9243 (void)uname(res); if (res != 0) { domain = res->domainname; }CID 319807: Memory - illegal accesses (UNINIT)
Using uninitialized value "res" when calling "uname".
9243 (void)uname(res); if (res != 0) { domain = res->domainname; }CID 319786: Null pointer dereferences (REVERSE_INULL)
Null-checking "res" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
9243 (void)uname(res); if (res != 0) { domain = res->domainname; }CID 319807: Memory - illegal accesses (UNINIT)
Using uninitialized value "res" when calling "uname".
9243 (void)uname(res); if (res != 0) { domain = res->domainname; }CID 319786: Null pointer dereferences (REVERSE_INULL)
Null-checking "res" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
9243 (void)uname(res); if (res != 0) { domain = res->domainname; }CID 319807: Memory - illegal accesses (UNINIT)
Using uninitialized value "res" when calling "uname".
9243 (void)uname(res); if (res != 0) { domain = res->domainname; }CID 319786: Null pointer dereferences (REVERSE_INULL)
Null-checking "res" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
9243 (void)uname(res); if (res != 0) { domain = res->domainname; }CID 319807: Memory - illegal accesses (UNINIT)
Using uninitialized value "res" when calling "uname".
9243 (void)uname(res); if (res != 0) { domain = res->domainname; }CID 319786: Null pointer dereferences (REVERSE_INULL)
Null-checking "res" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
9243 (void)uname(res); if (res != 0) { domain = res->domainname; }CID 319807: Memory - illegal accesses (UNINIT)
Using uninitialized value "res" when calling "uname".
9243 (void)uname(res); if (res != 0) { domain = res->domainname; }CID 319786: Null pointer dereferences (REVERSE_INULL)
Null-checking "res" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
Just curious, should we avoid updating on days where coverity scan finds errors.
9243 (void)uname(res); if (res != 0) { domain = res->domainname; }CID 319807: Memory - illegal accesses (UNINIT)
Using uninitialized value "res" when calling "uname".
9243 (void)uname(res); if (res != 0) { domain = res->domainname; }CID 319786: Null pointer dereferences (REVERSE_INULL)
Null-checking "res" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
9243 (void)uname(res); if (res != 0) { domain = res->domainname; }CID 319807: Memory - illegal accesses (UNINIT)
Using uninitialized value "res" when calling "uname".
9243 (void)uname(res); if (res != 0) { domain = res->domainname; }CID 319786: Null pointer dereferences (REVERSE_INULL)
Null-checking "res" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
9243 (void)uname(res); if (res != 0) { domain = res->domainname; }CID 319807: Memory - illegal accesses (UNINIT)
Using uninitialized value "res" when calling "uname".
9243 (void)uname(res); if (res != 0) { domain = res->domainname; }CID 319786: Null pointer dereferences (REVERSE_INULL)
Null-checking "res" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
9243 (void)uname(res); if (res != 0) { domain = res->domainname; }CID 319807: Memory - illegal accesses (UNINIT)
Using uninitialized value "res" when calling "uname".
9243 (void)uname(res); if (res != 0) { domain = res->domainname; }CID 319786: Null pointer dereferences (REVERSE_INULL)
Null-checking "res" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
9243 (void)uname(res); if (res != 0) { domain = res->domainname; }CID 319807: Memory - illegal accesses (UNINIT)
Using uninitialized value "res" when calling "uname".
9243 (void)uname(res); if (res != 0) { domain = res->domainname; }CID 319786: Null pointer dereferences (REVERSE_INULL)
Null-checking "res" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
9243 (void)uname(res); if (res != 0) { domain = res->domainname; }CID 319807: Memory - illegal accesses (UNINIT)
Using uninitialized value "res" when calling "uname".
9243 (void)uname(res); if (res != 0) { domain = res->domainname; }CID 319786: Null pointer dereferences (REVERSE_INULL)
Null-checking "res" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
9243 (void)uname(res); if (res != 0) { domain = res->domainname; }CID 319807: Memory - illegal accesses (UNINIT)
Using uninitialized value "res" when calling "uname".
9243 (void)uname(res); if (res != 0) { domain = res->domainname; }CID 319786: Null pointer dereferences (REVERSE_INULL)
Null-checking "res" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
9243 (void)uname(res); if (res != 0) { domain = res->domainname; }CID 319807: Memory - illegal accesses (UNINIT)
Using uninitialized value "res" when calling "uname".
9243 (void)uname(res); if (res != 0) { domain = res->domainname; }CID 319786: Null pointer dereferences (REVERSE_INULL)
Null-checking "res" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
9243 (void)uname(res); if (res != 0) { domain = res->domainname; }CID 319807: Memory - illegal accesses (UNINIT)
Using uninitialized value "res" when calling "uname".
9243 (void)uname(res); if (res != 0) { domain = res->domainname; }CID 319786: Null pointer dereferences (REVERSE_INULL)
Null-checking "res" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
9243 (void)uname(res); if (res != 0) { domain = res->domainname; }CID 319807: Memory - illegal accesses (UNINIT)
Using uninitialized value "res" when calling "uname".
9243 (void)uname(res); if (res != 0) { domain = res->domainname; }CID 319786: Null pointer dereferences (REVERSE_INULL)
Null-checking "res" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
9243 (void)uname(res); if (res != 0) { domain = res->domainname; }CID 319807: Memory - illegal accesses (UNINIT)
Using uninitialized value "res" when calling "uname".
9243 (void)uname(res); if (res != 0) { domain = res->domainname; }CID 319786: Null pointer dereferences (REVERSE_INULL)
Null-checking "res" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
9243 (void)uname(res); if (res != 0) { domain = res->domainname; }CID 319807: Memory - illegal accesses (UNINIT)
Using uninitialized value "res" when calling "uname".
9243 (void)uname(res); if (res != 0) { domain = res->domainname; }CID 319786: Null pointer dereferences (REVERSE_INULL)
Null-checking "res" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
9243 (void)uname(res); if (res != 0) { domain = res->domainname; }CID 319807: Memory - illegal accesses (UNINIT)
Using uninitialized value "res" when calling "uname".
9243 (void)uname(res); if (res != 0) { domain = res->domainname; }CID 319786: Null pointer dereferences (REVERSE_INULL)
Null-checking "res" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
9243 (void)uname(res); if (res != 0) { domain = res->domainname; }CID 319807: Memory - illegal accesses (UNINIT)
Using uninitialized value "res" when calling "uname".
9243 (void)uname(res); if (res != 0) { domain = res->domainname; }CID 319786: Null pointer dereferences (REVERSE_INULL)
Null-checking "res" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
9243 (void)uname(res); if (res != 0) { domain = res->domainname; }CID 319807: Memory - illegal accesses (UNINIT)
Using uninitialized value "res" when calling "uname".
9243 (void)uname(res); if (res != 0) { domain = res->domainname; }CID 319786: Null pointer dereferences (REVERSE_INULL)
Null-checking "res" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
253 str[rsp + 1] = 0;CID 319174: Memory - corruptions (OVERRUN)
Overrunning array "str" of 128 bytes at byte offset 128 using index "rsp + 1UL" (which evaluates to 128).
9243 (void)uname(res); if (res != 0) { domain = res->domainname; }CID 319807: Memory - illegal accesses (UNINIT)
Using uninitialized value "res" when calling "uname".
9243 (void)uname(res); if (res != 0) { domain = res->domainname; }CID 319786: Null pointer dereferences (REVERSE_INULL)
Null-checking "res" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
9243 (void)uname(res); if (res != 0) { domain = res->domainname; }CID 319807: Memory - illegal accesses (UNINIT)
Using uninitialized value "res" when calling "uname".
9243 (void)uname(res); if (res != 0) { domain = res->domainname; }CID 319786: Null pointer dereferences (REVERSE_INULL)
Null-checking "res" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
9243 (void)uname(res); if (res != 0) { domain = res->domainname; }CID 319807: Memory - illegal accesses (UNINIT)
Using uninitialized value "res" when calling "uname".
9243 (void)uname(res); if (res != 0) { domain = res->domainname; }CID 319786: Null pointer dereferences (REVERSE_INULL)
Null-checking "res" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
9243 (void)uname(res); if (res != 0) { domain = res->domainname; }CID 319807: Memory - illegal accesses (UNINIT)
Using uninitialized value "res" when calling "uname".
9243 (void)uname(res); if (res != 0) { domain = res->domainname; }CID 319786: Null pointer dereferences (REVERSE_INULL)
Null-checking "res" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
674 beep();CID 376409: (SLEEP)
Call to "ciolib_beep" might sleep while holding lock "sdl_keylock".
682 beep();CID 376409: (SLEEP)
Call to "ciolib_beep" might sleep while holding lock "sdl_keylock".
1141 bputs(unixtodstr(&cfg,(time32_t)now,tmp1)); 1142 break;CID 376408: High impact quality (Y2K38_SAFETY)
A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "this->now" is cast to "time32_t".
841 return(::timestr(&cfg,(time32_t)intime,timestr_output));CID 376407: High impact quality (Y2K38_SAFETY)
A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "intime" is cast to "time32_t".
1606 session->user.logontime = (time32_t)session->logon_time;CID 376406: High impact quality (Y2K38_SAFETY)
A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "session->logon_time" is cast to "time32_t".
827 JS_SET_RVAL(cx, arglist,UINT_TO_JSVAL((uint32_t)time(NULL))); 828 return(JS_TRUE);CID 376405: High impact quality (Y2K38_SAFETY)
A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "time(NULL)" is cast to "uint32_t".
638 client.time = time(NULL);CID 376404: High impact quality (Y2K38_SAFETY)
A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "time(NULL)" is cast to "time32_t".
414 const SES_CHECKATTRIBUTE_FUNCTION checkAttributeFunction = \CID 376403: Control flow issues (DEADCODE)
Execution cannot reach the expression "sessionInfoPtr->checkAttributeFunction.fnPtr" inside this statement: "checkAttributeFunction = (S...".
235 YIELD();CID 376402: Program hangs (SLEEP)
Call to "nanosleep" might sleep while holding lock "sdl_ufunc_mtx".
4811 if (!CallAddPropertyHook(cx, clasp, obj, shape, &valueCopy)) { 4812 obj->removeProperty(cx, id);CID 376401: (OVERRUN)
Calling "CallAddPropertyHook" with "obj->slots" and "shape->slot" is suspicious because of the very large index, 4294967295. The index may be due to a negative parameter being interpreted as unsigned.
4808 obj->nativeSetSlot(shape->slot, valueCopy);CID 376401: (OVERRUN)
Calling "nativeSetSlot" with "obj->slots" and "shape->slot" is suspicious because of the very large index, 4294967295. The index may be due to a negative parameter being interpreted as unsigned.
332 const SES_CHECKATTRIBUTE_FUNCTION checkAttributeFunction = \CID 376400: Control flow issues (DEADCODE)
Execution cannot reach the expression "sessionInfoPtr->checkAttributeFunction.fnPtr" inside this statement: "checkAttributeFunction = (S...".
246 msg.hdr.when_written.time=(uint32_t)time(NULL);CID 376399: High impact quality (Y2K38_SAFETY)
A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "time(NULL)" is cast to "uint32_t".
