Subj : New Defects reported by Coverity Scan for Synchronet
To   : cov-scan@synchro.net
From : scan-admin@coverity.com
Date : Sun Jun 04 2023 12:43:02

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

6 new defect(s) introduced to Synchronet found with Coverity Scan.
9 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 6 of 6 defect(s)


** CID 462184:    (RESOURCE_LEAK)
/smbutil.c: 1166 in packmsgs()
/smbutil.c: 1161 in packmsgs()
/smbutil.c: 1249 in packmsgs()


________________________________________________________________________________________________________
*** CID 462184:    (RESOURCE_LEAK)
/smbutil.c: 1166 in packmsgs()
1160     	if(fread(&hdr,1,sizeof(smbhdr_t),smb.shd_fp) < 1)
1161     		return;
1162     	fwrite(&hdr,1,sizeof(smbhdr_t),tmp_shd);
1163     	fwrite(&(smb.status),1,sizeof(smbstatus_t),tmp_shd);
1164     	for(l=sizeof(smbhdr_t)+sizeof(smbstatus_t);l<smb.status.header_offset;l++) {
1165     		if(fread(&ch,1,1,smb.shd_fp) < 1)		/* copy additional base header records */
>>>     CID 462184:    (RESOURCE_LEAK)
>>>     Variable "datoffset" going out of scope leaks the storage it points to.
1166     			return;
1167     		fwrite(&ch,1,1,tmp_shd);
1168     	}
1169     	total=0;
1170     	for(l=0;l<smb.status.total_msgs;l++) {
1171     		ZERO_VAR(msg);
/smbutil.c: 1161 in packmsgs()
1155     		fclose(tmp_sid);
1156     		fprintf(errfp,"\n%s!Error allocating memory\n",beep);
1157     		return;
1158     	}
1159     	fseek(smb.shd_fp,0L,SEEK_SET);
1160     	if(fread(&hdr,1,sizeof(smbhdr_t),smb.shd_fp) < 1)
>>>     CID 462184:    (RESOURCE_LEAK)
>>>     Variable "datoffset" going out of scope leaks the storage it points to.
1161     		return;
1162     	fwrite(&hdr,1,sizeof(smbhdr_t),tmp_shd);
1163     	fwrite(&(smb.status),1,sizeof(smbstatus_t),tmp_shd);
1164     	for(l=sizeof(smbhdr_t)+sizeof(smbstatus_t);l<smb.status.header_offset;l++) {
1165     		if(fread(&ch,1,1,smb.shd_fp) < 1)		/* copy additional base header records */
1166     			return;
/smbutil.c: 1249 in packmsgs()
1243
1244     			/* Actually copy the data */
1245
1246     			n=smb_datblocks(m);
1247     			for(m=0;m<n;m++) {
1248     				if(fread(buf,1,SDT_BLOCK_LEN,smb.sdt_fp) < 1)
>>>     CID 462184:    (RESOURCE_LEAK)
>>>     Variable "datoffset" going out of scope leaks the storage it points to.
1249     					return;
1250     				if(!m && *(ushort *)buf!=XLAT_NONE && *(ushort *)buf!=XLAT_LZH) {
1251     					printf("\nUnsupported translation type (%04X)\n"
1252     						,*(ushort *)buf);
1253     					break;
1254     				}

** CID 462183:  Null pointer dereferences  (FORWARD_NULL)
/tmp/sbbs-Jun-04-2023/src/conio/x_cio.c: 564 in x_init()


________________________________________________________________________________________________________
*** CID 462183:  Null pointer dereferences  (FORWARD_NULL)
/tmp/sbbs-Jun-04-2023/src/conio/x_cio.c: 564 in x_init()
558     		xrender_found = false;
559     	}
560     #endif
561     #ifdef WITH_XINERAMA
562     	xinerama_found = true;
563     	if ((dl3 = xp_dlopen(libnames3,RTLD_LAZY,1)) == NULL) {
>>>     CID 462183:  Null pointer dereferences  (FORWARD_NULL)
>>>     Passing null pointer "dl3" to "dlclose", which dereferences it.
564     		xp_dlclose(dl3);
565     		xinerama_found = false;
566     	}
567     	if (xinerama_found && ((x11.XineramaQueryVersion = xp_dlsym(dl3, XineramaQueryVersion)) == NULL)) {
568     		xp_dlclose(dl3);
569     		xinerama_found = false;

