Subj : New Defects reported by Coverity Scan for Synchronet
To   : cov-scan@synchro.net
From : scan-admin@coverity.com
Date : Fri Dec 20 2024 13:38:55

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

1 new defect(s) introduced to Synchronet found with Coverity Scan.
3 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 1 of 1 defect(s)


** CID 516431:  Incorrect expression  (EVALUATION_ORDER)
/scfg/scfgsys.c: 1740 in sys_cfg()


________________________________________________________________________________________________________
*** CID 516431:  Incorrect expression  (EVALUATION_ORDER)
/scfg/scfgsys.c: 1740 in sys_cfg()
1734     	char sys_pass[sizeof(cfg.sys_pass)];
1735     	SAFECOPY(sys_pass, cfg.sys_pass);
1736     	while(1) {
1737     		i=0;
1738     		snprintf(opt[i++],MAX_OPLN,"%-20s%s","BBS Name",cfg.sys_name);
1739     		snprintf(opt[i++],MAX_OPLN,"%-20s%s","Location",cfg.sys_location);
>>>     CID 516431:  Incorrect expression  (EVALUATION_ORDER)
>>>     In argument #6 of "safe_snprintf(opt[i++], 75UL, "%-20s%s%s %s", "Local Time Zone", ((cfg.sys_timezone == -1) ? "Auto: " : ""), smb_zonestr(sys_timezone(&cfg), NULL), ((!(cfg.sys_timezone <= 1000 && cfg.sys_timezone >= -1000) && (cfg.sys_timezone & 0xc000 || cfg.sys_timezone == 4096 || cfg.sys_timezone == 4156 || cfg.sys_timezone == 4216 || cfg.sys_timezone == 4816 || cfg.sys_timezone == 4696 || cfg.sys_timezone == 4666) && cfg.sys_misc & 0x4000U) ? "(Auto-DST)" : ""))", a call is made to "sys_timezone(&cfg)".  In argument #1 of this function, the object "cfg.sys_timezone" is modified.  This object is also used in "(cfg.sys_timezone == -1) ? "Auto: " : """, the argument #5 of the outer function call.  The order in which these arguments are evaluated is not specified, and will vary between platforms.
1740     		snprintf(opt[i++],MAX_OPLN,"%-20s%s%s %s","Local Time Zone"
1741     			,cfg.sys_timezone == SYS_TIMEZONE_AUTO ? "Auto: " : ""
1742     			,smb_zonestr(sys_timezone(&cfg),NULL)
1743     			,SMB_TZ_HAS_DST(cfg.sys_timezone) && cfg.sys_misc&SM_AUTO_DST ? "(Auto-DST)" : "");
1744     		snprintf(opt[i++],MAX_OPLN,"%-20s%s (e.g. %s)","Short Date Format"
1745     			,date_format(&cfg, str, sizeof str)


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=u001.AxU2LYlgjL6eX23u9ErQy-2BKADyCpvUKOL6EWmZljiu4gdQbQRNsarCbK0jIoVQSWT2zCPijRqaed4AhLiEI9Z7MR9SJQ09ot5XPbn9SW-2F14-3Du0AK_7FYjIqE8olEh4k02KWtt1r1LGSyuXVEtCuKuJCXgAQZX-2BkC2-2BAZJhPPYfXPDeIQ-2B4YvLEfkbd-2Bd6D-2Bq6Hgb3A8yT9nXPdJTazBcJukBEh03pJKxvVooRsB2exFituB7-2FZiW-2B-2FFf3SbStI-2Fat2UXSZKXBODkmruS46NddedKGixq1GgfIg-2BgPQfkssXqpoMR-2BzxwZcTjLKvzCO0Vk2ny9Gw-3D-3D



---
 þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net

.