1944 bb = bb1;CID 376398: Memory - illegal accesses (USE_AFTER_FREE)
Using freed pointer "bb1".
193 ,unixtodstr(&cfg,(time32_t)qwknode[i].time,str),qwknode[i].id,qwknode[i].path);A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "this->qwknode[i].time" is cast to "time32_t".
230 (void)read(file,gurubuf,(size_t)filelength(file));CID 376396: Memory - corruptions (OVERRUN)
Calling "read" with "gurubuf" and "(size_t)filelength(file)" is suspicious because of the very large index, 18446744073709551615. The index may be due to a negative parameter being interpreted as unsigned. [Note: The source code implementation of the function has been overridden by a builtin model.]
566 *dt=(time32_t)tmptime;CID 376395: High impact quality (Y2K38_SAFETY)
A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "tmptime" is cast to "time32_t".
1046 msg.hdr.when_written.time=(uint32_t)xpDateTime_to_localtime(dt);CID 376394: High impact quality (Y2K38_SAFETY)
A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "xpDateTime_to_localtime(dt)" is cast to "uint32_t".
367 strListCombine(list, metadata, size - 1, "\r\n");CID 376393: Memory - corruptions (OVERRUN)
Calling "strListCombine" with "metadata" and "size - 1UL" is suspicious because of the very large index, 18446744073709551615. The index may be due to a negative parameter being interpreted as unsigned.
298 memset(brute_buf+1,'_',l-1);CID 376392: Memory - corruptions (OVERRUN)
Calling "memset" with "brute_buf + 1" and "l - 1UL" is suspicious because of the very large index, 18446744073709551615. The index may be due to a negative parameter being interpreted as unsigned. [Note: The source code implementation of the function has been overridden by a builtin model.]
1128 JS_SET_RVAL(cx, arglist, UINT_TO_JSVAL((uint32)getfiletime(scfg, &file)));CID 376391: High impact quality (Y2K38_SAFETY)
A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "getfiletime(scfg, &file)" is cast to "uint32".
1565 user->pwmod=time(NULL);CID 376390: High impact quality (Y2K38_SAFETY)
A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "time(NULL)" is cast to "time32_t".
89 new defect(s) introduced to Synchronet found with Coverity Scan.
1082 pthread_mutex_lock(&vstatlock);CID 432266: Program hangs (ORDER_REVERSAL)
Calling "pthread_mutex_lock" acquires lock "vstatlock" while holding lock "win_mutex" (count: 1 / 4).
1039 ch=(char)getstr(str,LEN_PASS,K_UPPER);CID 433272: Code maintainability issues (UNUSED_VALUE)
Assigning value from "(char)this->getstr(str, 40UL, 1L, NULL)" to "ch" here, but that stored value is overwritten before it can be used.
659 str_list_t section = iniGetParsedSection(sections, name, /* cut: */TRUE);CID 433271: (RESOURCE_LEAK)
Variable "sections" going out of scope leaks the storage it points to. 658 return allocerr(error, maxerrlen, fname, "guru", sizeof(guru_t));
760 str_list_t section = iniGetParsedSection(sections, name, /* cut: */TRUE);CID 433271: (RESOURCE_LEAK)
Variable "sections" going out of scope leaks the storage it points to. 759 return allocerr(error, maxerrlen, fname, "page", sizeof(page_t));
680 } elseCID 433271: (RESOURCE_LEAK)
Variable "sections" going out of scope leaks the storage it points to. 679 return allocerr(error, maxerrlen, fname, "actsets", sizeof(actset_t *)*cfg->total_actsets);
688 str_list_t section = iniGetParsedSection(sections, name, /* cut: */TRUE);CID 433271: (RESOURCE_LEAK)
Variable "sections" going out of scope leaks the storage it points to. 687 return allocerr(error, maxerrlen, fname, "actset", sizeof(actset_t));
652 } elseCID 433271: (RESOURCE_LEAK)
Variable "sections" going out of scope leaks the storage it points to. 651 return allocerr(error, maxerrlen, fname, "gurus", sizeof(guru_t *)*cfg->total_gurus);
719 } elseCID 433271: (RESOURCE_LEAK)
Variable "sections" going out of scope leaks the storage it points to. 718 return allocerr(error, maxerrlen, fname, "chans", sizeof(chan_t *)*cfg->total_chans);
753 } elseCID 433271: (RESOURCE_LEAK)
Variable "sections" going out of scope leaks the storage it points to. 752 return allocerr(error, maxerrlen, fname, "pages", sizeof(page_t *)*cfg->total_pages);
726 str_list_t section = iniGetParsedSection(sections, name, /* cut: */TRUE);CID 433271: (RESOURCE_LEAK)
Variable "sections" going out of scope leaks the storage it points to. 725 return allocerr(error, maxerrlen, fname, "chan", sizeof(chan_t));
420 if((cfg->sub[i]=(sub_t *)malloc(sizeof(sub_t)))==NULL) 421 return allocerr(error, maxerrlen, fname, "sub", sizeof(sub_t));CID 433270: Null pointer dereferences (FORWARD_NULL)
Dereferencing null pointer "cfg->sub".
117 return allocerr(error, maxerrlen, fname, "fcomp", sizeof(fcomp_t));CID 433269: Resource leaks (RESOURCE_LEAK)
Variable "fcomp_list" going out of scope leaks the storage it points to.
194 return allocerr(error, maxerrlen, fname, "dlevent", sizeof(dlevent_t));CID 433268: Resource leaks (RESOURCE_LEAK)
Variable "dlevent_list" going out of scope leaks the storage it points to.
41 return MQTT_FAILURE;CID 433267: Control flow issues (DEADCODE)
Execution cannot reach this statement: "return 100;".
524 section = iniGetParsedSection(sections, name, /* cut: */TRUE);CID 433266: (RESOURCE_LEAK)
Variable "sections" going out of scope leaks the storage it points to. 523 return allocerr(error, maxerrlen, fname, "qhub", sizeof(qhub_t));
382 section = iniGetParsedSection(sections, name, /* cut: */TRUE);Variable "sections" going out of scope leaks the storage it points to. 381 return allocerr(error, maxerrlen, fname, "group", sizeof(grp_t));
374 } elseCID 433266: (RESOURCE_LEAK)
Variable "sections" going out of scope leaks the storage it points to. 373 return allocerr(error, maxerrlen, fname, "groups", sizeof(grp_t *)*cfg->total_grps);
382 section = iniGetParsedSection(sections, name, /* cut: */TRUE);Variable "grp_list" going out of scope leaks the storage it points to. 381 return allocerr(error, maxerrlen, fname, "group", sizeof(grp_t));
374 } elseCID 433265: (RESOURCE_LEAK)
Variable "grp_list" going out of scope leaks the storage it points to. 373 return allocerr(error, maxerrlen, fname, "groups", sizeof(grp_t *)*cfg->total_grps);
2347 while (sbbs->client_socket != INVALID_SOCKET && !terminate_server && !sbbs->terminate_output_thread) {CID 433264: Memory - corruptions (REVERSE_NEGATIVE)
You might be using variable "sbbs->client_socket" before verifying that it is >= 0.
549 }CID 433263: (RESOURCE_LEAK)
Variable "qhub_list" going out of scope leaks the storage it points to. 548 return allocerr(error, maxerrlen, fname, "qhub mode", sizeof(uchar)*k);
524 section = iniGetParsedSection(sections, name, /* cut: */TRUE);CID 433263: (RESOURCE_LEAK)
Variable "qhub_list" going out of scope leaks the storage it points to. 523 return allocerr(error, maxerrlen, fname, "qhub", sizeof(qhub_t));
516 } elseCID 433263: (RESOURCE_LEAK)
Variable "qhub_list" going out of scope leaks the storage it points to. 515 return allocerr(error, maxerrlen, fname, "qhubs", sizeof(qhub_t*)*cfg->total_qhubs);
547 if((cfg->qhub[i]->mode=(char *)malloc(sizeof(char)*k))==NULL)CID 433263: (RESOURCE_LEAK)
Variable "qhub_list" going out of scope leaks the storage it points to. 546 return allocerr(error, maxerrlen, fname, "qhub conf", sizeof(ushort)*k);
1036 msg.hdr.when_written.time=(uint32_t)xpDateTime_to_localtime(dt);CID 433262: High impact quality (Y2K38_SAFETY)
A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "xpDateTime_to_localtime(dt)" is cast to "uint32_t".
246 } elseCID 433261: (RESOURCE_LEAK)
Variable "lib_list" going out of scope leaks the storage it points to. 245 return allocerr(error, maxerrlen, fname, "libs", sizeof(lib_t *)*cfg->total_libs);
253 str_list_t section = iniGetParsedSection(sections, name, /* cut: */TRUE);Variable "lib_list" going out of scope leaks the storage it points to. 252 return allocerr(error, maxerrlen, fname, "lib", sizeof(lib_t));
547 if((cfg->qhub[i]->mode=(char *)malloc(sizeof(char)*k))==NULL)CID 433260: (RESOURCE_LEAK)
Variable "qsub_list" going out of scope leaks the storage it points to. 546 return allocerr(error, maxerrlen, fname, "qhub conf", sizeof(ushort)*k);
549 }CID 433260: (RESOURCE_LEAK)
Variable "qsub_list" going out of scope leaks the storage it points to. 548 return allocerr(error, maxerrlen, fname, "qhub mode", sizeof(uchar)*k);
545 if((cfg->qhub[i]->conf=(ushort *)malloc(sizeof(ushort)*k))==NULL)CID 433260: (RESOURCE_LEAK)
Variable "qsub_list" going out of scope leaks the storage it points to. 544 return allocerr(error, maxerrlen, fname, "qhub sub", sizeof(sub_t)*k);
463 return false;CID 433259: Resource leaks (RESOURCE_LEAK)
Variable "out" going out of scope leaks the storage it points to.
481 return allocerr(error, maxerrlen, fname, "xtrns", sizeof(xtrn_t *)*cfg->total_xtrns);CID 433258: (RESOURCE_LEAK)
Variable "list" going out of scope leaks the storage it points to.
500 return allocerr(error, maxerrlen, fname, "xtrn", sizeof(xtrn_t));CID 433258: (RESOURCE_LEAK)
Variable "list" going out of scope leaks the storage it points to.
462 return allocerr(error, maxerrlen, fname, "xtrnsec", sizeof(xtrnsec_t));CID 433258: (RESOURCE_LEAK)
Variable "list" going out of scope leaks the storage it points to.
428 return allocerr(error, maxerrlen, fname, "xedit", sizeof(xedit_t));CID 433258: (RESOURCE_LEAK)
Variable "list" going out of scope leaks the storage it points to.
541 return allocerr(error, maxerrlen, fname, "event", sizeof(event_t));CID 433258: (RESOURCE_LEAK)
Variable "list" going out of scope leaks the storage it points to.
594 return allocerr(error, maxerrlen, fname, "hotkeys", sizeof(hotkey_t *)*cfg->total_hotkeys);CID 433258: (RESOURCE_LEAK)
Variable "list" going out of scope leaks the storage it points to.
534 return allocerr(error, maxerrlen, fname, "events", sizeof(event_t *)*cfg->total_events);CID 433258: (RESOURCE_LEAK)
Variable "list" going out of scope leaks the storage it points to.
