Subj : New Defects reported by Coverity Scan for Synchronet
To   : All
From : scan-admin@coverity.com
Date : Wed Oct 01 2025 16:08:39

----==_mimepart_68dd52075cd65_5ee032b4f2a4a99a44999
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

9 new defect(s) introduced to Synchronet found with Coverity Scan.
3 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 9 of 9 defect(s)


** CID 631076:       Memory - corruptions  (OVERRUN)


_____________________________________________________________________________________________
*** CID 631076:         Memory - corruptions  (OVERRUN)
/sbbsecho.c: 314             in parse_echostat_msg()
308     {
309     	char           str[128];
310     	char           key[128];
311     	echostat_msg_t msg = {{0}};
312
313     	snprintf(key, sizeof key, "%s.to", prefix),         iniGetString(ini, section, key, NULL, msg.to);
>>>     CID 631076:         Memory - corruptions  (OVERRUN)
>>>     Overrunning array "msg.from" of 36 bytes by passing it to a function which accesses it at byte offset 1023.
314     	snprintf(key, sizeof key, "%s.from", prefix),       iniGetString(ini, section, key, NULL, msg.from);
315     	snprintf(key, sizeof key, "%s.subj", prefix),       iniGetString(ini, section, key, NULL, msg.subj);
316     	snprintf(key, sizeof key, "%s.msg_id", prefix),     iniGetString(ini, section, key, NULL, msg.msg_id);
317     	snprintf(key, sizeof key, "%s.reply_id", prefix),   iniGetString(ini, section, key, NULL, msg.reply_id);
318     	snprintf(key, sizeof key, "%s.pid", prefix),            iniGetString(ini, section, key, NULL, msg.pid);
319     	snprintf(key, sizeof key, "%s.tid", prefix),            iniGetString(ini, section, key, NULL, msg.tid);

** CID 631075:       Memory - corruptions  (OVERRUN)


_____________________________________________________________________________________________
*** CID 631075:         Memory - corruptions  (OVERRUN)
/sbbsecho.c: 319             in parse_echostat_msg()
313     	snprintf(key, sizeof key, "%s.to", prefix),         iniGetString(ini, section, key, NULL, msg.to);
314     	snprintf(key, sizeof key, "%s.from", prefix),       iniGetString(ini, section, key, NULL, msg.from);
315     	snprintf(key, sizeof key, "%s.subj", prefix),       iniGetString(ini, section, key, NULL, msg.subj);
316     	snprintf(key, sizeof key, "%s.msg_id", prefix),     iniGetString(ini, section, key, NULL, msg.msg_id);
317     	snprintf(key, sizeof key, "%s.reply_id", prefix),   iniGetString(ini, section, key, NULL, msg.reply_id);
318     	snprintf(key, sizeof key, "%s.pid", prefix),            iniGetString(ini, section, key, NULL, msg.pid);
>>>     CID 631075:         Memory - corruptions  (OVERRUN)
>>>     Overrunning array "msg.tid" of 128 bytes by passing it to a function which accesses it at byte offset 1023.
319     	snprintf(key, sizeof key, "%s.tid", prefix),            iniGetString(ini, section, key, NULL, msg.tid);
320     	snprintf(key, sizeof key, "%s.msg_tz", prefix),     iniGetString(ini, section, key, NULL, msg.msg_tz);
321     	snprintf(key, sizeof key, "%s.msg_time", prefix),   msg.msg_time = iniGetDateTime(ini, section, key, 0);
322     	snprintf(key, sizeof key, "%s.localtime", prefix),  msg.localtime = iniGetDateTime(ini, section, key, 0);
323     	snprintf(key, sizeof key, "%s.length", prefix),     msg.length = (size_t)iniGetBytes(ini, section, key, 1, 0);
324     	snprintf(key, sizeof key, "%s.origaddr", prefix),   iniGetString(ini, section, key, NULL, str);

