New Defects Reported

Subj : New Defects reported by Coverity Scan for Synchronet To : All From : scan-admin@coverity.com Date : Tue Sep 30 2025 14:17:12 ----==_mimepart_68dbe667f0fba_4d6e62b4f2a4a99a44915 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Hi, Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan. 3 new defect(s) introduced to Synchronet found with Coverity Scan. New defect(s) Reported-by: Coverity Scan Showing 3 of 3 defect(s) ** CID 631052: Null pointer dereferences (FORWARD_NULL) /tmp/sbbs-Sep-30-2025/src/xpdev/ini_file.c: 3367 in iniGetFastParsedSectionCmp() _____________________________________________________________________________________________ *** CID 631052: Null pointer dereferences (FORWARD_NULL) /tmp/sbbs-Sep-30-2025/src/xpdev/ini_file.c: 3367 in iniGetFastParsedSectionCmp() 3361 return 0; 3362 } 3363 if (name == NULL || name->str == NULL) 3364 return -1; 3365 entShorter = fp->name.len < name->len; 3366 cmplen = entShorter ? fp->name.len : name->len; >>> CID 631052: Null pointer dereferences (FORWARD_NULL) >>> Passing null pointer "fp->name.str" to "strncasecmp", which dereferences it. 3367 cmp = strnicmp(name->str, fp->name.str, cmplen); 3368 if (cmp == 0) { 3369 if (fp->name.len == name->len) 3370 return 0; 3371 if (entShorter) 3372 return 1; ** CID 631051: Integer handling issues (INTEGER_OVERFLOW) /tmp/sbbs-Sep-30-2025/src/xpdev/ini_file.c: 3159 in iniFastParseSections() _____________________________________________________________________________________________ *** CID 631051: Integer handling issues (INTEGER_OVERFLOW) /tmp/sbbs-Sep-30-2025/src/xpdev/ini_file.c: 3159 in iniFastParseSections() 3153 struct fp_section *sect; 3154 size_t slen; 3155 str++; 3156 slen = strlen(str); 3157 while (slen && (IS_WHITESPACE(str[slen - 1]))) 3158 slen--; >>> CID 631051: Integer handling issues (INTEGER_OVERFLOW) >>> Expression "slen - 1UL", where "slen" is known to be equal to 0, underflows the type of "slen - 1UL", which is type "unsigned long". 3159 if (str[slen - 1] == INI_CLOSE_SECTION_CHAR) 3160 slen--; 3161 else // Discard line 3162 continue; 3163 ret->totalSections++; 3164 if ((ret->totalSections) >= arraySz) { ** CID 631050: Integer handling issues (INTEGER_OVERFLOW) /tmp/sbbs-Sep-30-2025/src/xpdev/ini_file.c: 3331 in iniGetFastParsedSectionList() _____________________________________________________________________________________________ *** CID 631050: Integer handling issues (INTEGER_OVERFLOW) /tmp/sbbs-Sep-30-2025/src/xpdev/ini_file.c: 3331 in iniGetFastParsedSectionList() 3325 if (sz) 3326 *sz = 0; 3327 return ret; 3328 } 3329 if (prefix) 3330 prefixLen = strlen(prefix); >>> CID 631050: Integer handling issues (INTEGER_OVERFLOW) >>> Expression "i++", where "i" is known to be equal to 18446744073709551615, overflows the type of "i++", which is type "size_t". 3331 for (i = iniGetFastPrefixStart(fp, prefix); i <= fp->lastUncut; i++) { 3332 if (fp->sections[i].name.str == NULL) 3333 continue; 3334 if (fp->sections[i].cut) 3335 continue; 3336 if (fp->sections[i].name.len < prefixLen) ________________________________________________________________________________________________________ To view the defects in Coverity Scan visit, https://scan.coverity.com/projects/synchronet?tab=overview ----==_mimepart_68dbe667f0fba_4d6e62b4f2a4a99a44915 Content-Type: text/html; charset=us-ascii Content-Transfer-Encoding: 7bit New Defects Reported - Synchronet

