Subj : New Defects reported by Coverity Scan for Synchronet
To   : cov-scan@synchro.net
From : scan-admin@coverity.com
Date : Sat Dec 21 2024 13:40:03

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

3 new defect(s) introduced to Synchronet found with Coverity Scan.
3 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 3 of 3 defect(s)


** CID 516448:  High impact quality  (Y2K38_SAFETY)
/js_msgbase.c: 1441 in js_get_msg_header_resolve()


________________________________________________________________________________________________________
*** CID 516448:  High impact quality  (Y2K38_SAFETY)
/js_msgbase.c: 1441 in js_get_msg_header_resolve()
1435     	/* Fixed length portion of msg header */
1436     	LAZY_UINTEGER("type", p->msg.hdr.type, JSPROP_ENUMERATE);
1437     	LAZY_UINTEGER("version", p->msg.hdr.version, JSPROP_ENUMERATE);
1438     	LAZY_UINTEGER("attr", p->msg.hdr.attr, JSPROP_ENUMERATE);
1439     	LAZY_UINTEGER("auxattr", p->msg.hdr.auxattr, JSPROP_ENUMERATE);
1440     	LAZY_UINTEGER("netattr", p->msg.hdr.netattr, JSPROP_ENUMERATE);
>>>     CID 516448:  High impact quality  (Y2K38_SAFETY)
>>>     A "time_t" value is stored in an integer with too few bits to accommodate it.  The expression "smb_time(p->msg.hdr.when_written)" is cast to "uint32".
1441     	LAZY_UINTEGER("when_written_time", smb_time(p->msg.hdr.when_written), JSPROP_ENUMERATE);
1442     	LAZY_INTEGER("when_written_zone", p->msg.hdr.when_written.zone, JSPROP_ENUMERATE);
1443     	LAZY_INTEGER("when_written_zone_offset", smb_tzutc(p->msg.hdr.when_written.zone), JSPROP_ENUMERATE|JSPROP_READONLY);
1444     	LAZY_UINTEGER("when_imported_time", p->msg.hdr.when_imported.time, JSPROP_ENUMERATE);
1445     	LAZY_INTEGER("when_imported_zone", p->msg.hdr.when_imported.zone, JSPROP_ENUMERATE);
1446     	LAZY_INTEGER("when_imported_zone_offset", smb_tzutc(p->msg.hdr.when_imported.zone), JSPROP_ENUMERATE|JSPROP_READONLY);

** CID 516447:  High impact quality  (Y2K38_SAFETY)
/postmsg.cpp: 625 in votemsg()


________________________________________________________________________________________________________
*** CID 516447:  High impact quality  (Y2K38_SAFETY)
/postmsg.cpp: 625 in votemsg()
619     						}
620     						answers++;
621     					}
622     				}
623     			}
624     			safe_snprintf(smsg, sizeof(smsg), smsgfmt
>>>     CID 516447:  High impact quality  (Y2K38_SAFETY)
>>>     A "time_t" value is stored in an integer with too few bits to accommodate it.  The expression "smb_time(msg->hdr.when_written)" is cast to "time32_t".
625     				,timestr(cfg, (time32_t)smb_time(msg->hdr.when_written), tstr)
626     				,cfg->grp[cfg->sub[smb->subnum]->grp]->sname
627     				,cfg->sub[smb->subnum]->sname
628     				,from
629     				,remsg.subj);
630     			SAFECAT(smsg, votes);

** CID 516446:    (Y2K38_SAFETY)
/qwknodes.c: 366 in main()
/qwknodes.c: 392 in main()
/qwknodes.c: 361 in main()
/qwknodes.c: 384 in main()
/qwknodes.c: 333 in main()
/qwknodes.c: 343 in main()