** CID 631074:       Memory - corruptions  (OVERRUN)


_____________________________________________________________________________________________
*** CID 631074:         Memory - corruptions  (OVERRUN)
/sbbsecho.c: 317             in parse_echostat_msg()
311     	echostat_msg_t msg = {{0}};
312
313     	snprintf(key, sizeof key, "%s.to", prefix),         iniGetString(ini, section, key, NULL, msg.to);
314     	snprintf(key, sizeof key, "%s.from", prefix),       iniGetString(ini, section, key, NULL, msg.from);
315     	snprintf(key, sizeof key, "%s.subj", prefix),       iniGetString(ini, section, key, NULL, msg.subj);
316     	snprintf(key, sizeof key, "%s.msg_id", prefix),     iniGetString(ini, section, key, NULL, msg.msg_id);
>>>     CID 631074:         Memory - corruptions  (OVERRUN)
>>>     Overrunning array "msg.reply_id" of 128 bytes by passing it to a function which accesses it at byte offset 1023.
317     	snprintf(key, sizeof key, "%s.reply_id", prefix),   iniGetString(ini, section, key, NULL, msg.reply_id);
318     	snprintf(key, sizeof key, "%s.pid", prefix),            iniGetString(ini, section, key, NULL, msg.pid);
319     	snprintf(key, sizeof key, "%s.tid", prefix),            iniGetString(ini, section, key, NULL, msg.tid);
320     	snprintf(key, sizeof key, "%s.msg_tz", prefix),     iniGetString(ini, section, key, NULL, msg.msg_tz);
321     	snprintf(key, sizeof key, "%s.msg_time", prefix),   msg.msg_time = iniGetDateTime(ini, section, key, 0);
322     	snprintf(key, sizeof key, "%s.localtime", prefix),  msg.localtime = iniGetDateTime(ini, section, key, 0);

** CID 631073:       Memory - corruptions  (OVERRUN)


_____________________________________________________________________________________________
*** CID 631073:         Memory - corruptions  (OVERRUN)
/sbbsecho.c: 316             in parse_echostat_msg()
310     	char           key[128];
311     	echostat_msg_t msg = {{0}};
312
313     	snprintf(key, sizeof key, "%s.to", prefix),         iniGetString(ini, section, key, NULL, msg.to);
314     	snprintf(key, sizeof key, "%s.from", prefix),       iniGetString(ini, section, key, NULL, msg.from);
315     	snprintf(key, sizeof key, "%s.subj", prefix),       iniGetString(ini, section, key, NULL, msg.subj);
>>>     CID 631073:         Memory - corruptions  (OVERRUN)
>>>     Overrunning array "msg.msg_id" of 128 bytes by passing it to a function which accesses it at byte offset 1023.
316     	snprintf(key, sizeof key, "%s.msg_id", prefix),     iniGetString(ini, section, key, NULL, msg.msg_id);
317     	snprintf(key, sizeof key, "%s.reply_id", prefix),   iniGetString(ini, section, key, NULL, msg.reply_id);
318     	snprintf(key, sizeof key, "%s.pid", prefix),            iniGetString(ini, section, key, NULL, msg.pid);
319     	snprintf(key, sizeof key, "%s.tid", prefix),            iniGetString(ini, section, key, NULL, msg.tid);
320     	snprintf(key, sizeof key, "%s.msg_tz", prefix),     iniGetString(ini, section, key, NULL, msg.msg_tz);
321     	snprintf(key, sizeof key, "%s.msg_time", prefix),   msg.msg_time = iniGetDateTime(ini, section, key, 0);

** CID 631072:       Memory - corruptions  (OVERRUN)


_____________________________________________________________________________________________
*** CID 631072:         Memory - corruptions  (OVERRUN)
/sbbsecho.c: 313             in parse_echostat_msg()
307     echostat_msg_t parse_echostat_msg(str_list_t ini, const char* section, const char* prefix)
308     {
309     	char           str[128];
310     	char           key[128];
311     	echostat_msg_t msg = {{0}};
312
>>>     CID 631072:         Memory - corruptions  (OVERRUN)
>>>     Overrunning array "msg.to" of 36 bytes by passing it to a function which accesses it at byte offset 1023.
313     	snprintf(key, sizeof key, "%s.to", prefix),         iniGetString(ini, section, key, NULL, msg.to);
314     	snprintf(key, sizeof key, "%s.from", prefix),       iniGetString(ini, section, key, NULL, msg.from);
315     	snprintf(key, sizeof key, "%s.subj", prefix),       iniGetString(ini, section, key, NULL, msg.subj);
316     	snprintf(key, sizeof key, "%s.msg_id", prefix),     iniGetString(ini, section, key, NULL, msg.msg_id);
317     	snprintf(key, sizeof key, "%s.reply_id", prefix),   iniGetString(ini, section, key, NULL, msg.reply_id);
318     	snprintf(key, sizeof key, "%s.pid", prefix),            iniGetString(ini, section, key, NULL, msg.pid);

