Subj : New Defects reported by Coverity Scan for Synchronet To : cov-scan@synchro.net From : scan-admin@coverity.com Date : Fri Dec 30 2022 13:38:22 Hi, Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan. 37 new defect(s) introduced to Synchronet found with Coverity Scan. 24 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan. New defect(s) Reported-by: Coverity Scan Showing 20 of 37 defect(s) ** CID 433272: Code maintainability issues (UNUSED_VALUE) /useredit.cpp: 1039 in sbbs_t::maindflts(user_t *)() ________________________________________________________________________________________________________ *** CID 433272: Code maintainability issues (UNUSED_VALUE) /useredit.cpp: 1039 in sbbs_t::maindflts(user_t *)() 1033 putusermisc(user->number, user->misc); 1034 break; 1035 case 'W': 1036 if(!noyes(text[NewPasswordQ])) { 1037 bputs(text[CurrentPassword]); 1038 console|=CON_R_ECHOX; >>> CID 433272: Code maintainability issues (UNUSED_VALUE) >>> Assigning value from "(char)this->getstr(str, 40UL, 1L, NULL)" to "ch" here, but that stored value is overwritten before it can be used. 1039 ch=(char)getstr(str,LEN_PASS,K_UPPER); 1040 console&=~(CON_R_ECHOX|CON_L_ECHOX); 1041 if(sys_status&SS_ABORT) 1042 break; 1043 if(stricmp(str,user->pass)) { 1044 bputs(text[WrongPassword]); ** CID 433271: (RESOURCE_LEAK) /scfglib2.c: 658 in read_chat_cfg() /scfglib2.c: 759 in read_chat_cfg() /scfglib2.c: 679 in read_chat_cfg() /scfglib2.c: 687 in read_chat_cfg() /scfglib2.c: 651 in read_chat_cfg() /scfglib2.c: 718 in read_chat_cfg() /scfglib2.c: 752 in read_chat_cfg() /scfglib2.c: 725 in read_chat_cfg() ________________________________________________________________________________________________________ *** CID 433271: (RESOURCE_LEAK) /scfglib2.c: 658 in read_chat_cfg() 652 } else 653 cfg->guru=NULL; 654 655 for(uint i=0; itotal_gurus; i++) { 656 const char* name = list[i]; 657 if((cfg->guru[i]=(guru_t *)malloc(sizeof(guru_t)))==NULL) >>> CID 433271: (RESOURCE_LEAK) >>> Variable "sections" going out of scope leaks the storage it points to. 658 return allocerr(error, maxerrlen, fname, "guru", sizeof(guru_t)); 659 str_list_t section = iniGetParsedSection(sections, name, /* cut: */TRUE); 660 memset(cfg->guru[i],0,sizeof(guru_t)); 661 662 SAFECOPY(cfg->guru[i]->name, iniGetString(section, NULL, "name", name + 5, value)); 663 SAFECOPY(cfg->guru[i]->code, name + 5); /scfglib2.c: 759 in read_chat_cfg() 753 } else 754 cfg->page=NULL; 755 756 for(uint i=0; itotal_pages; i++) { 757 const char* name = list[i]; 758 if((cfg->page[i]=(page_t *)malloc(sizeof(page_t)))==NULL) >>> CID 433271: (RESOURCE_LEAK) >>> Variable "sections" going out of scope leaks the storage it points to. 759 return allocerr(error, maxerrlen, fname, "page", sizeof(page_t)); 760 str_list_t section = iniGetParsedSection(sections, name, /* cut: */TRUE); 761 memset(cfg->page[i],0,sizeof(page_t)); 762 763 SAFECOPY(cfg->page[i]->cmd, iniGetString(section, NULL, "cmd", "", value)); 764 /scfglib2.c: 679 in read_chat_cfg() 673 674 list = iniGetParsedSectionList(sections, "actions:"); 675 cfg->total_actsets = (uint16_t)strListCount(list); 676 677 if(cfg->total_actsets) { 678 if((cfg->actset=(actset_t **)malloc(sizeof(actset_t *)*cfg->total_actsets))==NULL) >>> CID 433271: (RESOURCE_LEAK) >>> Variable "sections" going out of scope leaks the storage it points to. 679 return allocerr(error, maxerrlen, fname, "actsets", sizeof(actset_t *)*cfg->total_actsets); 680 } else 681 cfg->actset=NULL; 682 683 cfg->total_chatacts = 0; 684 for(uint i=0; itotal_actsets; i++) { /scfglib2.c: 687 in read_chat_cfg() 681 cfg->actset=NULL; 682 683 cfg->total_chatacts = 0; 684 for(uint i=0; itotal_actsets; i++) { 685 const char* name = list[i]; 686 if((cfg->actset[i]=(actset_t *)malloc(sizeof(actset_t)))==NULL) >>> CID 433271: (RESOURCE_LEAK) >>> Variable "sections" going out of scope leaks the storage it points to. 687 return allocerr(error, maxerrlen, fname, "actset", sizeof(actset_t)); 688 str_list_t section = iniGetParsedSection(sections, name, /* cut: */TRUE); 689 SAFECOPY(cfg->actset[i]->name, name + 8); 690 str_list_t act_list = iniGetKeyList(section, NULL); 691 for(uint j = 0; act_list != NULL && act_list[j] != NULL; j++) { 692 chatact_t** np = realloc(cfg->chatact, sizeof(chatact_t *) * (cfg->total_chatacts + 1)); /scfglib2.c: 651 in read_chat_cfg() 645 646 str_list_t list = iniGetParsedSectionList(sections, "guru:"); 647 cfg->total_gurus = (uint16_t)strListCount(list); 648 649 if(cfg->total_gurus) { 