579 return allocerr(error, maxerrlen, fname, "natvpgm", sizeof(natvpgm_t));CID 433258: (RESOURCE_LEAK)
Variable "list" going out of scope leaks the storage it points to.
455 return allocerr(error, maxerrlen, fname, "xtrnsecs", sizeof(xtrnsec_t *)*cfg->total_xtrnsecs);CID 433258: (RESOURCE_LEAK)
Variable "list" going out of scope leaks the storage it points to.
601 return allocerr(error, maxerrlen, fname, "hotkey", sizeof(hotkey_t));CID 433258: (RESOURCE_LEAK)
Variable "list" going out of scope leaks the storage it points to.
421 return allocerr(error, maxerrlen, fname, "xedits", sizeof(xedit_t *)*cfg->total_xedits);CID 433258: (RESOURCE_LEAK)
Variable "list" going out of scope leaks the storage it points to.
572 return allocerr(error, maxerrlen, fname, "natvpgms", sizeof(natvpgm_t *)*cfg->total_natvpgms);CID 433258: (RESOURCE_LEAK)
Variable "list" going out of scope leaks the storage it points to.
314 if((cfg->dir[i]=(dir_t *)malloc(sizeof(dir_t)))==NULL) 315 return allocerr(error, maxerrlen, fname, "dir", sizeof(dir_t));CID 433257: Null pointer dereferences (FORWARD_NULL)
Dereferencing null pointer "cfg->dir".
6401 while(session->socket!=INVALID_SOCKET) {CID 433256: Memory - corruptions (REVERSE_NEGATIVE)
You might be using variable "session->socket" before verifying that it is >= 0.
297 } elseCID 433255: (RESOURCE_LEAK)
Variable "dir_list" going out of scope leaks the storage it points to. 296 return allocerr(error, maxerrlen, fname, "dirs", sizeof(dir_t *)*(cfg->total_dirs+1));
316 str_list_t section = iniGetParsedSection(sections, name, /* cut: */TRUE);Variable "dir_list" going out of scope leaks the storage it points to. 315 return allocerr(error, maxerrlen, fname, "dir", sizeof(dir_t));
167 return allocerr(error, maxerrlen, fname, "ftest", sizeof(ftest_t));CID 433254: Resource leaks (RESOURCE_LEAK)
Variable "ftest_list" going out of scope leaks the storage it points to.
85 int result = ::putuserdatetime(&cfg, usernumber, fnum, (time32_t)t);CID 433253: High impact quality (Y2K38_SAFETY)
A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "t" is cast to "time32_t".
950 if(array == NULL && !JS_GetArrayLength(cx, array, &len)) {CID 508260: Null pointer dereferences (FORWARD_NULL)
Passing null pointer "array" to "JS_GetArrayLength", which dereferences it.
491 JS_ReportError(cx, "Unable to get parent js object"); 492 return JS_FALSE;CID 508259: Control flow issues (DEADCODE)
Execution cannot reach this statement: "JS_ReportError(cx, "Unable ...".
387 SAFECAT(buf,crlf);CID 508288: (STRING_NULL)
Passing unterminated string "buf" to "strlen", which expects a null-terminated string.
387 SAFECAT(buf,crlf);CID 508288: (STRING_NULL)
Passing unterminated string "buf" to "strlen", which expects a null-terminated string.
3127 HANDLE_PENDING(cx, tmp);CID 508287: Resource leaks (RESOURCE_LEAK)
Variable "server_user_name" going out of scope leaks the storage it points to.
3127 HANDLE_PENDING(cx, tmp);CID 508286: Resource leaks (RESOURCE_LEAK)
Variable "addr" going out of scope leaks the storage it points to.
3128 strListPush(&send_strings, tmp);CID 508285: Resource leaks (RESOURCE_LEAK)
Variable "term_type" going out of scope leaks the storage it points to. 3127 HANDLE_PENDING(cx, tmp);
3041 HANDLE_PENDING(cx, tmp);CID 508284: Resource leaks (RESOURCE_LEAK)
Variable "addr" going out of scope leaks the storage it points to.
3127 HANDLE_PENDING(cx, tmp);CID 508283: Resource leaks (RESOURCE_LEAK)
Variable "client_user_name" going out of scope leaks the storage it points to.
1308 && strcmp(filename, file.name) != 0 && smb_findfile(&p->smb, file.name, NULL) == SMB_SUCCESS) {CID 509555: Null pointer dereferences (FORWARD_NULL)
Passing null pointer "file.name" to "strcmp", which dereferences it. 1307 if(p->smb_result == SMB_SUCCESS
633 printf(" %02X %.*s", fidx.hash.flags, (int)sizeof(fidx.name), fidx.name);CID 509554: Memory - illegal accesses (STRING_NULL)
Passing unterminated string "fidx.name" to "printf", which expects a null-terminated string. [Note: The source code implementation of the function has been overridden by a builtin model.]
1335 if(p->smb_result != SMB_SUCCESS)CID 509553: Control flow issues (NESTING_INDENT_MISMATCH)
This 'if' statement is indented to column 41, as if it were nested within the preceding parent statement, but it is not.
244 if(stricmp(fidx.name, fname) != 0)CID 509552: Memory - illegal accesses (STRING_NULL)
Passing unterminated string "fidx.name" to "strcasecmp", which expects a null-terminated string.
441 if(stricmp(fidx[i].name, fname) == 0) {Passing unterminated string "fidx[i].name" to "strcasecmp", which expects a null-terminated string.
139 return 0;CID 509721: Resource leaks (RESOURCE_LEAK)
Variable "ini" going out of scope leaks the storage it points to.
670 return(0);CID 509720: (RESOURCE_LEAK)
Variable "csts" going out of scope leaks the storage it points to.
676 return(0);CID 509720: (RESOURCE_LEAK)
Variable "csts" going out of scope leaks the storage it points to.
649 if((csts = fopen_cstats(&cfg, i, /* for_write: */TRUE)) == NULL) {CID 509720: (RESOURCE_LEAK)
Overwriting "csts" in "csts = fopen_cstats(&this->cfg, i, true)" leaks the storage that "csts" points to.
673 return(0);CID 509720: (RESOURCE_LEAK)
Variable "csts" going out of scope leaks the storage it points to.
682 return(0L);CID 509720: (RESOURCE_LEAK)
Variable "csts" going out of scope leaks the storage it points to.
361 SAFEPRINTF(str,"%s ",unixtodstr(&cfg,(time32_t)now,tmp));CID 510624: High impact quality (Y2K38_SAFETY)
A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "this->now" is cast to "time32_t".
2334 xfer_type = (xfer_type == XFER_UPLOAD) ? XFER_BATCH_UPLOAD : XFER_BATCH_DOWNLOAD;CID 511447: Control flow issues (DEADCODE)
Execution cannot reach the expression "XFER_BATCH_UPLOAD" inside this statement: "xfer_type = ((xfer_type == ...".
158 return unixtodstr(cfg, (time32_t)t, str);CID 511508: High impact quality (Y2K38_SAFETY)
A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "t" is cast to "time32_t".
990 return ::unixtodstr(&cfg, t, str);CID 511621: High impact quality (Y2K38_SAFETY)
A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "t" is cast to "time32_t".
1367 snprintf(opt[0],MAX_OPLN,"Numeric (e.g. %s)", unixtodstr(&cfg, (time32_t)t, tmp));CID 512127: (Y2K38_SAFETY)
A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "t" is cast to "time32_t".
1368 snprintf(opt[1],MAX_OPLN,"Verbal (e.g. %s)", verbal_datestr(&cfg, (time32_t)t, tmp));CID 512127: (Y2K38_SAFETY)
A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "t" is cast to "time32_t".
1001 uint8_t ch = line[i].ch;CID 514434: (NULL_RETURNS)
Dereferencing "line", which is known to be "NULL".
999 vmem_gettext(cterm->x, sy, cterm->x + tx - 2, sy, line);CID 514434: (NULL_RETURNS)
Dereferencing a pointer that might be "NULL" "line" when calling "ciolib_vmem_gettext".
4985 vmem_gettext(sx, sy, ex, sy, line);CID 514433: (NULL_RETURNS)
Dereferencing a pointer that might be "NULL" "line" when calling "ciolib_vmem_gettext".
5098 vmem_puttext(sx, sy, ex, sy, line);CID 514433: (NULL_RETURNS)
Dereferencing a pointer that might be "NULL" "line" when calling "ciolib_vmem_puttext".
4990 if (line[i].fg & 0x7F000000) {CID 514433: (NULL_RETURNS)
Dereferencing "line", which is known to be "NULL".
1659 lprintf(LOG_ERR, "%04d %s [%s] <%s> !Error %d writing user data for user #%d"CID 514483: API usage errors (PRINTF_ARGS)
No argument for format specifier "%d".
1661 ,session->username, session->user.number);CID 514482: API usage errors (PW.TOO_FEW_PRINTF_ARGS)
the format string requires additional arguments
4850 online = false;CID 514519: (LOCK)
"external" unlocks "this->input_thread_mutex" while it is unlocked. 4849 int result = external(cmd, EX_OFFLINE);
4849 int result = external(cmd, EX_OFFLINE);CID 514519: (LOCK)
"external" locks "this->input_thread_mutex" while it is locked.
298 safe_snprintf(smb->last_error,sizeof(smb->last_error),"%s timeout locking message base after %d seconds", __FUNCTION__, time(NULL) - start);CID 514629: API usage errors (PW.PRINTF_ARG_MISMATCH)
argument is incompatible with corresponding format string conversion (expected type "int" but argument has type "long")
298 safe_snprintf(smb->last_error,sizeof(smb->last_error),"%s timeout locking message base after %d seconds", __FUNCTION__, time(NULL) - start);CID 514628: API usage errors (PRINTF_ARGS)
Argument "time(NULL) - start" to format specifier "%d" was expected to have type "int" but has type "long".
1397 return "";CID 514647: Resource leaks (RESOURCE_LEAK)
Handle variable "f" going out of scope leaks the handle.
1848 if((fwdfile=tmpfile())==NULL) { 1849 lprintf(LOG_ERR,"ERROR line %d opening forward temp "CID 515048: Security best practices violations (SECURE_TEMP)
"tmpfile" creates files with predictable names, which is unsafe.
1635 if(add_all || j >= 0) {CID 515047: Control flow issues (NO_EFFECT)
This greater-than-or-equal-to-zero comparison of an unsigned value is always true. "j >= 0U".
1989 chmod(outpath, st.st_mode);CID 515046: Error handling issues (CHECKED_RETURN)
Calling "chmod(outpath, st.st_mode)" without checking return value. This library function may fail and return an error code.
2142 if((tmpf=tmpfile())==NULL) {CID 515063: Security best practices violations (SECURE_TEMP)
"tmpfile" creates files with predictable names, which is unsafe.
357 sdl.GetWindowSize(win, &ABUw, &ABUh);CID 515130: Concurrent data access violations (MISSING_LOCK)
Accessing "win" without holding lock "win_mutex". Elsewhere, "win" is written to with "win_mutex" held 1 out of 1 times.