** CID 631071:         (OVERRUN)


_____________________________________________________________________________________________
*** CID 631071:           (OVERRUN)
/sbbsecho.c: 327             in parse_echostat_msg()
321     	snprintf(key, sizeof key, "%s.msg_time", prefix),   msg.msg_time = iniGetDateTime(ini, section, key, 0);
322     	snprintf(key, sizeof key, "%s.localtime", prefix),  msg.localtime = iniGetDateTime(ini, section, key, 0);
323     	snprintf(key, sizeof key, "%s.length", prefix),     msg.length = (size_t)iniGetBytes(ini, section, key, 1, 0);
324     	snprintf(key, sizeof key, "%s.origaddr", prefix),   iniGetString(ini, section, key, NULL, str);
325     	if (str[0])
326     		msg.origaddr = atofaddr(str);
>>>     CID 631071:           (OVERRUN)
>>>     Overrunning array "str" of 128 bytes by passing it to a function which accesses it at byte offset 1023.
327     	snprintf(key, sizeof key, "%s.pkt_orig", prefix),   iniGetString(ini, section, key, NULL, str);
328     	if (str[0])
329     		msg.pkt_orig = atofaddr(str);
330
331     	return msg;
332     }
/sbbsecho.c: 324             in parse_echostat_msg()
318     	snprintf(key, sizeof key, "%s.pid", prefix),            iniGetString(ini, section, key, NULL, msg.pid);
319     	snprintf(key, sizeof key, "%s.tid", prefix),            iniGetString(ini, section, key, NULL, msg.tid);
320     	snprintf(key, sizeof key, "%s.msg_tz", prefix),     iniGetString(ini, section, key, NULL, msg.msg_tz);
321     	snprintf(key, sizeof key, "%s.msg_time", prefix),   msg.msg_time = iniGetDateTime(ini, section, key, 0);
322     	snprintf(key, sizeof key, "%s.localtime", prefix),  msg.localtime = iniGetDateTime(ini, section, key, 0);
323     	snprintf(key, sizeof key, "%s.length", prefix),     msg.length = (size_t)iniGetBytes(ini, section, key, 1, 0);
>>>     CID 631071:           (OVERRUN)
>>>     Overrunning array "str" of 128 bytes by passing it to a function which accesses it at byte offset 1023.
324     	snprintf(key, sizeof key, "%s.origaddr", prefix),   iniGetString(ini, section, key, NULL, str);
325     	if (str[0])
326     		msg.origaddr = atofaddr(str);
327     	snprintf(key, sizeof key, "%s.pkt_orig", prefix),   iniGetString(ini, section, key, NULL, str);
328     	if (str[0])
329     		msg.pkt_orig = atofaddr(str);

** CID 631070:       Memory - corruptions  (OVERRUN)


_____________________________________________________________________________________________
*** CID 631070:         Memory - corruptions  (OVERRUN)
/sbbsecho.c: 315             in parse_echostat_msg()
309     	char           str[128];
310     	char           key[128];
311     	echostat_msg_t msg = {{0}};
312
313     	snprintf(key, sizeof key, "%s.to", prefix),         iniGetString(ini, section, key, NULL, msg.to);
314     	snprintf(key, sizeof key, "%s.from", prefix),       iniGetString(ini, section, key, NULL, msg.from);
>>>     CID 631070:         Memory - corruptions  (OVERRUN)
>>>     Overrunning array "msg.subj" of 72 bytes by passing it to a function which accesses it at byte offset 1023.
315     	snprintf(key, sizeof key, "%s.subj", prefix),       iniGetString(ini, section, key, NULL, msg.subj);
316     	snprintf(key, sizeof key, "%s.msg_id", prefix),     iniGetString(ini, section, key, NULL, msg.msg_id);
317     	snprintf(key, sizeof key, "%s.reply_id", prefix),   iniGetString(ini, section, key, NULL, msg.reply_id);
318     	snprintf(key, sizeof key, "%s.pid", prefix),            iniGetString(ini, section, key, NULL, msg.pid);
319     	snprintf(key, sizeof key, "%s.tid", prefix),            iniGetString(ini, section, key, NULL, msg.tid);
320     	snprintf(key, sizeof key, "%s.msg_tz", prefix),     iniGetString(ini, section, key, NULL, msg.msg_tz);

** CID 631069:       Memory - corruptions  (OVERRUN)


_____________________________________________________________________________________________
*** CID 631069:         Memory - corruptions  (OVERRUN)
/sbbsecho.c: 318             in parse_echostat_msg()
312
313     	snprintf(key, sizeof key, "%s.to", prefix),         iniGetString(ini, section, key, NULL, msg.to);
314     	snprintf(key, sizeof key, "%s.from", prefix),       iniGetString(ini, section, key, NULL, msg.from);
315     	snprintf(key, sizeof key, "%s.subj", prefix),       iniGetString(ini, section, key, NULL, msg.subj);
316     	snprintf(key, sizeof key, "%s.msg_id", prefix),     iniGetString(ini, section, key, NULL, msg.msg_id);
317     	snprintf(key, sizeof key, "%s.reply_id", prefix),   iniGetString(ini, section, key, NULL, msg.reply_id);
>>>     CID 631069:         Memory - corruptions  (OVERRUN)
>>>     Overrunning array "msg.pid" of 128 bytes by passing it to a function which accesses it at byte offset 1023.
318     	snprintf(key, sizeof key, "%s.pid", prefix),            iniGetString(ini, section, key, NULL, msg.pid);
319     	snprintf(key, sizeof key, "%s.tid", prefix),            iniGetString(ini, section, key, NULL, msg.tid);
320     	snprintf(key, sizeof key, "%s.msg_tz", prefix),     iniGetString(ini, section, key, NULL, msg.msg_tz);
321     	snprintf(key, sizeof key, "%s.msg_time", prefix),   msg.msg_time = iniGetDateTime(ini, section, key, 0);
322     	snprintf(key, sizeof key, "%s.localtime", prefix),  msg.localtime = iniGetDateTime(ini, section, key, 0);
323     	snprintf(key, sizeof key, "%s.length", prefix),     msg.length = (size_t)iniGetBytes(ini, section, key, 1, 0);

