    *** CID 451182: Null pointer dereferences (NULL_RETURNS)
    /scfg/scfgnode.c: 50 in adjust_last_node()
    44 uint last_node = iniGetUInteger(ini, section, key, cfg.sys_nodes);
    45 char prompt[128];
    46 SAFEPRINTF(prompt, "Update Terminal Server 'LastNode' value to %u", cfg.sys_nodes);
    47 if(last_node < cfg.sys_nodes && uifc.confirm(prompt)) {
    48 fp = iniOpenFile(ini_fname, /* modify */true);
    49 iniSetUInteger(&ini, section, key, cfg.sys_nodes, NULL);
    CID 451182: Null pointer dereferences (NULL_RETURNS)
    Dereferencing a pointer that might be "NULL" "fp" when calling "iniWriteFile".
    50 iniWriteFile(fp, ini);
    51 iniCloseFile(fp);
    52 }
    53 iniFreeStringList(ini);
    54 }
    55


    ________________________________________________________________________________________________________
    To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yp-2FP9gGRhvFklLaQKuBylUrkMFB3WMR2p7qIYKYTZrh4BbWTBf-2B-2Fi5ZUVF-2Fo-2B6flxo-3DpuyQ_g4j7BHlu96plUOfCQsO0yRjoWZCZl8YGnZ-2FUtT39hrAa7nggF92-2FRxsLcvm87CK4-2Bto78Azi3yyX9qWek6JmUtnehJGAtrvzJBvO1d9nD-2Bg0GKKa4GqYzEva6Siznl2xJXy-2FjPn1uZ-2BKvYX68NoiQd5tzVJKUFlPrALUGvlehbzHDUYDbzILFgmSfjOdYWlAKHa0sR-2FUDtT5FufQM-2BrMyA-3D-3D



    ---
    þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
  • From scan-admin@coverity.com@VERT to cov-scan@synchro.net on Fri Apr 14 12:38:41 2023
    Hi,

    Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

    2 new defect(s) introduced to Synchronet found with Coverity Scan.
    1 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

    New defect(s) Reported-by: Coverity Scan
    Showing 2 of 2 defect(s)


    ** CID 452331: Incorrect expression (SIZEOF_MISMATCH)
    /writemsg.cpp: 936 in sbbs_t::msgeditor(char *, const char *, char *, unsigned int, unsigned int)()


    ________________________________________________________________________________________________________
    *** CID 452331: Incorrect expression (SIZEOF_MISMATCH)
    /writemsg.cpp: 936 in sbbs_t::msgeditor(char *, const char *, char *, unsigned int, unsigned int)()
    930 }
    931
    932 rioctl(IOCM|ABORT);
    933 rioctl(IOCS|ABORT);
    934
    935 if((str = strListDivide(NULL, buf, "\n")) == NULL) {
    CID 452331: Incorrect expression (SIZEOF_MISMATCH)
    Passing argument "getfname("writemsg.cpp")" of type "char *" and argument "8UL /* sizeof (char *) */ * (maxlines + 1)" to function "errormsg" is suspicious.
    936 errormsg(WHERE,ERR_ALLOC,"msgeditor",sizeof(char *)*(maxlines+1));
    937 return(0);
    938 }
    939 lines = strListCount(str);
    940 while(lines > maxlines)
    941 free(str[--lines]);

    ** CID 452330: Control flow issues (NO_EFFECT)
    /writemsg.cpp: 966 in sbbs_t::msgeditor(char *, const char *, char *, unsigned int, unsigned int)()


    ________________________________________________________________________________________________________
    *** CID 452330: Control flow issues (NO_EFFECT)
    /writemsg.cpp: 966 in sbbs_t::msgeditor(char *, const char *, char *, unsigned int, unsigned int)()
    960 cleartoeol(); /* delete to end of line */
    961 CRLF;
    962 }
    963 sync();
    964 rioctl(IOSM|ABORT);
    965 while(online) {
    CID 452330: Control flow issues (NO_EFFECT)
    This less-than-zero comparison of an unsigned value is never true. "line < 0U".
    966 if(line < 0)
    967 line = 0;
    968 if((int)line>(int)maxlines-10) {
    969 if(line >= maxlines)
    970 bprintf(text[NoMoreLines],line);
    971 else


    ________________________________________________________________________________________________________
    To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yp-2FP9gGRhvFklLaQKuBylUrkMFB3WMR2p7qIYKYTZrh4BbWTBf-2B-2Fi5ZUVF-2Fo-2B6flxo-3DXYWj_g4j7BHlu96plUOfCQsO0yRjoWZCZl8YGnZ-2FUtT39hrCe3xJD-2By2cfraguiJlF6Q3ggv-2BQewqXHCAM-2Fbq0fOod1rV0SghwSJAQLLY7JR2Xg22UoJpTPmAA7i9XkIaQJXzZ-2BbJXoY-2BCdAkcnvE60sKg-2BPS6l7v-2FKFZFOwbcriVbnnje-2BbNcxdGeVrvLCQd8h-2BSecIZPgzSL8PiXCCNGI8f5Q-3D-3D



    ---
    þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
  • From scan-admin@coverity.com@VERT to cov-scan@synchro.net on Sat Apr 22 12:39:06 2023
    Hi,

    Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

    1 new defect(s) introduced to Synchronet found with Coverity Scan.
    3 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

    New defect(s) Reported-by: Coverity Scan
    Showing 1 of 1 defect(s)


    ** CID 452566: Concurrent data access violations (MISSING_LOCK) /tmp/sbbs-Apr-22-2023/src/conio/sdl_con.c: 636 in setup_surfaces_locked()


    ________________________________________________________________________________________________________
    *** CID 452566: Concurrent data access violations (MISSING_LOCK) /tmp/sbbs-Apr-22-2023/src/conio/sdl_con.c: 636 in setup_surfaces_locked()
    630 sdl.SetHint(SDL_HINT_RENDER_SCALE_QUALITY, internal_scaling ? "0" : "2");
    631
    632 if (win == NULL) {
    633 // SDL2: This is slow sometimes... not sure why.
    634 if (sdl.CreateWindowAndRenderer(vs->winwidth, vs->winheight, flags, &win, &renderer) == 0) {
    635 sdl.GetWindowSize(win, &idealw, &idealh);
    CID 452566: Concurrent data access violations (MISSING_LOCK)
    Accessing "vs->winwidth" without holding lock "vstatlock". Elsewhere, "video_stats.winwidth" is accessed with "vstatlock" held 6 out of 9 times (1 of these accesses strongly imply that it is necessary).
    636 vs->winwidth = idealw;
    637 vs->winheight = idealh;
    638 sdl.RenderClear(renderer);
    639 if (internal_scaling)
    640 newtexture = sdl.CreateTexture(renderer, SDL_PIXELFORMAT_ARGB8888, SDL_TEXTUREACCESS_STREAMING, idealw, idealh);
    641 else