3400 return(JS_TRUE);CID 515601: Program hangs (LOCK)
Returning without unlocking "sbbs->nodefile_mutex".
367 getnodedat(cfg.node_num,&thisnode,true); /* open and lock this record */CID 515600: Error handling issues (CHECKED_RETURN)
Calling "getnodedat" without checking return value (as is done elsewhere 52 out of 59 times).
108 nodefile = -1;CID 515599: Concurrent data access violations (MISSING_LOCK)
Accessing "this->nodefile" without holding lock "sbbs_t.nodefile_mutex". Elsewhere, "sbbs_t.nodefile" is written to with "sbbs_t.nodefile_mutex" held 4 out of 5 times.
269 free(buf);CID 515598: (SLEEP)
Call to "putmsg" might sleep while holding lock "this->nodefile_mutex". 268 putmsg(buf,P_NOATCODES);
265 this->clearline();CID 515598: (SLEEP)
Call to "clearline" might sleep while holding lock "this->nodefile_mutex".
2243 sbbs->errormsg(WHERE,ERR_UNLOCK,"input_thread_mutex",0);"errormsg" locks "sbbs->nodefile_mutex" while it is locked.
331 }CID 515596: Program hangs (LOCK)
Returning without unlocking "this->nodefile_mutex".
4335 errormsg(WHERE, ERR_READ, "dsts.ini", i);CID 515595: Program hangs (LOCK)
"errormsg" locks "this->nodefile_mutex" while it is locked.
4649 int result = smb_open_sub(&cfg, &mail, INVALID_SUB); 4650 if(result != SMB_SUCCESS)CID 515594: (SLEEP)
Call to "smb_open_sub" might sleep while holding lock "this->nodefile_mutex".
4778 if((i=smb_open(&smb))!=0)CID 515594: (SLEEP)
Call to "smb_open" might sleep while holding lock "this->nodefile_mutex".
258 return false;CID 515593: (LOCK)
Returning without unlocking "this->nodefile_mutex".
252 return false;CID 515593: (LOCK)
Returning without unlocking "this->nodefile_mutex".
242 return false;CID 515593: (LOCK)
Returning without unlocking "this->nodefile_mutex".
271 return retval == 0;CID 515593: (LOCK)
Returning without unlocking "this->nodefile_mutex".
237 return true;CID 515593: (LOCK)
Returning without unlocking "this->nodefile_mutex".
247 return true;CID 515593: (LOCK)
Returning without unlocking "this->nodefile_mutex".
162 getsmsg(useron.number, clearline); /* getsmsg clears MSGW flag */CID 515592: (SLEEP)
Call to "getsmsg" might sleep while holding lock "this->nodefile_mutex".
175 nodesync_inside=0;CID 515592: (SLEEP)
Call to "hangup" might sleep while holding lock "this->nodefile_mutex". 174 hangup();
164 getnmsg(clearline); /* getnmsg clears NMSG flag */CID 515592: (SLEEP)
Call to "getnmsg" might sleep while holding lock "this->nodefile_mutex".
212 bprintf(text[OnlyXminutesLeft]CID 515592: (SLEEP)
Call to "attr" might sleep while holding lock "this->nodefile_mutex". 211 attr(LIGHTGRAY);
218 nodesync_inside=0;CID 515592: (SLEEP)
Call to "attr" might sleep while holding lock "this->nodefile_mutex". 217 attr(atr); /* replace original attributes */
181 privchat(true);CID 515592: (SLEEP)
Call to "privchat" might sleep while holding lock "this->nodefile_mutex".
182 restoreline();CID 515592: (SLEEP)
Call to "restoreline" might sleep while holding lock "this->nodefile_mutex".
197 putnodedat(cfg.node_num, &thisnode);CID 515592: (SLEEP)
Call to "putnodedat" might sleep while holding lock "this->nodefile_mutex".
219 }CID 515591: (LOCK)
Returning without unlocking "this->nodefile_mutex".
164 getnmsg(clearline); /* getnmsg clears NMSG flag */CID 515591: (LOCK)
"getnmsg" locks "this->nodefile_mutex" while it is locked.
197 putnodedat(cfg.node_num, &thisnode);CID 515591: (LOCK)
"putnodedat" locks "this->nodefile_mutex" while it is locked.
157 putnodedat(cfg.node_num,&thisnode);CID 515591: (LOCK)
"putnodedat" locks "this->nodefile_mutex" while it is locked.
94 return(false);CID 515590: (LOCK)
Returning without unlocking "this->input_thread_mutex".
123 errormsg(WHERE,ERR_OPEN,fname,O_RDONLY);CID 515590: (LOCK)
"errormsg" locks "this->nodefile_mutex" while it is locked.
124 getnodedat(cfg.node_num,&thisnode, true);CID 515589: Error handling issues (CHECKED_RETURN)
Calling "getnodedat" without checking return value (as is done elsewhere 52 out of 59 times).
3277 if(!sbbs->getnodedat(j,&node, true))CID 515588: (SLEEP)
Call to "getnodedat" might sleep while holding lock "sbbs->nodefile_mutex".
3450 mswait(1000);CID 515588: (SLEEP)
Call to "nanosleep" might sleep while holding lock "sbbs->nodefile_mutex".
3373 if(!sbbs->getnodedat(j,&node, true))CID 515588: (SLEEP)
Call to "getnodedat" might sleep while holding lock "sbbs->nodefile_mutex".
3413 int result = sbbs->external(cmd, ex_mode, sbbs->cfg.event[i]->dir);CID 515588: (SLEEP)
Call to "external" might sleep while holding lock "sbbs->nodefile_mutex".
3277 if(!sbbs->getnodedat(j,&node, true))CID 515588: (SLEEP)
Call to "getnodedat" might sleep while holding lock "sbbs->nodefile_mutex".
2986 int retval = getuserdat(&sbbs->cfg,&sbbs->useron);CID 515588: (SLEEP)
Call to "getuserdat" might sleep while holding lock "sbbs->nodefile_mutex".
3272 mswait(1000); 3273 now=time(NULL); 3274 if(now-start>10 && now-lastnodechk<10)CID 515588: (SLEEP)
Call to "nanosleep" might sleep while holding lock "sbbs->nodefile_mutex".
814 return lm_mode;CID 515659: Resource leaks (RESOURCE_LEAK)
Variable "mail" going out of scope leaks the storage it points to.
75 smb_fseek(smb.sid_fp, (fil_off - 1) * sizeof(fileidxrec_t), SEEK_SET); 76 fileidxrec_t idx;CID 515658: Error handling issues (CHECKED_RETURN)
Calling "smb_fseek(smb.sid_fp, (fil_off - 1U) * 128UL, 0)" without checking return value. It wraps a library function that may fail and return an error code.
627 smb_create(smb);CID 515657: Error handling issues (CHECKED_RETURN)
Calling "smb_create" without checking return value (as is done elsewhere 16 out of 17 times).
1309 if((area->link = realloc_or_free(area->link, (sizeof addr) * (area->links + 1))) == NULL) {CID 515673: Code maintainability issues (SIZEOF_MISMATCH)
Passing argument "area->link" of type "fidoaddr_t const *" and argument "8UL /* sizeof (addr) */ * (area->links + 1)" to function "realloc_or_free" is suspicious. In this case, "sizeof (fidoaddr_t const *)" is equal to "sizeof (fidoaddr_t const)", but this is not a portable assumption.
1420 snprintf(str, sizeof str, cfg->text != NULL ? cfg->text[NodeStatusLogout] : "Logging out %s", username(cfg,node->useron,tmp));CID 515715: Incorrect expression (SIZEOF_MISMATCH)
Passing argument "str" of type "char *" and argument "8UL /* sizeof (str) */" to function "safe_snprintf" is suspicious.
289 errormsg(WHERE,ERR_OPEN,str,O_RDONLY|O_DENYNONE);CID 515714: Uninitialized variables (UNINIT)
Using uninitialized value "*str" when calling "errormsg".
1512 snprintf(str, sizeof strCID 515713: Incorrect expression (SIZEOF_MISMATCH)
Passing argument "str" of type "char *" and argument "8UL /* sizeof (str) */" to function "safe_snprintf" is suspicious.
5419 SAFECOPY(lastfile, report->filename);CID 516068: Null pointer dereferences (FORWARD_NULL)
Passing null pointer "report->filename" to "strlcpy", which dereferences it. [Note: The source code implementation of the function has been overridden by a builtin model.]
1472 getuserdat(cfg, &user);CID 516415: Error handling issues (CHECKED_RETURN)
Calling "getuserdat" without checking return value (as is done elsewhere 83 out of 98 times).
65 getuserdat(&cfg,&user);CID 516414: Error handling issues (CHECKED_RETURN)
Calling "getuserdat" without checking return value (as is done elsewhere 83 out of 98 times).
168 getuserdat(&cfg,&useron);CID 516413: Error handling issues (CHECKED_RETURN)
Calling "getuserdat" without checking return value (as is done elsewhere 83 out of 98 times).
51 getuserdat(&cfg,&useron);CID 516412: Error handling issues (CHECKED_RETURN)
Calling "getuserdat" without checking return value (as is done elsewhere 83 out of 98 times).
733 getuserdat(&cfg, user);CID 516411: (CHECKED_RETURN)
Calling "getuserdat" without checking return value (as is done elsewhere 83 out of 98 times).
738 getuserdat(&cfg,user);CID 516411: (CHECKED_RETURN)
Calling "getuserdat" without checking return value (as is done elsewhere 83 out of 98 times).
1662 getuserdat(&scfg, &session->user);CID 516410: Error handling issues (CHECKED_RETURN)
Calling "getuserdat" without checking return value (as is done elsewhere 83 out of 98 times).
1388 getuserdat(&cfg,&useron);CID 516409: Error handling issues (CHECKED_RETURN)
Calling "getuserdat" without checking return value (as is done elsewhere 83 out of 98 times).
1166 getuserdat(&cfg,&user);CID 516408: Error handling issues (CHECKED_RETURN)
Calling "getuserdat" without checking return value (as is done elsewhere 83 out of 98 times).
2037 getuserdat(&scfg, &thisuser);CID 516407: Error handling issues (CHECKED_RETURN)
Calling "getuserdat" without checking return value (as is done elsewhere 83 out of 98 times).
1740 snprintf(opt[i++],MAX_OPLN,"%-20s%s%s %s","Local Time Zone"CID 516431: Incorrect expression (EVALUATION_ORDER)
In argument #6 of "safe_snprintf(opt[i++], 75UL, "%-20s%s%s %s", "Local Time Zone", ((cfg.sys_timezone == -1) ? "Auto: " : ""), smb_zonestr(sys_timezone(&cfg), NULL), ((!(cfg.sys_timezone <= 1000 && cfg.sys_timezone >= -1000) && (cfg.sys_timezone & 0xc000 || cfg.sys_timezone == 4096 || cfg.sys_timezone == 4156 || cfg.sys_timezone == 4216 || cfg.sys_timezone == 4816 || cfg.sys_timezone == 4696 || cfg.sys_timezone == 4666) && cfg.sys_misc & 0x4000U) ? "(Auto-DST)" : ""))", a call is made to "sys_timezone(&cfg)". In argument #1 of this function, the object "cfg.sys_timezone" is modified. This object is also used in "(cfg.sys_timezone == -1) ? "Auto: " : """, the argument #5 of the outer function call. The order in which these arguments are evaluated is not specified, and will vary between platforms.