** CID 631068:       Memory - corruptions  (OVERRUN)


_____________________________________________________________________________________________
*** CID 631068:         Memory - corruptions  (OVERRUN)
/sbbsecho.c: 320             in parse_echostat_msg()
314     	snprintf(key, sizeof key, "%s.from", prefix),       iniGetString(ini, section, key, NULL, msg.from);
315     	snprintf(key, sizeof key, "%s.subj", prefix),       iniGetString(ini, section, key, NULL, msg.subj);
316     	snprintf(key, sizeof key, "%s.msg_id", prefix),     iniGetString(ini, section, key, NULL, msg.msg_id);
317     	snprintf(key, sizeof key, "%s.reply_id", prefix),   iniGetString(ini, section, key, NULL, msg.reply_id);
318     	snprintf(key, sizeof key, "%s.pid", prefix),            iniGetString(ini, section, key, NULL, msg.pid);
319     	snprintf(key, sizeof key, "%s.tid", prefix),            iniGetString(ini, section, key, NULL, msg.tid);
>>>     CID 631068:         Memory - corruptions  (OVERRUN)
>>>     Overrunning array "msg.msg_tz" of 128 bytes by passing it to a function which accesses it at byte offset 1023.
320     	snprintf(key, sizeof key, "%s.msg_tz", prefix),     iniGetString(ini, section, key, NULL, msg.msg_tz);
321     	snprintf(key, sizeof key, "%s.msg_time", prefix),   msg.msg_time = iniGetDateTime(ini, section, key, 0);
322     	snprintf(key, sizeof key, "%s.localtime", prefix),  msg.localtime = iniGetDateTime(ini, section, key, 0);
323     	snprintf(key, sizeof key, "%s.length", prefix),     msg.length = (size_t)iniGetBytes(ini, section, key, 1, 0);
324     	snprintf(key, sizeof key, "%s.origaddr", prefix),   iniGetString(ini, section, key, NULL, str);
325     	if (str[0])


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://scan.coverity.com/projects/synchronet?tab=overview


----==_mimepart_68dd52075cd65_5ee032b4f2a4a99a44999
Content-Type: text/html; charset=us-ascii
Content-Transfer-Encoding: 7bit

<!DOCTYPE html>
<html>
<head>
  <meta charset="UTF-8">
  <title>New Defects Reported - Synchronet</title>
  <style>
    body { font-family: Arial, sans-serif; color: #222; line-height: 1.6; }
    .button {
      display: inline-block;
      padding: 10px 20px;
      margin: 20px 0;
      font-size: 16px;
      color: #fff !important;
      background-color: #0056b3;
      text-decoration: none;
      border-radius: 5px;
    }
    pre {
      background: #f8f9fa;
      padding: 10px;
      border-radius: 5px;
      font-size: 14px;
      overflow-x: auto;
    }
  </style>
</head>
<body>
  <p>Hi,</p>

  <p>
    Please find the latest report on new defect(s) introduced to <strong>Synchronet</strong>
     found with Coverity Scan.
  </p>

  <ul>
    <li><strong>New Defects Found:</strong> 9</li>
      <li>
        3 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.
      </li>
    <li><strong>Defects Shown:</strong> Showing 9 of 9 defect(s)</li>
  </ul>

  <h3>Defect Details</h3>
  <pre>
** CID 631076:       Memory - corruptions  (OVERRUN)