________________________________________________________________________________________________________
*** CID 516446:    (Y2K38_SAFETY)
/qwknodes.c: 366 in main()
360     								,msg.from,p+1
361     								,unixtodstr(&cfg,smb_time(msg.hdr.when_written),tmp)
362     								,str);
363     						else
364     							fprintf(users,"%-25.25s  %-8.8s  %s\r\n"
365     								,msg.from,str
>>>     CID 516446:    (Y2K38_SAFETY)
>>>     A "time_t" value is stored in an integer with too few bits to accommodate it.  The expression "smb_time(msg.hdr.when_written)" is cast to "time32_t".
366     								,unixtodstr(&cfg,smb_time(msg.hdr.when_written),tmp));
367     					}
368     					if(cmd&NODES && msg.from_net.type==NET_QWK) {
369     						if(mode&TAGS)
370     							gettag(&msg,tag);
371     						if(mode&FEED)
/qwknodes.c: 392 in main()
386     						}
387     						else
388     							fprintf(nodes,"%-8.8s  %s\r\n"
389     								,str
390     								,mode&TAGS
391     								? tag
>>>     CID 516446:    (Y2K38_SAFETY)
>>>     A "time_t" value is stored in an integer with too few bits to accommodate it.  The expression "smb_time(msg.hdr.when_written)" is cast to "time32_t".
392     								: unixtodstr(&cfg,smb_time(msg.hdr.when_written),tmp));
393     					}
394     				}
395     			}
396     			smb_freemsgmem(&msg);
397     		}
/qwknodes.c: 361 in main()
355     						else
356     							strcpy(str,msg.from_net.addr);
357     						p=strrchr(str,'/');
358     						if(p)
359     							fprintf(users,"%-25.25s  %-8.8s  %s  (%s)\r\n"
360     								,msg.from,p+1
>>>     CID 516446:    (Y2K38_SAFETY)
>>>     A "time_t" value is stored in an integer with too few bits to accommodate it.  The expression "smb_time(msg.hdr.when_written)" is cast to "time32_t".
361     								,unixtodstr(&cfg,smb_time(msg.hdr.when_written),tmp)
362     								,str);
363     						else
364     							fprintf(users,"%-25.25s  %-8.8s  %s\r\n"
365     								,msg.from,str
366     								,unixtodstr(&cfg,smb_time(msg.hdr.when_written),tmp));
/qwknodes.c: 384 in main()
378     								fprintf(nodes,"%-8.8s  %s\r\n"
379     									,p+1
380     									,tag);
381     							else
382     								fprintf(nodes,"%-8.8s  %s  (%s)\r\n"
383     									,p+1
>>>     CID 516446:    (Y2K38_SAFETY)
>>>     A "time_t" value is stored in an integer with too few bits to accommodate it.  The expression "smb_time(msg.hdr.when_written)" is cast to "time32_t".
384     									,unixtodstr(&cfg,smb_time(msg.hdr.when_written),tmp)
385     									,str);
386     						}
387     						else
388     							fprintf(nodes,"%-8.8s  %s\r\n"
389     								,str
/qwknodes.c: 333 in main()
327     							p=strrchr(addr,'/');
328     							if(!p)
329     								p=addr;
330     							else
331     								*(p++)=0;
332     							safe_snprintf(str, sizeof(str), "%s %s:%s%c%s"
>>>     CID 516446:    (Y2K38_SAFETY)
>>>     A "time_t" value is stored in an integer with too few bits to accommodate it.  The expression "smb_time(msg.hdr.when_written)" is cast to "time32_t".
333     								,unixtodstr(&cfg,smb_time(msg.hdr.when_written),tmp)
334     								,p,cfg.sys_id,p==addr ? 0 : '/'
335     								,addr);
336     							fprintf(route,"%s\r\n",str);
337     						}
338     						else {
/qwknodes.c: 343 in main()
337     						}
338     						else {
339     							p=strrchr(addr,'/');
340     							if(p) {
341     								*(p++)=0;
342     							fprintf(route,"%s %s:%.*s\r\n"
>>>     CID 516446:    (Y2K38_SAFETY)
>>>     A "time_t" value is stored in an integer with too few bits to accommodate it.  The expression "smb_time(msg.hdr.when_written)" is cast to "time32_t".
343     								,unixtodstr(&cfg,smb_time(msg.hdr.when_written),str)
344     								,p
345     								,(uint)(p-addr)
346     								,addr);
347     							}
348     						}


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=u001.AxU2LYlgjL6eX23u9ErQy-2BKADyCpvUKOL6EWmZljiu4gdQbQRNsarCbK0jIoVQSWT2zCPijRqaed4AhLiEI9Z7MR9SJQ09ot5XPbn9SW-2F14-3DNGSj_7FYjIqE8olEh4k02KWtt1r1LGSyuXVEtCuKuJCXgAQYgWGJ9BYEIxvdbhMAIayAni-2FuUZOlays8-2BQNW1Qj2YoLcEBScLdhHrJ52SvmolJ5itsnLRiKIwdue9DQ-2F9PO-2FUFGY-2Fa0jLnspeSlF2FiQB80TbxuUTyDk42cNSQCBuIqgPC4jh5ZIq8dm-2B49xrAWdl9U3UIFg1xXJFs0kJktVUnA-3D-3D


--- SBBSecho 3.23-Linux
 * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

.