1441 LAZY_UINTEGER("when_written_time", smb_time(p->msg.hdr.when_written), JSPROP_ENUMERATE);A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "smb_time(p->msg.hdr.when_written)" is cast to "uint32".
625 ,timestr(cfg, (time32_t)smb_time(msg->hdr.when_written), tstr)CID 516447: High impact quality (Y2K38_SAFETY)
A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "smb_time(msg->hdr.when_written)" is cast to "time32_t".
366 ,unixtodstr(&cfg,smb_time(msg.hdr.when_written),tmp));CID 516446: (Y2K38_SAFETY)
A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "smb_time(msg.hdr.when_written)" is cast to "time32_t".
392 : unixtodstr(&cfg,smb_time(msg.hdr.when_written),tmp));A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "smb_time(msg.hdr.when_written)" is cast to "time32_t".
361 ,unixtodstr(&cfg,smb_time(msg.hdr.when_written),tmp)CID 516446: (Y2K38_SAFETY)
A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "smb_time(msg.hdr.when_written)" is cast to "time32_t".
384 ,unixtodstr(&cfg,smb_time(msg.hdr.when_written),tmp)CID 516446: (Y2K38_SAFETY)
A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "smb_time(msg.hdr.when_written)" is cast to "time32_t".
333 ,unixtodstr(&cfg,smb_time(msg.hdr.when_written),tmp)CID 516446: (Y2K38_SAFETY)
A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "smb_time(msg.hdr.when_written)" is cast to "time32_t".
343 ,unixtodstr(&cfg,smb_time(msg.hdr.when_written),str)CID 516446: (Y2K38_SAFETY)
A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "smb_time(msg.hdr.when_written)" is cast to "time32_t".
277 return;CID 516462: Resource leaks (RESOURCE_LEAK)
Handle variable "file" going out of scope leaks the handle.
678 return false;CID 516461: Resource leaks (RESOURCE_LEAK)
Handle variable "file" going out of scope leaks the handle.
254 getnodedat(cfg.node_num,&thisnode,true);CID 516460: Error handling issues (CHECKED_RETURN)
Calling "getnodedat" without checking return value (as is done elsewhere 54 out of 58 times).
994 if (bios_key >= 26 ||CID 528581: Control flow issues (DEADCODE)
Execution cannot reach the expression "ev.key.keysym.sym > SDLK_KP_5" inside this statement: "if (bios_key >= 26U || (bio...".
457 tmp2 = huff->child[l];CID 529876: (OVERRUN)
Overrunning array "huff->child" of 628 2-byte elements at element index 628 (byte offset 1257) using index "l" (which evaluates to 628).
458 huff->child[l] = tmp;CID 529876: (OVERRUN)
Overrunning array "huff->child" of 628 2-byte elements at element index 628 (byte offset 1257) using index "l" (which evaluates to 628).
450 huff->freq[l] = tmp;CID 529875: (OVERRUN)
Overrunning array "huff->freq" of 628 2-byte elements at element index 628 (byte offset 1257) using index "l" (which evaluates to 628).
449 huff->freq[c] = huff->freq[l];CID 529875: (OVERRUN)
Overrunning array "huff->freq" of 628 2-byte elements at element index 628 (byte offset 1257) using index "l" (which evaluates to 628).
445 if (tmp <= huff->freq[l])CID 529875: (OVERRUN)
Overrunning array "huff->freq" of 628 2-byte elements at element index 628 (byte offset 1257) using index "l" (which evaluates to 628).
2311 return byte_estimate_to_str(current_file->size, str, sizeof str, /* units: */1024, /* precision: */1);CID 529977: Incorrect expression (SIZEOF_MISMATCH)
Passing argument "str" of type "char *" and argument "8UL /* sizeof (str) */" to function "byte_estimate_to_str" is suspicious.
1151 cid = CLOCK_MONOTONIC;CID 529991: Control flow issues (DEADCODE)
Execution cannot reach this statement: "cid = 1;".
1547 bitmap_draw_vmem(cio_textinfo.winleft, cio_textinfo.wintop, cio_textinfo.winright, cio_textinfo.winbottom, va);CID 530002: (NULL_RETURNS)
Dereferencing a pointer that might be "NULL" "va" when calling "bitmap_draw_vmem".
1544 va[c++] = *set_vmem_cell(vmem_ptr, y * cio_textinfo.screenwidth + x, fill, ciolib_fg, ciolib_bg);CID 530002: (NULL_RETURNS)
Dereferencing "va", which is known to be "NULL".
750 if((i = external(cmdstr(temp_cmd(ex),packet,path,NULL,ex), ex|EX_WILDCARD)) != 0)CID 530001: (EVALUATION_ORDER)
In argument #1 of "this->external(this->cmdstr(this->temp_cmd(ex), packet, path, NULL, ex), ex | 1, NULL)", a call is made to "this->temp_cmd(ex)". In argument #1 of this function, the object "ex" is modified. This object is also used in "ex | 1", the argument #2 of the outer function call. The order in which these arguments are evaluated is not specified, and will vary between platforms.
750 if((i = external(cmdstr(temp_cmd(ex),packet,path,NULL,ex), ex|EX_WILDCARD)) != 0)CID 530001: (EVALUATION_ORDER)
In argument #1 of "this->cmdstr(this->temp_cmd(ex), packet, path, NULL, ex)", a call is made to "this->temp_cmd(ex)". In argument #1 of this function, the object "ex" is modified. This object is also used in "ex", the argument #5 of the outer function call. The order in which these arguments are evaluated is not specified, and will vary between platforms.
1550 }CID 530000: (RESOURCE_LEAK)
Variable "va" going out of scope leaks the storage it points to.
1536 return;CID 530000: (RESOURCE_LEAK)
Variable "va" going out of scope leaks the storage it points to.
420 putrec(answers,a,max,str);CID 530529: Insecure data handling (INTEGER_OVERFLOW)
"max", which might have underflowed, is passed to "putrec(answers, a, max, str)".
188 if(autohang) sys_status|=SS_PAUSEOFF; /* Pause off after download */CID 530527: Data race undermines locking (LOCK_EVASION)
Thread1 sets "sys_status" to a new value. Now the two threads have an inconsistent view of "sys_status" and updates to fields correlated with "sys_status" may be lost.
2189 free_opts(opt);CID 530526: Control flow issues (UNREACHABLE)
This code cannot be reached: "free_opts(opt);".
540 return idx.number - 1;CID 530525: Insecure data handling (INTEGER_OVERFLOW)
"idx.number - 1U", which might have underflowed, is returned from the function.
1410 while(*(csi->ip++)); /* Find NULL */CID 530524: Data race undermines locking (LOCK_EVASION)
Thread1 sets "ip" to a new value. Now the two threads have an inconsistent view of "ip" and updates to fields correlated with "ip" may be lost.
178 if(!chan_access(savch-1))CID 530523: Insecure data handling (INTEGER_OVERFLOW)
"savch - 1", which might have underflowed, is passed to "this->chan_access(savch - 1)".
6459 send_error(session,__LINE__,"413 Request entity too large");CID 530521: Control flow issues (DEADCODE)
Execution cannot reach this statement: "send_error(session, 6459U, ...".
5884 free(pkt);CID 530517: Resource leaks (RESOURCE_LEAK)
Freeing "pkt" without freeing its pointer field "filename" leaks the storage that "filename" points to.
3920 for(u=0;u<area.links;u++) { /* Add all links to SEEN-BYs */CID 530516: Integer handling issues (INTEGER_OVERFLOW)
Expression "u++", where "u" is known to be equal to 4294967295, overflows the type of "u++", which is type "unsigned int".
1575 JS_DefineProperty(cx, nodeobj, "extaux", INT_TO_JSVAL((int)node.extaux), NULL, NULL, JSPROP_ENUMERATE);CID 530515: Insecure data handling (INTEGER_OVERFLOW)
The cast of "node.extaux" to a signed type could result in a negative number.
312 i=(s&~0x80000000L)-1;CID 530514: (INTEGER_OVERFLOW)
Expression "i", where "(s & 0xffffffff7fffffffL) - 1L" is known to be equal to -1, overflows the type of "i", which is type "int".
375 j=(s&~0x80000000L)-1;CID 530514: (INTEGER_OVERFLOW)
Expression "j", where "(s & 0xffffffff7fffffffL) - 1L" is known to be equal to -1, overflows the type of "j", which is type "int".
472 j=(s&~0x80000000L)-1;CID 530512: Integer handling issues (INTEGER_OVERFLOW)
Expression "j", where "(s & 0xffffffff7fffffffL) - 1L" is known to be equal to -1, overflows the type of "j", which is type "int".
706 result=sendsocket(session->socket,buf+sent,len-sent);CID 530511: (INTEGER_OVERFLOW)
"len - sent", which might have underflowed, is passed to "send(session->socket, buf + sent, len - sent, 0)".
720 }CID 530511: (INTEGER_OVERFLOW)
"sent", which might have underflowed, is returned from the function. 719 return(sent);
338 while(i--)CID 530509: (INTEGER_OVERFLOW)
Expression "i--", where "i" is known to be equal to 0, underflows the type of "i--", which is type "size_t".
482 while(i--)CID 530509: (INTEGER_OVERFLOW)
Expression "i--", where "i" is known to be equal to 0, underflows the type of "i--", which is type "size_t".
427 while(i--)CID 530509: (INTEGER_OVERFLOW)
Expression "i--", where "i" is known to be equal to 0, underflows the type of "i--", which is type "size_t".
617 str1[l]=0;CID 530509: (INTEGER_OVERFLOW)
"l", which might have underflowed, is passed to "str1[l]".
640 psess->next = sess->next;CID 530506: Concurrent data access violations (MISSING_LOCK)
Accessing "psess->next" without holding lock "ssl_cert_list_mutex". Elsewhere, "cert_list.next" is written to with "ssl_cert_list_mutex" held 2 out of 4 times (2 of these accesses strongly imply that it is necessary).
177 return(i);CID 530505: Resource leaks (RESOURCE_LEAK)
Variable "newmsg" going out of scope leaks the storage "newmsg.hfield_dat" points to.
6476 p=realloc(session->req.post_data, s);"s", which might have underflowed, is passed to "realloc(session->req.post_data, s)".
3240 if (protocol)CID 530501: Resource leaks (RESOURCE_LEAK)
Freeing "p" without freeing its handle field "sock" leaks the handle. 3239 free(p);
62 errno = EINVAL;CID 530500: Control flow issues (DEADCODE)
Execution cannot reach this statement: "*__errno_location() = 22;".
3414 }CID 530498: Resource leaks (RESOURCE_LEAK)
Variable "protocol" going out of scope leaks the storage it points to. 3413 return(JS_FALSE);
147 return false;CID 530828: Possible Control flow issues (DEADCODE)
Execution cannot reach this statement: "return false;".
745 getuserdat(&cfg, user);CID 530902: (CHECKED_RETURN)
Calling "getuserdat" without checking return value (as is done elsewhere 83 out of 98 times).