    ________________________________________________________________________________________________________
    To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yp-2FP9gGRhvFklLaQKuBylUrkMFB3WMR2p7qIYKYTZrh4BbWTBf-2B-2Fi5ZUVF-2Fo-2B6flxo-3DN0Qc_g4j7BHlu96plUOfCQsO0yRjoWZCZl8YGnZ-2FUtT39hrDLFN7DabHG6aWM4wdfcqyFofwc0J38vQSMkCa4C-2Fn1N6Wj9IncPgqMVdR4cE24U-2FJpH1QYRv5aOH5-2FuiKTSVbfEwso1DL4WyWml5jydp92Rz-2B7A9cEiM6tQVeXRTuV4CWEOD86K4lmM1ZvAA4wQOq8iO6E2w2DDJuKvkIRCppQ5A-3D-3D



    ---
    þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
  • From scan-admin@coverity.com@VERT to cov-scan@synchro.net on Mon Apr 24 12:38:45 2023
    Hi,

    Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

    7 new defect(s) introduced to Synchronet found with Coverity Scan.
    2 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

    New defect(s) Reported-by: Coverity Scan
    Showing 7 of 7 defect(s)


    ** CID 452578: Concurrent data access violations (ATOMICITY) /tmp/sbbs-Apr-24-2023/src/conio/bitmap_con.c: 288 in bitmap_vmem_puttext_locked()


    ________________________________________________________________________________________________________
    *** CID 452578: Concurrent data access violations (ATOMICITY) /tmp/sbbs-Apr-24-2023/src/conio/bitmap_con.c: 288 in bitmap_vmem_puttext_locked()
    282 for(x=sx-1;x<ex;x++) {
    283 memcpy(&vmem_ptr->vmem[y*cio_textinfo.screenwidth+x], fill++, sizeof(*fill));
    284 bitmap_draw_one_char(x+1, y+1);
    285 }
    286 }
    287 pthread_mutex_lock(&vstatlock);
    CID 452578: Concurrent data access violations (ATOMICITY)
    Using an unreliable value of "vmem_ptr" inside the second locked section. If the data that "vmem_ptr" depends on was changed by another thread, this use might be incorrect.
    288 release_vmem(vmem_ptr);
    289 pthread_mutex_unlock(&vstatlock);
    290 return(1);
    291 }
    292
    293 static void

    ** CID 452577: Concurrent data access violations (ATOMICITY) /tmp/sbbs-Apr-24-2023/src/conio/bitmap_con.c: 850 in update_from_vmem()


    ________________________________________________________________________________________________________
    *** CID 452577: Concurrent data access violations (ATOMICITY) /tmp/sbbs-Apr-24-2023/src/conio/bitmap_con.c: 850 in update_from_vmem()
    844 bitmap_draw_one_char(x+1,y+1);
    845 }
    846 pos++;
    847 }
    848 }
    849 pthread_mutex_lock(&vstatlock);
    CID 452577: Concurrent data access violations (ATOMICITY)
    Using an unreliable value of "vmem_ptr" inside the second locked section. If the data that "vmem_ptr" depends on was changed by another thread, this use might be incorrect.
    850 release_vmem(vmem_ptr);
    851 pthread_mutex_unlock(&vstatlock);
    852
    853 vs = vstat;
    854
    855 return(0);

    ** CID 452576: Concurrent data access violations (ATOMICITY) /tmp/sbbs-Apr-24-2023/src/conio/bitmap_con.c: 1239 in bitmap_movetext()


    ________________________________________________________________________________________________________
    *** CID 452576: Concurrent data access violations (ATOMICITY) /tmp/sbbs-Apr-24-2023/src/conio/bitmap_con.c: 1239 in bitmap_movetext()
    1233 }
    1234
    1235 bitmap_movetext_screen(&screena, x, y, tox, toy, direction, height, width);
    1236 bitmap_movetext_screen(&screenb, x, y, tox, toy, direction, height, width);
    1237
    1238 pthread_mutex_lock(&vstatlock);
    CID 452576: Concurrent data access violations (ATOMICITY)
    Using an unreliable value of "vmem_ptr" inside the second locked section. If the data that "vmem_ptr" depends on was changed by another thread, this use might be incorrect.
    1239 release_vmem(vmem_ptr);
    1240 pthread_mutex_unlock(&vstatlock);
    1241 pthread_mutex_unlock(&blinker_lock);
    1242
    1243 return(1);
    1244 }

    ** CID 452575: Concurrent data access violations (ATOMICITY) /tmp/sbbs-Apr-24-2023/src/conio/bitmap_con.c: 1264 in bitmap_clreol()


    ________________________________________________________________________________________________________
    *** CID 452575: Concurrent data access violations (ATOMICITY) /tmp/sbbs-Apr-24-2023/src/conio/bitmap_con.c: 1264 in bitmap_clreol()
    1258 pthread_mutex_unlock(&vstatlock);
    1259 for(x=cio_textinfo.curx+cio_textinfo.winleft-2; x<cio_textinfo.winright; x++) {
    1260 set_vmem_cell(vmem_ptr, pos+x, fill, ciolib_fg, ciolib_bg);
    1261 bitmap_draw_one_char(x+1, row);
    1262 }
    1263 pthread_mutex_lock(&vstatlock);
    CID 452575: Concurrent data access violations (ATOMICITY)
    Using an unreliable value of "vmem_ptr" inside the second locked section. If the data that "vmem_ptr" depends on was changed by another thread, this use might be incorrect.
    1264 release_vmem(vmem_ptr);
    1265 pthread_mutex_unlock(&vstatlock);
    1266 pthread_mutex_unlock(&blinker_lock);
    1267 }
    1268
    1269 void bitmap_clrscr(void)

    ** CID 452574: Concurrent data access violations (ATOMICITY) /tmp/sbbs-Apr-24-2023/src/conio/bitmap_con.c: 1289 in bitmap_clrscr()


