• New Defects reported by Coverity Scan for Synchronet

    From scan-admin@coverity.com@VERT to cov-scan@synchro.net on Sun Nov 10 14:42:03 2024
    Hi,

    Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

    2 new defect(s) introduced to Synchronet found with Coverity Scan.
    3 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

    New defect(s) Reported-by: Coverity Scan
    Showing 2 of 2 defect(s)


    ** CID 514629: API usage errors (PW.PRINTF_ARG_MISMATCH) /tmp/sbbs-Nov-10-2024/src/smblib/smblib.c: 298 in ()


    ________________________________________________________________________________________________________
    *** CID 514629: API usage errors (PW.PRINTF_ARG_MISMATCH) /tmp/sbbs-Nov-10-2024/src/smblib/smblib.c: 298 in ()
    292 else
    293 if(time(NULL)-start>=(time_t)smb->retry_time) 294 break;
    295 ++count;
    296 SLEEP((count / 10) * smb->retry_delay);
    297 }
    CID 514629: API usage errors (PW.PRINTF_ARG_MISMATCH)
    argument is incompatible with corresponding format string conversion (expected type "int" but argument has type "long")
    298 safe_snprintf(smb->last_error,sizeof(smb->last_error),"%s timeout locking message base after %d seconds", __FUNCTION__, time(NULL) - start);
    299 return(SMB_ERR_TIMEOUT);
    300 }
    301
    302 /****************************************************************************/
    303 /* Read the SMB header from the header file and place into smb.status */

    ** CID 514628: API usage errors (PRINTF_ARGS)


    ________________________________________________________________________________________________________
    *** CID 514628: API usage errors (PRINTF_ARGS) /tmp/sbbs-Nov-10-2024/src/smblib/smblib.c: 298 in smb_locksmbhdr()
    292 else
    293 if(time(NULL)-start>=(time_t)smb->retry_time) 294 break;
    295 ++count;
    296 SLEEP((count / 10) * smb->retry_delay);
    297 }
    CID 514628: API usage errors (PRINTF_ARGS)
    Argument "time(NULL) - start" to format specifier "%d" was expected to have type "int" but has type "long".
    298 safe_snprintf(smb->last_error,sizeof(smb->last_error),"%s timeout locking message base after %d seconds", __FUNCTION__, time(NULL) - start);
    299 return(SMB_ERR_TIMEOUT);
    300 }
    301
    302 /****************************************************************************/
    303 /* Read the SMB header from the header file and place into smb.status */


    ________________________________________________________________________________________________________
    To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=u001.AxU2LYlgjL6eX23u9ErQy-2BKADyCpvUKOL6EWmZljiu4gdQbQRNsarCbK0jIoVQSWT2zCPijRqaed4AhLiEI9Z7MR9SJQ09ot5XPbn9SW-2F14-3D04SY_7FYjIqE8olEh4k02KWtt1r1LGSyuXVEtCuKuJCXgAQbRNqpwvGc4zcZ5uKeIndhuSqNnxi4ZbqnqhqxxcEUjkJJHGyGkBZt6V7UXUX2xnB2lvPBmqBCBxBghPzBYV7kJY89l3F0Je2EKuh7lbcH1Ki5248pEoplbC6UdQ14IH1AzZ-2BYu06Kjq-2F-2BS7xugvit0MheMfmyl63WZ-2BGQqWv04fA-3D-3D



    ---
    þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
  • From scan-admin@coverity.com@VERT to cov-scan@synchro.net on Mon Nov 11 14:28:43 2024
    Hi,

    Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

    1 new defect(s) introduced to Synchronet found with Coverity Scan.
    4 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

    New defect(s) Reported-by: Coverity Scan
    Showing 1 of 1 defect(s)


    ** CID 514647: Resource leaks (RESOURCE_LEAK)
    /userdat.c: 1397 in getnodeext()


    ________________________________________________________________________________________________________
    *** CID 514647: Resource leaks (RESOURCE_LEAK)
    /userdat.c: 1397 in getnodeext()
    1391 {
    1392 int f;
    1393
    1394 if(!VALID_CFG(cfg) || num < 1)
    1395 return "";
    1396 if((f = opennodeext(cfg)) < 1)
    CID 514647: Resource leaks (RESOURCE_LEAK)
    Handle variable "f" going out of scope leaks the handle.
    1397 return "";
    1398 (void)lseek(f, (num-1) * 128, SEEK_SET);
    1399 if(read(f, buf, 128) != 128)
    1400 memset(buf, 0, 128);
    1401 close(f);
    1402 buf[127] = 0;


    ________________________________________________________________________________________________________
    To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=u001.AxU2LYlgjL6eX23u9ErQy-2BKADyCpvUKOL6EWmZljiu4gdQbQRNsarCbK0jIoVQSWT2zCPijRqaed4AhLiEI9Z7MR9SJQ09ot5XPbn9SW-2F14-3DNrRS_7FYjIqE8olEh4k02KWtt1r1LGSyuXVEtCuKuJCXgAQZ3ELp6fsbhc-2FY9mD5Zp1-2FoSxtPMVY9W2gQFqb-2BWiMKBXb3R551uQj1an4L8jxHGCtVzJ8f8hTy9TuLVRQzLD3L1M-2FICoSbiZvQ-2FUBPSeV-2BCcsclK4jYNyukSMcGAKOr-2BtLQBr5jUdpUtVX-2FuxQBKwF4hNcUqyrDA8X7YI-2FfcIZtw-3D-3D



    ---
    þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
  • From scan-admin@coverity.com@VERT to cov-scan@synchro.net on Tue Nov 19 13:40:34 2024
    Hi,

    Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

    3 new defect(s) introduced to Synchronet found with Coverity Scan.
    2 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

    New defect(s) Reported-by: Coverity Scan
    Showing 3 of 3 defect(s)


    ** CID 515048: Security best practices violations (SECURE_TEMP)
    /sbbsecho.c: 1848 in add_areas_from_echolists()


    ________________________________________________________________________________________________________
    *** CID 515048: Security best practices violations (SECURE_TEMP)
    /sbbsecho.c: 1848 in add_areas_from_echolists()
    1842 match=0;
    1843 for(k=0; cfg.listcfg[j].keys[k] ;k++) {
    1844 if(match) break;
    1845 for(x=0; nodecfg->keys[x] ;x++) {
    1846 if(!stricmp(cfg.listcfg[j].keys[k]
    1847 ,nodecfg->keys[x])) {
    CID 515048: Security best practices violations (SECURE_TEMP)
    "tmpfile" creates files with predictable names, which is unsafe.
    1848 if((fwdfile=tmpfile())==NULL) { 1849 lprintf(LOG_ERR,"ERROR line %d opening forward temp "
    1850 "file",__LINE__);
    1851 match=1;
    1852 break;
    1853 }

    ** CID 515047: Control flow issues (NO_EFFECT)
    /sbbsecho.c: 1635 in alter_areas_ini()


    ________________________________________________________________________________________________________
    *** CID 515047: Control flow issues (NO_EFFECT)
    /sbbsecho.c: 1635 in alter_areas_ini()
    1629 continue;
    1630 }
    1631 }
    1632 if(add_area[0] != NULL) { /* Check for areas to add */
    1633 bool add_all = (stricmp(add_area[0], "+ALL") == 0);
    1634 j = strListFind(add_area, echotag, /* case-sensitive */false);
    CID 515047: Control flow issues (NO_EFFECT)
    This greater-than-or-equal-to-zero comparison of an unsigned value is always true. "j >= 0U".
    1635 if(add_all || j >= 0) {
    1636 if(j >= 0)
    1637 add_area[j][0]=0; /* So we can check other lists */
    1638 uint areanum = find_area(echotag);
    1639 if(!area_is_valid(areanum)) {
    1640 lprintf(LOG_ERR, "Invalid area num on line %d", __LINE__);

    ** CID 515046: Error handling issues (CHECKED_RETURN)
    /sbbsecho.c: 1989 in alter_areas()


    ________________________________________________________________________________________________________
    *** CID 515046: Error handling issues (CHECKED_RETURN)
    /sbbsecho.c: 1989 in alter_areas()
    1983 ,smb_faddrtoa(&addr,NULL), (ulong)added, cfg.areafile);
    1984 if(deleted)
    1985 lprintf(LOG_DEBUG, "AreaFix (for %s) Removed links to %lu areas in %s"
    1986 ,smb_faddrtoa(&addr,NULL), (ulong)deleted, cfg.areafile);
    1987 if(added || deleted) {
    1988 if(stat(cfg.areafile, &st) == 0)
    CID 515046: Error handling issues (CHECKED_RETURN)
    Calling "chmod(outpath, st.st_mode)" without checking return value. This library function may fail and return an error code.
    1989 chmod(outpath, st.st_mode);
    1990 if(cfg.areafile_backups == 0 || !backup(cfg.areafile, cfg.areafile_backups, /* ren: */TRUE))
    1991 delfile(cfg.areafile, __LINE__); /* Delete AREAS.BBS */
    1992 if(rename(outpath,cfg.areafile)) /* Rename new AREAS.BBS file */
    1993 lprintf(LOG_ERR,"ERROR line %d renaming %s to %s",__LINE__,outpath,cfg.areafile);
    1994 }


    ________________________________________________________________________________________________________
    To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=u001.AxU2LYlgjL6eX23u9ErQy-2BKADyCpvUKOL6EWmZljiu4gdQbQRNsarCbK0jIoVQSWT2zCPijRqaed4AhLiEI9Z7MR9SJQ09ot5XPbn9SW-2F14-3D1jSz_7FYjIqE8olEh4k02KWtt1r1LGSyuXVEtCuKuJCXgAQbxEcP2FV-2FE8SZ4Zj-2B5i-2FvXMBc1u-2B9IyI73gYzjnV6pIIbqC2pGfKYB3KXIl7XZEKXLdLz8vi8-2BwsF6O91kuZqV1ShM13vaTkO37J3VV7GT6YwOX288v8WtwpdrdHMhRE2EqIozgp1HMSE07wuarfyxBLAND56oVPlNda7IFeLuFA-3D-3D



    ---
    þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
  • From scan-admin@coverity.com@VERT to cov-scan@synchro.net on Thu Nov 21 13:54:30 2024
    Hi,

    Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

    1 new defect(s) introduced to Synchronet found with Coverity Scan.
    2 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

    New defect(s) Reported-by: Coverity Scan
    Showing 1 of 1 defect(s)


    ** CID 515063: Security best practices violations (SECURE_TEMP)
    /sbbsecho.c: 2142 in areamgr_command()


    ________________________________________________________________________________________________________
    *** CID 515063: Security best practices violations (SECURE_TEMP)
    /sbbsecho.c: 2142 in areamgr_command()
    2136 nodecfg->archive = SBBSECHO_ARCHIVE_NONE;
    2137 else {
    2138 for(u=0;u<cfg.arcdefs;u++)
    2139 if(stricmp(p,cfg.arcdef[u].name) == 0) 2140 break;
    2141 if(u==cfg.arcdefs) {
    CID 515063: Security best practices violations (SECURE_TEMP)
    "tmpfile" creates files with predictable names, which is unsafe.
    2142 if((tmpf=tmpfile())==NULL) {
    2143 lprintf(LOG_ERR,"ERROR line %d opening tmpfile()",__LINE__);
    2144 return false;
    2145 }
    2146 SAFEPRINTF(str, "Compression type unavailable: %s", p);
    2147 lprintf(LOG_INFO, "AreaMgr (for %s) %s", faddrtoa(&addr), str);


    ________________________________________________________________________________________________________
    To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=u001.AxU2LYlgjL6eX23u9ErQy-2BKADyCpvUKOL6EWmZljiu4gdQbQRNsarCbK0jIoVQSWT2zCPijRqaed4AhLiEI9Z7MR9SJQ09ot5XPbn9SW-2F14-3DGoz1_7FYjIqE8olEh4k02KWtt1r1LGSyuXVEtCuKuJCXgAQYHiJRuOAYx4mtSc3Rs7eY9P2HGERsO3Ui1TozxvEl3HSa54-2BxmZuyJa4rdPvK8KqeFliWPJD252StMkW9mo-2B6uT2KWq9YxJqegr2CCurq6i8coJamUQEMyVcyknmxOhR1KJArkVSLfkYq8-2BmPn9fVdieJLgwrSG692S4HB3dKfZQ-3D-3D



    ---
    þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
  • From scan-admin@coverity.com@VERT to cov-scan@synchro.net on Sun Nov 24 15:11:51 2024
    Hi,

    Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

    1 new defect(s) introduced to Synchronet found with Coverity Scan.


    New defect(s) Reported-by: Coverity Scan
    Showing 1 of 1 defect(s)


    ** CID 515130: Concurrent data access violations (MISSING_LOCK) /tmp/sbbs-Nov-24-2024/src/conio/sdl_con.c: 357 in sdl_get_bounds()


    ________________________________________________________________________________________________________
    *** CID 515130: Concurrent data access violations (MISSING_LOCK) /tmp/sbbs-Nov-24-2024/src/conio/sdl_con.c: 357 in sdl_get_bounds()
    351 SDL_Rect r;
    352 int ABUw, ABUh;
    353 int pixelw, pixelh;
    354
    355 if (sdl.GetDisplayUsableBounds(0, &r) != 0)
    356 return false;
    CID 515130: Concurrent data access violations (MISSING_LOCK)
    Accessing "win" without holding lock "win_mutex". Elsewhere, "win" is written to with "win_mutex" held 1 out of 1 times.
    357 sdl.GetWindowSize(win, &ABUw, &ABUh);
    358 sdl.GetWindowSizeInPixels(win, &pixelw, &pixelh);
    359 if (pixelw == 0 || pixelh == 0 || ABUw == 0 || ABUh == 0) {
    360 *w = r.w;
    361 *h = r.h;
    362 return true;


    ________________________________________________________________________________________________________
    To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=u001.AxU2LYlgjL6eX23u9ErQy-2BKADyCpvUKOL6EWmZljiu4gdQbQRNsarCbK0jIoVQSWT2zCPijRqaed4AhLiEI9Z7MR9SJQ09ot5XPbn9SW-2F14-3D_t4Q_7FYjIqE8olEh4k02KWtt1r1LGSyuXVEtCuKuJCXgAQYVVBXfFUuA-2FsWyQ5uMS5ufMK7jgOcJ6VIupDH54bwQZq7SuxKbKUjUqnKiK9OnXbOb5gfXyBtjeI0-2BrMXfePEiZJ6tllUVEkd4WCimYeBdVV8tZ-2FZWYZleIzw9Ex3-2BGpSI29JxK7ySTVVle557znXI2HDyHti8hj8D3RvYxamaIw-3D-3D



    ---
    þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
  • From scan-admin@coverity.com@VERT to cov-scan@synchro.net on Mon Dec 2 13:42:27 2024
    Hi,

    Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

    14 new defect(s) introduced to Synchronet found with Coverity Scan.


    New defect(s) Reported-by: Coverity Scan
    Showing 14 of 14 defect(s)


    ** CID 515601: Program hangs (LOCK)
    /js_bbs.cpp: 3400 in js_get_node_message(JSContext *, unsigned int, unsigned long *)()


    ________________________________________________________________________________________________________
    *** CID 515601: Program hangs (LOCK)
    /js_bbs.cpp: 3400 in js_get_node_message(JSContext *, unsigned int, unsigned long *)()
    3394 clearline = JSVAL_TO_BOOLEAN(argv[0]);
    3395
    3396 rc=JS_SUSPENDREQUEST(cx);
    3397 sbbs->getnmsg(clearline ? true : false);
    3398 JS_RESUMEREQUEST(cx, rc);
    3399
    CID 515601: Program hangs (LOCK)
    Returning without unlocking "sbbs->nodefile_mutex".
    3400 return(JS_TRUE);
    3401 }
    3402
    3403 static JSBool
    3404 js_put_node_message(JSContext *cx, uintN argc, jsval *arglist)
    3405 {

    ** CID 515600: Error handling issues (CHECKED_RETURN)
    /download.cpp: 367 in sbbs_t::seqwait(unsigned int)()


    ________________________________________________________________________________________________________
    *** CID 515600: Error handling issues (CHECKED_RETURN)
    /download.cpp: 367 in sbbs_t::seqwait(unsigned int)()
    361
    362 if(!devnum)
    363 return;
    364 for(start=now=time(NULL);online && now-start<90;now=time(NULL)) {
    365 if(msgabort()) /* max wait ^^^^ sec */
    366 break;
    CID 515600: Error handling issues (CHECKED_RETURN)
    Calling "getnodedat" without checking return value (as is done elsewhere 52 out of 59 times).
    367 getnodedat(cfg.node_num,&thisnode,true); /* open and lock this record */
    368 for(i=1;i<=cfg.sys_nodes;i++) {
    369 if(i==cfg.node_num) continue;
    370 if(getnodedat(i,&node, true)) {
    371 if((node.status==NODE_INUSE || node.status==NODE_QUIET)
    372 && node.action==NODE_RFSD && node.aux==devnum) {

    ** CID 515599: Concurrent data access violations (MISSING_LOCK)
    /putnode.cpp: 108 in sbbs_t::unlocknodedat(unsigned int)()


    ________________________________________________________________________________________________________
    *** CID 515599: Concurrent data access violations (MISSING_LOCK) /putnode.cpp: 108 in sbbs_t::unlocknodedat(unsigned int)()
    102 errormsg(WHERE, ERR_CHK, "node number", number);
    103 return false;
    104 }
    105 int result = unlock(nodefile, (number - 1) * sizeof(node_t), sizeof(node_t));
    106 if(cfg.node_misc & NM_CLOSENODEDAB) {
    107 close(nodefile);
    CID 515599: Concurrent data access violations (MISSING_LOCK)
    Accessing "this->nodefile" without holding lock "sbbs_t.nodefile_mutex". Elsewhere, "sbbs_t.nodefile" is written to with "sbbs_t.nodefile_mutex" held 4 out of 5 times.
    108 nodefile = -1;
    109 }
    110 pthread_mutex_unlock(&nodefile_mutex);
    111 return result == 0;
    112 }
    113

    ** CID 515598: (SLEEP)


    ________________________________________________________________________________________________________
    *** CID 515598: (SLEEP)
    /getnode.cpp: 268 in sbbs_t::getnmsg(bool)()
    262 buf[length]=0;
    263
    264 if(clearline)
    265 this->clearline();
    266 else if(column)
    267 CRLF;
    CID 515598: (SLEEP)
    Call to "putmsg" might sleep while holding lock "this->nodefile_mutex". 268 putmsg(buf,P_NOATCODES);
    269 free(buf);
    270
    271 return retval == 0;
    272 }
    273
    /getnode.cpp: 265 in sbbs_t::getnmsg(bool)()
    259 }
    260 int retval = chsize(file,0L);
    261 close(file);
    262 buf[length]=0;
    263
    264 if(clearline)
    CID 515598: (SLEEP)
    Call to "clearline" might sleep while holding lock "this->nodefile_mutex".
    265 this->clearline();
    266 else if(column)
    267 CRLF;
    268 putmsg(buf,P_NOATCODES);
    269 free(buf);
    270

    ** CID 515597: Program hangs (LOCK)
    /main.cpp: 2243 in input_thread(void *)()


    ________________________________________________________________________________________________________
    *** CID 515597: Program hangs (LOCK)
    /main.cpp: 2243 in input_thread(void *)()
    2237 }
    2238 else
    2239 #endif
    2240 rd = recv(sock, (char*)inbuf, rd, 0);
    2241
    2242 if(pthread_mutex_unlock(&sbbs->input_thread_mutex)!=0) >>> CID 515597: Program hangs (LOCK)
    "errormsg" locks "sbbs->nodefile_mutex" while it is locked.
    2243 sbbs->errormsg(WHERE,ERR_UNLOCK,"input_thread_mutex",0);
    2244
    2245 if (rd == 0 && !socket_recvdone(sock, 0))
    2246 continue;
    2247
    2248 if(rd == SOCKET_ERROR)

    ** CID 515596: Program hangs (LOCK)
    /logfile.cpp: 331 in sbbs_t::errormsg(int, const char *, const char *, const char *, const char *, int, const char *)()