_____________________________________________________________________________________________
*** CID 631076:         Memory - corruptions  (OVERRUN)
/sbbsecho.c: 314             in parse_echostat_msg()
308     {
309     	char           str[128];
310     	char           key[128];
311     	echostat_msg_t msg = {{0}};
312
313     	snprintf(key, sizeof key, &quot;%s.to&quot;, prefix),         iniGetString(ini, section, key, NULL, msg.to);
&gt;&gt;&gt;     CID 631076:         Memory - corruptions  (OVERRUN)
&gt;&gt;&gt;     Overrunning array &quot;msg.from&quot; of 36 bytes by passing it to a function which accesses it at byte offset 1023.
314     	snprintf(key, sizeof key, &quot;%s.from&quot;, prefix),       iniGetString(ini, section, key, NULL, msg.from);
315     	snprintf(key, sizeof key, &quot;%s.subj&quot;, prefix),       iniGetString(ini, section, key, NULL, msg.subj);
316     	snprintf(key, sizeof key, &quot;%s.msg_id&quot;, prefix),     iniGetString(ini, section, key, NULL, msg.msg_id);
317     	snprintf(key, sizeof key, &quot;%s.reply_id&quot;, prefix),   iniGetString(ini, section, key, NULL, msg.reply_id);
318     	snprintf(key, sizeof key, &quot;%s.pid&quot;, prefix),            iniGetString(ini, section, key, NULL, msg.pid);
319     	snprintf(key, sizeof key, &quot;%s.tid&quot;, prefix),            iniGetString(ini, section, key, NULL, msg.tid);

** CID 631075:       Memory - corruptions  (OVERRUN)


_____________________________________________________________________________________________
*** CID 631075:         Memory - corruptions  (OVERRUN)
/sbbsecho.c: 319             in parse_echostat_msg()
313     	snprintf(key, sizeof key, &quot;%s.to&quot;, prefix),         iniGetString(ini, section, key, NULL, msg.to);
314     	snprintf(key, sizeof key, &quot;%s.from&quot;, prefix),       iniGetString(ini, section, key, NULL, msg.from);
315     	snprintf(key, sizeof key, &quot;%s.subj&quot;, prefix),       iniGetString(ini, section, key, NULL, msg.subj);
316     	snprintf(key, sizeof key, &quot;%s.msg_id&quot;, prefix),     iniGetString(ini, section, key, NULL, msg.msg_id);
317     	snprintf(key, sizeof key, &quot;%s.reply_id&quot;, prefix),   iniGetString(ini, section, key, NULL, msg.reply_id);
318     	snprintf(key, sizeof key, &quot;%s.pid&quot;, prefix),            iniGetString(ini, section, key, NULL, msg.pid);
&gt;&gt;&gt;     CID 631075:         Memory - corruptions  (OVERRUN)
&gt;&gt;&gt;     Overrunning array &quot;msg.tid&quot; of 128 bytes by passing it to a function which accesses it at byte offset 1023.
319     	snprintf(key, sizeof key, &quot;%s.tid&quot;, prefix),            iniGetString(ini, section, key, NULL, msg.tid);
320     	snprintf(key, sizeof key, &quot;%s.msg_tz&quot;, prefix),     iniGetString(ini, section, key, NULL, msg.msg_tz);
321     	snprintf(key, sizeof key, &quot;%s.msg_time&quot;, prefix),   msg.msg_time = iniGetDateTime(ini, section, key, 0);
322     	snprintf(key, sizeof key, &quot;%s.localtime&quot;, prefix),  msg.localtime = iniGetDateTime(ini, section, key, 0);
323     	snprintf(key, sizeof key, &quot;%s.length&quot;, prefix),     msg.length = (size_t)iniGetBytes(ini, section, key, 1, 0);
324     	snprintf(key, sizeof key, &quot;%s.origaddr&quot;, prefix),   iniGetString(ini, section, key, NULL, str);

** CID 631074:       Memory - corruptions  (OVERRUN)


_____________________________________________________________________________________________
*** CID 631074:         Memory - corruptions  (OVERRUN)
/sbbsecho.c: 317             in parse_echostat_msg()
311     	echostat_msg_t msg = {{0}};
312
313     	snprintf(key, sizeof key, &quot;%s.to&quot;, prefix),         iniGetString(ini, section, key, NULL, msg.to);
314     	snprintf(key, sizeof key, &quot;%s.from&quot;, prefix),       iniGetString(ini, section, key, NULL, msg.from);
315     	snprintf(key, sizeof key, &quot;%s.subj&quot;, prefix),       iniGetString(ini, section, key, NULL, msg.subj);
316     	snprintf(key, sizeof key, &quot;%s.msg_id&quot;, prefix),     iniGetString(ini, section, key, NULL, msg.msg_id);
&gt;&gt;&gt;     CID 631074:         Memory - corruptions  (OVERRUN)
&gt;&gt;&gt;     Overrunning array &quot;msg.reply_id&quot; of 128 bytes by passing it to a function which accesses it at byte offset 1023.
317     	snprintf(key, sizeof key, &quot;%s.reply_id&quot;, prefix),   iniGetString(ini, section, key, NULL, msg.reply_id);
318     	snprintf(key, sizeof key, &quot;%s.pid&quot;, prefix),            iniGetString(ini, section, key, NULL, msg.pid);
319     	snprintf(key, sizeof key, &quot;%s.tid&quot;, prefix),            iniGetString(ini, section, key, NULL, msg.tid);
320     	snprintf(key, sizeof key, &quot;%s.msg_tz&quot;, prefix),     iniGetString(ini, section, key, NULL, msg.msg_tz);
321     	snprintf(key, sizeof key, &quot;%s.msg_time&quot;, prefix),   msg.msg_time = iniGetDateTime(ini, section, key, 0);
322     	snprintf(key, sizeof key, &quot;%s.localtime&quot;, prefix),  msg.localtime = iniGetDateTime(ini, section, key, 0);