650 if((cfg->guru=(guru_t **)malloc(sizeof(guru_t *)*cfg->total_gurus))==NULL) >>> CID 433271: (RESOURCE_LEAK) >>> Variable "sections" going out of scope leaks the storage it points to. 651 return allocerr(error, maxerrlen, fname, "gurus", sizeof(guru_t *)*cfg->total_gurus); 652 } else 653 cfg->guru=NULL; 654 655 for(uint i=0; itotal_gurus; i++) { 656 const char* name = list[i]; /scfglib2.c: 718 in read_chat_cfg() 712 713 list = iniGetParsedSectionList(sections, "chan:"); 714 cfg->total_chans = (uint16_t)strListCount(list); 715 716 if(cfg->total_chans) { 717 if((cfg->chan=(chan_t **)malloc(sizeof(chan_t *)*cfg->total_chans))==NULL) >>> CID 433271: (RESOURCE_LEAK) >>> Variable "sections" going out of scope leaks the storage it points to. 718 return allocerr(error, maxerrlen, fname, "chans", sizeof(chan_t *)*cfg->total_chans); 719 } else 720 cfg->chan=NULL; 721 722 for(uint i=0; itotal_chans; i++) { 723 const char* name = list[i]; /scfglib2.c: 752 in read_chat_cfg() 746 747 list = iniGetParsedSectionList(sections, "pager:"); 748 cfg->total_pages = (uint16_t)strListCount(list); 749 750 if(cfg->total_pages) { 751 if((cfg->page=(page_t **)malloc(sizeof(page_t *)*cfg->total_pages))==NULL) >>> CID 433271: (RESOURCE_LEAK) >>> Variable "sections" going out of scope leaks the storage it points to. 752 return allocerr(error, maxerrlen, fname, "pages", sizeof(page_t *)*cfg->total_pages); 753 } else 754 cfg->page=NULL; 755 756 for(uint i=0; itotal_pages; i++) { 757 const char* name = list[i]; /scfglib2.c: 725 in read_chat_cfg() 719 } else 720 cfg->chan=NULL; 721 722 for(uint i=0; itotal_chans; i++) { 723 const char* name = list[i]; 724 if((cfg->chan[i]=(chan_t *)malloc(sizeof(chan_t)))==NULL) >>> CID 433271: (RESOURCE_LEAK) >>> Variable "sections" going out of scope leaks the storage it points to. 725 return allocerr(error, maxerrlen, fname, "chan", sizeof(chan_t)); 726 str_list_t section = iniGetParsedSection(sections, name, /* cut: */TRUE); 727 memset(cfg->chan[i],0,sizeof(chan_t)); 728 729 cfg->chan[i]->actset = getchatactset(cfg, iniGetString(section, NULL, "actions", "", value)); 730 SAFECOPY(cfg->chan[i]->name, iniGetString(section, NULL, "name", "", value)); ** CID 433270: Null pointer dereferences (FORWARD_NULL) /scfglib1.c: 420 in read_msgs_cfg() ________________________________________________________________________________________________________ *** CID 433270: Null pointer dereferences (FORWARD_NULL) /scfglib1.c: 420 in read_msgs_cfg() 414 continue; 415 *p = '\0'; 416 char* code = p + 1; 417 int grpnum = getgrpnum_from_name(cfg, group); 418 if(!is_valid_grpnum(cfg, grpnum)) 419 continue; >>> CID 433270: Null pointer dereferences (FORWARD_NULL) >>> Dereferencing null pointer "cfg->sub". 420 if((cfg->sub[i]=(sub_t *)malloc(sizeof(sub_t)))==NULL) 421 return allocerr(error, maxerrlen, fname, "sub", sizeof(sub_t)); 422 section = iniGetParsedSection(sections, name, /* cut: */TRUE); 423 memset(cfg->sub[i],0,sizeof(sub_t)); 424 SAFECOPY(cfg->sub[i]->code_suffix, code); 425 ** CID 433269: Resource leaks (RESOURCE_LEAK) /scfglib2.c: 117 in read_file_cfg() ________________________________________________________________________________________________________ *** CID 433269: Resource leaks (RESOURCE_LEAK) /scfglib2.c: 117 in read_file_cfg() 111 return allocerr(error, maxerrlen, fname, "fcomps", sizeof(fcomp_t*)*cfg->total_fcomps); 112 } else 113 cfg->fcomp=NULL; 114 115 for(uint i=0; itotal_fcomps; i++) { 116 if((cfg->fcomp[i]=(fcomp_t *)malloc(sizeof(fcomp_t)))==NULL) >>> CID 433269: Resource leaks (RESOURCE_LEAK) >>> Variable "fcomp_list" going out of scope leaks the storage it points to. 117 return allocerr(error, maxerrlen, fname, "fcomp", sizeof(fcomp_t)); 118 str_list_t section = iniGetParsedSection(sections, fcomp_list[i], /* cut: */TRUE); 119 memset(cfg->fcomp[i],0,sizeof(fcomp_t)); 120 SAFECOPY(cfg->fcomp[i]->ext, iniGetString(section, NULL, "extension", "", value)); 121 SAFECOPY(cfg->fcomp[i]->cmd, iniGetString(section, NULL, "cmd", "", value)); 122 SAFECOPY(cfg->fcomp[i]->arstr, iniGetString(section, NULL, "ars", "", value)); ** CID 433268: Resource leaks (RESOURCE_LEAK) /scfglib2.c: 194 in read_file_cfg() ________________________________________________________________________________________________________ *** CID 433268: Resource leaks (RESOURCE_LEAK) /scfglib2.c: 194 in read_file_cfg() 188 return allocerr(error, maxerrlen, fname, "dlevents", sizeof(dlevent_t*)*cfg->total_dlevents); 189 } else 190 cfg->dlevent=NULL; 