    ________________________________________________________________________________________________________
    *** CID 452574: Concurrent data access violations (ATOMICITY) /tmp/sbbs-Apr-24-2023/src/conio/bitmap_con.c: 1289 in bitmap_clrscr()
    1283 for(x=cio_textinfo.winleft-1; x<cio_textinfo.winright && x < cols; x++) {
    1284 set_vmem_cell(vmem_ptr, y*cio_textinfo.screenwidth+x, fill, ciolib_fg, ciolib_bg);
    1285 bitmap_draw_one_char(x+1, y+1);
    1286 }
    1287 }
    1288 pthread_mutex_lock(&vstatlock);
    CID 452574: Concurrent data access violations (ATOMICITY)
    Using an unreliable value of "vmem_ptr" inside the second locked section. If the data that "vmem_ptr" depends on was changed by another thread, this use might be incorrect.
    1289 release_vmem(vmem_ptr);
    1290 pthread_mutex_unlock(&vstatlock);
    1291 pthread_mutex_unlock(&blinker_lock);
    1292 }
    1293
    1294 void bitmap_getcustomcursor(int *s, int *e, int *r, int *b, int *v)

    ** CID 452573: Concurrent data access violations (ATOMICITY) /tmp/sbbs-Apr-24-2023/src/conio/bitmap_con.c: 882 in bitmap_puttext()


    ________________________________________________________________________________________________________
    *** CID 452573: Concurrent data access violations (ATOMICITY) /tmp/sbbs-Apr-24-2023/src/conio/bitmap_con.c: 882 in bitmap_puttext()
    876 for(x=sx-1;x<ex;x++) {
    877 set_vmem_cell(vmem_ptr, y*cio_textinfo.screenwidth+x, *(buf++), 0x00ffffff, 0x00ffffff);
    878 bitmap_draw_one_char(x+1, y+1);
    879 }
    880 }
    881 pthread_mutex_lock(&vstatlock);
    CID 452573: Concurrent data access violations (ATOMICITY)
    Using an unreliable value of "vmem_ptr" inside the second locked section. If the data that "vmem_ptr" depends on was changed by another thread, this use might be incorrect.
    882 release_vmem(vmem_ptr);
    883 pthread_mutex_unlock(&vstatlock);
    884 pthread_mutex_unlock(&blinker_lock);
    885 return ret;
    886 }
    887

    ** CID 452572: Concurrent data access violations (ATOMICITY) /tmp/sbbs-Apr-24-2023/src/conio/bitmap_con.c: 931 in bitmap_vmem_gettext()


    ________________________________________________________________________________________________________
    *** CID 452572: Concurrent data access violations (ATOMICITY) /tmp/sbbs-Apr-24-2023/src/conio/bitmap_con.c: 931 in bitmap_vmem_gettext()
    925 pthread_mutex_unlock(&vstatlock);
    926 for(y=sy-1;y<ey;y++) {
    927 for(x=sx-1;x<ex;x++)
    928 memcpy(fill++, &vmem_ptr->vmem[y*cio_textinfo.screenwidth+x], sizeof(*fill));
    929 }
    930 pthread_mutex_lock(&vstatlock);
    CID 452572: Concurrent data access violations (ATOMICITY)
    Using an unreliable value of "vmem_ptr" inside the second locked section. If the data that "vmem_ptr" depends on was changed by another thread, this use might be incorrect.
    931 release_vmem(vmem_ptr);
    932 pthread_mutex_unlock(&vstatlock);
    933 pthread_mutex_unlock(&blinker_lock);
    934 return(1);
    935 }
    936


    ________________________________________________________________________________________________________
    To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yp-2FP9gGRhvFklLaQKuBylUrkMFB3WMR2p7qIYKYTZrh4BbWTBf-2B-2Fi5ZUVF-2Fo-2B6flxo-3Dr6L5_g4j7BHlu96plUOfCQsO0yRjoWZCZl8YGnZ-2FUtT39hrCXbrQFMtiQ7qKe-2BTRon-2FCE8v1liTsiFwBEYDEbQeWWd5eZFVeKpMGKUHmhD6LW8krne8DUx7vgGCgrnLZMbGKkkWrW3z-2FgyVLPDteaRWQpPZNj5xcazMwdijg8SS9WNZMtlsLir5gcOguFdBqjgvNYLOs-2BIw-2BtaMoNy3gAeALwzA-3D-3D



    ---
    þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
  • From scan-admin@coverity.com@VERT to cov-scan@synchro.net on Tue Apr 25 12:57:18 2023
    Hi,

    Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

    2 new defect(s) introduced to Synchronet found with Coverity Scan.
    1 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

    New defect(s) Reported-by: Coverity Scan
    Showing 2 of 2 defect(s)


    ** CID 452582: (ATOMICITY)
    /tmp/sbbs-Apr-25-2023/src/conio/bitmap_con.c: 562 in bitmap_draw_one_char() /tmp/sbbs-Apr-25-2023/src/conio/bitmap_con.c: 647 in bitmap_draw_one_char() /tmp/sbbs-Apr-25-2023/src/conio/bitmap_con.c: 584 in bitmap_draw_one_char()


    ________________________________________________________________________________________________________
    *** CID 452582: (ATOMICITY)
    /tmp/sbbs-Apr-25-2023/src/conio/bitmap_con.c: 562 in bitmap_draw_one_char()
    556 break;
    557 case 16:
    558 this_font = (unsigned char *)conio_fontdata[vmem_ptr->vmem[vmo].font].eight_by_sixteen;
    559 break;
    560 default:
    561 pthread_mutex_lock(&vstatlock); >>> CID 452582: (ATOMICITY)
    Using an unreliable value of "vmem_ptr" inside the second locked section. If the data that "vmem_ptr" depends on was changed by another thread, this use might be incorrect.
    562 release_vmem(vmem_ptr);
    563 pthread_mutex_unlock(&vstatlock);
    564 return(-1);
    565 }
    566 }
    567 }
    /tmp/sbbs-Apr-25-2023/src/conio/bitmap_con.c: 647 in bitmap_draw_one_char()
    641 if (x & 0x07)
    642 fontoffset++;
    643 pixeloffset += rsz;
    644 }
    645 pthread_mutex_unlock(&screenlock);
    646 pthread_mutex_lock(&vstatlock);
    CID 452582: (ATOMICITY)
    Using an unreliable value of "vmem_ptr" inside the second locked section. If the data that "vmem_ptr" depends on was changed by another thread, this use might be incorrect.
    647 release_vmem(vmem_ptr);
    648 pthread_mutex_unlock(&vstatlock);
    649
    650 return(0);
    651 }
    652
    /tmp/sbbs-Apr-25-2023/src/conio/bitmap_con.c: 584 in bitmap_draw_one_char()
    578 return(-1);
    579 }
    580
    581 if((!screena.rect) || (!screenb.rect)) {
    582 pthread_mutex_unlock(&screenlock);
    583 pthread_mutex_lock(&vstatlock);
    CID 452582: (ATOMICITY)
    Using an unreliable value of "vmem_ptr" inside the second locked section. If the data that "vmem_ptr" depends on was changed by another thread, this use might be incorrect.
    584 release_vmem(vmem_ptr);
    585 pthread_mutex_unlock(&vstatlock);
    586 return(-1);
    587 }
    588
    589 pixeloffset = PIXEL_OFFSET(screena, xoffset, yoffset);

