Subj : New Defects reported by Coverity Scan for Synchronet To : All From : scan-admin@coverity.com Date : Sun Mar 30 2025 13:06:10 Hi, Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan. 5 new defect(s) introduced to Synchronet found with Coverity Scan. 6 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan. New defect(s) Reported-by: Coverity Scan Showing 5 of 5 defect(s) ** CID 548252: Error handling issues (NEGATIVE_RETURNS) /writemsg.cpp: 709 in sbbs_t::writemsg(const char *, const char *, char *, int, int, const char *, const char *, const char **, const char **)() ________________________________________________________________________________________________________ *** CID 548252: Error handling issues (NEGATIVE_RETURNS) /writemsg.cpp: 709 in sbbs_t::writemsg(const char *, const char *, char *, int, int, const char *, const char *, const char **, const char **)() 703 buf[0] = 0; 704 if (linesquoted || draft_restored) { 705 if ((file = nopen(msgtmp, O_RDONLY)) != -1) { 706 length = (long)filelength(file); 707 l = length > (int)(cfg.level_linespermsg[useron_level] * MAX_LINE_LEN) - 1 708 ? (cfg.level_linespermsg[useron_level] * MAX_LINE_LEN) - 1 : length; >>> CID 548252: Error handling issues (NEGATIVE_RETURNS) >>> "l" is passed to a parameter that cannot be negative. [Note: The source code implementation of the function has been overridden by a builtin model.] 709 if (read(file, buf, l) != l) 710 l = 0; 711 buf[l] = 0; 712 close(file); 713 // remove(msgtmp); 714 } ** CID 548251: Incorrect expression (SIZEOF_MISMATCH) /xtrn.cpp: 1621 in sbbs_t::external(const char *, int, const char *)() ________________________________________________________________________________________________________ *** CID 548251: Incorrect expression (SIZEOF_MISMATCH) /xtrn.cpp: 1621 in sbbs_t::external(const char *, int, const char *)() 1615 return -1; 1616 } 1617 1618 if ((mode & EX_STDIO) == EX_STDIO) { 1619 struct winsize winsize; 1620 struct termios termio; >>> CID 548251: Incorrect expression (SIZEOF_MISMATCH) >>> Passing argument "&termio" of type "termios *" and argument "8UL" ("sizeof (this->term)") to function "memset" is suspicious because "sizeof (termios) /*60*/" is expected. 1621 memset(&termio, 0, sizeof(term)); 1622 cfsetispeed(&termio, B19200); 1623 cfsetospeed(&termio, B19200); 1624 if (mode & EX_BIN) 1625 cfmakeraw(&termio); 1626 else { ** CID 548250: Control flow issues (NO_EFFECT) /terminal.cpp: 31 in Terminal::scroll_hotspots(unsigned int)() ________________________________________________________________________________________________________ *** CID 548250: Control flow issues (NO_EFFECT) /terminal.cpp: 31 in Terminal::scroll_hotspots(unsigned int)() 25 unsigned spots = 0; 26 unsigned remain = 0; 27 for (list_node_t* node = mouse_hotspots->first; node != NULL; node = node->next) { 28 struct mouse_hotspot* spot = (struct mouse_hotspot*)node->data; 29 spot->y -= count; 30 spots++; >>> CID 548250: Control flow issues (NO_EFFECT) >>> This greater-than-or-equal-to-zero comparison of an unsigned value is always true. "spot->y >= 0U". 31 if (spot->y >= 0) 32 remain++; 33 } 34 #ifdef _DEBUG 35 if (spots) 36 sbbs->lprintf(LOG_DEBUG, "Scrolled %u mouse hot-spots %u rows (%u remain)", spots, count, remain); ** CID 548249: (DEADCODE) /useredit.cpp: 89 in sbbs_t::useredit(int)() /useredit.cpp: 89 in sbbs_t::useredit(int)() ________________________________________________________________________________________________________ *** CID 548249: (DEADCODE) /useredit.cpp: 89 in sbbs_t::useredit(int)() 83 SAFEPRINTF2(user_pass, "%.*s..", (int)(max_len - 2), user.pass); 84 bprintf(text[UeditAliasPassword] 85 , user.alias 86 , datestr(user.pwmod, tmp) 87 , (user.level > useron.level || !(cfg.sys_misc & SM_ECHO_PW)) ? "" : user_pass 88 ); >>> CID 548249: (DEADCODE) >>> Execution cannot reach the expression ""XXXXXXXX"" inside this statement: "this->bprintf(this->text[Ue...". 89 bprintf(text[UeditRealNamePhone] 90 , user.level > useron.level && console & CON_R_ECHO 91 ? "XXXXXXXX" : user.name 92 , user.level > useron.level && console & CON_R_ECHO 93 ? "XXX-XXX-XXXX" : user.phone); 94 bprintf(text[UeditAddressBirthday] /useredit.cpp: 89 in sbbs_t::useredit(int)() 83 SAFEPRINTF2(user_pass, "%.*s..", (int)(max_len - 2), user.pass); 84 bprintf(text[UeditAliasPassword] 85 , user.alias 86 , datestr(user.pwmod, tmp) 87 , (user.level > useron.level || !(cfg.sys_misc & SM_ECHO_PW)) ? "" : user_pass 88 ); >>> CID 548249: (DEADCODE) >>> Execution cannot reach the expression ""XXX-XXX-XXXX"" inside this statement: "this->bprintf(this->text[Ue...". 89 bprintf(text[UeditRealNamePhone] 90 , user.level > useron.level && console & CON_R_ECHO 91 ? "XXXXXXXX" : user.name 92 , user.level > useron.level && console & CON_R_ECHO 93 ? "XXX-XXX-XXXX" : user.phone); 94 bprintf(text[UeditAddressBirthday] ** CID 548248: Error handling issues (CHECKED_RETURN) /writemsg.cpp: 1836 in sbbs_t::movemsg(smbmsg_t *, int)() ________________________________________________________________________________________________________ *** CID 548248: Error handling issues (CHECKED_RETURN) /writemsg.cpp: 1836 in sbbs_t::movemsg(smbmsg_t *, int)() 1830 length = smb_getmsgdatlen(msg); 1831 if ((buf = (char *)malloc(length)) == NULL) { 1832 errormsg(WHERE, ERR_ALLOC, smb.file, length); 1833 return false; 1834 } 1835 >>> CID 548248: Error handling issues (CHECKED_RETURN) >>> Calling "fseek(this->smb.sdt_fp, msg->hdr.offset, 0)" without checking return value. This library function may fail and return an error code. 1836 fseek(smb.sdt_fp, msg->hdr.offset, SEEK_SET); 1837 if (fread(buf, length, 1, smb.sdt_fp) != 1) { 1838 free(buf); 1839 errormsg(WHERE, ERR_READ, smb.file, length); 1840 return false; 1841 } ________________________________________________________________________________________________________ To view the defects in Coverity Scan visit, https://scan.coverity.com/projects/synchronet?tab=overview --- þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net .