191 192 for(uint i=0; itotal_dlevents; i++) { 193 if((cfg->dlevent[i]=(dlevent_t *)malloc(sizeof(dlevent_t)))==NULL) >>> CID 433268: Resource leaks (RESOURCE_LEAK) >>> Variable "dlevent_list" going out of scope leaks the storage it points to. 194 return allocerr(error, maxerrlen, fname, "dlevent", sizeof(dlevent_t)); 195 str_list_t section = iniGetParsedSection(sections, dlevent_list[i], /* cut: */TRUE); 196 memset(cfg->dlevent[i],0,sizeof(dlevent_t)); 197 SAFECOPY(cfg->dlevent[i]->ext, iniGetString(section, NULL, "extension", "", value)); 198 SAFECOPY(cfg->dlevent[i]->cmd, iniGetString(section, NULL, "cmd", "", value)); 199 SAFECOPY(cfg->dlevent[i]->workstr, iniGetString(section, NULL, "working", "", value)); ** CID 433267: Control flow issues (DEADCODE) /mqtt.c: 41 in mqtt_init() ________________________________________________________________________________________________________ *** CID 433267: Control flow issues (DEADCODE) /mqtt.c: 41 in mqtt_init() 35 mqtt->host = host; 36 mqtt->server = server; 37 #ifdef USE_MOSQUITTO 38 return mosquitto_lib_init(); 39 #endif 40 } >>> CID 433267: Control flow issues (DEADCODE) >>> Execution cannot reach this statement: "return 100;". 41 return MQTT_FAILURE; 42 } 43 44 static char* format_topic(struct mqtt* mqtt, enum topic_depth depth, char* str, size_t size, const char* sbuf) 45 { 46 switch(depth) { ** CID 433266: (RESOURCE_LEAK) /scfglib1.c: 523 in read_msgs_cfg() /scfglib1.c: 381 in read_msgs_cfg() /scfglib1.c: 373 in read_msgs_cfg() ________________________________________________________________________________________________________ *** CID 433266: (RESOURCE_LEAK) /scfglib1.c: 523 in read_msgs_cfg() 517 cfg->qhub=NULL; 518 519 cfg->total_qhubs = 0; 520 for(uint i=0; qhub_list[i] != NULL; i++) { 521 const char* name = qhub_list[i]; 522 if((cfg->qhub[i]=(qhub_t *)malloc(sizeof(qhub_t)))==NULL) >>> CID 433266: (RESOURCE_LEAK) >>> Variable "sections" going out of scope leaks the storage it points to. 523 return allocerr(error, maxerrlen, fname, "qhub", sizeof(qhub_t)); 524 section = iniGetParsedSection(sections, name, /* cut: */TRUE); 525 memset(cfg->qhub[i],0,sizeof(qhub_t)); 526 527 SAFECOPY(cfg->qhub[i]->id, name + 5); 528 cfg->qhub[i]->time = iniGetShortInt(section, NULL, "time", 0); /scfglib1.c: 381 in read_msgs_cfg() 375 cfg->grp=NULL; 376 377 for(uint i=0; itotal_grps; i++) { 378 379 const char* name = grp_list[i]; 380 if((cfg->grp[i]=(grp_t *)malloc(sizeof(grp_t)))==NULL) >>> CID 433266: (RESOURCE_LEAK) >>> Variable "sections" going out of scope leaks the storage it points to. 381 return allocerr(error, maxerrlen, fname, "group", sizeof(grp_t)); 382 section = iniGetParsedSection(sections, name, /* cut: */TRUE); 383 memset(cfg->grp[i],0,sizeof(grp_t)); 384 SAFECOPY(cfg->grp[i]->sname, name + 4); 385 SAFECOPY(cfg->grp[i]->lname, iniGetString(section, NULL, "description", name + 4, value)); 386 SAFECOPY(cfg->grp[i]->code_prefix, iniGetString(section, NULL, "code_prefix", "", value)); /scfglib1.c: 373 in read_msgs_cfg() 367 368 str_list_t grp_list = iniGetParsedSectionList(sections, "grp:"); 369 cfg->total_grps = (uint16_t)strListCount(grp_list); 370 371 if(cfg->total_grps) { 372 if((cfg->grp=(grp_t **)malloc(sizeof(grp_t *)*cfg->total_grps))==NULL) >>> CID 433266: (RESOURCE_LEAK) >>> Variable "sections" going out of scope leaks the storage it points to. 373 return allocerr(error, maxerrlen, fname, "groups", sizeof(grp_t *)*cfg->total_grps); 374 } else 375 cfg->grp=NULL; 376 377 for(uint i=0; itotal_grps; i++) { 378 ** CID 433265: (RESOURCE_LEAK) /scfglib1.c: 381 in read_msgs_cfg() /scfglib1.c: 373 in read_msgs_cfg() ________________________________________________________________________________________________________ *** CID 433265: (RESOURCE_LEAK) /scfglib1.c: 381 in read_msgs_cfg() 375 cfg->grp=NULL; 376 377 for(uint i=0; itotal_grps; i++) { 378 379 const char* name = grp_list[i]; 380 if((cfg->grp[i]=(grp_t *)malloc(sizeof(grp_t)))==NULL) >>> CID 433265: (RESOURCE_LEAK) >>> Variable "grp_list" going out of scope leaks the storage it points to. 381 return allocerr(error, maxerrlen, fname, "group", sizeof(grp_t)); 382 section = iniGetParsedSection(sections, name, /* cut: */TRUE); 383 memset(cfg->grp[i],0,sizeof(grp_t)); 384 SAFECOPY(cfg->grp[i]->sname, name + 4); 385 SAFECOPY(cfg->grp[i]->lname, iniGetString(section, NULL, "description", name + 4, value)); 386 SAFECOPY(cfg->grp[i]->code_prefix, iniGetString(section, NULL, "code_prefix", "", value)); /scfglib1.c: 373 in