    ________________________________________________________________________________________________________
    *** CID 515596: Program hangs (LOCK)
    /logfile.cpp: 331 in sbbs_t::errormsg(int, const char *, const char *, const char *, const char *, int, const char *)()
    325 fprintf(logfile_fp,"!! %s%s", str, log_line_ending); 326 logcol=1;
    327 fflush(logfile_fp);
    328 }
    329
    330 errormsg_inside=false;
    CID 515596: Program hangs (LOCK)
    Returning without unlocking "this->nodefile_mutex".
    331 }
    332
    333 /****************************************************************************/
    334 /* Open a log file for append, supporting log rotation based on size */
    335 /****************************************************************************/
    336 extern "C" FILE* fopenlog(scfg_t* cfg, const char* path)

    ** CID 515595: Program hangs (LOCK)
    /main.cpp: 4335 in sbbs_t::logoffstats()()


    ________________________________________________________________________________________________________
    *** CID 515595: Program hangs (LOCK)
    /main.cpp: 4335 in sbbs_t::logoffstats()()
    4329
    4330 for(i=0;i<2;i++) {
    4331 FILE* fp = fopen_dstats(&cfg, i ? 0 : cfg.node_num, /* for_write: */true);
    4332 if(fp == NULL)
    4333 continue;
    4334 if(!fread_dstats(fp, &stats)) {
    CID 515595: Program hangs (LOCK)
    "errormsg" locks "this->nodefile_mutex" while it is locked.
    4335 errormsg(WHERE, ERR_READ, "dsts.ini", i);
    4336 } else {
    4337 stats.total.timeon += minutes_used;
    4338 stats.today.timeon += minutes_used;
    4339 if(!fwrite_dstats(fp, &stats, __FUNCTION__)) 4340 errormsg(WHERE, ERR_WRITE, "dsts.ini", i);

    ** CID 515594: (SLEEP)


    ________________________________________________________________________________________________________
    *** CID 515594: (SLEEP)
    /main.cpp: 4649 in sbbs_t::daily_maint()()
    4643 backup(str,cfg.user_backup_level,false);
    4644 }
    4645
    4646 if(cfg.mail_backup_level) {
    4647 lputs(LOG_INFO,"DAILY: Backing-up mail data...");
    4648 smb_t mail;
    CID 515594: (SLEEP)
    Call to "smb_open_sub" might sleep while holding lock "this->nodefile_mutex".
    4649 int result = smb_open_sub(&cfg, &mail, INVALID_SUB); 4650 if(result != SMB_SUCCESS)
    4651 lprintf(LOG_ERR, "ERROR %d (%s) opening mail base", result, mail.last_error);
    4652 else {
    4653 result = smb_lock(&mail);
    4654 if(result != SMB_SUCCESS)
    /main.cpp: 4778 in sbbs_t::daily_maint()()
    4772 closeuserdat(userfile);
    4773
    4774 lputs(LOG_INFO,"DAILY: Purging deleted/expired e-mail");
    4775 SAFEPRINTF(smb.file,"%smail",cfg.data_dir);
    4776 smb.retry_time=cfg.smb_retry_time;
    4777 smb.subnum=INVALID_SUB;
    CID 515594: (SLEEP)
    Call to "smb_open" might sleep while holding lock "this->nodefile_mutex".
    4778 if((i=smb_open(&smb))!=0)
    4779 errormsg(WHERE,ERR_OPEN,smb.file,i,smb.last_error); 4780 else {
    4781 if(filelength(fileno(smb.shd_fp))>0) {
    4782 if((i=smb_locksmbhdr(&smb))!=0)
    4783 errormsg(WHERE,ERR_LOCK,smb.file,i,smb.last_error);

    ** CID 515593: (LOCK)
    /getnode.cpp: 258 in sbbs_t::getnmsg(bool)()
    /getnode.cpp: 252 in sbbs_t::getnmsg(bool)()
    /getnode.cpp: 242 in sbbs_t::getnmsg(bool)()
    /getnode.cpp: 271 in sbbs_t::getnmsg(bool)()
    /getnode.cpp: 237 in sbbs_t::getnmsg(bool)()
    /getnode.cpp: 247 in sbbs_t::getnmsg(bool)()


    ________________________________________________________________________________________________________
    *** CID 515593: (LOCK)
    /getnode.cpp: 258 in sbbs_t::getnmsg(bool)()
    252 return false;
    253 }
    254 if(read(file,buf,length)!=length) {
    255 close(file);
    256 free(buf);
    257 errormsg(WHERE,ERR_READ,str,length);
    CID 515593: (LOCK)
    Returning without unlocking "this->nodefile_mutex".
    258 return false;
    259 }
    260 int retval = chsize(file,0L);
    261 close(file);
    262 buf[length]=0;
    263
    /getnode.cpp: 252 in sbbs_t::getnmsg(bool)()
    246 close(file);
    247 return true;
    248 }
    249 if((buf=(char *)malloc(length+1))==NULL) {
    250 close(file);
    251 errormsg(WHERE,ERR_ALLOC,str,length+1);
    CID 515593: (LOCK)
    Returning without unlocking "this->nodefile_mutex".
    252 return false;
    253 }
    254 if(read(file,buf,length)!=length) {
    255 close(file);
    256 free(buf);
    257 errormsg(WHERE,ERR_READ,str,length);
    /getnode.cpp: 242 in sbbs_t::getnmsg(bool)()
    236 if(flength(str)<1L)
    237 return true;
    238 if((file=nopen(str,O_RDWR))==-1) {
    239 /**
    240 errormsg(WHERE,ERR_OPEN,str,O_RDWR);
    241 **/
    CID 515593: (LOCK)
    Returning without unlocking "this->nodefile_mutex".
    242 return false;
    243 }
    244 length=(long)filelength(file);
    245 if(length <= 0) {
    246 close(file);
    247 return true;
    /getnode.cpp: 271 in sbbs_t::getnmsg(bool)()
    265 this->clearline();
    266 else if(column)
    267 CRLF;
    268 putmsg(buf,P_NOATCODES);
    269 free(buf);
    270
    CID 515593: (LOCK)
    Returning without unlocking "this->nodefile_mutex".
    271 return retval == 0;
    272 }
    273
    274 /****************************************************************************/
    275 /* 'ext' must be at least 128 bytes! */
    276 /****************************************************************************/
    /getnode.cpp: 237 in sbbs_t::getnmsg(bool)()
    231 thisnode.misc&=~NODE_NMSG; /* clear the NMSG flag */
    232 putnodedat(cfg.node_num,&thisnode);
    233 }
    234
    235 SAFEPRINTF2(str,"%smsgs/n%3.3u.msg",cfg.data_dir,cfg.node_num); 236 if(flength(str)<1L)
    CID 515593: (LOCK)
    Returning without unlocking "this->nodefile_mutex".
    237 return true;
    238 if((file=nopen(str,O_RDWR))==-1) {
    239 /**
    240 errormsg(WHERE,ERR_OPEN,str,O_RDWR);
    241 **/
    242 return false;
    /getnode.cpp: 247 in sbbs_t::getnmsg(bool)()
    241 **/
    242 return false;
    243 }
    244 length=(long)filelength(file);
    245 if(length <= 0) {
    246 close(file);
    CID 515593: (LOCK)
    Returning without unlocking "this->nodefile_mutex".
    247 return true;
    248 }
    249 if((buf=(char *)malloc(length+1))==NULL) {
    250 close(file);
    251 errormsg(WHERE,ERR_ALLOC,str,length+1);
    252 return false;

    ** CID 515592: (SLEEP)


    ________________________________________________________________________________________________________
    *** CID 515592: (SLEEP)
    /getnode.cpp: 162 in sbbs_t::nodesync(bool)()
    156 thisnode.misc&=~NODE_UDAT;
    157 putnodedat(cfg.node_num,&thisnode);
    158 }
    159 }
    160 if(!(sys_status&SS_MOFF)) {
    161 if(thisnode.misc&NODE_MSGW)
    CID 515592: (SLEEP)
    Call to "getsmsg" might sleep while holding lock "this->nodefile_mutex".
    162 getsmsg(useron.number, clearline); /* getsmsg clears MSGW flag */
    163 if(thisnode.misc&NODE_NMSG)
    164 getnmsg(clearline); /* getnmsg clears NMSG flag */
    165 }
    166 }
    167
    /getnode.cpp: 174 in sbbs_t::nodesync(bool)()
    168 if(cfg.sync_mod[0])
    169 exec_bin(cfg.sync_mod,&main_csi);
    170
    171 if(thisnode.misc&NODE_INTR) {
    172 bputs(text[NodeLocked]);
    173 logline(LOG_NOTICE,nulstr,"Interrupted");
    CID 515592: (SLEEP)
    Call to "hangup" might sleep while holding lock "this->nodefile_mutex". 174 hangup();
    175 nodesync_inside=0;
    176 return;
    177 }
    178
    179 if(thisnode.misc&NODE_LCHAT) { // pulled into local chat with sysop
    /getnode.cpp: 164 in sbbs_t::nodesync(bool)()
    158 }
    159 }
    160 if(!(sys_status&SS_MOFF)) {
    161 if(thisnode.misc&NODE_MSGW)
    162 getsmsg(useron.number, clearline); /* getsmsg clears MSGW flag */
    163 if(thisnode.misc&NODE_NMSG)
    CID 515592: (SLEEP)
    Call to "getnmsg" might sleep while holding lock "this->nodefile_mutex".
    164 getnmsg(clearline); /* getnmsg clears NMSG flag */
    165 }
    166 }
    167
    168 if(cfg.sync_mod[0])
    169 exec_bin(cfg.sync_mod,&main_csi);
    /getnode.cpp: 211 in sbbs_t::nodesync(bool)()
    205 }
    206
    207 if(sys_status&SS_USERON && online && (timeleft/60)<(5-timeleft_warn)
    208 && !SYSOP) {
    209 timeleft_warn=5-(timeleft/60);
    210 if(!(sys_status&SS_MOFF)) {
    CID 515592: (SLEEP)
    Call to "attr" might sleep while holding lock "this->nodefile_mutex". 211 attr(LIGHTGRAY);
    212 bprintf(text[OnlyXminutesLeft]
    213 ,((ushort)timeleft/60)+1,(timeleft/60) ? "s" : nulstr);
    214 }
    215 }
    216
    /getnode.cpp: 217 in sbbs_t::nodesync(bool)()
    211 attr(LIGHTGRAY);
    212 bprintf(text[OnlyXminutesLeft]
    213 ,((ushort)timeleft/60)+1,(timeleft/60) ? "s" : nulstr);
    214 }
    215 }
    216
    CID 515592: (SLEEP)
    Call to "attr" might sleep while holding lock "this->nodefile_mutex". 217 attr(atr); /* replace original attributes */
    218 nodesync_inside=0;
    219 }
    220
    221 /****************************************************************************/
    222 /* Prints short messages waiting for this node, if any... */
    /getnode.cpp: 181 in sbbs_t::nodesync(bool)()
    175 nodesync_inside=0;
    176 return;
    177 }
    178
    179 if(thisnode.misc&NODE_LCHAT) { // pulled into local chat with sysop
    180 saveline();
    CID 515592: (SLEEP)
    Call to "privchat" might sleep while holding lock "this->nodefile_mutex".
    181 privchat(true);
    182 restoreline();
    183 }
    184
    185 if(thisnode.misc&NODE_FCHAT) { // forced into private chat
    186 int n = getpagingnode(&cfg);
    /getnode.cpp: 182 in sbbs_t::nodesync(bool)()
    176 return;
    177 }
    178
    179 if(thisnode.misc&NODE_LCHAT) { // pulled into local chat with sysop
    180 saveline();
    181 privchat(true);
    CID 515592: (SLEEP)
    Call to "restoreline" might sleep while holding lock "this->nodefile_mutex".
    182 restoreline();
    183 }
    184
    185 if(thisnode.misc&NODE_FCHAT) { // forced into private chat
    186 int n = getpagingnode(&cfg);
    187 if(n) {
    /getnode.cpp: 197 in sbbs_t::nodesync(bool)()
    191 action = save_action;
    192 restoreline();
    193 }
    194 if(getnodedat(cfg.node_num, &thisnode, true)) {
    195 thisnode.action = action;
    196 thisnode.misc &= ~NODE_FCHAT;
    CID 515592: (SLEEP)
    Call to "putnodedat" might sleep while holding lock "this->nodefile_mutex".
    197 putnodedat(cfg.node_num, &thisnode);
    198 }
    199 }
    200
    201 if(sys_status&SS_USERON && memcmp(&nodesync_user,&useron,sizeof(user_t))) {
    202 getusrdirs();