740 getuserdat(&cfg, user);CID 530902: (CHECKED_RETURN)
Calling "getuserdat" without checking return value (as is done elsewhere 83 out of 98 times).
783 fbb = cs->font[cs->fontoffset - 1] & (0x80 >> ((x - 1) & 7));CID 531895: Integer handling issues (INTEGER_OVERFLOW)
Expression "x - 1U", where "x" is known to be equal to 0, underflows the type of "x - 1U", which is type "unsigned int".
43 index = count - 1;CID 531919: Integer handling issues (INTEGER_OVERFLOW)
Expression "count - 1UL", where "count" is known to be equal to 0, underflows the type of "count - 1UL", which is type "unsigned long".
2380 JS_GetProperty(cx, p->tls_psk, id, &js_key);CID 532317: Error handling issues (CHECKED_RETURN)
Calling "JS_GetProperty" without checking return value (as is done elsewhere 196 out of 203 times).
3876 js_cleanup();CID 543172: Program hangs (SLEEP)
Call to "js_cleanup" might sleep while holding lock "this->nodefile_mutex".
1528 errprintf(LOG_ERR, WHERE, "!JavaScript ERROR creating user objects");CID 543171: Null pointer dereferences (FORWARD_NULL)
"errprintf" dereferences null "this->startup".
540 DO("getting private key", ssl_keyset, cryptGetPrivateKey(ssl_keyset, &cert_entry->cert, CRYPT_KEYID_NAME, "ssl_cert", cfg->sys_pass));CID 544155: Error handling issues (CHECKED_RETURN)
Calling "log_cryptlib_error" without checking return value (as is done elsewhere 16 out of 17 times).
709 if (read(file, buf, l) != l)CID 548252: Error handling issues (NEGATIVE_RETURNS)
"l" is passed to a parameter that cannot be negative. [Note: The source code implementation of the function has been overridden by a builtin model.]
1621 memset(&termio, 0, sizeof(term));CID 548251: Incorrect expression (SIZEOF_MISMATCH)
Passing argument "&termio" of type "termios *" and argument "8UL" ("sizeof (this->term)") to function "memset" is suspicious because "sizeof (termios) /*60*/" is expected.
31 if (spot->y >= 0)CID 548250: Control flow issues (NO_EFFECT)
This greater-than-or-equal-to-zero comparison of an unsigned value is always true. "spot->y >= 0U".
89 bprintf(text[UeditRealNamePhone]CID 548249: (DEADCODE)
Execution cannot reach the expression ""XXXXXXXX"" inside this statement: "this->bprintf(this->text[Ue...".
89 bprintf(text[UeditRealNamePhone]CID 548249: (DEADCODE)
Execution cannot reach the expression ""XXX-XXX-XXXX"" inside this statement: "this->bprintf(this->text[Ue...".
1836 fseek(smb.sdt_fp, msg->hdr.offset, SEEK_SET);CID 548248: Error handling issues (CHECKED_RETURN)
Calling "fseek(this->smb.sdt_fp, msg->hdr.offset, 0)" without checking return value. This library function may fail and return an error code.
437 sys_status |= SS_USERON;CID 548912: Data race undermines locking (LOCK_EVASION)
Thread1 sets "sys_status" to a new value. Now the two threads have an inconsistent view of "sys_status" and updates to fields correlated with "sys_status" may be lost.
1194 ch = in;CID 549016: Integer handling issues (INTEGER_OVERFLOW)
Expression "ch", where "in" is known to be equal to 256, overflows the type of "ch", which is type "char".
2089 bool result = check_pass(sys->cfg, str, /* user: */NULL, /* unique: */false, /* reason: */NULL)CID 549015: Uninitialized variables (UNINIT)
Using uninitialized value "*str" when calling "check_pass".
1781 return JS_FALSE;Variable "msg" going out of scope leaks the storage it points to.
1794 }CID 569479: Resource leaks (RESOURCE_LEAK)
Variable "replyto" going out of scope leaks the storage it points to. 1793 return JS_TRUE;
1356 , seconds_to_str((uint)t, tmp), (ulong)(file_bytes / t));CID 582443: High impact quality (Y2K38_SAFETY)
A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "t" is cast to "uint".
994 , seconds_to_str((uint)t, tmp)CID 582442: (Y2K38_SAFETY)
A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "t" is cast to "uint".
1069 , seconds_to_str((uint)t, tmp)CID 582442: (Y2K38_SAFETY)
A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "t" is cast to "uint".
3171 user->logontime = logontime;CID 583942: High impact quality (Y2K38_SAFETY)
A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "logontime" is cast to "time32_t".
183 snprintf(str, sizeof str, "%lu minute", cdt);CID 583999: (UNINIT)
Using uninitialized value "user.level" when calling "adjustuserval". 182 adjustuserval(&cfg, &user, USER_MIN, -cdt);
204 snprintf(tmp, sizeof tmp, text[FileRemovedUserMsg]CID 583999: (UNINIT)
Using uninitialized value "user.level" when calling "adjustuserval". 203 adjustuserval(&cfg, &user, USER_CDT, -cdt);
210 adjustuserval(&cfg, &user, USER_ULS, -1);CID 583999: (UNINIT)
Using uninitialized value "user.level" when calling "adjustuserval". 209 adjustuserval(&cfg, &user, USER_ULB, -f->size);
211 return true;CID 583999: (UNINIT)
Using uninitialized value "user.level" when calling "adjustuserval". 210 adjustuserval(&cfg, &user, USER_ULS, -1);
631 errormsg(WHERE, ERR_CHK, "Daily stats date/time stamp", (int)stats.date);CID 584091: (Y2K38_SAFETY)
A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "stats.date" is cast to "int".
642 errormsg(WHERE, ERR_CHK, "Current date/time break down", (int)stats.date);CID 584091: (Y2K38_SAFETY)
A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "stats.date" is cast to "int".
638 errormsg(WHERE, ERR_CHK, "Daily stats date/time break down", (int)stats.date);CID 584091: (Y2K38_SAFETY)
A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "stats.date" is cast to "int".
2877 mkpath(path);CID 584833: Error handling issues (CHECKED_RETURN)
Calling "mkpath(path)" without checking return value. It wraps a library function that may fail and return an error code.
1581 pold=old;CID 630343: (ATOMICITY)
Using an unreliable value of "old" inside the second locked section. If the data that "old" depends on was changed by another thread, this use might be incorrect.
1577 free(old);CID 630343: (ATOMICITY)
Using an unreliable value of "old" inside the second locked section. If the data that "old" depends on was changed by another thread, this use might be incorrect.
439 for (;;) {CID 630956: Control flow issues (UNREACHABLE)
Since the loop increment is unreachable, the loop body will never execute more than once.
1658 if (!addParsedSection(&lp, §ions, &iniParsedRootValue))CID 631019: Memory - corruptions (ARRAY_VS_SINGLETON)
Passing "&iniParsedRootValue" to function "addParsedSection" which uses it as an array. This might corrupt or misinterpret adjacent memory locations.
3367 cmp = strnicmp(name->str, fp->name.str, cmplen);CID 631052: Null pointer dereferences (FORWARD_NULL)
Passing null pointer "fp->name.str" to "strncasecmp", which dereferences it.
3159 if (str[slen - 1] == INI_CLOSE_SECTION_CHAR) 3160 slen--;CID 631051: Integer handling issues (INTEGER_OVERFLOW)
Expression "slen - 1UL", where "slen" is known to be equal to 0, underflows the type of "slen - 1UL", which is type "unsigned long".
3331 for (i = iniGetFastPrefixStart(fp, prefix); i <= fp->lastUncut; i++) {CID 631050: Integer handling issues (INTEGER_OVERFLOW)
Expression "i++", where "i" is known to be equal to 18446744073709551615, overflows the type of "i++", which is type "size_t".
314 snprintf(key, sizeof key, "%s.from", prefix), iniGetString(ini, section, key, NULL, msg.from);CID 631076: Memory - corruptions (OVERRUN)
Overrunning array "msg.from" of 36 bytes by passing it to a function which accesses it at byte offset 1023.
319 snprintf(key, sizeof key, "%s.tid", prefix), iniGetString(ini, section, key, NULL, msg.tid);CID 631075: Memory - corruptions (OVERRUN)
Overrunning array "msg.tid" of 128 bytes by passing it to a function which accesses it at byte offset 1023.
317 snprintf(key, sizeof key, "%s.reply_id", prefix), iniGetString(ini, section, key, NULL, msg.reply_id);CID 631074: Memory - corruptions (OVERRUN)
Overrunning array "msg.reply_id" of 128 bytes by passing it to a function which accesses it at byte offset 1023.
316 snprintf(key, sizeof key, "%s.msg_id", prefix), iniGetString(ini, section, key, NULL, msg.msg_id);CID 631073: Memory - corruptions (OVERRUN)
Overrunning array "msg.msg_id" of 128 bytes by passing it to a function which accesses it at byte offset 1023.
313 snprintf(key, sizeof key, "%s.to", prefix), iniGetString(ini, section, key, NULL, msg.to);CID 631072: Memory - corruptions (OVERRUN)
Overrunning array "msg.to" of 36 bytes by passing it to a function which accesses it at byte offset 1023.
327 snprintf(key, sizeof key, "%s.pkt_orig", prefix), iniGetString(ini, section, key, NULL, str);CID 631071: (OVERRUN)
Overrunning array "str" of 128 bytes by passing it to a function which accesses it at byte offset 1023.
324 snprintf(key, sizeof key, "%s.origaddr", prefix), iniGetString(ini, section, key, NULL, str);CID 631071: (OVERRUN)
Overrunning array "str" of 128 bytes by passing it to a function which accesses it at byte offset 1023.
315 snprintf(key, sizeof key, "%s.subj", prefix), iniGetString(ini, section, key, NULL, msg.subj);CID 631070: Memory - corruptions (OVERRUN)
Overrunning array "msg.subj" of 72 bytes by passing it to a function which accesses it at byte offset 1023.
318 snprintf(key, sizeof key, "%s.pid", prefix), iniGetString(ini, section, key, NULL, msg.pid);CID 631069: Memory - corruptions (OVERRUN)
Overrunning array "msg.pid" of 128 bytes by passing it to a function which accesses it at byte offset 1023.
320 snprintf(key, sizeof key, "%s.msg_tz", prefix), iniGetString(ini, section, key, NULL, msg.msg_tz);CID 631068: Memory - corruptions (OVERRUN)
Overrunning array "msg.msg_tz" of 128 bytes by passing it to a function which accesses it at byte offset 1023.
4189 count = listCountNodes(list);CID 631146: Program hangs (LOCK)
"listCountNodes" locks "list->mutex" while it is locked.
4358 if (((settings.tempban_threshold && (attempt->count - attempt->dupes) >= settings.tempban_threshold)CID 631145: Program hangs (SLEEP)
Call to "trashcan" might sleep while holding lock "list->mutex".
654 if ((node = listFindTaggedNode(&client_list, sock)) != NULL)CID 631144: Program hangs (LOCK)
"listFindNode" locks "client_list.mutex" while it is locked.