read_msgs_cfg() 367 368 str_list_t grp_list = iniGetParsedSectionList(sections, "grp:"); 369 cfg->total_grps = (uint16_t)strListCount(grp_list); 370 371 if(cfg->total_grps) { 372 if((cfg->grp=(grp_t **)malloc(sizeof(grp_t *)*cfg->total_grps))==NULL) >>> CID 433265: (RESOURCE_LEAK) >>> Variable "grp_list" going out of scope leaks the storage it points to. 373 return allocerr(error, maxerrlen, fname, "groups", sizeof(grp_t *)*cfg->total_grps); 374 } else 375 cfg->grp=NULL; 376 377 for(uint i=0; itotal_grps; i++) { 378 ** CID 433264: Memory - corruptions (REVERSE_NEGATIVE) /main.cpp: 2347 in output_thread(void *)() ________________________________________________________________________________________________________ *** CID 433264: Memory - corruptions (REVERSE_NEGATIVE) /main.cpp: 2347 in output_thread(void *)() 2341 } 2342 } 2343 #endif 2344 sbbs->terminate_output_thread = false; 2345 2346 /* Note: do not terminate when online==FALSE, that is expected for the terminal server output_thread */ >>> CID 433264: Memory - corruptions (REVERSE_NEGATIVE) >>> You might be using variable "sbbs->client_socket" before verifying that it is >= 0. 2347 while (sbbs->client_socket != INVALID_SOCKET && !terminate_server && !sbbs->terminate_output_thread) { 2348 /* 2349 * I'd like to check the linear buffer against the highwater 2350 * at this point, but it would get too clumsy imho - Deuce 2351 * 2352 * Actually, another option would just be to have the size ** CID 433263: (RESOURCE_LEAK) /scfglib1.c: 548 in read_msgs_cfg() /scfglib1.c: 523 in read_msgs_cfg() /scfglib1.c: 515 in read_msgs_cfg() /scfglib1.c: 546 in read_msgs_cfg() ________________________________________________________________________________________________________ *** CID 433263: (RESOURCE_LEAK) /scfglib1.c: 548 in read_msgs_cfg() 542 if(k) { 543 if((cfg->qhub[i]->sub=(sub_t**)malloc(sizeof(sub_t*)*k))==NULL) 544 return allocerr(error, maxerrlen, fname, "qhub sub", sizeof(sub_t)*k); 545 if((cfg->qhub[i]->conf=(ushort *)malloc(sizeof(ushort)*k))==NULL) 546 return allocerr(error, maxerrlen, fname, "qhub conf", sizeof(ushort)*k); 547 if((cfg->qhub[i]->mode=(char *)malloc(sizeof(char)*k))==NULL) >>> CID 433263: (RESOURCE_LEAK) >>> Variable "qhub_list" going out of scope leaks the storage it points to. 548 return allocerr(error, maxerrlen, fname, "qhub mode", sizeof(uchar)*k); 549 } 550 551 for(uint j=0;jqhub=NULL; 518 519 cfg->total_qhubs = 0; 520 for(uint i=0; qhub_list[i] != NULL; i++) { 521 const char* name = qhub_list[i]; 522 if((cfg->qhub[i]=(qhub_t *)malloc(sizeof(qhub_t)))==NULL) >>> CID 433263: (RESOURCE_LEAK) >>> Variable "qhub_list" going out of scope leaks the storage it points to. 523 return allocerr(error, maxerrlen, fname, "qhub", sizeof(qhub_t)); 524 section = iniGetParsedSection(sections, name, /* cut: */TRUE); 525 memset(cfg->qhub[i],0,sizeof(qhub_t)); 526 527 SAFECOPY(cfg->qhub[i]->id, name + 5); 528 cfg->qhub[i]->time = iniGetShortInt(section, NULL, "time", 0); /scfglib1.c: 515 in read_msgs_cfg() 509 /**********/ 510 str_list_t qhub_list = iniGetParsedSectionList(sections, "qhub:"); 511 cfg->total_qhubs = (uint16_t)strListCount(qhub_list); 512 513 if(cfg->total_qhubs) { 514 if((cfg->qhub=(qhub_t **)malloc(sizeof(qhub_t *)*cfg->total_qhubs))==NULL) >>> CID 433263: (RESOURCE_LEAK) >>> Variable "qhub_list" going out of scope leaks the storage it points to. 515 return allocerr(error, maxerrlen, fname, "qhubs", sizeof(qhub_t*)*cfg->total_qhubs); 516 } else 517 cfg->qhub=NULL; 518 519 cfg->total_qhubs = 0; 520 for(uint i=0; qhub_list[i] != NULL; i++) { /scfglib1.c: 546 in read_msgs_cfg() 540 str_list_t qsub_list = iniGetParsedSectionList(sections, str); 541 uint k = strListCount(qsub_list); 542 if(k) { 543 if((cfg->qhub[i]->sub=(sub_t**)malloc(sizeof(sub_t*)*k))==NULL) 544 return allocerr(error, maxerrlen, fname, "qhub sub", sizeof(sub_t)*k); 545 if((cfg->qhub[i]->conf=(ushort *)malloc(sizeof(ushort)*k))==NULL) >>> CID 433263: (RESOURCE_LEAK) >>> Variable "qhub_list" going out of scope leaks the storage it points to. 546 return allocerr(error, maxerrlen, fname, "qhub conf", sizeof(ushort)*k); 547 if((cfg->qhub[i]->mode=(char *)malloc(sizeof(char)*k))==NULL) 548 return allocerr(error, maxerrlen, fname, "qhub mode", sizeof(uchar)*k); 549 } 550 551 for(uint j=0;j>> CID 433262: High impact quality (Y2K38_SAFETY) >>> A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "xpDateTime_to_localtime(dt)" is cast to "uint32_t". 