    ** CID 515591: (LOCK)
    /getnode.cpp: 219 in sbbs_t::nodesync(bool)()
    /getnode.cpp: 157 in sbbs_t::nodesync(bool)()


    ________________________________________________________________________________________________________
    *** CID 515591: (LOCK)
    /getnode.cpp: 219 in sbbs_t::nodesync(bool)()
    213 ,((ushort)timeleft/60)+1,(timeleft/60) ? "s" : nulstr);
    214 }
    215 }
    216
    217 attr(atr); /* replace original attributes */
    218 nodesync_inside=0;
    CID 515591: (LOCK)
    Returning without unlocking "this->nodefile_mutex".
    219 }
    220
    221 /****************************************************************************/
    222 /* Prints short messages waiting for this node, if any... */
    223 /****************************************************************************/
    224 bool sbbs_t::getnmsg(bool clearline)
    /getnode.cpp: 164 in sbbs_t::nodesync(bool)()
    158 }
    159 }
    160 if(!(sys_status&SS_MOFF)) {
    161 if(thisnode.misc&NODE_MSGW)
    162 getsmsg(useron.number, clearline); /* getsmsg clears MSGW flag */
    163 if(thisnode.misc&NODE_NMSG)
    CID 515591: (LOCK)
    "getnmsg" locks "this->nodefile_mutex" while it is locked.
    164 getnmsg(clearline); /* getnmsg clears NMSG flag */
    165 }
    166 }
    167
    168 if(cfg.sync_mod[0])
    169 exec_bin(cfg.sync_mod,&main_csi);
    /getnode.cpp: 197 in sbbs_t::nodesync(bool)()
    191 action = save_action;
    192 restoreline();
    193 }
    194 if(getnodedat(cfg.node_num, &thisnode, true)) {
    195 thisnode.action = action;
    196 thisnode.misc &= ~NODE_FCHAT;
    CID 515591: (LOCK)
    "putnodedat" locks "this->nodefile_mutex" while it is locked.
    197 putnodedat(cfg.node_num, &thisnode);
    198 }
    199 }
    200
    201 if(sys_status&SS_USERON && memcmp(&nodesync_user,&useron,sizeof(user_t))) {
    202 getusrdirs();
    /getnode.cpp: 157 in sbbs_t::nodesync(bool)()
    151 }
    152 }
    153 if(thisnode.misc&NODE_UDAT && !(useron.rest&FLAG('G'))) { /* not guest */
    154 getuserdat(&cfg, &useron);
    155 if(getnodedat(cfg.node_num,&thisnode, true)) { 156 thisnode.misc&=~NODE_UDAT;
    CID 515591: (LOCK)
    "putnodedat" locks "this->nodefile_mutex" while it is locked.
    157 putnodedat(cfg.node_num,&thisnode);
    158 }
    159 }
    160 if(!(sys_status&SS_MOFF)) {
    161 if(thisnode.misc&NODE_MSGW)
    162 getsmsg(useron.number, clearline); /* getsmsg clears MSGW flag */

    ** CID 515590: (LOCK)
    /un_qwk.cpp: 94 in sbbs_t::unpack_qwk(char *, unsigned int)()
    /un_qwk.cpp: 123 in sbbs_t::unpack_qwk(char *, unsigned int)()


    ________________________________________________________________________________________________________
    *** CID 515590: (LOCK)
    /un_qwk.cpp: 94 in sbbs_t::unpack_qwk(char *, unsigned int)()
    88 lprintf(LOG_ERR, "libarchive error %ld (%s) extracting %s", file_count, error, packet);
    89 if(*cfg.qhub[hubnum]->unpack == '\0')
    90 return false;
    91 i=external(cmdstr(cfg.qhub[hubnum]->unpack,packet,ALLFILES,NULL),EX_OFFLINE);
    92 if(i) {
    93 errormsg(WHERE,ERR_EXEC,cmdstr(cfg.qhub[hubnum]->unpack,packet,ALLFILES,NULL),i);
    CID 515590: (LOCK)
    Returning without unlocking "this->input_thread_mutex".
    94 return(false);
    95 }
    96 }
    97 SAFEPRINTF(str,"%sMESSAGES.DAT",cfg.temp_dir);
    98 if(!fexistcase(str)) {
    99 lprintf(LOG_WARNING,"%s doesn't contain MESSAGES.DAT (%s)",packet,str);
    /un_qwk.cpp: 123 in sbbs_t::unpack_qwk(char *, unsigned int)()
    117 remove(fname);
    118 }
    119 SAFEPRINTF(fname, "%sVOTING.DAT", cfg.temp_dir);
    120 if(fexistcase(fname)) {
    121 lprintf(LOG_DEBUG, "Reading %s", fname);
    122 if((fp=fopen(fname,"r")) == NULL)
    CID 515590: (LOCK)
    "errormsg" locks "this->nodefile_mutex" while it is locked.
    123 errormsg(WHERE,ERR_OPEN,fname,O_RDONLY);
    124 else {
    125 voting=iniReadFile(fp);
    126 fclose(fp);
    127 }
    128 remove(fname);

    ** CID 515589: Error handling issues (CHECKED_RETURN)
    /logon.cpp: 124 in sbbs_t::logon()()


    ________________________________________________________________________________________________________
    *** CID 515589: Error handling issues (CHECKED_RETURN)
    /logon.cpp: 124 in sbbs_t::logon()()
    118 ,useron.number,useron.alias);
    119 logline(LOG_NOTICE,"+!",str);
    120 hangup();
    121 return(false);
    122 }
    123 if(yesno(text[RemoveNodeLockQ])) {
    CID 515589: Error handling issues (CHECKED_RETURN)
    Calling "getnodedat" without checking return value (as is done elsewhere 52 out of 59 times).
    124 getnodedat(cfg.node_num,&thisnode, true);
    125 logline("S-","Removed Node Lock");
    126 thisnode.misc&=~NODE_LOCK;
    127 }
    128 else
    129 getnodedat(cfg.node_num,&thisnode, true);

