Subj : New Defects reported by Coverity Scan for Synchronet To : cov-scan@synchro.net From : scan-admin@coverity.com Date : Sun Mar 05 2023 13:47:46 Hi, Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan. 2 new defect(s) introduced to Synchronet found with Coverity Scan. 1 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan. New defect(s) Reported-by: Coverity Scan Showing 2 of 2 defect(s) ** CID 446269: Error handling issues (CHECKED_RETURN) /download.cpp: 118 in sbbs_t::protocol(prot_t *, XFER_TYPE, const char *, const char *, bool, bool, long *)() ________________________________________________________________________________________________________ *** CID 446269: Error handling issues (CHECKED_RETURN) /download.cpp: 118 in sbbs_t::protocol(prot_t *, XFER_TYPE, const char *, const char *, bool, bool, long *)() 112 char msg[256]; 113 int i; 114 long ex_mode; 115 FILE* stream; 116 117 SAFEPRINTF(protlog,"%sPROTOCOL.LOG",cfg.node_dir); >>> CID 446269: Error handling issues (CHECKED_RETURN) >>> Calling "remove(protlog)" without checking return value. This library function may fail and return an error code. 118 remove(protlog); /* Deletes the protocol log */ 119 autohang=false; 120 if(autohangup) { 121 if(useron.misc&AUTOHANG) 122 autohang=true; 123 else if(text[HangUpAfterXferQ][0]) ** CID 446268: High impact quality (Y2K38_SAFETY) /download.cpp: 75 in sbbs_t::notdownloaded(long, long)() ________________________________________________________________________________________________________ *** CID 446268: High impact quality (Y2K38_SAFETY) /download.cpp: 75 in sbbs_t::notdownloaded(long, long)() 69 /****************************************************************************/ 70 void sbbs_t::notdownloaded(off_t size, time_t elapsed) 71 { 72 char str[256],tmp2[256]; 73 char tmp[512]; 74 >>> CID 446268: High impact quality (Y2K38_SAFETY) >>> A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "elapsed" is cast to "uint". 75 SAFEPRINTF2(str,"Estimated Time: %s Transfer Time: %s" 76 ,sectostr(cur_cps ? (uint)(size/cur_cps) : 0,tmp) 77 ,sectostr((uint)(elapsed),tmp2)); 78 logline(nulstr,str); 79 if(cfg.leech_pct && cur_cps /* leech detection */ 80 && elapsed>=cfg.leech_sec ________________________________________________________________________________________________________ To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yp-2FP9gGRhvFklLaQKuBylUrkMFB3WMR2p7qIYKYTZrh4BbWTBf-2B-2Fi5ZUVF-2Fo-2B6flxo-3D0CIb_g4j7BHlu96plUOfCQsO0yRjoWZCZl8YGnZ-2FUtT39hrDsLibgv2fl5LZs5fAQNGsZiCzF58zgFnZOT-2BlAwIBwcfoIFtkbk55EV3j6VxmkZw2I9Fj-2BLI35zSUrIN0KShaRGuiHzricb5Wsx-2BB-2BhnhGtOrWPGOz2109TMcJgLBqc5aFWaJOutaTnzR1bYeWA4E8s00cQ8HSd2ZyQUokgP9TtQ-3D-3D --- SBBSecho 3.20-Linux * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705) .