1241 sockprintf(socket, client.protocol, session, "+OK Synchronet %s Server %s%c-%s Ready %s"CID 631143: (SLEEP)
Call to "sockprintf" might sleep while holding lock "startup->login_attempt_list->mutex".
1225 mswait(login_attempts * startup->login_attempt.throttle);CID 631143: (SLEEP)
Call to "nanosleep" might sleep while holding lock "startup->login_attempt_list->mutex".
1189 sockprintf(socket, client.protocol, session, "-ERR Access denied.");CID 631143: (SLEEP)
Call to "sockprintf" might sleep while holding lock "startup->login_attempt_list->mutex".
1323 sockprintf(socket, client.protocol, session, "+OK");CID 631143: (SLEEP)
Call to "sockprintf" might sleep while holding lock "startup->login_attempt_list->mutex".
1325 sockprintf(socket, client.protocol, session, "-ERR PASS command expected");CID 631143: (SLEEP)
Call to "sockprintf" might sleep while holding lock "startup->login_attempt_list->mutex".
1193 if (trashcan2(&scfg, host_ip, NULL, "ip", &trash)) {CID 631143: (SLEEP)
Call to "trashcan2" might sleep while holding lock "startup->login_attempt_list->mutex".
1201 if (trashcan2(&scfg, host_name, NULL, "host", &trash)) {CID 631143: (SLEEP)
Call to "trashcan2" might sleep while holding lock "startup->login_attempt_list->mutex".
380 listFree(&user_list);CID 631142: Null pointer dereferences (FORWARD_NULL)
Passing "&user_list" to "listFree", which dereferences null "user_list.sem".
4264 listRemoveNode(list, node, /* freeData: */ true);CID 631141: Program hangs (LOCK)
"listRemoveNode" locks "list->mutex" while it is locked.
4204 count = listCountNodes(list);CID 631140: (LOCK)
"listCountNodes" locks "list->mutex" while it is locked.
4206 listUnlock(list);CID 631140: (LOCK)
"listUnlock" unlocks "list->mutex" while it is unlocked.
1619 mswait(login_attempts * startup->login_attempt.throttle);CID 631139: Program hangs (SLEEP)
Call to "nanosleep" might sleep while holding lock "startup->login_attempt_list->mutex".
1651 }CID 631138: Program hangs (LOCK)
Returning without unlocking "startup->login_attempt_list->mutex".
6965 send_error(&session, __LINE__, error_503);CID 631137: Program hangs (ORDER_REVERSAL)
Calling "send_error" acquires lock "jsrt_mutex" while holding lock "link_list.mutex" (count: 1 / 5).
843 char* buf = NULL;CID 631136: (LOCK)
"listUnlock" unlocks "mqtt->client_list.mutex" while it is unlocked. 842 listUnlock(&mqtt->client_list);
814 if ((node = listFindTaggedNode(&mqtt->client_list, sock)) != NULL) {CID 631136: (LOCK)
"listFindNode" locks "mqtt->client_list.mutex" while it is locked.
825 client = listRemoveTaggedNode(&mqtt->client_list, sock, /* free_data: */ false);CID 631136: (LOCK)
"listRemoveTaggedNode" locks "mqtt->client_list.mutex" while it is locked.
821 format_client_info(str, sizeof(str), sock, client, client->time);CID 631136: (LOCK)
"listAddNodeData" locks "mqtt->client_list.mutex" while it is locked. 820 listAddNodeData(&mqtt->client_list, client, sizeof(client_t), sock, LAST_NODE);
3695 memcpy(saltBuf, salt, cp);CID 631135: Uninitialized variables (UNINIT)
Using uninitialized value "*salt" when calling "memcpy". [Note: The source code implementation of the function has been overridden by a builtin model.]
1190 return false;CID 631134: Program hangs (LOCK)
Returning without unlocking "startup->login_attempt_list->mutex".
4303 listPushNodeData(list, attempt, sizeof(login_attempt_t));CID 631133: Program hangs (LOCK)
"listAddNodeData" locks "list->mutex" while it is locked.
3630 if (rret < 0 || rret > INT_MAX)CID 631132: Control flow issues (NO_EFFECT)
This less-than-zero comparison of an unsigned value is never true. "rret < 0UL".
6911 if (banned || trashcan2(&scfg, session.host_ip, NULL, "ip", &trash)) {CID 631131: (SLEEP)
Call to "trashcan2" might sleep while holding lock "startup->login_attempt_list->mutex".
7055 respond(&session);CID 631131: (SLEEP)
Call to "respond" might sleep while holding lock "startup->login_attempt_list->mutex".
6948 mswait(login_attempts * startup->login_attempt.throttle);CID 631131: (SLEEP)
Call to "nanosleep" might sleep while holding lock "startup->login_attempt_list->mutex".
538 listFree(&user_list);CID 631130: Null pointer dereferences (FORWARD_NULL)
Passing "&user_list" to "listFree", which dereferences null "user_list.sem".
3695 memcpy(saltBuf, salt, cp);CID 631129: Memory - corruptions (OVERRUN)
Overrunning array "salt" of 64 bytes by passing it to a function which accesses it at byte offset 64 using argument "cp" (which evaluates to 65). [Note: The source code implementation of the function has been overridden by a builtin model.]
2120 off = vmem_next_offset(vstat.vmem, off);CID 631415: (FORWARD_NULL)
Passing null pointer "vstat.vmem" to "vmem_next_offset", which dereferences it.
2094 off = vmem_cell_offset(vstat.vmem, charx, chary);CID 631415: (FORWARD_NULL)
Passing null pointer "vstat.vmem" to "vmem_cell_offset", which dereferences it.
2707 case SOCK_PROP_TLS_PSK_ID:CID 638545: Control flow issues (MISSING_BREAK)
The case for value "SOCK_PROP_TLS_PSK_ID" is not terminated by a "break" statement.
2047 getuserdat(&scfg, &thisuser);CID 639949: Error handling issues (CHECKED_RETURN)
Calling "getuserdat" without checking return value (as is done elsewhere 90 out of 103 times).
1619 mswait(login_attempts * startup->login_attempt.throttle);CID 639948: Program hangs (SLEEP)
Call to "nanosleep" might sleep while holding lock "startup->login_attempt_list->mutex".
6533 send_error(session, __LINE__, "413 Request entity too large");CID 639947: Control flow issues (DEADCODE)
Execution cannot reach this statement: "send_error(session, 6533U, ...".
1412 JS_ValueToInt32(cx, argv[0], &len);CID 639946: (CHECKED_RETURN)
Calling "JS_ValueToInt32" without checking return value (as is done elsewhere 236 out of 268 times).
1415 JS_ValueToInt32(cx, argv[1], &timeout);CID 639946: (CHECKED_RETURN)
Calling "JS_ValueToInt32" without checking return value (as is done elsewhere 236 out of 268 times).
1002 JS_ValueToInt32(cx, argv[argnum++], &usernumber);CID 639945: (CHECKED_RETURN)
Calling "JS_ValueToInt32" without checking return value (as is done elsewhere 236 out of 268 times).
987 JS_ValueToInt32(cx, argv[0], &field);CID 639945: (CHECKED_RETURN)
Calling "JS_ValueToInt32" without checking return value (as is done elsewhere 236 out of 268 times).
2108 bool result = check_pass(sys->cfg, str, /* user: */NULL, /* unique: */false, /* reason: */NULL);CID 639944: Uninitialized variables (UNINIT)
Using uninitialized value "*str" when calling "check_pass".
1591 *vp = UINT_TO_JSVAL((uint32_t)newfiletime(&p->smb));CID 639943: (Y2K38_SAFETY)
A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "newfiletime(&p->smb)" is cast to "uint32_t".
1581 *vp = UINT_TO_JSVAL((uint32_t)lastfiletime(&p->smb));CID 639943: (Y2K38_SAFETY)
A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "lastfiletime(&p->smb)" is cast to "uint32_t".
3624 JS_ValueToInt32(cx, argv[i], &type);CID 639942: Error handling issues (CHECKED_RETURN)
Calling "JS_ValueToInt32" without checking return value (as is done elsewhere 236 out of 268 times).
6856 setsockopt(session.socket, IPPROTO_TCP, TCP_NODELAY, (char*)&nodelay, sizeof(nodelay));CID 639941: Error handling issues (CHECKED_RETURN)
Calling "setsockopt(session.socket, IPPROTO_TCP, 1, (char *)&nodelay, 1U)" without checking return value. This library function may fail and return an error code.
701 file.hdr.when_written.time = (uint32_t)fdate(path);CID 639940: High impact quality (Y2K38_SAFETY)
A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "fdate(path)" is cast to "uint32_t".
7033 && session.socket != INVALID_SOCKET) {You might be using variable "session.socket" before verifying that it is >= 0.
3037 smb_getstatus(&(p->smb));CID 639938: (CHECKED_RETURN)
Calling "smb_getstatus" without checking return value (as is done elsewhere 32 out of 36 times).
3031 smb_getstatus(&(p->smb));CID 639938: (CHECKED_RETURN)
Calling "smb_getstatus" without checking return value (as is done elsewhere 32 out of 36 times).
1254 if ((result = getaddrinfo(p->hostname, NULL, &hints, &res) != 0)) {CID 639937: Incorrect expression (PRECEDENCE_ERROR)
Evaluates as: "result = (getaddrinfo(p->hostname, NULL, &hints, &res) != 0)", because "!=" has higher operator precedence than "=". The context suggests that this might be in error.
2363 setsockopt(p->sock, IPPROTO_TCP, TCP_NODELAY, (char*)&nb, sizeof(nb));CID 639936: Error handling issues (CHECKED_RETURN)
Calling "setsockopt(p->sock, IPPROTO_TCP, 1, (char *)&nb, 8U)" without checking return value. This library function may fail and return an error code.
726 }CID 639935: (INTEGER_OVERFLOW)
"sent", which might have underflowed, is returned from the function. 725 return sent;
712 result = sendsocket(session->socket, buf + sent, len - sent);CID 639935: (INTEGER_OVERFLOW)
"len - sent", which might have underflowed, is passed to "send(session->socket, buf + sent, len - sent, 0)".
1279 if (!stricmp(scfg->dir[dirnum]->code, p))Using uninitialized value "*p" when calling "strcasecmp".
1481 JS_ValueToInt32(cx, argv[i], &duration);CID 639933: Error handling issues (CHECKED_RETURN)
Calling "JS_ValueToInt32" without checking return value (as is done elsewhere 236 out of 268 times).
1188 remove(session->req.cleanup_file[i]); 1189 free(session->req.cleanup_file[i]);CID 639932: Error handling issues (CHECKED_RETURN)
Calling "remove(session->req.cleanup_file[i])" without checking return value. This library function may fail and return an error code.
901 while (len < RFC822_MAX_LINE_LEN && *(np + len) != 0 && *(np + len) != '\n')CID 639931: Memory - illegal accesses (OVERRUN)
Overrunning array of 3 bytes at byte offset 997 by dereferencing pointer "np + len".
1640 JS_ValueToInt32(cx, argv[0], &node);CID 639930: Error handling issues (CHECKED_RETURN)
Calling "JS_ValueToInt32" without checking return value (as is done elsewhere 236 out of 268 times).