    ** CID 515588: (SLEEP)
    /main.cpp: 3450 in event_thread(void *)()
    /main.cpp: 3272 in event_thread(void *)()


    ________________________________________________________________________________________________________
    *** CID 515588: (SLEEP)
    /main.cpp: 3277 in event_thread(void *)()
    3271 while(!sbbs->terminated) {
    3272 mswait(1000); 3273 now=time(NULL); 3274 if(now-start>10 && now-lastnodechk<10)
    3275 continue;
    3276 for(j=first_node;j<=last_node;j++) {
    CID 515588: (SLEEP)
    Call to "getnodedat" might sleep while holding lock "sbbs->nodefile_mutex".
    3277 if(!sbbs->getnodedat(j,&node, true))
    3278 continue;
    3279 if(node.status==NODE_WFC)
    3280 node.status=NODE_EVENT_LIMBO;
    3281 node.aux=sbbs->cfg.event[i]->node;
    3282 sbbs->putnodedat(j,&node);
    /main.cpp: 3450 in event_thread(void *)()
    3444 }
    3445 }
    3446 }
    3447 }
    3448 }
    3449 sbbs->event_code = nulstr;
    CID 515588: (SLEEP)
    Call to "nanosleep" might sleep while holding lock "sbbs->nodefile_mutex".
    3450 mswait(1000);
    3451 }
    3452 sbbs->cfg.node_num=0;
    3453 sbbs->useron.number = 0;
    3454 sbbs->js_cleanup();
    3455
    /main.cpp: 3373 in event_thread(void *)()
    3367 && (sbbs->cfg.event[i]->node<first_node || sbbs->cfg.event[i]->node>last_node)) {
    3368 sbbs->lprintf(LOG_NOTICE,"Changing node status for nodes %d through %d to WFC"
    3369 ,first_node,last_node); 3370 sbbs->cfg.event[i]->last=(time32_t)now;
    3371 for(j=first_node;j<=last_node;j++) {
    3372 node.status=NODE_INVALID_STATUS;
    CID 515588: (SLEEP)
    Call to "getnodedat" might sleep while holding lock "sbbs->nodefile_mutex".
    3373 if(!sbbs->getnodedat(j,&node, true))
    3374 continue;
    3375 node.status=NODE_WFC; 3376 sbbs->putnodedat(j,&node);
    3377 }
    3378 }
    /main.cpp: 3413 in event_thread(void *)()
    3407 cmd = sbbs->cmdstr(cmd, nulstr, sbbs->cfg.event[i]->dir, NULL);
    3408 sbbs->lprintf(LOG_INFO,"Running %s%stimed event: %s"
    3409 ,native_executable(&sbbs->cfg, cmd, ex_mode) ? "native ":"16-bit DOS "
    3410 ,(ex_mode&EX_BG) ? "background ":""
    3411 ,cmd);
    3412 {
    CID 515588: (SLEEP)
    Call to "external" might sleep while holding lock "sbbs->nodefile_mutex".
    3413 int result = sbbs->external(cmd, ex_mode, sbbs->cfg.event[i]->dir);
    3414 if(!(ex_mode&EX_BG)) 3415 sbbs->lprintf(result ? sbbs->cfg.event[i]->errlevel : LOG_INFO, "Timed event: '%s' returned %d", cmd, result);
    3416 else
    3417 sbbs->lprintf(LOG_DEBUG, "Background timed event spawned: %s", cmd);
    3418 }
    /main.cpp: 3277 in event_thread(void *)()
    3271 while(!sbbs->terminated) {
    3272 mswait(1000); 3273 now=time(NULL); 3274 if(now-start>10 && now-lastnodechk<10)
    3275 continue;
    3276 for(j=first_node;j<=last_node;j++) {
    CID 515588: (SLEEP)
    Call to "getnodedat" might sleep while holding lock "sbbs->nodefile_mutex".
    3277 if(!sbbs->getnodedat(j,&node, true))
    3278 continue;
    3279 if(node.status==NODE_WFC)
    3280 node.status=NODE_EVENT_LIMBO;
    3281 node.aux=sbbs->cfg.event[i]->node;
    3282 sbbs->putnodedat(j,&node);
    /main.cpp: 2986 in event_thread(void *)()
    2980 if(!fexist(fname))
    2981 continue;
    2982 sbbs->useron.number = 0;
    2983 sbbs->lprintf(LOG_INFO, "QWK pack semaphore signaled: %s", fname);
    2984 int usernum = atoi(fname+offset);
    2985 sbbs->useron.number = usernum;
    CID 515588: (SLEEP)
    Call to "getuserdat" might sleep while holding lock "sbbs->nodefile_mutex".
    2986 int retval = getuserdat(&sbbs->cfg,&sbbs->useron);
    2987 if(retval != 0) {
    2988 sbbs->lprintf(LOG_WARNING, "ERROR %d reading user data for user #%d", retval, usernum);
    2989 sbbs->fremove(WHERE, fname, /* log-all-errors: */true);
    2990 continue;
    2991 }
    /main.cpp: 3272 in event_thread(void *)()
    3266 sbbs->lprintf(LOG_DEBUG,"event last run: %s (0x%08x)"
    3267 ,sbbs->timestr(sbbs->cfg.event[i]->last)
    3268 ,sbbs->cfg.event[i]->last);
    3269 lastnodechk=0; /* really last event time check */
    3270 start=time(NULL);
    3271 while(!sbbs->terminated) {
    CID 515588: (SLEEP)
    Call to "nanosleep" might sleep while holding lock "sbbs->nodefile_mutex".
    3272 mswait(1000); 3273 now=time(NULL); 3274 if(now-start>10 && now-lastnodechk<10)
    3275 continue;
    3276 for(j=first_node;j<=last_node;j++) {
    3277 if(!sbbs->getnodedat(j,&node, true))


    ________________________________________________________________________________________________________
    To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=u001.AxU2LYlgjL6eX23u9ErQy-2BKADyCpvUKOL6EWmZljiu4gdQbQRNsarCbK0jIoVQSWT2zCPijRqaed4AhLiEI9Z7MR9SJQ09ot5XPbn9SW-2F14-3D0VuE_7FYjIqE8olEh4k02KWtt1r1LGSyuXVEtCuKuJCXgAQZXtRHBZwsv7Kfty0nOtNaK0UAFlR-2FrVR2f6CKktOSW3KEH5A-2BAGbll45RILco6MRWsB-2BPA-2F5LbzoDmAwnm2EdPSGWu8DKQDA8ovxbR0nzs0zWwn4zpQwqZ0g5MQ5Uxv60wCv-2BEyap91XzPuWSQ2OUE7j0iN0wndXT1J2mredhBFg-3D-3D



    ---
    þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
  • From scan-admin@coverity.com@VERT to cov-scan@synchro.net on Fri Dec 6 13:41:13 2024
    Hi,

    Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

    3 new defect(s) introduced to Synchronet found with Coverity Scan.
    9 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

    New defect(s) Reported-by: Coverity Scan
    Showing 3 of 3 defect(s)


    ** CID 515659: Resource leaks (RESOURCE_LEAK)
    /readmail.cpp: 814 in sbbs_t::readmail(unsigned int, int, int)()


    ________________________________________________________________________________________________________
    *** CID 515659: Resource leaks (RESOURCE_LEAK)
    /readmail.cpp: 814 in sbbs_t::readmail(unsigned int, int, int)()
    808 }
    809
    810 smb_close(&smb);
    811 smb_stack(&smb,SMB_STACK_POP);
    812 current_msg=NULL;
    813
    CID 515659: Resource leaks (RESOURCE_LEAK)
    Variable "mail" going out of scope leaks the storage it points to.
    814 return lm_mode;
    815 }
    816
    817 int sbbs_t::searchmail(mail_t *mail, int start, int msgs, int which, const char *search, const char* order)
    818 {
    819 char* buf;

    ** CID 515658: Error handling issues (CHECKED_RETURN)


    ________________________________________________________________________________________________________
    *** CID 515658: Error handling issues (CHECKED_RETURN)
    /dupefind.c: 75 in display_filename()
    69 char *display_filename(scfg_t *cfg, uint dirnum, uint32_t fil_off)
    70 {
    71 static char str[256];
    72 static smb_t smb;
    73 if(smb_open_dir(cfg, &smb, dirnum) != SMB_SUCCESS)
    74 return smb.last_error;
    CID 515658: Error handling issues (CHECKED_RETURN)
    Calling "smb_fseek(smb.sid_fp, (fil_off - 1U) * 128UL, 0)" without checking return value. It wraps a library function that may fail and return an error code.
    75 smb_fseek(smb.sid_fp, (fil_off - 1) * sizeof(fileidxrec_t), SEEK_SET); 76 fileidxrec_t idx;
    77 if(smb_fread(&smb, &idx, sizeof(idx), smb.sid_fp) != sizeof(idx)) {
    78 smb_close(&smb);
    79 return smb.last_error;
    80 }

    ** CID 515657: Error handling issues (CHECKED_RETURN)
    /load_cfg.c: 627 in smb_open_dir()


    ________________________________________________________________________________________________________
    *** CID 515657: Error handling issues (CHECKED_RETURN)
    /load_cfg.c: 627 in smb_open_dir()
    621 if(filelength(fileno(smb->shd_fp)) < 1) {
    622 smb->status.max_files = cfg->dir[dirnum]->maxfiles; 623 smb->status.max_age = cfg->dir[dirnum]->maxage;
    624 smb->status.attr = SMB_FILE_DIRECTORY; 625 if(cfg->dir[dirnum]->misc & DIR_NOHASH)
    626 smb->status.attr |= SMB_NOHASH;
    CID 515657: Error handling issues (CHECKED_RETURN)
    Calling "smb_create" without checking return value (as is done elsewhere 16 out of 17 times).
    627 smb_create(smb);
    628 }
    629 return SMB_SUCCESS;
    630 }
    631
    632 int get_lang_count(scfg_t* cfg)


    ________________________________________________________________________________________________________
    To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=u001.AxU2LYlgjL6eX23u9ErQy-2BKADyCpvUKOL6EWmZljiu4gdQbQRNsarCbK0jIoVQSWT2zCPijRqaed4AhLiEI9Z7MR9SJQ09ot5XPbn9SW-2F14-3DArCi_7FYjIqE8olEh4k02KWtt1r1LGSyuXVEtCuKuJCXgAQZBUi-2F07t06F46PFVW9NK8AEOuHmZrMv6aNSdOw0AIeo4ogvPzV8VRWZ8jRTfiHC12zKsA4sipybJiH6RgyZ0m7AfiNQvXpSFbavk3k9Q6PyWgsjGH13ueAcyWa7DsklJg0kfAfT7EZWBHjtJZZ7z9FYBEIQ4aPAWfq3llNwIH-2F5w-3D-3D



    ---
    þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
  • From scan-admin@coverity.com@VERT to cov-scan@synchro.net on Sat Dec 7 13:42:14 2024
    Hi,

    Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

    1 new defect(s) introduced to Synchronet found with Coverity Scan.
    8 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

    New defect(s) Reported-by: Coverity Scan
    Showing 1 of 1 defect(s)


    ** CID 515673: Code maintainability issues (SIZEOF_MISMATCH)
    /sbbsecho.c: 1309 in link_area()


    ________________________________________________________________________________________________________
    *** CID 515673: Code maintainability issues (SIZEOF_MISMATCH)
    /sbbsecho.c: 1309 in link_area()
    1303 return false;
    1304 }
    1305
    1306 void link_area(unsigned area_num, const fidoaddr_t* addr)
    1307 {
    1308 area_t* area = &cfg.area[area_num];
    CID 515673: Code maintainability issues (SIZEOF_MISMATCH)
    Passing argument "area->link" of type "fidoaddr_t const *" and argument "8UL /* sizeof (addr) */ * (area->links + 1)" to function "realloc_or_free" is suspicious. In this case, "sizeof (fidoaddr_t const *)" is equal to "sizeof (fidoaddr_t const)", but this is not a portable assumption.
    1309 if((area->link = realloc_or_free(area->link, (sizeof addr) * (area->links + 1))) == NULL) {
    1310 lprintf(LOG_ERR,"ERROR line %d allocating memory for area "
    1311 "#%u links.",__LINE__, area_num + 1);
    1312 bail(1);
    1313 return;
    1314 }