    ** CID 452581: Program hangs (ORDER_REVERSAL)


    ________________________________________________________________________________________________________
    *** CID 452581: Program hangs (ORDER_REVERSAL) /tmp/sbbs-Apr-25-2023/src/conio/bitmap_con.c: 1608 in bitmap_replace_font() 1602 conio_fontdata[id].desc=name;
    1603 break;
    1604 default:
    1605 free(name);
    1606 free(data);
    1607 }
    CID 452581: Program hangs (ORDER_REVERSAL)
    Calling "request_redraw" acquires lock "vstatlock" while holding lock "screenlock" (count: 1 / 2).
    1608 request_redraw();
    1609 pthread_mutex_unlock(&screenlock);
    1610 }
    1611
    1612 int bitmap_setpalette(uint32_t index, uint16_t r, uint16_t g, uint16_t b)
    1613 {


    ________________________________________________________________________________________________________
    To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yp-2FP9gGRhvFklLaQKuBylUrkMFB3WMR2p7qIYKYTZrh4BbWTBf-2B-2Fi5ZUVF-2Fo-2B6flxo-3DUSpV_g4j7BHlu96plUOfCQsO0yRjoWZCZl8YGnZ-2FUtT39hrDmDz-2FisU4CybMTa4AFdNqjWoDadrImI2uOf58ArG-2FffJ7seqZM-2Bl84or1w-2BzxkvZYcPQITxGrgDJGv16GZTsMIutD2gv437SrvMcUM-2F5l3-2BKCAbVD4eiDR8izGVmzfzthTmQymbENGNMMEUITS2aGvAfi-2BZKEdNWTnMrEIlvUiBQ-3D-3D



    ---
    þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
  • From scan-admin@coverity.com@VERT to cov-scan@synchro.net on Sat May 6 12:39:53 2023
    Hi,

    Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

    1 new defect(s) introduced to Synchronet found with Coverity Scan.
    2 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

    New defect(s) Reported-by: Coverity Scan
    Showing 1 of 1 defect(s)


    ** CID 453600: (NULL_RETURNS)
    /tmp/sbbs-May-06-2023/src/conio/genmap.c: 88 in main() /tmp/sbbs-May-06-2023/src/conio/genmap.c: 89 in main() /tmp/sbbs-May-06-2023/src/conio/genmap.c: 69 in main() /tmp/sbbs-May-06-2023/src/conio/genmap.c: 78 in main()


    ________________________________________________________________________________________________________
    *** CID 453600: (NULL_RETURNS)
    /tmp/sbbs-May-06-2023/src/conio/genmap.c: 88 in main()
    82 "#include <inttypes.h>\n"
    83 "\n"
    84 "extern const uint32_t r2y[16777216];\n"
    85 "extern const uint32_t y2r[16777216];\n"
    86 "\n"
    87 "#endif\n");
    CID 453600: (NULL_RETURNS)
    Dereferencing a pointer that might be "NULL" "r" when calling "fwrite". 88 fwrite(r2y, 4, 1 << 24, r);
    89 fwrite(y2r, 4, 1 << 24, y);
    90 fclose(s);
    91 fclose(h);
    92 fclose(r);
    93 fclose(y);
    94 return 0;
    /tmp/sbbs-May-06-2023/src/conio/genmap.c: 89 in main()
    83 "\n"
    84 "extern const uint32_t r2y[16777216];\n"
    85 "extern const uint32_t y2r[16777216];\n"
    86 "\n"
    87 "#endif\n");
    88 fwrite(r2y, 4, 1 << 24, r);
    CID 453600: (NULL_RETURNS)
    Dereferencing a pointer that might be "NULL" "y" when calling "fwrite". 89 fwrite(y2r, 4, 1 << 24, y);
    90 fclose(s);
    91 fclose(h);
    92 fclose(r);
    93 fclose(y);
    94 return 0;
    /tmp/sbbs-May-06-2023/src/conio/genmap.c: 69 in main()
    63 char *mangle = "";
    64
    65 init_r2y();
    66 if (argc > 1 && strcmp(argv[1], "win32") == 0)
    67 mangle = "_";
    68
    CID 453600: (NULL_RETURNS)
    Dereferencing a pointer that might be "NULL" "s" when calling "fprintf". [Note: The source code implementation of the function has been overridden by a builtin model.]
    69 fprintf(s,
    70 ".section .rodata\n"
    71 ".global %sr2y\n"
    72 ".global %sy2r\n"
    73 ".align 4\n"
    74 "%sr2y:\n"
    /tmp/sbbs-May-06-2023/src/conio/genmap.c: 78 in main()
    72 ".global %sy2r\n"
    73 ".align 4\n"
    74 "%sr2y:\n"
    75 " .incbin \"r2y.bin\"\n"
    76 "%sy2r:\n"
    77 " .incbin \"y2r.bin\"\n", mangle, mangle, mangle, mangle);
    CID 453600: (NULL_RETURNS)
    Dereferencing a pointer that might be "NULL" "h" when calling "fprintf". [Note: The source code implementation of the function has been overridden by a builtin model.]
    78 fprintf(h,
    79 "#ifndef RGBMAP_H\n"
    80 "#define RGBMAP_H\n"
    81 "\n"
    82 "#include <inttypes.h>\n"
    83 "\n"


    ________________________________________________________________________________________________________
    To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yp-2FP9gGRhvFklLaQKuBylUrkMFB3WMR2p7qIYKYTZrh4BbWTBf-2B-2Fi5ZUVF-2Fo-2B6flxo-3D2OWw_g4j7BHlu96plUOfCQsO0yRjoWZCZl8YGnZ-2FUtT39hrA5TNjzrU6Rq5Mo9xdbzDwsTpy-2Bb09EocMoAjAvUXI0dqN9FjhoAs2WQX-2BupKjspvk11pluxiTxKgTDHQAhwzsXbwAERPEnGsAxkUULs14dstkoKyyk63U-2FI43vTGDPDLB-2BN8f1fqC8LeCf2cycw746w3RIwm3fIqgqrnx-2F8Y8WZA-3D-3D



    ---
    þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
  • From scan-admin@coverity.com@VERT to cov-scan@synchro.net on Sun May 7 14:09:59 2023
    Hi,

    Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

    3 new defect(s) introduced to Synchronet found with Coverity Scan.