1036 msg.hdr.when_written.time=(uint32_t)xpDateTime_to_localtime(dt); 1037 msg.hdr.when_written.zone=dt.zone; 1038 sscanf(p,"%*s %s",zone); 1039 if(zone[0]) 1040 msg.hdr.when_written.zone=(ushort)strtoul(zone,NULL,16); 1041 } ** CID 433261: (RESOURCE_LEAK) /scfglib2.c: 245 in read_file_cfg() /scfglib2.c: 252 in read_file_cfg() ________________________________________________________________________________________________________ *** CID 433261: (RESOURCE_LEAK) /scfglib2.c: 245 in read_file_cfg() 239 240 str_list_t lib_list = iniGetParsedSectionList(sections, "lib:"); 241 cfg->total_libs = (uint16_t)strListCount(lib_list); 242 243 if(cfg->total_libs) { 244 if((cfg->lib=(lib_t **)malloc(sizeof(lib_t *)*cfg->total_libs))==NULL) >>> CID 433261: (RESOURCE_LEAK) >>> Variable "lib_list" going out of scope leaks the storage it points to. 245 return allocerr(error, maxerrlen, fname, "libs", sizeof(lib_t *)*cfg->total_libs); 246 } else 247 cfg->lib=NULL; 248 249 for(uint i=0; itotal_libs; i++) { 250 char* name = lib_list[i]; /scfglib2.c: 252 in read_file_cfg() 246 } else 247 cfg->lib=NULL; 248 249 for(uint i=0; itotal_libs; i++) { 250 char* name = lib_list[i]; 251 if((cfg->lib[i]=(lib_t *)malloc(sizeof(lib_t)))==NULL) >>> CID 433261: (RESOURCE_LEAK) >>> Variable "lib_list" going out of scope leaks the storage it points to. 252 return allocerr(error, maxerrlen, fname, "lib", sizeof(lib_t)); 253 str_list_t section = iniGetParsedSection(sections, name, /* cut: */TRUE); 254 memset(cfg->lib[i],0,sizeof(lib_t)); 255 cfg->lib[i]->offline_dir=INVALID_DIR; 256 SAFECOPY(cfg->lib[i]->sname, name + 4); 257 SAFECOPY(cfg->lib[i]->lname, iniGetString(section, NULL, "description", name + 4, value)); ** CID 433260: (RESOURCE_LEAK) /scfglib1.c: 546 in read_msgs_cfg() /scfglib1.c: 548 in read_msgs_cfg() /scfglib1.c: 544 in read_msgs_cfg() ________________________________________________________________________________________________________ *** CID 433260: (RESOURCE_LEAK) /scfglib1.c: 546 in read_msgs_cfg() 540 str_list_t qsub_list = iniGetParsedSectionList(sections, str); 541 uint k = strListCount(qsub_list); 542 if(k) { 543 if((cfg->qhub[i]->sub=(sub_t**)malloc(sizeof(sub_t*)*k))==NULL) 544 return allocerr(error, maxerrlen, fname, "qhub sub", sizeof(sub_t)*k); 545 if((cfg->qhub[i]->conf=(ushort *)malloc(sizeof(ushort)*k))==NULL) >>> CID 433260: (RESOURCE_LEAK) >>> Variable "qsub_list" going out of scope leaks the storage it points to. 546 return allocerr(error, maxerrlen, fname, "qhub conf", sizeof(ushort)*k); 547 if((cfg->qhub[i]->mode=(char *)malloc(sizeof(char)*k))==NULL) 548 return allocerr(error, maxerrlen, fname, "qhub mode", sizeof(uchar)*k); 549 } 550 551 for(uint j=0;jqhub[i]->sub=(sub_t**)malloc(sizeof(sub_t*)*k))==NULL) 544 return allocerr(error, maxerrlen, fname, "qhub sub", sizeof(sub_t)*k); 545 if((cfg->qhub[i]->conf=(ushort *)malloc(sizeof(ushort)*k))==NULL) 546 return allocerr(error, maxerrlen, fname, "qhub conf", sizeof(ushort)*k); 547 if((cfg->qhub[i]->mode=(char *)malloc(sizeof(char)*k))==NULL) >>> CID 433260: (RESOURCE_LEAK) >>> Variable "qsub_list" going out of scope leaks the storage it points to. 548 return allocerr(error, maxerrlen, fname, "qhub mode", sizeof(uchar)*k); 549 } 550 551 for(uint j=0;jqhub[i]->id); 540 str_list_t qsub_list = iniGetParsedSectionList(sections, str); 541 uint k = strListCount(qsub_list); 542 if(k) { 543 if((cfg->qhub[i]->sub=(sub_t**)malloc(sizeof(sub_t*)*k))==NULL) >>> CID 433260: (RESOURCE_LEAK) >>> Variable "qsub_list" going out of scope leaks the storage it points to. 544 return allocerr(error, maxerrlen, fname, "qhub sub", sizeof(sub_t)*k); 545 if((cfg->qhub[i]->conf=(ushort *)malloc(sizeof(ushort)*k))==NULL) 546 return allocerr(error, maxerrlen, fname, "qhub conf", sizeof(ushort)*k); 547 if((cfg->qhub[i]->mode=(char *)malloc(sizeof(char)*k))==NULL) 548 return allocerr(error, maxerrlen, fname, "qhub mode", sizeof(uchar)*k); 549 } ** CID 433259: Resource leaks (RESOURCE_LEAK) /upgrade_to_v320.c: 463 in upgrade_users() ________________________________________________________________________________________________________ *** CID 433259: Resource leaks (RESOURCE_LEAK) /upgrade_to_v320.c: 463 in upgrade_users() 457 return false; 458 } 459 460 int file = v31x_openuserdat(&scfg, /* for_modify */FALSE); 461 if(file == -1) { 462 perror("user.dat"); >>> CID 433259: Resource leaks (RESOURCE_LEAK) >>> Variable "out" going out of scope leaks the storage it points to. 463 return false; 464 } 465 for(uint i = 1; i <= last; i++) { 466 user_t user; 467 