    ________________________________________________________________________________________________________
    To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=u001.AxU2LYlgjL6eX23u9ErQy-2BKADyCpvUKOL6EWmZljiu4gdQbQRNsarCbK0jIoVQSWT2zCPijRqaed4AhLiEI9Z7MR9SJQ09ot5XPbn9SW-2F14-3DjswB_7FYjIqE8olEh4k02KWtt1r1LGSyuXVEtCuKuJCXgAQZTIkIcVsFEubRKPyVR-2BCuKY5oHLU9ayFn6T1x6if3eS0nVM4zzDglf0kSu84NvdLQvLmLpVUMBWFTCqIbKw97TOhNhU4Up-2FQ0gGVaItXyTTfc3Uu2zZfP2qWOCQU0YU4SaCyb8-2B3kJNnxUzaATxOedk4YqKEgN0RG-2F7ZgTWOZJ5A-3D-3D



    ---
    þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
  • From scan-admin@coverity.com@VERT to cov-scan@synchro.net on Sun Dec 8 13:41:14 2024
    Hi,

    Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

    3 new defect(s) introduced to Synchronet found with Coverity Scan.
    1 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

    New defect(s) Reported-by: Coverity Scan
    Showing 3 of 3 defect(s)


    ** CID 515715: Incorrect expression (SIZEOF_MISMATCH)
    /userdat.c: 1420 in node_vstatus()


    ________________________________________________________________________________________________________
    *** CID 515715: Incorrect expression (SIZEOF_MISMATCH)
    /userdat.c: 1420 in node_vstatus()
    1414 return cfg->text != NULL ? cfg->text[NodeStatusOffline] : "Offline";
    1415 case NODE_NETTING: /* Obsolete */
    1416 return "Networking";
    1417 case NODE_LOGON:
    1418 return cfg->text != NULL ? cfg->text[NodeStatusLogon] : "At login prompt";
    1419 case NODE_LOGOUT:
    CID 515715: Incorrect expression (SIZEOF_MISMATCH)
    Passing argument "str" of type "char *" and argument "8UL /* sizeof (str) */" to function "safe_snprintf" is suspicious.
    1420 snprintf(str, sizeof str, cfg->text != NULL ? cfg->text[NodeStatusLogout] : "Logging out %s", username(cfg,node->useron,tmp));
    1421 return str;
    1422 case NODE_EVENT_WAITING:
    1423 return cfg->text != NULL ? cfg->text[NodeStatusEventWaiting] : "Waiting for all nodes to become inactive";
    1424 case NODE_EVENT_LIMBO:
    1425 snprintf(str, size, cfg->text != NULL ? cfg->text[NodeStatusEventLimbo] : "Waiting for node %d to finish external event"

    ** CID 515714: Uninitialized variables (UNINIT)


    ________________________________________________________________________________________________________
    *** CID 515714: Uninitialized variables (UNINIT)
    /getnode.cpp: 289 in sbbs_t::getnodeext(unsigned int, char *)()
    283 errormsg(WHERE,ERR_CHK,"node number",number);
    284 return false;
    285 }
    286
    287 if((node_ext=opennodeext(&cfg))==-1) {
    288 memset(ext,0,128);
    CID 515714: Uninitialized variables (UNINIT)
    Using uninitialized value "*str" when calling "errormsg".
    289 errormsg(WHERE,ERR_OPEN,str,O_RDONLY|O_DENYNONE);
    290 return false;
    291 }
    292
    293 number--; /* make zero based */
    294 for(count=0;count<LOOP_NODEDAB;count++) {

    ** CID 515713: Incorrect expression (SIZEOF_MISMATCH)
    /userdat.c: 1512 in node_activity()


    ________________________________________________________________________________________________________
    *** CID 515713: Incorrect expression (SIZEOF_MISMATCH)
    /userdat.c: 1512 in node_activity()
    1506 return cfg->text != NULL ? cfg->text[NodeActivityLoggingOn] : "logging on";
    1507 case NODE_LCHT:
    1508 snprintf(str, size, cfg->text != NULL ? cfg->text[NodeActivityLocalChat] : "chatting with %s", cfg->sys_op);
    1509 break;
    1510 case NODE_MCHT:
    1511 if(node->aux != 0)
    CID 515713: Incorrect expression (SIZEOF_MISMATCH)
    Passing argument "str" of type "char *" and argument "8UL /* sizeof (str) */" to function "safe_snprintf" is suspicious.
    1512 snprintf(str, sizeof str
    1513 ,cfg->text != NULL ? cfg->text[NodeActivityChatChannel] : "in multinode chat channel %d"
    1514 ,node->aux & 0xff);
    1515 else
    1516 return cfg->text != NULL ? cfg->text[NodeActivityGlobalChat] : "in multinode global chat channel";
    1517 break;


    ________________________________________________________________________________________________________
    To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=u001.AxU2LYlgjL6eX23u9ErQy-2BKADyCpvUKOL6EWmZljiu4gdQbQRNsarCbK0jIoVQSWT2zCPijRqaed4AhLiEI9Z7MR9SJQ09ot5XPbn9SW-2F14-3Drf1g_7FYjIqE8olEh4k02KWtt1r1LGSyuXVEtCuKuJCXgAQY9ty8xtnl2sw1SqlPRU2WILlz6B-2F41RYA0wpD7iGPK7iJJRJMlj06LpTw8H4oLu0ZD6NOR-2Fs4yPZ6xU2n8ZKWHL4-2F4cgQ0xljfi-2B5nJtvQuTTNG4kyAp2Ph0XvRGRr1KcMs8Gin6jWDWu2x-2Bkj9Q6Trx86Of-2BJRienYR-2Fbv9gQgw-3D-3D



    ---
    þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
  • From scan-admin@coverity.com@VERT to cov-scan@synchro.net on Sun Dec 15 13:49:15 2024
    Hi,

    Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

    1 new defect(s) introduced to Synchronet found with Coverity Scan.
    2 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

    New defect(s) Reported-by: Coverity Scan
    Showing 1 of 1 defect(s)


    ** CID 516068: Null pointer dereferences (FORWARD_NULL)
    /websrvr.c: 5419 in js_ErrorReporter()


    ________________________________________________________________________________________________________
    *** CID 516068: Null pointer dereferences (FORWARD_NULL)
    /websrvr.c: 5419 in js_ErrorReporter()
    5413 pthread_mutex_lock(&mutex);
    5414 if(lastline == report->lineno && report->filename != NULL && strcmp(lastfile, report->filename) == 0)
    5415 log_level = LOG_WARNING;
    5416 else
    5417 log_level = LOG_ERR;
    5418 lastline = report->lineno;
    CID 516068: Null pointer dereferences (FORWARD_NULL)
    Passing null pointer "report->filename" to "strlcpy", which dereferences it. [Note: The source code implementation of the function has been overridden by a builtin model.]
    5419 SAFECOPY(lastfile, report->filename);
    5420 pthread_mutex_unlock(&mutex);
    5421 warning="";
    5422 }
    5423
    5424 lprintf(log_level,"%04d !JavaScript %s%s%s: %s, Request: %s"


    ________________________________________________________________________________________________________
    To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=u001.AxU2LYlgjL6eX23u9ErQy-2BKADyCpvUKOL6EWmZljiu4gdQbQRNsarCbK0jIoVQSWT2zCPijRqaed4AhLiEI9Z7MR9SJQ09ot5XPbn9SW-2F14-3DwGMb_7FYjIqE8olEh4k02KWtt1r1LGSyuXVEtCuKuJCXgAQYoPlNm5BibC088PrWc35An4cdaeXCJhAHOfo6MdQKpuyixiVEFSUvV84YSqGOWCuXdzqHO6D3vFmsefEKTNsriv31FvxSemaYCwQ1e-2F5VqBGX6SKqkk-2F5GGTcyG8HHnvAZdIDYA7eRF8DYP-2F3cg26HCdIpmNxtLPnr6lFDWLJb2Q-3D-3D



    ---
    þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
  • From scan-admin@coverity.com@VERT to cov-scan@synchro.net on Tue Dec 17 13:48:21 2024
    Hi,

    Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

    9 new defect(s) introduced to Synchronet found with Coverity Scan.


    New defect(s) Reported-by: Coverity Scan
    Showing 9 of 9 defect(s)


    ** CID 516415: Error handling issues (CHECKED_RETURN)
    /userdat.c: 1472 in node_activity()


    ________________________________________________________________________________________________________
    *** CID 516415: Error handling issues (CHECKED_RETURN)
    /userdat.c: 1472 in node_activity()
    1466 case NODE_AMSG:
    1467 return cfg->text != NULL ? cfg->text[NodeActivityAutoMsg] : "posting auto-message";
    1468 case NODE_XTRN:
    1469 if(node->aux == 0)
    1470 return cfg->text != NULL ? cfg->text[NodeActivityXtrnMenu] : "at external program menu";
    1471 user.number = node->useron;
    CID 516415: Error handling issues (CHECKED_RETURN)
    Calling "getuserdat" without checking return value (as is done elsewhere 83 out of 98 times).
    1472 getuserdat(cfg, &user);
    1473 xtrnnum = getxtrnnum(cfg, user.curxtrn);
    1474 if(is_valid_xtrnnum(cfg, xtrnnum))
    1475 snprintf(str, size, "%s %s"
    1476 ,cfg->text != NULL ? cfg->text[NodeActivityRunningXtrn] : "running"
    1477 ,cfg->xtrn[xtrnnum]->name);

    ** CID 516414: Error handling issues (CHECKED_RETURN)
    /useredit.cpp: 65 in sbbs_t::useredit(int)()


    ________________________________________________________________________________________________________
    *** CID 516414: Error handling issues (CHECKED_RETURN)
    /useredit.cpp: 65 in sbbs_t::useredit(int)()
    59 if(sys_status&SS_INUEDIT)
    60 return;
    61 sys_status|=SS_INUEDIT;
    62 while(online) {
    63 CLS;
    64 attr(LIGHTGRAY);
    CID 516414: Error handling issues (CHECKED_RETURN)
    Calling "getuserdat" without checking return value (as is done elsewhere 83 out of 98 times).
    65 getuserdat(&cfg,&user);
    66 if(!user.number) {
    67 user.number=1;
    68 getuserdat(&cfg,&user);
    69 if(!user.number) {
    70 bputs(text[NoUserData]);