    New defect(s) Reported-by: Coverity Scan
    Showing 3 of 3 defect(s)


    ** CID 453850: Memory - corruptions (OVERRUN)


    ________________________________________________________________________________________________________
    *** CID 453850: Memory - corruptions (OVERRUN)
    /main.cpp: 2135 in input_thread(void *)()
    2129 else
    2130 wrbuf=telnet_interpret(sbbs, inbuf, rd, telbuf, wr);
    2131 if(wr > (int)sizeof(telbuf))
    2132 lprintf(LOG_ERR,"!TELBUF OVERFLOW (%d>%d)",wr,(int)sizeof(telbuf));
    2133
    2134 if(!(sbbs->console & CON_RAW_IN))
    CID 453850: Memory - corruptions (OVERRUN)
    Overrunning buffer pointed to by "wrbuf" of 4000 bytes by passing it to a function which accesses it at byte offset 4000 using argument "wr" (which evaluates to 4001).
    2135 sbbs->translate_input(wrbuf, wr);
    2136
    2137 if(sbbs->passthru_socket_active == true) {
    2138 BOOL writable = FALSE;
    2139 if(socket_check(sbbs->passthru_socket, NULL, &writable, 1000) && writable)
    2140 (void)sendsocket(sbbs->passthru_socket, (char*)wrbuf, wr);

    ** CID 453849: (STRING_SIZE)
    /tmp/sbbs-May-07-2023/src/conio/genmap.c: 72 in main() /tmp/sbbs-May-07-2023/src/conio/genmap.c: 74 in main() /tmp/sbbs-May-07-2023/src/conio/genmap.c: 68 in main() /tmp/sbbs-May-07-2023/src/conio/genmap.c: 70 in main()


    ________________________________________________________________________________________________________
    *** CID 453849: (STRING_SIZE)
    /tmp/sbbs-May-07-2023/src/conio/genmap.c: 72 in main()
    66 return EXIT_FAILURE;
    67 }
    68 sprintf(path, "%s/rgbmap.s", argv[2]);
    69 s = fopen(path, "w");
    70 sprintf(path, "%s/rgbmap.h", argv[2]);
    71 h = fopen(path, "w");
    CID 453849: (STRING_SIZE)
    Passing string "argv[2]" of unknown size to "sprintf".
    72 sprintf(path, "%s/r2y.bin", argv[2]);
    73 r = fopen(path, "wb");
    74 sprintf(path, "%s/y2r.bin", argv[2]);
    75 y = fopen(path, "wb");
    76 init_r2y();
    77 if (argc > 1 && strcmp(argv[1], "win32") == 0) /tmp/sbbs-May-07-2023/src/conio/genmap.c: 74 in main()
    68 sprintf(path, "%s/rgbmap.s", argv[2]);
    69 s = fopen(path, "w");
    70 sprintf(path, "%s/rgbmap.h", argv[2]);
    71 h = fopen(path, "w");
    72 sprintf(path, "%s/r2y.bin", argv[2]);
    73 r = fopen(path, "wb");
    CID 453849: (STRING_SIZE)
    Passing string "argv[2]" of unknown size to "sprintf".
    74 sprintf(path, "%s/y2r.bin", argv[2]);
    75 y = fopen(path, "wb");
    76 init_r2y();
    77 if (argc > 1 && strcmp(argv[1], "win32") == 0)
    78 mangle = "_";
    79
    /tmp/sbbs-May-07-2023/src/conio/genmap.c: 68 in main()
    62 char *mangle = "";
    63
    64 if (argc != 3) {
    65 fprintf(stderr, "Usage: %s <os> <path>\n", argv[0]);
    66 return EXIT_FAILURE;
    67 }
    CID 453849: (STRING_SIZE)
    Passing string "argv[2]" of unknown size to "sprintf".
    68 sprintf(path, "%s/rgbmap.s", argv[2]);
    69 s = fopen(path, "w");
    70 sprintf(path, "%s/rgbmap.h", argv[2]);
    71 h = fopen(path, "w");
    72 sprintf(path, "%s/r2y.bin", argv[2]);
    73 r = fopen(path, "wb");
    /tmp/sbbs-May-07-2023/src/conio/genmap.c: 70 in main()
    64 if (argc != 3) {
    65 fprintf(stderr, "Usage: %s <os> <path>\n", argv[0]);
    66 return EXIT_FAILURE;
    67 }
    68 sprintf(path, "%s/rgbmap.s", argv[2]);
    69 s = fopen(path, "w");
    CID 453849: (STRING_SIZE)
    Passing string "argv[2]" of unknown size to "sprintf".
    70 sprintf(path, "%s/rgbmap.h", argv[2]);
    71 h = fopen(path, "w");
    72 sprintf(path, "%s/r2y.bin", argv[2]);
    73 r = fopen(path, "wb");
    74 sprintf(path, "%s/y2r.bin", argv[2]);
    75 y = fopen(path, "wb");

    ** CID 453848: Concurrent data access violations (MISSING_LOCK) /tmp/sbbs-May-07-2023/src/conio/x_events.c: 562 in video_init()


    ________________________________________________________________________________________________________
    *** CID 453848: Concurrent data access violations (MISSING_LOCK) /tmp/sbbs-May-07-2023/src/conio/x_events.c: 562 in video_init()
    556 if (x_cvstat.scaling < 1 || vstat.scaling < 1)
    557 x_cvstat.scaling = vstat.scaling = 1;
    558 pthread_mutex_unlock(&vstatlock);
    559 /* Initialize mode 3 (text, 80x25, 16 colors) */
    560 if(load_vmode(&vstat, ciolib_initial_mode))
    561 return(-1);
    CID 453848: Concurrent data access violations (MISSING_LOCK)
    Accessing "x_cvstat" without holding lock "vstatlock". Elsewhere, "x_cvstat" is accessed with "vstatlock" held 3 out of 4 times (1 of these accesses strongly imply that it is necessary).
    562 x_cvstat = vstat;
    563 if(init_window())
    564 return(-1);
    565 bitmap_drv_init(x11_drawrect, x11_flush);
    566 pthread_mutex_lock(&vstatlock);
    567 bitmap_drv_init_mode(vstat.mode, NULL, NULL, 0, 0);