ZERO_VAR(user); 468 user.number = i; ** CID 433258: (RESOURCE_LEAK) /scfglib2.c: 481 in read_xtrn_cfg() /scfglib2.c: 500 in read_xtrn_cfg() /scfglib2.c: 462 in read_xtrn_cfg() /scfglib2.c: 428 in read_xtrn_cfg() /scfglib2.c: 541 in read_xtrn_cfg() /scfglib2.c: 594 in read_xtrn_cfg() /scfglib2.c: 534 in read_xtrn_cfg() /scfglib2.c: 579 in read_xtrn_cfg() /scfglib2.c: 455 in read_xtrn_cfg() /scfglib2.c: 601 in read_xtrn_cfg() /scfglib2.c: 421 in read_xtrn_cfg() /scfglib2.c: 572 in read_xtrn_cfg() ________________________________________________________________________________________________________ *** CID 433258: (RESOURCE_LEAK) /scfglib2.c: 481 in read_xtrn_cfg() 475 476 list = iniGetParsedSectionList(sections, "prog:"); 477 cfg->total_xtrns = (uint16_t)strListCount(list); 478 479 if(cfg->total_xtrns) { 480 if((cfg->xtrn=(xtrn_t **)malloc(sizeof(xtrn_t *)*cfg->total_xtrns))==NULL) >>> CID 433258: (RESOURCE_LEAK) >>> Variable "list" going out of scope leaks the storage it points to. 481 return allocerr(error, maxerrlen, fname, "xtrns", sizeof(xtrn_t *)*cfg->total_xtrns); 482 } else 483 cfg->xtrn=NULL; 484 485 cfg->total_xtrns = 0; 486 for(uint i=0; list[i] != NULL; i++) { /scfglib2.c: 500 in read_xtrn_cfg() 494 char* code = p + 1; 495 int secnum = getxtrnsec(cfg, sec); 496 if(!is_valid_xtrnsec(cfg, secnum)) 497 continue; 498 499 if((cfg->xtrn[i]=(xtrn_t *)malloc(sizeof(xtrn_t)))==NULL) >>> CID 433258: (RESOURCE_LEAK) >>> Variable "list" going out of scope leaks the storage it points to. 500 return allocerr(error, maxerrlen, fname, "xtrn", sizeof(xtrn_t)); 501 str_list_t section = iniGetParsedSection(sections, name, /* cut: */TRUE); 502 memset(cfg->xtrn[i],0,sizeof(xtrn_t)); 503 cfg->xtrn[i]->sec = secnum; 504 505 SAFECOPY(cfg->xtrn[i]->name, iniGetString(section, NULL, "name", code, value)); /scfglib2.c: 462 in read_xtrn_cfg() 456 } else 457 cfg->xtrnsec=NULL; 458 459 for(uint i=0; itotal_xtrnsecs; i++) { 460 const char* name = list[i]; 461 if((cfg->xtrnsec[i]=(xtrnsec_t *)malloc(sizeof(xtrnsec_t)))==NULL) >>> CID 433258: (RESOURCE_LEAK) >>> Variable "list" going out of scope leaks the storage it points to. 462 return allocerr(error, maxerrlen, fname, "xtrnsec", sizeof(xtrnsec_t)); 463 str_list_t section = iniGetParsedSection(sections, name, /* cut: */TRUE); 464 memset(cfg->xtrnsec[i],0,sizeof(xtrnsec_t)); 465 SAFECOPY(cfg->xtrnsec[i]->code, name + 4); 466 SAFECOPY(cfg->xtrnsec[i]->name, iniGetString(section, NULL, "name", name + 4, value)); 467 SAFECOPY(cfg->xtrnsec[i]->arstr, iniGetString(section, NULL, "ars", "", value)); /scfglib2.c: 428 in read_xtrn_cfg() 422 } else 423 cfg->xedit=NULL; 424 425 for(uint i=0; itotal_xedits; i++) { 426 const char* name = list[i]; 427 if((cfg->xedit[i]=(xedit_t *)malloc(sizeof(xedit_t)))==NULL) >>> CID 433258: (RESOURCE_LEAK) >>> Variable "list" going out of scope leaks the storage it points to. 428 return allocerr(error, maxerrlen, fname, "xedit", sizeof(xedit_t)); 429 str_list_t section = iniGetParsedSection(sections, name, /* cut: */TRUE); 430 memset(cfg->xedit[i],0,sizeof(xedit_t)); 431 SAFECOPY(cfg->xedit[i]->code, name + 7); 432 SAFECOPY(cfg->xedit[i]->name, iniGetString(section, NULL, "name", name + 7, value)); 433 SAFECOPY(cfg->xedit[i]->rcmd, iniGetString(section, NULL, "cmd", "", value)); /scfglib2.c: 541 in read_xtrn_cfg() 535 } else 536 cfg->event=NULL; 537 538 for(uint i=0; itotal_events; i++) { 539 const char* name = list[i]; 540 if((cfg->event[i]=(event_t *)malloc(sizeof(event_t)))==NULL) >>> CID 433258: (RESOURCE_LEAK) >>> Variable "list" going out of scope leaks the storage it points to. 541 return allocerr(error, maxerrlen, fname, "event", sizeof(event_t)); 542 memset(cfg->event[i],0,sizeof(event_t)); 543 str_list_t section = iniGetParsedSection(sections, name, /* cut: */TRUE); 544 545 SAFECOPY(cfg->event[i]->code, name + 6); 546 SAFECOPY(cfg->event[i]->cmd, iniGetString(section, NULL, "cmd", "", value)); /scfglib2.c: 594 in read_xtrn_cfg() 588 589 list = iniGetParsedSectionList(sections, "hotkey:"); 590 cfg->total_hotkeys = (uint16_t)strListCount(list); 591 592 if(cfg->total_hotkeys) { 593 if((cfg->hotkey=(hotkey_t **)malloc(sizeof(hotkey_t *)*cfg->total_hotkeys))==NULL) >>> CID 433258: (RESOURCE_LEAK) >>> Variable "list" going out of scope leaks the storage it points to. 594 return allocerr(error, maxerrlen, fname, "hotkeys", sizeof(hotkey_t *)*cfg->total_hotkeys); 595 } else 596 cfg->hotkey=NULL; 597 598 for(uint i=0; itotal_hotkeys; i++) { 599 const char* section = list[i]; /scfglib2.c: 534 in read_xtrn_cfg() 528 529 list = iniGetParsedSectionList(sections, "event:"); 530 cfg->total_events = (uint16_t)strListCount(list); 531 532 if(cfg->total_events) { 533 if((cfg->event=(event_t **)malloc(sizeof(event_t *)*cfg->total_events))==NULL) >>> CID 433258: (RESOURCE_LEAK) >>> Variable "list" going out of scope leaks the storage it points to. 534 return allocerr(error, maxerrlen, fname, "events", sizeof(event_t *)*cfg->total_events); 535 } else 536 cfg->event=NULL; 537 538 for(uint i=0; itotal_events; i++) { 539 const char* name = list[i]; /scfglib2.c: 579 in read_xtrn_cfg() 573 } else 574 cfg->natvpgm=NULL; 575 576 for(uint i=0; itotal_natvpgms; i++) { 577 const char* name = list[i]; 578 if((cfg->natvpgm[i]=(natvpgm_t *)malloc(sizeof(natvpgm_t)))==NULL) >>> CID 433258: (RESOURCE_LEAK) >>> Variable "list" going out of scope leaks the storage it points to. 579 return allocerr(error, maxerrlen, fname, "natvpgm", sizeof(natvpgm_t)); 580 memset(cfg->natvpgm[i],0,sizeof(natvpgm_t)); 581 SAFECOPY(cfg->natvpgm[i]->name, name + 7); 582 } 583 iniFreeStringList(list); 584 /scfglib2.c: 455 in read_xtrn_cfg() 449 list = iniGetParsedSectionList(sections, "sec:"); 450 cfg->total_xtrnsecs = (uint16_t)strListCount(list); 451 452 if(cfg->total_xtrnsecs) { 453 if((cfg->xtrnsec=(xtrnsec_t **)malloc(sizeof(xtrnsec_t *)*cfg->total_xtrnsecs)) 454 ==NULL) >>> CID 433258: (RESOURCE_LEAK) >>> Variable "list" going out of scope leaks the storage it points to. 455 return allocerr(error, maxerrlen, fname, "xtrnsecs", sizeof(xtrnsec_t *)*cfg->total_xtrnsecs); 456 } else 457 cfg->xtrnsec=NULL; 458 459 for(uint i=0; itotal_xtrnsecs; i++) { 460 const char* name = list[i]; /scfglib2.c: 601 in read_xtrn_cfg() 595 } else 596 cfg->hotkey=NULL; 597 598 for(uint i=0; itotal_hotkeys; i++) { 599 const char* section = list[i]; 600 if((cfg->hotkey[i]=(hotkey_t *)malloc(sizeof(hotkey_t)))==NULL) >>> CID 433258: (RESOURCE_LEAK) >>> Variable "list" going out of scope leaks the storage it points to. 601 return allocerr(error, maxerrlen, fname, "hotkey", sizeof(hotkey_t)); 602 memset(cfg->hotkey[i],0,sizeof(hotkey_t)); 603 604 cfg->hotkey[i]->key = atoi(list[i] + 7); 605 SAFECOPY(cfg->hotkey[i]->cmd, iniGetString(ini, section, "cmd", "", value)); 606 } /scfglib2.c: 421 in read_xtrn_cfg() 415 416 str_list_t list = iniGetParsedSectionList(sections, "editor:"); 417 cfg->total_xedits = (uint16_t)strListCount(list); 418 419 if(cfg->total_xedits) { 420 if((cfg->xedit=(xedit_t **)malloc(sizeof(xedit_t *)*cfg->total_xedits))==NULL) >>> CID 433258: (RESOURCE_LEAK) >>> Variable "list" going out of scope leaks the storage it points to. 421 return allocerr(error, maxerrlen, fname, "xedits", sizeof(xedit_t *)*cfg->total_xedits); 422 } else 423 cfg->xedit=NULL; 424 425 for(uint i=0; itotal_xedits; i++) { 426 const char* name = list[i]; /scfglib2.c: 572 in read_xtrn_cfg() 566 567 list = iniGetParsedSectionList(sections, "native:"); 568 cfg->total_natvpgms = (uint16_t)strListCount(list); 569 570 if(cfg->total_natvpgms) { 571 if((cfg->natvpgm=(natvpgm_t **)malloc(sizeof(natvpgm_t *)*cfg->total_natvpgms))==NULL) >>> CID 433258: (RESOURCE_LEAK) >>> Variable "list" going out of scope leaks the storage it points to. 572 return allocerr(error, maxerrlen, fname, "natvpgms", sizeof(natvpgm_t *)*cfg->total_natvpgms); 573 } else 574 cfg->natvpgm=NULL; 575 576 for(uint i=0; itotal_natvpgms; i++) { 577 const char* name = list[i]; ** CID 433257: Null pointer dereferences (FORWARD_NULL) /scfglib2.c: 314 in read_file_cfg() ________________________________________________________________________________________________________ *** CID 433257: Null pointer dereferences (FORWARD_NULL) /scfglib2.c: 314 in read_file_cfg() 308 *p = '\0'; 309 char* code = p + 1; 310 int libnum = getlibnum_from_name(cfg, lib); 311 if(!is_valid_libnum(cfg, libnum)) 312 continue; 313 >>> CID 433257: Null pointer dereferences (FORWARD_NULL) >>> Dereferencing null pointer "cfg->dir". 314 if((cfg->dir[i]=(dir_t *)malloc(sizeof(dir_t)))==NULL) 315 return allocerr(error, maxerrlen, fname, "dir", sizeof(dir_t)); 316 str_list_t section = iniGetParsedSection(sections, name, /* cut: */TRUE); 317 memset(cfg->dir[i],0,sizeof(dir_t)); 318 SAFECOPY(cfg->dir[i]->code_suffix, code); 319 ** CID 433256: Memory - corruptions (REVERSE_NEGATIVE) /websrvr.c: 6401 in http_output_thread() ________________________________________________________________________________________________________ *** CID 433256: Memory - corruptions (REVERSE_NEGATIVE) /websrvr.c: 6401 in http_output_thread() 6395 #endif 6396 6397 /* 6398 * Do *not* exit on terminate_server... wait for session thread 6399 * to close the socket and set it to INVALID_SOCKET 6400 */ >>> CID 433256: Memory - corruptions (REVERSE_NEGATIVE) >>> You might be using variable "session->socket" before verifying that it is >= 0. 