Subj : New Defects reported by Coverity Scan for Synchronet
To   : cov-scan@synchro.net
From : scan-admin@coverity.com
Date : Fri Feb 09 2024 13:39:53

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

1 new defect(s) introduced to Synchronet found with Coverity Scan.
2 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 1 of 1 defect(s)


** CID 486276:    (USE_AFTER_FREE)
/tmp/sbbs-Feb-09-2024/src/xpdev/xpprintf.c: 1378 in xp_vasprintf()
/tmp/sbbs-Feb-09-2024/src/xpdev/xpprintf.c: 1378 in xp_vasprintf()
/tmp/sbbs-Feb-09-2024/src/xpdev/xpprintf.c: 1378 in xp_vasprintf()
/tmp/sbbs-Feb-09-2024/src/xpdev/xpprintf.c: 1378 in xp_vasprintf()
/tmp/sbbs-Feb-09-2024/src/xpdev/xpprintf.c: 1378 in xp_vasprintf()
/tmp/sbbs-Feb-09-2024/src/xpdev/xpprintf.c: 1378 in xp_vasprintf()
/tmp/sbbs-Feb-09-2024/src/xpdev/xpprintf.c: 1378 in xp_vasprintf()
/tmp/sbbs-Feb-09-2024/src/xpdev/xpprintf.c: 1378 in xp_vasprintf()
/tmp/sbbs-Feb-09-2024/src/xpdev/xpprintf.c: 1378 in xp_vasprintf()
/tmp/sbbs-Feb-09-2024/src/xpdev/xpprintf.c: 1378 in xp_vasprintf()
/tmp/sbbs-Feb-09-2024/src/xpdev/xpprintf.c: 1378 in xp_vasprintf()
/tmp/sbbs-Feb-09-2024/src/xpdev/xpprintf.c: 1378 in xp_vasprintf()
/tmp/sbbs-Feb-09-2024/src/xpdev/xpprintf.c: 1378 in xp_vasprintf()
/tmp/sbbs-Feb-09-2024/src/xpdev/xpprintf.c: 1378 in xp_vasprintf()
/tmp/sbbs-Feb-09-2024/src/xpdev/xpprintf.c: 1378 in xp_vasprintf()