    ________________________________________________________________________________________________________
    To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yp-2FP9gGRhvFklLaQKuBylUrkMFB3WMR2p7qIYKYTZrh4BbWTBf-2B-2Fi5ZUVF-2Fo-2B6flxo-3DHCK2_g4j7BHlu96plUOfCQsO0yRjoWZCZl8YGnZ-2FUtT39hrCrnxZlR95qbad06mHzW16hipyALzV0mFuj3ay6pFxYR0eStfRzX4PFZA0tGWVeDEIjb6ggx0scvHBcaLMTSmWKTHh-2BY-2F-2FJXVJUS-2FMWWRke5EcHM57k-2F70xISfOM2XGn-2F4aK35uR43soY3XaxM-2BxoxpO-2BmFSex4uKhKezwAhOx42w-3D-3D



    ---
    þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
  • From scan-admin@coverity.com@VERT to cov-scan@synchro.net on Fri May 12 12:39:17 2023
    Hi,

    Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

    3 new defect(s) introduced to Synchronet found with Coverity Scan.
    4 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

    New defect(s) Reported-by: Coverity Scan
    Showing 3 of 3 defect(s)


    ** CID 454698: Incorrect expression (IDENTICAL_BRANCHES) /tmp/sbbs-May-12-2023/src/conio/x_events.c: 336 in map_window()


    ________________________________________________________________________________________________________
    *** CID 454698: Incorrect expression (IDENTICAL_BRANCHES) /tmp/sbbs-May-12-2023/src/conio/x_events.c: 336 in map_window()
    330 }
    331
    332 bitmap_get_scaled_win_size(x_cvstat.scaling, &sh->base_width, &sh->base_height, 0, 0);
    333 bitmap_get_scaled_win_size(1.0, &sh->min_width, &sh->min_height, 0, 0);
    334 pthread_mutex_unlock(&vstatlock);
    335
    CID 454698: Incorrect expression (IDENTICAL_BRANCHES)
    The same code is executed regardless of whether "x_cvstat.aspect_width != 0 && x_cvstat.aspect_height != 0" is true, because the 'then' and 'else' branches are identical. Should one of the branches be modified, or the entire 'if' statement replaced?
    336 if (x_cvstat.aspect_width != 0 && x_cvstat.aspect_height != 0) {
    337 sh->min_aspect.x = sh->max_aspect.x = sh->min_width; 338 sh->min_aspect.y = sh->max_aspect.y = sh->min_height; 339 }
    340 else {
    341 sh->min_aspect.x = sh->max_aspect.x = sh->min_width;

    ** CID 454697: Program hangs (LOCK) /tmp/sbbs-May-12-2023/src/conio/x_events.c: 565 in video_init()


    ________________________________________________________________________________________________________
    *** CID 454697: Program hangs (LOCK) /tmp/sbbs-May-12-2023/src/conio/x_events.c: 565 in video_init()
    559 if (ciolib_initial_scaling != 0.0)
    560 x_cvstat.scaling = vstat.scaling = ciolib_initial_scaling;
    561 if (x_cvstat.scaling < 1.0 || vstat.scaling < 1.0)
    562 x_cvstat.scaling = vstat.scaling = 1;
    563 /* Initialize mode 3 (text, 80x25, 16 colors) */
    564 if(load_vmode(&vstat, ciolib_initial_mode))
    CID 454697: Program hangs (LOCK)
    Returning without unlocking "vstatlock".
    565 return(-1);
    566 x_cvstat = vstat;
    567 pthread_mutex_unlock(&vstatlock);
    568 if(init_window())
    569 return(-1);
    570 bitmap_drv_init(x11_drawrect, x11_flush);

    ** CID 454696: Control flow issues (UNREACHABLE) /tmp/sbbs-May-12-2023/src/conio/sdl_con.c: 346 in window_can_scale_internally()


    ________________________________________________________________________________________________________
    *** CID 454696: Control flow issues (UNREACHABLE) /tmp/sbbs-May-12-2023/src/conio/sdl_con.c: 346 in window_can_scale_internally() 340 {
    341 double ival;
    342 double fval = modf(vstat.scaling, &ival);
    343
    344 // TODO: Add toggle for software scaling
    345 return true;
    CID 454696: Control flow issues (UNREACHABLE)
    This code cannot be reached: "if (fval == 0.)
    return true;".
    346 if (fval == 0.0)
    347 return true;
    348 return false;
    349 }
    350
    351 static int sdl_init_mode(int mode, bool init)


    ________________________________________________________________________________________________________
    To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yp-2FP9gGRhvFklLaQKuBylUrkMFB3WMR2p7qIYKYTZrh4BbWTBf-2B-2Fi5ZUVF-2Fo-2B6flxo-3DX8P7_g4j7BHlu96plUOfCQsO0yRjoWZCZl8YGnZ-2FUtT39hrCo7meCvjTSwgjNWxh8U4aDHxfQHmMxsciENSIBRXp67uLEWOz8jwu3lZFR4uCjFHkbCONAY52JqWDBe66S35SQOx1f4wXv2LsZa7IQA5vCXFuyr8zmKHpG3m8Wuig8iyc7ux-2BQD0YVshzWBetWEqE7uzFZr9D2LkWv7T-2FSd8bmyg-3D-3D



    ---
    þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
  • From scan-admin@coverity.com@VERT to cov-scan@synchro.net on Sat Jun 3 12:40:58 2023
    Hi,

    Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

    7 new defect(s) introduced to Synchronet found with Coverity Scan.