3566 free(set);CID 640043: (USE_AFTER_FREE)
Calling "free" frees pointer "set" which has already been freed.
3540 free(set);CID 640043: (USE_AFTER_FREE)
Calling "free" frees pointer "set" which has already been freed.
3593 free(set);CID 640043: (USE_AFTER_FREE)
Calling "free" frees pointer "set" which has already been freed.
1875 return JS_FALSE;CID 640112: (RESOURCE_LEAK)
Variable "code" going out of scope leaks the storage it points to.
1880 return JS_FALSE;CID 640112: (RESOURCE_LEAK)
Variable "code" going out of scope leaks the storage it points to.
463 fseek(stream, l, SEEK_SET);CID 640333: (NEGATIVE_RETURNS)
"l" is passed to a parameter that cannot be negative.
428 fseek(stream, l, SEEK_SET);CID 640333: (NEGATIVE_RETURNS)
"l" is passed to a parameter that cannot be negative.
440 fseek(stream, l, SEEK_SET);CID 640333: (NEGATIVE_RETURNS)
"l" is passed to a parameter that cannot be negative.
576CID 640376: (SLEEP)
Call to "try_ansi_init" might sleep while holding lock "init_mutex". 575 break;
549 if(!try_conio_init(mode));CID 640376: (SLEEP)
Call to "try_ansi_init" might sleep while holding lock "init_mutex". 548 #ifdef _WIN32
543 #endifCID 640376: (SLEEP)
Call to "try_sdl_init" might sleep while holding lock "init_mutex".
581 break;CID 640376: (SLEEP)
Call to "try_sdl_init" might sleep while holding lock "init_mutex".
127 stats->date = (time32_t)iniGetDateTime(ini, NULL, strStatsDate, 0);CID 640406: High impact quality (Y2K38_SAFETY)
A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "iniGetDateTime(ini, NULL, "Date", 0L)" is cast to "time32_t".
844 snprintf(str, maxlen, "%f", xp_timer());CID 640405: API usage errors (PW.PRINTF_ARG_MISMATCH)
argument is incompatible with corresponding format string conversion (expected type "double" but argument has type "long double")
844 snprintf(str, maxlen, "%f", xp_timer());CID 640404: API usage errors (PRINTF_ARGS)
Argument "xp_timer()" to format specifier "%f" was expected to have type "double" but has type "long double". [Note: The source code implementation of the function has been overridden by a builtin model.]
1351 JS_ValueToECMAUint32(cx, argv[0], &t);CID 640403: Error handling issues (CHECKED_RETURN)
Calling "JS_ValueToECMAUint32" without checking return value (as is done elsewhere 96 out of 102 times).
60 user_private_t(scfg_t* cfg, user_t user)CID 640928: Performance inefficiencies (PASS_BY_VALUE)
Passing parameter user of type "user_t" (size 784 bytes) by value, which exceeds the high threshold of 512 bytes.
301 , tm->tm_hour, tm->tm_min, tm->tm_sec);CID 640927: API usage errors (PRINTF_ARGS)
This argument was not used by the format string: "tm->tm_sec".
301 , tm->tm_hour, tm->tm_min, tm->tm_sec);CID 640926: API usage errors (PW.TOO_MANY_PRINTF_ARGS)
the format string ends before this argument
1664 return byte_count(user_available_credits(&useron), str, maxlen, param, BYTE_COUNT_VERBAL);CID 640932: Insecure data handling (INTEGER_OVERFLOW)
The cast of "user_available_credits(&this->useron)" to a signed type could result in a negative number.
479 strlcat(str, " ", size);CID 640959: (CHECKED_RETURN)
Calling "strlcat" without checking return value (as is done elsewhere 29 out of 33 times).
481 strlcat(str, plural, size);CID 640959: (CHECKED_RETURN)
Calling "strlcat" without checking return value (as is done elsewhere 29 out of 33 times).
483 strlcat(str, suffix, size);CID 640959: (CHECKED_RETURN)
Calling "strlcat" without checking return value (as is done elsewhere 29 out of 33 times).
480 strlcat(str, suffix, size);CID 640959: (CHECKED_RETURN)
Calling "strlcat" without checking return value (as is done elsewhere 29 out of 33 times).
401 return false;CID 640963: Resource leaks (RESOURCE_LEAK)
Variable "list" going out of scope leaks the storage it points to.
442 return false;CID 640962: Resource leaks (RESOURCE_LEAK)
Variable "global_interfaces" going out of scope leaks the storage it points to.
620 return duration((uint)up, str, maxlen, param, DURATION_MINIMAL_VERBAL);CID 640971: High impact quality (Y2K38_SAFETY)
A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "up" is cast to "uint".
1695 return byte_count(static_cast<int64_t>(user_available_credits(&useron)), str, maxlen, param, BYTE_COUNT_VERBAL);CID 640970: Insecure data handling (INTEGER_OVERFLOW)
The cast of "user_available_credits(&this->useron)" to a signed type could result in a negative number.
752 SKIP_WHITESPACE(*ptrptr);CID 640989: (CONSTANT_EXPRESSION_RESULT)
"**ptrptr == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
763 SKIP_WHITESPACE(*ptrptr);CID 640989: (CONSTANT_EXPRESSION_RESULT)
"**ptrptr == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
4878 iniCloseFile(fp);CID 640988: Null pointer dereferences (FORWARD_NULL)
Passing null pointer "key" to "iniReadBool", which dereferences it. 4877 bool result = iniReadBool(fp, section, key, deflt);
2740 SKIP_WHITESPACE(*ptrptr);CID 640987: (CONSTANT_EXPRESSION_RESULT)
"**ptrptr == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
2729 SKIP_WHITESPACE(*ptrptr);CID 640987: (CONSTANT_EXPRESSION_RESULT)
"**ptrptr == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
3499 SKIP_WHITESPACE(vp);CID 641219: Integer handling issues (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*vp == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
3761 SKIP_WHITESPACE(dp);CID 641218: (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*dp == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
4084 SKIP_WHITESPACE(dp); 4085 truncsp(dp);CID 641218: (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*dp == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
353 SKIP_WHITESPACE(p);CID 641217: (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
343 SKIP_WHITESPACE(p);CID 641217: (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
6561 FIND_WHITESPACE(tp);CID 641216: Integer handling issues (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*tp == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
567 SKIP_WHITESPACE(p);CID 641215: (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
554 FIND_WHITESPACE(p);CID 641215: (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
570 SKIP_WHITESPACE(p);CID 641215: (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
569 FIND_WHITESPACE(p);CID 641215: (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
552 SKIP_WHITESPACE(p);CID 641215: (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
555 SKIP_WHITESPACE(p);CID 641215: (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
1603 FIND_WHITESPACE(tp); 1604 *tp = '\0';CID 641214: Integer handling issues (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*tp == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
3492 FIND_WHITESPACE(tp);CID 641213: Integer handling issues (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*tp == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
1531 FIND_WHITESPACE(tp);"(unsigned char)*tp == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
232 SKIP_WHITESPACE(p);CID 641211: Integer handling issues (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
211 if (!IS_WHITESPACE(buf[ret.bytes]))CID 641210: Integer handling issues (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)buf[ret.bytes] == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
83 SKIP_WHITESPACE(p);CID 641209: (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
87 SKIP_WHITESPACE(p);CID 641209: (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
1989 SKIP_WHITESPACE(tp);CID 641208: Integer handling issues (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*tp == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
2496 while (*(p + l) && IS_WHITESPACE(*(p + l))) l++;CID 641207: Integer handling issues (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)p[l] == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
118 SKIP_WHITESPACE(c);CID 641206: Integer handling issues (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*c == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
2225 SKIP_WHITESPACE(p);CID 641205: (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
2191 FIND_WHITESPACE(p);CID 641205: (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
2224 FIND_WHITESPACE(p);CID 641205: (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
2335 FIND_WHITESPACE(p);CID 641205: (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
2156 SKIP_WHITESPACE(p);CID 641205: (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
2273 FIND_WHITESPACE(p);CID 641205: (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
2192 SKIP_WHITESPACE(p);CID 641205: (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
2336 SKIP_WHITESPACE(p);CID 641205: (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
2250 SKIP_WHITESPACE(p);CID 641205: (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
2155 FIND_WHITESPACE(p);CID 641205: (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
2274 SKIP_WHITESPACE(p);CID 641205: (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
2306 SKIP_WHITESPACE(p);CID 641205: (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
2249 FIND_WHITESPACE(p);CID 641205: (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
5749 SKIP_WHITESPACE(identity);CID 641204: Integer handling issues (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*identity == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
432 SKIP_WHITESPACE(p);CID 641203: (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
422 SKIP_WHITESPACE(p);CID 641203: (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
1960 FIND_WHITESPACE(tp);CID 641202: Integer handling issues (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*tp == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
1185 SKIP_WHITESPACE(p);CID 641201: (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
1195 SKIP_WHITESPACE(p);CID 641201: (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
975 SKIP_WHITESPACE(p);CID 641201: (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
1202 SKIP_WHITESPACE(p);CID 641201: (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
1534 SKIP_WHITESPACE(p);CID 641200: (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
1547 SKIP_WHITESPACE(p);CID 641200: (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
263 fseeko(stream, offset[nextline], 0);CID 642982: (FORWARD_NULL)
Dereferencing null pointer "offset".
228 fseeko(stream, offset[lines - 1], SEEK_SET);CID 642982: (FORWARD_NULL)
Dereferencing null pointer "offset".
228 fseeko(stream, offset[lines - 1], SEEK_SET);CID 642981: Error handling issues (CHECKED_RETURN)
Calling "fseeko(stream, offset[lines - 1UL], 0)" without checking return value. This library function may fail and return an error code.
228 fseeko(stream, offset[lines - 1], SEEK_SET);CID 642980: Integer handling issues (INTEGER_OVERFLOW)
Expression "lines - 1UL", where "lines" is known to be equal to 0, underflows the type of "lines - 1UL", which is type "unsigned long".
5024 , sock, count, transfer_aborted, (uint64_t)(time(NULL)-lastactive)CID 642992: API usage errors (PRINTF_ARGS)
Argument "count" to format specifier "%u" was expected to have type "unsigned int" but has type "unsigned long".
5024 , sock, count, transfer_aborted, (uint64_t)(time(NULL)-lastactive)CID 642991: API usage errors (PW.PRINTF_ARG_MISMATCH)
argument is incompatible with corresponding format string conversion (expected type "unsigned int" but argument has type "unsigned long")
| Sysop: | Lmorchard |
|---|---|
| Location: | Portland, OR |
| Users: | 158 |
| Nodes: | 16 (0 / 16) |
| Uptime: | 85:45:05 |
| Calls: | 859 |
| Calls today: | 1 |
| Files: | 24 |
| D/L today: |
6 files (9,837K bytes) |
| Messages: | 29,680 |
![https://scan.coverity.com/assets/BlackDuckLogo-6697adc63e07340464201a2ad534d3d3e44f95d36edda20b140440d34f05372f.svg"](https://scan.coverity.com/assets/BlackDuckLogo-6697adc63e07340464201a2ad534d3d3e44f95d36edda20b140440d34f05372f.svg"){kind=link}