** CID 631073:       Memory - corruptions  (OVERRUN)


_____________________________________________________________________________________________
*** CID 631073:         Memory - corruptions  (OVERRUN)
/sbbsecho.c: 316             in parse_echostat_msg()
310     	char           key[128];
311     	echostat_msg_t msg = {{0}};
312
313     	snprintf(key, sizeof key, &quot;%s.to&quot;, prefix),         iniGetString(ini, section, key, NULL, msg.to);
314     	snprintf(key, sizeof key, &quot;%s.from&quot;, prefix),       iniGetString(ini, section, key, NULL, msg.from);
315     	snprintf(key, sizeof key, &quot;%s.subj&quot;, prefix),       iniGetString(ini, section, key, NULL, msg.subj);
&gt;&gt;&gt;     CID 631073:         Memory - corruptions  (OVERRUN)
&gt;&gt;&gt;     Overrunning array &quot;msg.msg_id&quot; of 128 bytes by passing it to a function which accesses it at byte offset 1023.
316     	snprintf(key, sizeof key, &quot;%s.msg_id&quot;, prefix),     iniGetString(ini, section, key, NULL, msg.msg_id);
317     	snprintf(key, sizeof key, &quot;%s.reply_id&quot;, prefix),   iniGetString(ini, section, key, NULL, msg.reply_id);
318     	snprintf(key, sizeof key, &quot;%s.pid&quot;, prefix),            iniGetString(ini, section, key, NULL, msg.pid);
319     	snprintf(key, sizeof key, &quot;%s.tid&quot;, prefix),            iniGetString(ini, section, key, NULL, msg.tid);
320     	snprintf(key, sizeof key, &quot;%s.msg_tz&quot;, prefix),     iniGetString(ini, section, key, NULL, msg.msg_tz);
321     	snprintf(key, sizeof key, &quot;%s.msg_time&quot;, prefix),   msg.msg_time = iniGetDateTime(ini, section, key, 0);

** CID 631072:       Memory - corruptions  (OVERRUN)


_____________________________________________________________________________________________
*** CID 631072:         Memory - corruptions  (OVERRUN)
/sbbsecho.c: 313             in parse_echostat_msg()
307     echostat_msg_t parse_echostat_msg(str_list_t ini, const char* section, const char* prefix)
308     {
309     	char           str[128];
310     	char           key[128];
311     	echostat_msg_t msg = {{0}};
312
&gt;&gt;&gt;     CID 631072:         Memory - corruptions  (OVERRUN)
&gt;&gt;&gt;     Overrunning array &quot;msg.to&quot; of 36 bytes by passing it to a function which accesses it at byte offset 1023.
313     	snprintf(key, sizeof key, &quot;%s.to&quot;, prefix),         iniGetString(ini, section, key, NULL, msg.to);
314     	snprintf(key, sizeof key, &quot;%s.from&quot;, prefix),       iniGetString(ini, section, key, NULL, msg.from);
315     	snprintf(key, sizeof key, &quot;%s.subj&quot;, prefix),       iniGetString(ini, section, key, NULL, msg.subj);
316     	snprintf(key, sizeof key, &quot;%s.msg_id&quot;, prefix),     iniGetString(ini, section, key, NULL, msg.msg_id);
317     	snprintf(key, sizeof key, &quot;%s.reply_id&quot;, prefix),   iniGetString(ini, section, key, NULL, msg.reply_id);
318     	snprintf(key, sizeof key, &quot;%s.pid&quot;, prefix),            iniGetString(ini, section, key, NULL, msg.pid);