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

New Defects Found: 3
Defects Shown: Showing 3 of 3 defect(s)

Defect Details

** CID 631052:       Null pointer dereferences  (FORWARD_NULL)
/tmp/sbbs-Sep-30-2025/src/xpdev/ini_file.c: 3367           in iniGetFastParsedSectionCmp()


_____________________________________________________________________________________________
*** CID 631052:         Null pointer dereferences  (FORWARD_NULL)
/tmp/sbbs-Sep-30-2025/src/xpdev/ini_file.c: 3367             in iniGetFastParsedSectionCmp()
3361     			return 0;
3362     	}
3363     	if (name == NULL || name->str == NULL)
3364     		return -1;
3365     	entShorter = fp->name.len < name->len;
3366     	cmplen = entShorter ? fp->name.len : name->len;
>>>     CID 631052:         Null pointer dereferences  (FORWARD_NULL)
>>>     Passing null pointer "fp->name.str" to "strncasecmp", which dereferences it.
3367     	cmp = strnicmp(name->str, fp->name.str, cmplen);
3368     	if (cmp == 0) {
3369     		if (fp->name.len == name->len)
3370     			return 0;
3371     		if (entShorter)
3372     			return 1;

** CID 631051:       Integer handling issues  (INTEGER_OVERFLOW)
/tmp/sbbs-Sep-30-2025/src/xpdev/ini_file.c: 3159           in iniFastParseSections()


_____________________________________________________________________________________________
*** CID 631051:         Integer handling issues  (INTEGER_OVERFLOW)
/tmp/sbbs-Sep-30-2025/src/xpdev/ini_file.c: 3159             in iniFastParseSections()
3153     			struct fp_section *sect;
3154     			size_t slen;
3155     			str++;
3156     			slen = strlen(str);
3157     			while (slen && (IS_WHITESPACE(str[slen - 1])))
3158     				slen--;
>>>     CID 631051:         Integer handling issues  (INTEGER_OVERFLOW)
>>>     Expression "slen - 1UL", where "slen" is known to be equal to 0, underflows the type of "slen - 1UL", which is type "unsigned long".
3159     			if (str[slen - 1] == INI_CLOSE_SECTION_CHAR)
3160     				slen--;
3161     			else // Discard line
3162     				continue;
3163     			ret->totalSections++;
3164     			if ((ret->totalSections) >= arraySz) {

** CID 631050:       Integer handling issues  (INTEGER_OVERFLOW)
/tmp/sbbs-Sep-30-2025/src/xpdev/ini_file.c: 3331           in iniGetFastParsedSectionList()


_____________________________________________________________________________________________
*** CID 631050:         Integer handling issues  (INTEGER_OVERFLOW)
/tmp/sbbs-Sep-30-2025/src/xpdev/ini_file.c: 3331             in iniGetFastParsedSectionList()
3325     		if (sz)
3326     			*sz = 0;
3327     		return ret;
3328     	}
3329     	if (prefix)
3330     		prefixLen = strlen(prefix);
>>>     CID 631050:         Integer handling issues  (INTEGER_OVERFLOW)
>>>     Expression "i++", where "i" is known to be equal to 18446744073709551615, overflows the type of "i++", which is type "size_t".
3331     	for (i = iniGetFastPrefixStart(fp, prefix); i <= fp->lastUncut; i++) {
3332     		if (fp->sections[i].name.str == NULL)
3333     			continue;
3334     		if (fp->sections[i].cut)
3335     			continue;
3336     		if (fp->sections[i].name.len < prefixLen)

View Defects in Coverity Scan

Best regards,

The Coverity Scan Admin Team

----==_mimepart_68dbe667f0fba_4d6e62b4f2a4a99a44915-- --- � Synchronet � Vertrauen � Home of Synchronet � [vert/cvs/bbs].synchro.net .