** CID 462182:    (RESOURCE_LEAK)
/tmp/sbbs-Jun-04-2023/src/conio/x_cio.c: 619 in x_init()
/tmp/sbbs-Jun-04-2023/src/conio/x_cio.c: 608 in x_init()
/tmp/sbbs-Jun-04-2023/src/conio/x_cio.c: 613 in x_init()
/tmp/sbbs-Jun-04-2023/src/conio/x_cio.c: 626 in x_init()
/tmp/sbbs-Jun-04-2023/src/conio/x_cio.c: 647 in x_init()


________________________________________________________________________________________________________
*** CID 462182:    (RESOURCE_LEAK)
/tmp/sbbs-Jun-04-2023/src/conio/x_cio.c: 619 in x_init()
613     		return(-1);
614     	}
615     	if(sem_init(&init_complete, 0, 0)) {
616     		xp_dlclose(dl);
617     		sem_destroy(&pastebuf_set);
618     		sem_destroy(&pastebuf_used);
>>>     CID 462182:    (RESOURCE_LEAK)
>>>     Variable "dl4" going out of scope leaks the storage it points to.
619     		return(-1);
620     	}
621     	if(sem_init(&mode_set, 0, 0)) {
622     		xp_dlclose(dl);
623     		sem_destroy(&pastebuf_set);
624     		sem_destroy(&pastebuf_used);
/tmp/sbbs-Jun-04-2023/src/conio/x_cio.c: 608 in x_init()
602     #endif
603     	setlocale(LC_ALL, "");
604     	x11.XSetLocaleModifiers("@im=none");
605
606     	if(sem_init(&pastebuf_set, 0, 0)) {
607     		xp_dlclose(dl);
>>>     CID 462182:    (RESOURCE_LEAK)
>>>     Variable "dl4" going out of scope leaks the storage it points to.
608     		return(-1);
609     	}
610     	if(sem_init(&pastebuf_used, 0, 0)) {
611     		xp_dlclose(dl);
612     		sem_destroy(&pastebuf_set);
613     		return(-1);
/tmp/sbbs-Jun-04-2023/src/conio/x_cio.c: 613 in x_init()
607     		xp_dlclose(dl);
608     		return(-1);
609     	}
610     	if(sem_init(&pastebuf_used, 0, 0)) {
611     		xp_dlclose(dl);
612     		sem_destroy(&pastebuf_set);
>>>     CID 462182:    (RESOURCE_LEAK)
>>>     Variable "dl4" going out of scope leaks the storage it points to.
613     		return(-1);
614     	}
615     	if(sem_init(&init_complete, 0, 0)) {
616     		xp_dlclose(dl);
617     		sem_destroy(&pastebuf_set);
618     		sem_destroy(&pastebuf_used);
/tmp/sbbs-Jun-04-2023/src/conio/x_cio.c: 626 in x_init()
620     	}
621     	if(sem_init(&mode_set, 0, 0)) {
622     		xp_dlclose(dl);
623     		sem_destroy(&pastebuf_set);
624     		sem_destroy(&pastebuf_used);
625     		sem_destroy(&init_complete);
>>>     CID 462182:    (RESOURCE_LEAK)
>>>     Variable "dl4" going out of scope leaks the storage it points to.
626     		return(-1);
627     	}
628
629     	if(pthread_mutex_init(&copybuf_mutex, 0)) {
630     		xp_dlclose(dl);
631     		sem_destroy(&pastebuf_set);
/tmp/sbbs-Jun-04-2023/src/conio/x_cio.c: 647 in x_init()
641     		xp_dlclose(dl);
642     		sem_destroy(&pastebuf_set);
643     		sem_destroy(&pastebuf_used);
644     		sem_destroy(&init_complete);
645     		sem_destroy(&mode_set);
646     		pthread_mutex_destroy(&copybuf_mutex);
>>>     CID 462182:    (RESOURCE_LEAK)
>>>     Variable "dl4" going out of scope leaks the storage it points to.
647     		return(-1);
648     	}
649     	_beginthread(x11_mouse_thread,1<<16,NULL);
650     	cio_api.options |= CONIO_OPT_SET_TITLE | CONIO_OPT_SET_NAME | CONIO_OPT_SET_ICON;
651     	return(0);
652     }