** CID 631071:         (OVERRUN)


_____________________________________________________________________________________________
*** CID 631071:           (OVERRUN)
/sbbsecho.c: 327             in parse_echostat_msg()
321     	snprintf(key, sizeof key, &quot;%s.msg_time&quot;, prefix),   msg.msg_time = iniGetDateTime(ini, section, key, 0);
322     	snprintf(key, sizeof key, &quot;%s.localtime&quot;, prefix),  msg.localtime = iniGetDateTime(ini, section, key, 0);
323     	snprintf(key, sizeof key, &quot;%s.length&quot;, prefix),     msg.length = (size_t)iniGetBytes(ini, section, key, 1, 0);
324     	snprintf(key, sizeof key, &quot;%s.origaddr&quot;, prefix),   iniGetString(ini, section, key, NULL, str);
325     	if (str[0])
326     		msg.origaddr = atofaddr(str);
&gt;&gt;&gt;     CID 631071:           (OVERRUN)
&gt;&gt;&gt;     Overrunning array &quot;str&quot; of 128 bytes by passing it to a function which accesses it at byte offset 1023.
327     	snprintf(key, sizeof key, &quot;%s.pkt_orig&quot;, prefix),   iniGetString(ini, section, key, NULL, str);
328     	if (str[0])
329     		msg.pkt_orig = atofaddr(str);
330
331     	return msg;
332     }
/sbbsecho.c: 324             in parse_echostat_msg()
318     	snprintf(key, sizeof key, &quot;%s.pid&quot;, prefix),            iniGetString(ini, section, key, NULL, msg.pid);
319     	snprintf(key, sizeof key, &quot;%s.tid&quot;, prefix),            iniGetString(ini, section, key, NULL, msg.tid);
320     	snprintf(key, sizeof key, &quot;%s.msg_tz&quot;, prefix),     iniGetString(ini, section, key, NULL, msg.msg_tz);
321     	snprintf(key, sizeof key, &quot;%s.msg_time&quot;, prefix),   msg.msg_time = iniGetDateTime(ini, section, key, 0);
322     	snprintf(key, sizeof key, &quot;%s.localtime&quot;, prefix),  msg.localtime = iniGetDateTime(ini, section, key, 0);
323     	snprintf(key, sizeof key, &quot;%s.length&quot;, prefix),     msg.length = (size_t)iniGetBytes(ini, section, key, 1, 0);
&gt;&gt;&gt;     CID 631071:           (OVERRUN)
&gt;&gt;&gt;     Overrunning array &quot;str&quot; of 128 bytes by passing it to a function which accesses it at byte offset 1023.
324     	snprintf(key, sizeof key, &quot;%s.origaddr&quot;, prefix),   iniGetString(ini, section, key, NULL, str);
325     	if (str[0])
326     		msg.origaddr = atofaddr(str);
327     	snprintf(key, sizeof key, &quot;%s.pkt_orig&quot;, prefix),   iniGetString(ini, section, key, NULL, str);
328     	if (str[0])
329     		msg.pkt_orig = atofaddr(str);

** CID 631070:       Memory - corruptions  (OVERRUN)


_____________________________________________________________________________________________
*** CID 631070:         Memory - corruptions  (OVERRUN)
/sbbsecho.c: 315             in parse_echostat_msg()
309     	char           str[128];
310     	char           key[128];
311     	echostat_msg_t msg = {{0}};
312
313     	snprintf(key, sizeof key, &quot;%s.to&quot;, prefix),         iniGetString(ini, section, key, NULL, msg.to);
314     	snprintf(key, sizeof key, &quot;%s.from&quot;, prefix),       iniGetString(ini, section, key, NULL, msg.from);
&gt;&gt;&gt;     CID 631070:         Memory - corruptions  (OVERRUN)
&gt;&gt;&gt;     Overrunning array &quot;msg.subj&quot; of 72 bytes by passing it to a function which accesses it at byte offset 1023.
315     	snprintf(key, sizeof key, &quot;%s.subj&quot;, prefix),       iniGetString(ini, section, key, NULL, msg.subj);
316     	snprintf(key, sizeof key, &quot;%s.msg_id&quot;, prefix),     iniGetString(ini, section, key, NULL, msg.msg_id);
317     	snprintf(key, sizeof key, &quot;%s.reply_id&quot;, prefix),   iniGetString(ini, section, key, NULL, msg.reply_id);
318     	snprintf(key, sizeof key, &quot;%s.pid&quot;, prefix),            iniGetString(ini, section, key, NULL, msg.pid);
319     	snprintf(key, sizeof key, &quot;%s.tid&quot;, prefix),            iniGetString(ini, section, key, NULL, msg.tid);
320     	snprintf(key, sizeof key, &quot;%s.msg_tz&quot;, prefix),     iniGetString(ini, section, key, NULL, msg.msg_tz);