6401 while(session->socket!=INVALID_SOCKET) { 6402 6403 /* Wait for something to output in the RingBuffer */ 6404 if((avail=RingBufFull(obuf))==0) { /* empty */ 6405 if(WaitForEvent(obuf->data_event, 1000) != WAIT_OBJECT_0) 6406 continue; ** CID 433255: (RESOURCE_LEAK) /scfglib2.c: 296 in read_file_cfg() /scfglib2.c: 315 in read_file_cfg() ________________________________________________________________________________________________________ *** CID 433255: (RESOURCE_LEAK) /scfglib2.c: 296 in read_file_cfg() 290 cfg->sysop_dir=cfg->user_dir=cfg->upload_dir=INVALID_DIR; 291 str_list_t dir_list = iniGetParsedSectionList(sections, "dir:"); 292 cfg->total_dirs = (uint16_t)strListCount(dir_list); 293 294 if(cfg->total_dirs) { 295 if((cfg->dir=(dir_t **)malloc(sizeof(dir_t *)*(cfg->total_dirs+1)))==NULL) >>> CID 433255: (RESOURCE_LEAK) >>> Variable "dir_list" going out of scope leaks the storage it points to. 296 return allocerr(error, maxerrlen, fname, "dirs", sizeof(dir_t *)*(cfg->total_dirs+1)); 297 } else 298 cfg->dir=NULL; 299 300 cfg->total_dirs = 0; 301 for(uint i=0; dir_list[i] != NULL; i++) { /scfglib2.c: 315 in read_file_cfg() 309 char* code = p + 1; 310 int libnum = getlibnum_from_name(cfg, lib); 311 if(!is_valid_libnum(cfg, libnum)) 312 continue; 313 314 if((cfg->dir[i]=(dir_t *)malloc(sizeof(dir_t)))==NULL) >>> CID 433255: (RESOURCE_LEAK) >>> Variable "dir_list" going out of scope leaks the storage it points to. 315 return allocerr(error, maxerrlen, fname, "dir", sizeof(dir_t)); 316 str_list_t section = iniGetParsedSection(sections, name, /* cut: */TRUE); 317 memset(cfg->dir[i],0,sizeof(dir_t)); 318 SAFECOPY(cfg->dir[i]->code_suffix, code); 319 320 cfg->dir[i]->dirnum = i; ** CID 433254: Resource leaks (RESOURCE_LEAK) /scfglib2.c: 167 in read_file_cfg() ________________________________________________________________________________________________________ *** CID 433254: Resource leaks (RESOURCE_LEAK) /scfglib2.c: 167 in read_file_cfg() 161 return allocerr(error, maxerrlen, fname, "ftests", sizeof(ftest_t*)*cfg->total_ftests); 162 } else 163 cfg->ftest=NULL; 164 165 for(uint i=0; itotal_ftests; i++) { 166 if((cfg->ftest[i]=(ftest_t *)malloc(sizeof(ftest_t)))==NULL) >>> CID 433254: Resource leaks (RESOURCE_LEAK) >>> Variable "ftest_list" going out of scope leaks the storage it points to. 167 return allocerr(error, maxerrlen, fname, "ftest", sizeof(ftest_t)); 168 str_list_t section = iniGetParsedSection(sections, ftest_list[i], /* cut: */TRUE); 169 memset(cfg->ftest[i],0,sizeof(ftest_t)); 170 SAFECOPY(cfg->ftest[i]->ext, iniGetString(section, NULL, "extension", "", value)); 171 SAFECOPY(cfg->ftest[i]->cmd, iniGetString(section, NULL, "cmd", "", value)); 172 SAFECOPY(cfg->ftest[i]->workstr, iniGetString(section, NULL, "working", "", value)); ** CID 433253: High impact quality (Y2K38_SAFETY) /data_ovl.cpp: 85 in sbbs_t::putuserdatetime(int, user_field, long)() ________________________________________________________________________________________________________ *** CID 433253: High impact quality (Y2K38_SAFETY) /data_ovl.cpp: 85 in sbbs_t::putuserdatetime(int, user_field, long)() 79 } 80 return true; 81 } 82 83 bool sbbs_t::putuserdatetime(int usernumber, enum user_field fnum, time_t t) 84 { >>> CID 433253: High impact quality (Y2K38_SAFETY) >>> A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "t" is cast to "time32_t". 85 int result = ::putuserdatetime(&cfg, usernumber, fnum, (time32_t)t); 86 if(result != 0) { 87 errormsg(WHERE, ERR_WRITE, USER_DATA_FILENAME, result); 88 return false; 89 } 90 return true; ________________________________________________________________________________________________________ To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yp-2FP9gGRhvFklLaQKuBylUrkMFB3WMR2p7qIYKYTZrh4BbWTBf-2B-2Fi5ZUVF-2Fo-2B6flxo-3DKDXB_g4j7BHlu96plUOfCQsO0yRjoWZCZl8YGnZ-2FUtT39hrDurF1YI6zrehre-2ByboPjRtzp0Uy9HxsPpEX6zuOHgkysGkYAIhBrTkr4fuqAJ-2FB9iKqhkl3PBoU8Vxw9H0mOzOUPRQ8hRzN0dT2QpcICdfJX0ngV6zwPKV-2B-2BuWPoh6viSCOhOEjV9OKJBVoKjy1pwkvK0uVxvk593QiNyE8GHMjw-3D-3D --- SBBSecho 3.20-Linux * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705) .