    ** CID 516413: Error handling issues (CHECKED_RETURN)
    /answer.cpp: 168 in sbbs_t::answer()()


    ________________________________________________________________________________________________________
    *** CID 516413: Error handling issues (CHECKED_RETURN)
    /answer.cpp: 168 in sbbs_t::answer()()
    162 (but keep full terminal type/speed string in rlogin_term): */
    163 truncstr(terminal,"/");
    164 useron.number = 0;
    165 if(rlogin_name[0])
    166 useron.number = find_login_id(&cfg, rlogin_name);
    167 if(useron.number) {
    CID 516413: Error handling issues (CHECKED_RETURN)
    Calling "getuserdat" without checking return value (as is done elsewhere 83 out of 98 times).
    168 getuserdat(&cfg,&useron);
    169 SAFEPRINTF(path,"%srlogin.cfg",cfg.ctrl_dir);
    170 if(!findstr(client.addr,path)) {
    171 SAFECOPY(tmp, rlogin_pass);
    172 for(i=0;i<3 && online;i++) { 173 if(stricmp(tmp,useron.pass)) {

    ** CID 516412: Error handling issues (CHECKED_RETURN)
    /login.cpp: 51 in sbbs_t::login(const char *, const char *, const char *, const char *)()


    ________________________________________________________________________________________________________
    *** CID 516412: Error handling issues (CHECKED_RETURN)
    /login.cpp: 51 in sbbs_t::login(const char *, const char *, const char *, const char *)()
    45 long useron_misc=useron.misc;
    46
    47 username = parse_login(username);
    48
    49 useron.number = find_login_id(&cfg, username);
    50 if(useron.number) {
    CID 516412: Error handling issues (CHECKED_RETURN)
    Calling "getuserdat" without checking return value (as is done elsewhere 83 out of 98 times).
    51 getuserdat(&cfg,&useron);
    52 if(useron.number && useron.misc&(DELETED|INACTIVE))
    53 useron.number=0;
    54 }
    55
    56 if(!useron.number) {

    ** CID 516411: (CHECKED_RETURN)
    /useredit.cpp: 733 in sbbs_t::maindflts(user_t *)()
    /useredit.cpp: 738 in sbbs_t::maindflts(user_t *)()


    ________________________________________________________________________________________________________
    *** CID 516411: (CHECKED_RETURN)
    /useredit.cpp: 733 in sbbs_t::maindflts(user_t *)()
    727
    728 action=NODE_DFLT;
    729 if (cfg.usercfg_mod[0]) {
    730 char cmdline[256];
    731 snprintf(cmdline, sizeof(cmdline), "%s %u", cfg.usercfg_mod, user->number);
    732 exec_bin(cmdline, &main_csi);
    CID 516411: (CHECKED_RETURN)
    Calling "getuserdat" without checking return value (as is done elsewhere 83 out of 98 times).
    733 getuserdat(&cfg, user);
    734 return;
    735 }
    736 while(online) {
    737 CLS;
    738 getuserdat(&cfg,user);
    /useredit.cpp: 738 in sbbs_t::maindflts(user_t *)()
    732 exec_bin(cmdline, &main_csi);
    733 getuserdat(&cfg, user);
    734 return;
    735 }
    736 while(online) {
    737 CLS;
    CID 516411: (CHECKED_RETURN)
    Calling "getuserdat" without checking return value (as is done elsewhere 83 out of 98 times).
    738 getuserdat(&cfg,user);
    739 bprintf(text[UserDefaultsHdr],user->alias,user->number);
    740 if(user == &useron) {
    741 update_nodeterm();
    742 load_user_text();
    743 }

    ** CID 516410: Error handling issues (CHECKED_RETURN)
    /websrvr.c: 1662 in http_logon()


    ________________________________________________________________________________________________________
    *** CID 516410: Error handling issues (CHECKED_RETURN)
    /websrvr.c: 1662 in http_logon()
    1656 session->req.finished=true;
    1657 }
    1658
    1659 void http_logon(http_session_t * session, user_t *usr)
    1660 {
    1661 if(usr==NULL)
    CID 516410: Error handling issues (CHECKED_RETURN)
    Calling "getuserdat" without checking return value (as is done elsewhere 83 out of 98 times).
    1662 getuserdat(&scfg, &session->user);
    1663 else
    1664 session->user=*usr;
    1665
    1666 if(session->user.number==session->last_user_num)
    1667 return;

    ** CID 516409: Error handling issues (CHECKED_RETURN)
    /str.cpp: 1388 in sbbs_t::change_user()()


    ________________________________________________________________________________________________________
    *** CID 516409: Error handling issues (CHECKED_RETURN)
    /str.cpp: 1388 in sbbs_t::change_user()()
    1382 putmsgptrs();
    1383 putuserstr(useron.number, USER_CURSUB
    1384 ,cfg.sub[usrsub[curgrp][cursub[curgrp]]]->code);
    1385 putuserstr(useron.number, USER_CURDIR
    1386 ,cfg.dir[usrdir[curlib][curdir[curlib]]]->code);
    1387 useron.number=i;
    CID 516409: Error handling issues (CHECKED_RETURN)
    Calling "getuserdat" without checking return value (as is done elsewhere 83 out of 98 times).
    1388 getuserdat(&cfg,&useron);
    1389 if(getnodedat(cfg.node_num,&thisnode, true)) {
    1390 thisnode.useron=useron.number;
    1391 putnodedat(cfg.node_num,&thisnode);
    1392 }
    1393 getmsgptrs();

    ** CID 516408: Error handling issues (CHECKED_RETURN)
    /useredit.cpp: 1166 in sbbs_t::purgeuser(int)()


    ________________________________________________________________________________________________________
    *** CID 516408: Error handling issues (CHECKED_RETURN)
    /useredit.cpp: 1166 in sbbs_t::purgeuser(int)()
    1160
    1161 void sbbs_t::purgeuser(int usernumber)
    1162 { char str[128];
    1163 user_t user;
    1164
    1165 user.number=usernumber;
    CID 516408: Error handling issues (CHECKED_RETURN)
    Calling "getuserdat" without checking return value (as is done elsewhere 83 out of 98 times).
    1166 getuserdat(&cfg,&user);
    1167 SAFEPRINTF2(str,"Purged %s #%u",user.alias,usernumber);
    1168 logentry("!*",str);
    1169 delallmail(usernumber, MAIL_ANY);
    1170 putusername(&cfg,usernumber,nulstr);
    1171 putusermisc(usernumber, user.misc | DELETED);

    ** CID 516407: Error handling issues (CHECKED_RETURN)
    /websrvr.c: 2037 in check_ars()


    ________________________________________________________________________________________________________
    *** CID 516407: Error handling issues (CHECKED_RETURN)
    /websrvr.c: 2037 in check_ars()
    2031 else
    2032 lprintf(LOG_NOTICE,"%04d !UNKNOWN USER: '%s'" 2033 ,session->socket,session->req.auth.username);
    2034 return(false);
    2035 }
    2036 thisuser.number=i;
    CID 516407: Error handling issues (CHECKED_RETURN)
    Calling "getuserdat" without checking return value (as is done elsewhere 83 out of 98 times).
    2037 getuserdat(&scfg, &thisuser);
    2038 switch(session->req.auth.type) {
    2039 case AUTHENTICATION_TLS_PSK:
    2040 if((auth_allowed & (1<<AUTHENTICATION_TLS_PSK))==0)
    2041 return(false);
    2042 if(session->last_user_num!=0) {


    ________________________________________________________________________________________________________
    To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=u001.AxU2LYlgjL6eX23u9ErQy-2BKADyCpvUKOL6EWmZljiu4gdQbQRNsarCbK0jIoVQSWT2zCPijRqaed4AhLiEI9Z7MR9SJQ09ot5XPbn9SW-2F14-3DQyWe_7FYjIqE8olEh4k02KWtt1r1LGSyuXVEtCuKuJCXgAQZaRdcpKH1DbVbWKil-2BYXbuPo6Nlz2IWCRH2bHbIl-2BZWutyiZLTcraL5FS1iiZSM0cIaa70yw-2BvQnYvTFtY90cnRY6AunfTZ3TOchBhkmrNG5r6R9YGJilsgu5Suh4msrRA-2BqV-2BHoo-2B29c88W6IVBSZdgQoHyw-2Bn9zmKTgeEHvaqQ-3D-3D



    ---
    þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
  • From scan-admin@coverity.com@VERT to cov-scan@synchro.net on Fri Dec 20 13:38:55 2024
    Hi,

    Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

    1 new defect(s) introduced to Synchronet found with Coverity Scan.
    3 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

    New defect(s) Reported-by: Coverity Scan
    Showing 1 of 1 defect(s)


    ** CID 516431: Incorrect expression (EVALUATION_ORDER)
    /scfg/scfgsys.c: 1740 in sys_cfg()


    ________________________________________________________________________________________________________
    *** CID 516431: Incorrect expression (EVALUATION_ORDER)
    /scfg/scfgsys.c: 1740 in sys_cfg()
    1734 char sys_pass[sizeof(cfg.sys_pass)];
    1735 SAFECOPY(sys_pass, cfg.sys_pass);
    1736 while(1) {
    1737 i=0;
    1738 snprintf(opt[i++],MAX_OPLN,"%-20s%s","BBS Name",cfg.sys_name);
    1739 snprintf(opt[i++],MAX_OPLN,"%-20s%s","Location",cfg.sys_location);
    CID 516431: Incorrect expression (EVALUATION_ORDER)
    In argument #6 of "safe_snprintf(opt[i++], 75UL, "%-20s%s%s %s", "Local Time Zone", ((cfg.sys_timezone == -1) ? "Auto: " : ""), smb_zonestr(sys_timezone(&cfg), NULL), ((!(cfg.sys_timezone <= 1000 && cfg.sys_timezone >= -1000) && (cfg.sys_timezone & 0xc000 || cfg.sys_timezone == 4096 || cfg.sys_timezone == 4156 || cfg.sys_timezone == 4216 || cfg.sys_timezone == 4816 || cfg.sys_timezone == 4696 || cfg.sys_timezone == 4666) && cfg.sys_misc & 0x4000U) ? "(Auto-DST)" : ""))", a call is made to "sys_timezone(&cfg)". In argument #1 of this function, the object "cfg.sys_timezone" is modified. This object is also used in "(cfg.sys_timezone == -1) ? "Auto: " : """, the argument #5 of the outer function call. The order in which these arguments are evaluated is not specified, and will vary between platforms.
    1740 snprintf(opt[i++],MAX_OPLN,"%-20s%s%s %s","Local Time Zone"
    1741 ,cfg.sys_timezone == SYS_TIMEZONE_AUTO ? "Auto: " : ""
    1742 ,smb_zonestr(sys_timezone(&cfg),NULL)
    1743 ,SMB_TZ_HAS_DST(cfg.sys_timezone) && cfg.sys_misc&SM_AUTO_DST ? "(Auto-DST)" : "");
    1744 snprintf(opt[i++],MAX_OPLN,"%-20s%s (e.g. %s)","Short Date Format"
    1745 ,date_format(&cfg, str, sizeof str)