** CID 631069:       Memory - corruptions  (OVERRUN)


_____________________________________________________________________________________________
*** CID 631069:         Memory - corruptions  (OVERRUN)
/sbbsecho.c: 318             in parse_echostat_msg()
312
313     	snprintf(key, sizeof key, &quot;%s.to&quot;, prefix),         iniGetString(ini, section, key, NULL, msg.to);
314     	snprintf(key, sizeof key, &quot;%s.from&quot;, prefix),       iniGetString(ini, section, key, NULL, msg.from);
315     	snprintf(key, sizeof key, &quot;%s.subj&quot;, prefix),       iniGetString(ini, section, key, NULL, msg.subj);
316     	snprintf(key, sizeof key, &quot;%s.msg_id&quot;, prefix),     iniGetString(ini, section, key, NULL, msg.msg_id);
317     	snprintf(key, sizeof key, &quot;%s.reply_id&quot;, prefix),   iniGetString(ini, section, key, NULL, msg.reply_id);
&gt;&gt;&gt;     CID 631069:         Memory - corruptions  (OVERRUN)
&gt;&gt;&gt;     Overrunning array &quot;msg.pid&quot; of 128 bytes by passing it to a function which accesses it at byte offset 1023.
318     	snprintf(key, sizeof key, &quot;%s.pid&quot;, prefix),            iniGetString(ini, section, key, NULL, msg.pid);
319     	snprintf(key, sizeof key, &quot;%s.tid&quot;, prefix),            iniGetString(ini, section, key, NULL, msg.tid);
320     	snprintf(key, sizeof key, &quot;%s.msg_tz&quot;, prefix),     iniGetString(ini, section, key, NULL, msg.msg_tz);
321     	snprintf(key, sizeof key, &quot;%s.msg_time&quot;, prefix),   msg.msg_time = iniGetDateTime(ini, section, key, 0);
322     	snprintf(key, sizeof key, &quot;%s.localtime&quot;, prefix),  msg.localtime = iniGetDateTime(ini, section, key, 0);
323     	snprintf(key, sizeof key, &quot;%s.length&quot;, prefix),     msg.length = (size_t)iniGetBytes(ini, section, key, 1, 0);

** CID 631068:       Memory - corruptions  (OVERRUN)


_____________________________________________________________________________________________
*** CID 631068:         Memory - corruptions  (OVERRUN)
/sbbsecho.c: 320             in parse_echostat_msg()
314     	snprintf(key, sizeof key, &quot;%s.from&quot;, prefix),       iniGetString(ini, section, key, NULL, msg.from);
315     	snprintf(key, sizeof key, &quot;%s.subj&quot;, prefix),       iniGetString(ini, section, key, NULL, msg.subj);
316     	snprintf(key, sizeof key, &quot;%s.msg_id&quot;, prefix),     iniGetString(ini, section, key, NULL, msg.msg_id);
317     	snprintf(key, sizeof key, &quot;%s.reply_id&quot;, prefix),   iniGetString(ini, section, key, NULL, msg.reply_id);
318     	snprintf(key, sizeof key, &quot;%s.pid&quot;, prefix),            iniGetString(ini, section, key, NULL, msg.pid);
319     	snprintf(key, sizeof key, &quot;%s.tid&quot;, prefix),            iniGetString(ini, section, key, NULL, msg.tid);
&gt;&gt;&gt;     CID 631068:         Memory - corruptions  (OVERRUN)
&gt;&gt;&gt;     Overrunning array &quot;msg.msg_tz&quot; of 128 bytes by passing it to a function which accesses it at byte offset 1023.
320     	snprintf(key, sizeof key, &quot;%s.msg_tz&quot;, prefix),     iniGetString(ini, section, key, NULL, msg.msg_tz);
321     	snprintf(key, sizeof key, &quot;%s.msg_time&quot;, prefix),   msg.msg_time = iniGetDateTime(ini, section, key, 0);
322     	snprintf(key, sizeof key, &quot;%s.localtime&quot;, prefix),  msg.localtime = iniGetDateTime(ini, section, key, 0);
323     	snprintf(key, sizeof key, &quot;%s.length&quot;, prefix),     msg.length = (size_t)iniGetBytes(ini, section, key, 1, 0);
324     	snprintf(key, sizeof key, &quot;%s.origaddr&quot;, prefix),   iniGetString(ini, section, key, NULL, str);
325     	if (str[0])

  </pre>

  <p>
    <a href="https://scan.coverity.com/projects/synchronet?tab=overview" class="button">View Defects in Coverity Scan</a>
  </p>

  <p>Best regards,</p>
  <p>The Coverity Scan Admin Team</p>
  <img class="logo" width="140" src="https://scan.coverity.com/assets/BlackDuckLogo-6697adc63e07340464201a2ad534d3d3e44f95d36edda20b140440d34f05372f.svg" />
</body>
</html>
----==_mimepart_68dd52075cd65_5ee032b4f2a4a99a44999--


---
 þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net

.