    New defect(s) Reported-by: Coverity Scan
    Showing 7 of 7 defect(s)


    ** CID 462165: Null pointer dereferences (FORWARD_NULL) /tmp/sbbs-Jun-03-2023/src/conio/x_events.c: 904 in local_draw_rect()


    ________________________________________________________________________________________________________
    *** CID 462165: Null pointer dereferences (FORWARD_NULL) /tmp/sbbs-Jun-03-2023/src/conio/x_events.c: 904 in local_draw_rect()
    898 x11.XFillRectangle(dpy, win, gc, 0, yoff, xoff, yoff + xim->height);
    899 x11.XFillRectangle(dpy, win, gc, xoff+xim->width, yoff, w, yoff + xim->height);
    900 x11.XFillRectangle(dpy, win, gc, 0, yoff + xim->height, w, h);
    901 }
    902 if (x_internal_scaling || xrender_found == false) {
    903 if (last == NULL)
    CID 462165: Null pointer dereferences (FORWARD_NULL)
    Dereferencing null pointer "source".
    904 x11.XPutImage(dpy, win, gc, xim, 0, 0, xoff, yoff, source->w, source->h);
    905 else {
    906 release_buffer(last);
    907 last = NULL;
    908 }
    909 }

    ** CID 462164: Concurrent data access violations (MISSING_LOCK) /tmp/sbbs-Jun-03-2023/src/conio/sdl_con.c: 448 in internal_setwinsize()


    ________________________________________________________________________________________________________
    *** CID 462164: Concurrent data access violations (MISSING_LOCK) /tmp/sbbs-Jun-03-2023/src/conio/sdl_con.c: 448 in internal_setwinsize()
    442 pthread_mutex_lock(&win_mutex);
    443 sdl.GetWindowSize(win, &w, &h);
    444 pthread_mutex_unlock(&win_mutex);
    445 if (w != vs->winwidth || h != vs->winheight)
    446 changed = true;
    447 pthread_mutex_unlock(&vstatlock);
    CID 462164: Concurrent data access violations (MISSING_LOCK)
    Accessing "vstat.scaling" without holding lock "vstatlock". Elsewhere, "video_stats.scaling" is accessed with "vstatlock" held 13 out of 18 times (1 of these accesses strongly imply that it is necessary).
    448 vstat.scaling = sdl_getscaling();
    449 }
    450 if (changed)
    451 setup_surfaces(vs);
    452 }
    453

    ** CID 462163: Concurrent data access violations (MISSING_LOCK) /tmp/sbbs-Jun-03-2023/src/conio/sdl_con.c: 408 in update_cvstat()


    ________________________________________________________________________________________________________
    *** CID 462163: Concurrent data access violations (MISSING_LOCK) /tmp/sbbs-Jun-03-2023/src/conio/sdl_con.c: 408 in update_cvstat()
    402 }
    403
    404 static void
    405 update_cvstat(struct video_stats *vs)
    406 {
    407 if (vs != NULL && vs != &vstat) {
    CID 462163: Concurrent data access violations (MISSING_LOCK)
    Accessing "vstat.scaling" without holding lock "vstatlock". Elsewhere, "video_stats.scaling" is accessed with "vstatlock" held 13 out of 18 times (1 of these accesses strongly imply that it is necessary).
    408 vstat.scaling = sdl_getscaling();
    409 pthread_mutex_lock(&vstatlock);
    410 *vs = vstat;
    411 pthread_mutex_unlock(&vstatlock);
    412 }
    413 }

    ** CID 462162: Concurrent data access violations (MISSING_LOCK) /tmp/sbbs-Jun-03-2023/src/conio/sdl_con.c: 657 in setup_surfaces()


    ________________________________________________________________________________________________________
    *** CID 462162: Concurrent data access violations (MISSING_LOCK) /tmp/sbbs-Jun-03-2023/src/conio/sdl_con.c: 657 in setup_surfaces()
    651 else if(sdl_init_good) {
    652 ev.type=SDL_QUIT;
    653 sdl_exitcode=1;
    654 sdl.PeepEvents(&ev, 1, SDL_ADDEVENT, SDL_FIRSTEVENT, SDL_LASTEVENT);
    655 }
    656 pthread_mutex_unlock(&win_mutex);
    CID 462162: Concurrent data access violations (MISSING_LOCK)
    Accessing "vstat.scaling" without holding lock "vstatlock". Elsewhere, "video_stats.scaling" is accessed with "vstatlock" held 13 out of 18 times (1 of these accesses strongly imply that it is necessary).
    657 vstat.scaling = sdl_getscaling();
    658 }
    659
    660 /* Called from event thread only */
    661 static void sdl_add_key(unsigned int keyval, struct video_stats *vs) 662 {

    ** CID 462161: Null pointer dereferences (FORWARD_NULL) /tmp/sbbs-Jun-03-2023/src/conio/x_cio.c: 511 in x_init()


    ________________________________________________________________________________________________________
    *** CID 462161: Null pointer dereferences (FORWARD_NULL) /tmp/sbbs-Jun-03-2023/src/conio/x_cio.c: 511 in x_init()
    505 xp_dlclose(dl);
    506 return(-1);
    507 }
    508 #ifdef WITH_XRENDER
    509 xrender_found = true;
    510 if ((dl2 = xp_dlopen(libnames2,RTLD_LAZY,7)) == NULL) {
    CID 462161: Null pointer dereferences (FORWARD_NULL)
    Passing null pointer "dl2" to "dlclose", which dereferences it.
    511 xp_dlclose(dl2);
    512 xrender_found = false;
    513 }
    514 if (xrender_found && ((x11.XRenderFindStandardFormat = xp_dlsym(dl2, XRenderFindStandardFormat)) == NULL)) {
    515 xp_dlclose(dl);
    516 xrender_found = false;

    ** CID 462160: Null pointer dereferences (REVERSE_INULL) /tmp/sbbs-Jun-03-2023/src/conio/x_events.c: 589 in init_window()


    ________________________________________________________________________________________________________
    *** CID 462160: Null pointer dereferences (REVERSE_INULL) /tmp/sbbs-Jun-03-2023/src/conio/x_events.c: 589 in init_window()
    583 if (classhints) {
    584 classhints->res_name = (char *)ciolib_initial_program_name;
    585 classhints->res_class = (char *)ciolib_initial_program_class;
    586 }
    587 wmhints=x11.XAllocWMHints();
    588 wmhints->flags = 0;
    CID 462160: Null pointer dereferences (REVERSE_INULL)
    Null-checking "wmhints" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
    589 if(wmhints) {
    590 wmhints->initial_state=NormalState;
    591 wmhints->flags |= (StateHint | InputHint);
    592 wmhints->input = True;
    593 set_icon(ciolib_initial_icon, ciolib_initial_icon_width, wmhints);
    594 x11.XSetWMProperties(dpy, win, NULL, NULL, 0, 0, NULL, wmhints, classhints);