________________________________________________________________________________________________________
*** CID 486276:    (USE_AFTER_FREE)
/tmp/sbbs-Feb-09-2024/src/xpdev/xpprintf.c: 1378 in xp_vasprintf()
1372     				break;
1373     			case XP_PRINTF_TYPE_SIZET:
1374     				next=xp_asprintf_next(working, type, va_arg(va, size_t));
1375     				break;
1376     		}
1377     		if(next==NULL) {
>>>     CID 486276:    (USE_AFTER_FREE)
>>>     Calling "free" frees pointer "working" which has already been freed.
1378     			free(working);
1379     			return(NULL);
1380     		}
1381     		working=next;
1382     	}
1383     	next=xp_asprintf_end(working, NULL);
/tmp/sbbs-Feb-09-2024/src/xpdev/xpprintf.c: 1378 in xp_vasprintf()
1372     				break;
1373     			case XP_PRINTF_TYPE_SIZET:
1374     				next=xp_asprintf_next(working, type, va_arg(va, size_t));
1375     				break;
1376     		}
1377     		if(next==NULL) {
>>>     CID 486276:    (USE_AFTER_FREE)
>>>     Calling "free" frees pointer "working" which has already been freed.
1378     			free(working);
1379     			return(NULL);
1380     		}
1381     		working=next;
1382     	}
1383     	next=xp_asprintf_end(working, NULL);
/tmp/sbbs-Feb-09-2024/src/xpdev/xpprintf.c: 1378 in xp_vasprintf()
1372     				break;
1373     			case XP_PRINTF_TYPE_SIZET:
1374     				next=xp_asprintf_next(working, type, va_arg(va, size_t));
1375     				break;
1376     		}
1377     		if(next==NULL) {
>>>     CID 486276:    (USE_AFTER_FREE)
>>>     Calling "free" frees pointer "working" which has already been freed.
1378     			free(working);
1379     			return(NULL);
1380     		}
1381     		working=next;
1382     	}
1383     	next=xp_asprintf_end(working, NULL);
/tmp/sbbs-Feb-09-2024/src/xpdev/xpprintf.c: 1378 in xp_vasprintf()
1372     				break;
1373     			case XP_PRINTF_TYPE_SIZET:
1374     				next=xp_asprintf_next(working, type, va_arg(va, size_t));
1375     				break;
1376     		}
1377     		if(next==NULL) {
>>>     CID 486276:    (USE_AFTER_FREE)
>>>     Calling "free" frees pointer "working" which has already been freed.
1378     			free(working);
1379     			return(NULL);
1380     		}
1381     		working=next;
1382     	}
1383     	next=xp_asprintf_end(working, NULL);
/tmp/sbbs-Feb-09-2024/src/xpdev/xpprintf.c: 1378 in xp_vasprintf()
1372     				break;
1373     			case XP_PRINTF_TYPE_SIZET:
1374     				next=xp_asprintf_next(working, type, va_arg(va, size_t));
1375     				break;
1376     		}
1377     		if(next==NULL) {
>>>     CID 486276:    (USE_AFTER_FREE)
>>>     Calling "free" frees pointer "working" which has already been freed.
1378     			free(working);
1379     			return(NULL);
1380     		}
1381     		working=next;
1382     	}
1383     	next=xp_asprintf_end(working, NULL);
/tmp/sbbs-Feb-09-2024/src/xpdev/xpprintf.c: 1378 in xp_vasprintf()
1372     				break;
1373     			case XP_PRINTF_TYPE_SIZET:
1374     				next=xp_asprintf_next(working, type, va_arg(va, size_t));
1375     				break;
1376     		}
1377     		if(next==NULL) {
>>>     CID 486276:    (USE_AFTER_FREE)
>>>     Calling "free" frees pointer "working" which has already been freed.
1378     			free(working);
1379     			return(NULL);
1380     		}
1381     		working=next;
1382     	}
1383     	next=xp_asprintf_end(working, NULL);
/tmp/sbbs-Feb-09-2024/src/xpdev/xpprintf.c: 1378 in xp_vasprintf()
1372     				break;
1373     			case XP_PRINTF_TYPE_SIZET:
1374     				next=xp_asprintf_next(working, type, va_arg(va, size_t));
1375     				break;
1376     		}
1377     		if(next==NULL) {
>>>     CID 486276:    (USE_AFTER_FREE)
>>>     Calling "free" frees pointer "working" which has already been freed.
1378     			free(working);
1379     			return(NULL);
1380     		}
1381     		working=next;
1382     	}
1383     	next=xp_asprintf_end(working, NULL);
/tmp/sbbs-Feb-09-2024/src/xpdev/xpprintf.c: 1378 in xp_vasprintf()
1372     				break;
1373     			case XP_PRINTF_TYPE_SIZET:
1374     				next=xp_asprintf_next(working, type, va_arg(va, size_t));
1375     				break;
1376     		}
1377     		if(next==NULL) {
>>>     CID 486276:    (USE_AFTER_FREE)
>>>     Calling "free" frees pointer "working" which has already been freed.
1378     			free(working);
1379     			return(NULL);
