Subj : New Defects reported by Coverity Scan for Synchronet To : cov-scan@synchro.net From : scan-admin@coverity.com Date : Sat Sep 14 2024 12:40:31 Hi, Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan. 5 new defect(s) introduced to Synchronet found with Coverity Scan. 2 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan. New defect(s) Reported-by: Coverity Scan Showing 5 of 5 defect(s) ** CID 509555: Null pointer dereferences (FORWARD_NULL) /js_filebase.c: 1307 in js_update_file() ________________________________________________________________________________________________________ *** CID 509555: Null pointer dereferences (FORWARD_NULL) /js_filebase.c: 1307 in js_update_file() 1301 char* extdesc = NULL; 1302 char* auxdata = NULL; 1303 rc=JS_SUSPENDREQUEST(cx); 1304 if(filename != NULL && fileobj != NULL 1305 && (p->smb_result = smb_loadfile(&p->smb, filename, &file, file_detail_extdesc)) == SMB_SUCCESS) { 1306 p->smb_result = parse_file_properties(cx, fileobj, &file, &extdesc, &auxdata); >>> CID 509555: Null pointer dereferences (FORWARD_NULL) >>> Passing null pointer "file.name" to "strcmp", which dereferences it. 1307 if(p->smb_result == SMB_SUCCESS 1308 && strcmp(filename, file.name) != 0 && smb_findfile(&p->smb, file.name, NULL) == SMB_SUCCESS) { 1309 JS_ReportError(cx, "file (%s) already exists in base", file.name); 1310 p->smb_result = SMB_DUPE_MSG; 1311 } 1312 if(p->smb_result == SMB_SUCCESS ** CID 509554: Memory - illegal accesses (STRING_NULL) /smbutil.c: 633 in dumpindex() ________________________________________________________________________________________________________ *** CID 509554: Memory - illegal accesses (STRING_NULL) /smbutil.c: 633 in dumpindex() 627 ,xpDate_to_isoDateStr(time_to_xpDate(idx.time), "-", tmp, sizeof(tmp))); 628 if(smb_msg_type(idx.attr) == SMB_MSG_TYPE_FILE && idxreclen == sizeof(fileidxrec_t)) { 629 fileidxrec_t fidx; 630 fseek(smb.sid_fp,((start-1L) + l) * idxreclen,SEEK_SET); 631 if(!fread(&fidx,sizeof(fidx),1,smb.sid_fp)) 632 break; >>> CID 509554: Memory - illegal accesses (STRING_NULL) >>> Passing unterminated string "fidx.name" to "printf", which expects a null-terminated string. [Note: The source code implementation of the function has been overridden by a builtin model.] 633 printf(" %02X %.*s", fidx.hash.flags, (int)sizeof(fidx.name), fidx.name); 634 } 635 printf("\n"); 636 l++; 637 } 638 } ** CID 509553: Control flow issues (NESTING_INDENT_MISMATCH) /js_filebase.c: 1335 in js_update_file() ________________________________________________________________________________________________________ *** CID 509553: Control flow issues (NESTING_INDENT_MISMATCH) /js_filebase.c: 1335 in js_update_file() 1329 } else { 1330 if(file.extdesc != NULL) 1331 truncsp(file.extdesc); 1332 if(!readd_always && strcmp(extdesc ? extdesc : "", file.extdesc ? file.extdesc : "") == 0 1333 && strcmp(auxdata ? auxdata : "", file.auxdata ? file.auxdata : "") == 0) 1334 p->smb_result = smb_putfile(&p->smb, &file); >>> CID 509553: Control flow issues (NESTING_INDENT_MISMATCH) >>> This 'if' statement is indented to column 41, as if it were nested within the preceding parent statement, but it is not. 1335 if(p->smb_result != SMB_SUCCESS) 1336 JS_ReportError(cx, "%d writing '%s'", p->smb_result, file.name); 1337 else { 1338 if((p->smb_result = smb_removefile_by_name(&p->smb, filename)) == SMB_SUCCESS) { 1339 if(readd_always) 1340 file.hdr.when_imported.time = 0; // we want the file to appear as "new" ** CID 509552: Memory - illegal accesses (STRING_NULL) /tmp/sbbs-Sep-14-2024/src/smblib/smbfile.c: 244 in smb_findfile() ________________________________________________________________________________________________________ *** CID 509552: Memory - illegal accesses (STRING_NULL) /tmp/sbbs-Sep-14-2024/src/smblib/smbfile.c: 244 in smb_findfile() 238 if(smb_fread(smb, &fidx, sizeof(fidx), smb->sid_fp) != sizeof(fidx)) 239 break; 240 241 f->idx_offset = offset++; 242 243 if(filename != NULL) { >>> CID 509552: Memory - illegal accesses (STRING_NULL) >>> Passing unterminated string "fidx.name" to "strcasecmp", which expects a null-terminated string. 244 if(stricmp(fidx.name, fname) != 0) 245 continue; 246 f->file_idx = fidx; 247 return SMB_SUCCESS; 248 } 249 ** CID 509551: Memory - illegal accesses (STRING_NULL) /tmp/sbbs-Sep-14-2024/src/smblib/smbfile.c: 441 in smb_removefile() ________________________________________________________________________________________________________ *** CID 509551: Memory - illegal accesses (STRING_NULL) /tmp/sbbs-Sep-14-2024/src/smblib/smbfile.c: 441 in smb_removefile() 435 free(fidx); 436 smb_unlocksmbhdr(smb); 437 return SMB_ERR_READ; 438 } 439 rewind(smb->sid_fp); 440 for(uint32_t i = 0; i < smb->status.total_files; i++) { >>> CID 509551: Memory - illegal accesses (STRING_NULL) >>> Passing unterminated string "fidx[i].name" to "strcasecmp", which expects a null-terminated string. 441 if(stricmp(fidx[i].name, fname) == 0) { 442 removed++; 443 continue; 444 } 445 if(fwrite(fidx + i, sizeof(*fidx), 1, smb->sid_fp) != 1) { 446 safe_snprintf(smb->last_error, sizeof(smb->last_error), "%s re-writing index" ________________________________________________________________________________________________________ To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=u001.AxU2LYlgjL6eX23u9ErQy-2BKADyCpvUKOL6EWmZljiu4gdQbQRNsarCbK0jIoVQSWT2zCPijRqaed4AhLiEI9Z7MR9SJQ09ot5XPbn9SW-2F14-3DpoPN_7FYjIqE8olEh4k02KWtt1r1LGSyuXVEtCuKuJCXgAQZXJOgCi8IFr2wp43pRrORx9tzLYjX2Y-2FSYnzacVgdrC5ToyfEd02kRU0czfft4zgHvFTf4l2icBGvZtBDP8972Z-2BLrNSb7QqVDHjYiK23CNzZR9MLbzXh1WOITpsswqNS5z337vFuU-2BJOMvO3veuWFvtJ3Xwk9mN-2FsudyolEK5nw-3D-3D --- SBBSecho 3.20-Linux * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705) .