** CID 462181:  Resource leaks  (RESOURCE_LEAK)
/tmp/sbbs-Jun-04-2023/src/conio/x_cio.c: 608 in x_init()


________________________________________________________________________________________________________
*** CID 462181:  Resource leaks  (RESOURCE_LEAK)
/tmp/sbbs-Jun-04-2023/src/conio/x_cio.c: 608 in x_init()
602     #endif
603     	setlocale(LC_ALL, "");
604     	x11.XSetLocaleModifiers("@im=none");
605
606     	if(sem_init(&pastebuf_set, 0, 0)) {
607     		xp_dlclose(dl);
>>>     CID 462181:  Resource leaks  (RESOURCE_LEAK)
>>>     Variable "dl3" going out of scope leaks the storage it points to.
608     		return(-1);
609     	}
610     	if(sem_init(&pastebuf_used, 0, 0)) {
611     		xp_dlclose(dl);
612     		sem_destroy(&pastebuf_set);
613     		return(-1);

** CID 462180:  Null pointer dereferences  (FORWARD_NULL)
/tmp/sbbs-Jun-04-2023/src/conio/x_cio.c: 579 in x_init()


________________________________________________________________________________________________________
*** CID 462180:  Null pointer dereferences  (FORWARD_NULL)
/tmp/sbbs-Jun-04-2023/src/conio/x_cio.c: 579 in x_init()
573     		xinerama_found = false;
574     	}
575     #endif
576     #ifdef WITH_XRANDR
577     	xrandr_found = true;
578     	if ((dl4 = xp_dlopen(libnames4,RTLD_LAZY,2)) == NULL) {
>>>     CID 462180:  Null pointer dereferences  (FORWARD_NULL)
>>>     Passing null pointer "dl4" to "dlclose", which dereferences it.
579     		xp_dlclose(dl4);
580     		xrandr_found = false;
581     	}
582     	if (xinerama_found && ((x11.XRRQueryVersion = xp_dlsym(dl4, XRRQueryVersion)) == NULL)) {
583     		xp_dlclose(dl4);
584     		xrandr_found = false;

** CID 462179:  Control flow issues  (DEADCODE)
/tmp/sbbs-Jun-04-2023/src/conio/x_events.c: 304 in fullscreen_geometry()


________________________________________________________________________________________________________
*** CID 462179:  Control flow issues  (DEADCODE)
/tmp/sbbs-Jun-04-2023/src/conio/x_events.c: 304 in fullscreen_geometry()
298     				*height = xrrci->height;
299     			if (xrrci != NULL)
300     				x11.XRRFreeCrtcInfo(xrrci);
301     			return true;
302     		}
303     		if (xrrci != NULL)
>>>     CID 462179:  Control flow issues  (DEADCODE)
>>>     Execution cannot reach this statement: "x11.XRRFreeCrtcInfo(xrrci);".
304     			x11.XRRFreeCrtcInfo(xrrci);
305     	}
306     #endif
307     #ifdef WITH_XINERAMA
308     	if (xinerama_found) {
309     		// NOTE: Xinerama is limited to a short for the entire screen dimensions.


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yp-2FP9gGRhvFklLaQKuBylUrkMFB3WMR2p7qIYKYTZrh4BbWTBf-2B-2Fi5ZUVF-2Fo-2B6flxo-3DlE0W_g4j7BHlu96plUOfCQsO0yRjoWZCZl8YGnZ-2FUtT39hrCCsYoL8-2BRAB8pSd-2BoykiJD4ftNgwReCmSBDHZUsIOaydl7n91VpHFpH-2B-2B6udD22Zx0rJjM18W-2BwzJlbPPHAhfNuJskDA1GbbK5bVcFums-2B-2FM-2F0YW6XnLxiKz5gFyKgOgNGYfroq20XOP9rDSr4aT-2Fr9-2BqXnGFlm6brcyj727rBsg-3D-3D


--- SBBSecho 3.20-Linux
 * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

.