    ________________________________________________________________________________________________________
    To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=u001.AxU2LYlgjL6eX23u9ErQy-2BKADyCpvUKOL6EWmZljiu4gdQbQRNsarCbK0jIoVQSWT2zCPijRqaed4AhLiEI9Z7MR9SJQ09ot5XPbn9SW-2F14-3Du0AK_7FYjIqE8olEh4k02KWtt1r1LGSyuXVEtCuKuJCXgAQZX-2BkC2-2BAZJhPPYfXPDeIQ-2B4YvLEfkbd-2Bd6D-2Bq6Hgb3A8yT9nXPdJTazBcJukBEh03pJKxvVooRsB2exFituB7-2FZiW-2B-2FFf3SbStI-2Fat2UXSZKXBODkmruS46NddedKGixq1GgfIg-2BgPQfkssXqpoMR-2BzxwZcTjLKvzCO0Vk2ny9Gw-3D-3D



    ---
    þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
  • From scan-admin@coverity.com@VERT to cov-scan@synchro.net on Sat Dec 21 13:40:03 2024
    Hi,

    Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

    3 new defect(s) introduced to Synchronet found with Coverity Scan.
    3 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

    New defect(s) Reported-by: Coverity Scan
    Showing 3 of 3 defect(s)


    ** CID 516448: High impact quality (Y2K38_SAFETY)
    /js_msgbase.c: 1441 in js_get_msg_header_resolve()


    ________________________________________________________________________________________________________
    *** CID 516448: High impact quality (Y2K38_SAFETY)
    /js_msgbase.c: 1441 in js_get_msg_header_resolve()
    1435 /* Fixed length portion of msg header */
    1436 LAZY_UINTEGER("type", p->msg.hdr.type, JSPROP_ENUMERATE);
    1437 LAZY_UINTEGER("version", p->msg.hdr.version, JSPROP_ENUMERATE); 1438 LAZY_UINTEGER("attr", p->msg.hdr.attr, JSPROP_ENUMERATE);
    1439 LAZY_UINTEGER("auxattr", p->msg.hdr.auxattr, JSPROP_ENUMERATE); 1440 LAZY_UINTEGER("netattr", p->msg.hdr.netattr, JSPROP_ENUMERATE); >>> CID 516448: High impact quality (Y2K38_SAFETY)
    A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "smb_time(p->msg.hdr.when_written)" is cast to "uint32".
    1441 LAZY_UINTEGER("when_written_time", smb_time(p->msg.hdr.when_written), JSPROP_ENUMERATE);
    1442 LAZY_INTEGER("when_written_zone", p->msg.hdr.when_written.zone, JSPROP_ENUMERATE);
    1443 LAZY_INTEGER("when_written_zone_offset", smb_tzutc(p->msg.hdr.when_written.zone), JSPROP_ENUMERATE|JSPROP_READONLY);
    1444 LAZY_UINTEGER("when_imported_time", p->msg.hdr.when_imported.time, JSPROP_ENUMERATE);
    1445 LAZY_INTEGER("when_imported_zone", p->msg.hdr.when_imported.zone, JSPROP_ENUMERATE);
    1446 LAZY_INTEGER("when_imported_zone_offset", smb_tzutc(p->msg.hdr.when_imported.zone), JSPROP_ENUMERATE|JSPROP_READONLY);

    ** CID 516447: High impact quality (Y2K38_SAFETY)
    /postmsg.cpp: 625 in votemsg()


    ________________________________________________________________________________________________________
    *** CID 516447: High impact quality (Y2K38_SAFETY)
    /postmsg.cpp: 625 in votemsg()
    619 }
    620 answers++;
    621 }
    622 }
    623 }
    624 safe_snprintf(smsg, sizeof(smsg), smsgfmt
    CID 516447: High impact quality (Y2K38_SAFETY)
    A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "smb_time(msg->hdr.when_written)" is cast to "time32_t".
    625 ,timestr(cfg, (time32_t)smb_time(msg->hdr.when_written), tstr)
    626 ,cfg->grp[cfg->sub[smb->subnum]->grp]->sname
    627 ,cfg->sub[smb->subnum]->sname
    628 ,from
    629 ,remsg.subj);
    630 SAFECAT(smsg, votes);

    ** CID 516446: (Y2K38_SAFETY)
    /qwknodes.c: 366 in main()
    /qwknodes.c: 392 in main()
    /qwknodes.c: 361 in main()
    /qwknodes.c: 384 in main()
    /qwknodes.c: 333 in main()
    /qwknodes.c: 343 in main()


    ________________________________________________________________________________________________________
    *** CID 516446: (Y2K38_SAFETY)
    /qwknodes.c: 366 in main()
    360 ,msg.from,p+1
    361 ,unixtodstr(&cfg,smb_time(msg.hdr.when_written),tmp)
    362 ,str); 363 else
    364 fprintf(users,"%-25.25s %-8.8s %s\r\n"
    365 ,msg.from,str
    CID 516446: (Y2K38_SAFETY)
    A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "smb_time(msg.hdr.when_written)" is cast to "time32_t".
    366 ,unixtodstr(&cfg,smb_time(msg.hdr.when_written),tmp));
    367 }
    368 if(cmd&NODES && msg.from_net.type==NET_QWK) {
    369 if(mode&TAGS)
    370 gettag(&msg,tag);
    371 if(mode&FEED) /qwknodes.c: 392 in main()
    386 }
    387 else
    388 fprintf(nodes,"%-8.8s %s\r\n"
    389 ,str 390 ,mode&TAGS
    391 ? tag >>> CID 516446: (Y2K38_SAFETY)
    A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "smb_time(msg.hdr.when_written)" is cast to "time32_t".
    392 : unixtodstr(&cfg,smb_time(msg.hdr.when_written),tmp));
    393 }
    394 }
    395 }
    396 smb_freemsgmem(&msg);
    397 }
    /qwknodes.c: 361 in main()
    355 else
    356 strcpy(str,msg.from_net.addr);
    357 p=strrchr(str,'/');
    358 if(p)
    359 fprintf(users,"%-25.25s %-8.8s %s (%s)\r\n"
    360 ,msg.from,p+1
    CID 516446: (Y2K38_SAFETY)
    A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "smb_time(msg.hdr.when_written)" is cast to "time32_t".
    361 ,unixtodstr(&cfg,smb_time(msg.hdr.when_written),tmp)
    362 ,str); 363 else
    364 fprintf(users,"%-25.25s %-8.8s %s\r\n"
    365 ,msg.from,str
    366 ,unixtodstr(&cfg,smb_time(msg.hdr.when_written),tmp));
    /qwknodes.c: 384 in main()
    378 fprintf(nodes,"%-8.8s %s\r\n"
    379 ,p+1
    380 ,tag);
    381 else
    382 fprintf(nodes,"%-8.8s %s (%s)\r\n"
    383 ,p+1
    CID 516446: (Y2K38_SAFETY)
    A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "smb_time(msg.hdr.when_written)" is cast to "time32_t".
    384 ,unixtodstr(&cfg,smb_time(msg.hdr.when_written),tmp)
    385 ,str);
    386 }
    387 else
    388 fprintf(nodes,"%-8.8s %s\r\n"
    389 ,str /qwknodes.c: 333 in main()
    327 p=strrchr(addr,'/');
    328 if(!p)
    329 p=addr; 330 else
    331 *(p++)=0;
    332 safe_snprintf(str, sizeof(str), "%s %s:%s%c%s"
    CID 516446: (Y2K38_SAFETY)
    A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "smb_time(msg.hdr.when_written)" is cast to "time32_t".
    333 ,unixtodstr(&cfg,smb_time(msg.hdr.when_written),tmp)
    334 ,p,cfg.sys_id,p==addr ? 0 : '/'
    335 ,addr); 336 fprintf(route,"%s\r\n",str);
    337 }
    338 else {
    /qwknodes.c: 343 in main()
    337 }
    338 else {
    339 p=strrchr(addr,'/');
    340 if(p) {
    341 *(p++)=0;
    342 fprintf(route,"%s %s:%.*s\r\n"
    CID 516446: (Y2K38_SAFETY)
    A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "smb_time(msg.hdr.when_written)" is cast to "time32_t".
    343 ,unixtodstr(&cfg,smb_time(msg.hdr.when_written),str)
    344 ,p
    345 ,(uint)(p-addr)
    346 ,addr); 347 }
    348 }


    ________________________________________________________________________________________________________
    To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=u001.AxU2LYlgjL6eX23u9ErQy-2BKADyCpvUKOL6EWmZljiu4gdQbQRNsarCbK0jIoVQSWT2zCPijRqaed4AhLiEI9Z7MR9SJQ09ot5XPbn9SW-2F14-3DNGSj_7FYjIqE8olEh4k02KWtt1r1LGSyuXVEtCuKuJCXgAQYgWGJ9BYEIxvdbhMAIayAni-2FuUZOlays8-2BQNW1Qj2YoLcEBScLdhHrJ52SvmolJ5itsnLRiKIwdue9DQ-2F9PO-2FUFGY-2Fa0jLnspeSlF2FiQB80TbxuUTyDk42cNSQCBuIqgPC4jh5ZIq8dm-2B49xrAWdl9U3UIFg1xXJFs0kJktVUnA-3D-3D



    ---
    þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net