1380     		}
1381     		working=next;
1382     	}
1383     	next=xp_asprintf_end(working, NULL);
/tmp/sbbs-Feb-09-2024/src/xpdev/xpprintf.c: 1378 in xp_vasprintf()
1372     				break;
1373     			case XP_PRINTF_TYPE_SIZET:
1374     				next=xp_asprintf_next(working, type, va_arg(va, size_t));
1375     				break;
1376     		}
1377     		if(next==NULL) {
>>>     CID 486276:    (USE_AFTER_FREE)
>>>     Calling "free" frees pointer "working" which has already been freed.
1378     			free(working);
1379     			return(NULL);
1380     		}
1381     		working=next;
1382     	}
1383     	next=xp_asprintf_end(working, NULL);
/tmp/sbbs-Feb-09-2024/src/xpdev/xpprintf.c: 1378 in xp_vasprintf()
1372     				break;
1373     			case XP_PRINTF_TYPE_SIZET:
1374     				next=xp_asprintf_next(working, type, va_arg(va, size_t));
1375     				break;
1376     		}
1377     		if(next==NULL) {
>>>     CID 486276:    (USE_AFTER_FREE)
>>>     Calling "free" frees pointer "working" which has already been freed.
1378     			free(working);
1379     			return(NULL);
1380     		}
1381     		working=next;
1382     	}
1383     	next=xp_asprintf_end(working, NULL);
/tmp/sbbs-Feb-09-2024/src/xpdev/xpprintf.c: 1378 in xp_vasprintf()
1372     				break;
1373     			case XP_PRINTF_TYPE_SIZET:
1374     				next=xp_asprintf_next(working, type, va_arg(va, size_t));
1375     				break;
1376     		}
1377     		if(next==NULL) {
>>>     CID 486276:    (USE_AFTER_FREE)
>>>     Calling "free" frees pointer "working" which has already been freed.
1378     			free(working);
1379     			return(NULL);
1380     		}
1381     		working=next;
1382     	}
1383     	next=xp_asprintf_end(working, NULL);
/tmp/sbbs-Feb-09-2024/src/xpdev/xpprintf.c: 1378 in xp_vasprintf()
1372     				break;
1373     			case XP_PRINTF_TYPE_SIZET:
1374     				next=xp_asprintf_next(working, type, va_arg(va, size_t));
1375     				break;
1376     		}
1377     		if(next==NULL) {
>>>     CID 486276:    (USE_AFTER_FREE)
>>>     Calling "free" frees pointer "working" which has already been freed.
1378     			free(working);
1379     			return(NULL);
1380     		}
1381     		working=next;
1382     	}
1383     	next=xp_asprintf_end(working, NULL);
/tmp/sbbs-Feb-09-2024/src/xpdev/xpprintf.c: 1378 in xp_vasprintf()
1372     				break;
1373     			case XP_PRINTF_TYPE_SIZET:
1374     				next=xp_asprintf_next(working, type, va_arg(va, size_t));
1375     				break;
1376     		}
1377     		if(next==NULL) {
>>>     CID 486276:    (USE_AFTER_FREE)
>>>     Calling "free" frees pointer "working" which has already been freed.
1378     			free(working);
1379     			return(NULL);
1380     		}
1381     		working=next;
1382     	}
1383     	next=xp_asprintf_end(working, NULL);
/tmp/sbbs-Feb-09-2024/src/xpdev/xpprintf.c: 1378 in xp_vasprintf()
1372     				break;
1373     			case XP_PRINTF_TYPE_SIZET:
1374     				next=xp_asprintf_next(working, type, va_arg(va, size_t));
1375     				break;
1376     		}
1377     		if(next==NULL) {
>>>     CID 486276:    (USE_AFTER_FREE)
>>>     Calling "free" frees pointer "working" which has already been freed.
1378     			free(working);
1379     			return(NULL);
1380     		}
1381     		working=next;
1382     	}
1383     	next=xp_asprintf_end(working, NULL);
/tmp/sbbs-Feb-09-2024/src/xpdev/xpprintf.c: 1378 in xp_vasprintf()
1372     				break;
1373     			case XP_PRINTF_TYPE_SIZET:
1374     				next=xp_asprintf_next(working, type, va_arg(va, size_t));
1375     				break;
1376     		}
1377     		if(next==NULL) {
>>>     CID 486276:    (USE_AFTER_FREE)
>>>     Calling "free" frees pointer "working" which has already been freed.
1378     			free(working);
1379     			return(NULL);
1380     		}
1381     		working=next;
1382     	}
1383     	next=xp_asprintf_end(working, NULL);


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yp-2FP9gGRhvFklLaQKuBylUrkMFB3WMR2p7qIYKYTZrh4E6fW2ok94RcmG1J20ETIf4-3DIHvH_g4j7BHlu96plUOfCQsO0yRjoWZCZl8YGnZ-2FUtT39hrCP2NMkGTJz9ej0zbFZSaut2su5O4d-2FdeN5YNfhO3vr5iN7SLkyWMmA-2BkVBoBNMCMtjp4F5UOP3BhPg-2B0yHPx-2BA66plmcHqc3TbhObiquLp-2FeS-2BJifVzCXGlHdvyg4PHEaoR6LUO7c-2FqTSbtEkku9P0EYfxZeeo5KgjMqT4aVuFYw-3D-3D


--- SBBSecho 3.20-Linux
 * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

.