    ** CID 462159: (RESOURCE_LEAK)
    /tmp/sbbs-Jun-03-2023/src/conio/x_cio.c: 591 in x_init() /tmp/sbbs-Jun-03-2023/src/conio/x_cio.c: 552 in x_init() /tmp/sbbs-Jun-03-2023/src/conio/x_cio.c: 552 in x_init() /tmp/sbbs-Jun-03-2023/src/conio/x_cio.c: 557 in x_init() /tmp/sbbs-Jun-03-2023/src/conio/x_cio.c: 552 in x_init() /tmp/sbbs-Jun-03-2023/src/conio/x_cio.c: 563 in x_init() /tmp/sbbs-Jun-03-2023/src/conio/x_cio.c: 570 in x_init()


    ________________________________________________________________________________________________________
    *** CID 462159: (RESOURCE_LEAK)
    /tmp/sbbs-Jun-03-2023/src/conio/x_cio.c: 591 in x_init()
    585 xp_dlclose(dl);
    586 sem_destroy(&pastebuf_set);
    587 sem_destroy(&pastebuf_used);
    588 sem_destroy(&init_complete);
    589 sem_destroy(&mode_set);
    590 pthread_mutex_destroy(&copybuf_mutex);
    CID 462159: (RESOURCE_LEAK)
    Variable "dl2" going out of scope leaks the storage it points to.
    591 return(-1);
    592 }
    593 _beginthread(x11_mouse_thread,1<<16,NULL);
    594 cio_api.options |= CONIO_OPT_SET_TITLE | CONIO_OPT_SET_NAME | CONIO_OPT_SET_ICON;
    595 return(0);
    596 }
    /tmp/sbbs-Jun-03-2023/src/conio/x_cio.c: 552 in x_init()
    546 #endif
    547 setlocale(LC_ALL, "");
    548 x11.XSetLocaleModifiers("@im=none");
    549
    550 if(sem_init(&pastebuf_set, 0, 0)) {
    551 xp_dlclose(dl);
    CID 462159: (RESOURCE_LEAK)
    Variable "dl2" going out of scope leaks the storage it points to.
    552 return(-1);
    553 }
    554 if(sem_init(&pastebuf_used, 0, 0)) {
    555 xp_dlclose(dl);
    556 sem_destroy(&pastebuf_set);
    557 return(-1);
    /tmp/sbbs-Jun-03-2023/src/conio/x_cio.c: 552 in x_init()
    546 #endif
    547 setlocale(LC_ALL, "");
    548 x11.XSetLocaleModifiers("@im=none");
    549
    550 if(sem_init(&pastebuf_set, 0, 0)) {
    551 xp_dlclose(dl);
    CID 462159: (RESOURCE_LEAK)
    Variable "dl2" going out of scope leaks the storage it points to.
    552 return(-1);
    553 }
    554 if(sem_init(&pastebuf_used, 0, 0)) {
    555 xp_dlclose(dl);
    556 sem_destroy(&pastebuf_set);
    557 return(-1);
    /tmp/sbbs-Jun-03-2023/src/conio/x_cio.c: 557 in x_init()
    551 xp_dlclose(dl);
    552 return(-1);
    553 }
    554 if(sem_init(&pastebuf_used, 0, 0)) {
    555 xp_dlclose(dl);
    556 sem_destroy(&pastebuf_set);
    CID 462159: (RESOURCE_LEAK)
    Variable "dl2" going out of scope leaks the storage it points to.
    557 return(-1);
    558 }
    559 if(sem_init(&init_complete, 0, 0)) {
    560 xp_dlclose(dl);
    561 sem_destroy(&pastebuf_set);
    562 sem_destroy(&pastebuf_used); /tmp/sbbs-Jun-03-2023/src/conio/x_cio.c: 552 in x_init()
    546 #endif
    547 setlocale(LC_ALL, "");
    548 x11.XSetLocaleModifiers("@im=none");
    549
    550 if(sem_init(&pastebuf_set, 0, 0)) {
    551 xp_dlclose(dl);
    CID 462159: (RESOURCE_LEAK)
    Variable "dl2" going out of scope leaks the storage it points to.
    552 return(-1);
    553 }
    554 if(sem_init(&pastebuf_used, 0, 0)) {
    555 xp_dlclose(dl);
    556 sem_destroy(&pastebuf_set);
    557 return(-1);
    /tmp/sbbs-Jun-03-2023/src/conio/x_cio.c: 563 in x_init()
    557 return(-1);
    558 }
    559 if(sem_init(&init_complete, 0, 0)) {
    560 xp_dlclose(dl);
    561 sem_destroy(&pastebuf_set);
    562 sem_destroy(&pastebuf_used);
    CID 462159: (RESOURCE_LEAK)
    Variable "dl2" going out of scope leaks the storage it points to.
    563 return(-1);
    564 }
    565 if(sem_init(&mode_set, 0, 0)) {
    566 xp_dlclose(dl);
    567 sem_destroy(&pastebuf_set);
    568 sem_destroy(&pastebuf_used); /tmp/sbbs-Jun-03-2023/src/conio/x_cio.c: 570 in x_init()
    564 }
    565 if(sem_init(&mode_set, 0, 0)) {
    566 xp_dlclose(dl);
    567 sem_destroy(&pastebuf_set);
    568 sem_destroy(&pastebuf_used);
    569 sem_destroy(&init_complete);
    CID 462159: (RESOURCE_LEAK)
    Variable "dl2" going out of scope leaks the storage it points to.
    570 return(-1);
    571 }
    572
    573 if(pthread_mutex_init(&copybuf_mutex, 0)) {
    574 xp_dlclose(dl);
    575 sem_destroy(&pastebuf_set);


    ________________________________________________________________________________________________________
    To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yp-2FP9gGRhvFklLaQKuBylUrkMFB3WMR2p7qIYKYTZrh4BbWTBf-2B-2Fi5ZUVF-2Fo-2B6flxo-3DIG4__g4j7BHlu96plUOfCQsO0yRjoWZCZl8YGnZ-2FUtT39hrBPyDfdctenEpBqzGZNVHs42ttgLTzzOGVhZnCvXDhpCF9jzW-2Bs67lHgn4mRJqKpKp0lKywESuC-2B8aPwq-2BHoGo6NvVv2XtDxVwk0ttDNXD70ZWDHBkynCZQ-2FnfDOJmi8gjr3lodcSxrI82eFAdcseucYkY4oNbs56dG5-2FpY2OKpzQ-3D-3D



    ---
    þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net