Subj : New Defects reported by Coverity Scan for Synchronet To : cov-scan@synchro.net From : scan-admin@coverity.com Date : Sun Jan 05 2025 15:11:19 Hi, Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan. 2 new defect(s) introduced to Synchronet found with Coverity Scan. New defect(s) Reported-by: Coverity Scan Showing 2 of 2 defect(s) ** CID 529876: (OVERRUN) /tmp/sbbs-Jan-05-2025/src/encode/lzh.c: 457 in lzh_update() /tmp/sbbs-Jan-05-2025/src/encode/lzh.c: 458 in lzh_update() ________________________________________________________________________________________________________ *** CID 529876: (OVERRUN) /tmp/sbbs-Jan-05-2025/src/encode/lzh.c: 457 in lzh_update() 451 452 tmp = huff->child[c]; 453 huff->parent[tmp] = l; 454 if (tmp < LZH_TABLE_SZ) 455 huff->parent[tmp + 1] = l; 456 >>> CID 529876: (OVERRUN) >>> Overrunning array "huff->child" of 628 2-byte elements at element index 628 (byte offset 1257) using index "l" (which evaluates to 628). 457 tmp2 = huff->child[l]; 458 huff->child[l] = tmp; 459 460 huff->parent[tmp2] = c; 461 if (tmp2 < LZH_TABLE_SZ) 462 huff->parent[tmp2 + 1] = c; /tmp/sbbs-Jan-05-2025/src/encode/lzh.c: 458 in lzh_update() 452 tmp = huff->child[c]; 453 huff->parent[tmp] = l; 454 if (tmp < LZH_TABLE_SZ) 455 huff->parent[tmp + 1] = l; 456 457 tmp2 = huff->child[l]; >>> CID 529876: (OVERRUN) >>> Overrunning array "huff->child" of 628 2-byte elements at element index 628 (byte offset 1257) using index "l" (which evaluates to 628). 458 huff->child[l] = tmp; 459 460 huff->parent[tmp2] = c; 461 if (tmp2 < LZH_TABLE_SZ) 462 huff->parent[tmp2 + 1] = c; 463 huff->child[c] = tmp2; ** CID 529875: (OVERRUN) /tmp/sbbs-Jan-05-2025/src/encode/lzh.c: 450 in lzh_update() /tmp/sbbs-Jan-05-2025/src/encode/lzh.c: 449 in lzh_update() /tmp/sbbs-Jan-05-2025/src/encode/lzh.c: 445 in lzh_update() ________________________________________________________________________________________________________ *** CID 529875: (OVERRUN) /tmp/sbbs-Jan-05-2025/src/encode/lzh.c: 450 in lzh_update() 444 // If we exited before the end of table, decrement l 445 if (tmp <= huff->freq[l]) 446 l--; 447 448 // Now swap nodes 449 huff->freq[c] = huff->freq[l]; >>> CID 529875: (OVERRUN) >>> Overrunning array "huff->freq" of 628 2-byte elements at element index 628 (byte offset 1257) using index "l" (which evaluates to 628). 450 huff->freq[l] = tmp; 451 452 tmp = huff->child[c]; 453 huff->parent[tmp] = l; 454 if (tmp < LZH_TABLE_SZ) 455 huff->parent[tmp + 1] = l; /tmp/sbbs-Jan-05-2025/src/encode/lzh.c: 449 in lzh_update() 443 444 // If we exited before the end of table, decrement l 445 if (tmp <= huff->freq[l]) 446 l--; 447 448 // Now swap nodes >>> CID 529875: (OVERRUN) >>> Overrunning array "huff->freq" of 628 2-byte elements at element index 628 (byte offset 1257) using index "l" (which evaluates to 628). 449 huff->freq[c] = huff->freq[l]; 450 huff->freq[l] = tmp; 451 452 tmp = huff->child[c]; 453 huff->parent[tmp] = l; 454 if (tmp < LZH_TABLE_SZ) /tmp/sbbs-Jan-05-2025/src/encode/lzh.c: 445 in lzh_update() 439 * that has a lower frequency than our new one 440 */ 441 for (l = c + 1; l <= LZH_TABLE_SZ && tmp > huff->freq[l]; l++) 442 ; 443 444 // If we exited before the end of table, decrement l >>> CID 529875: (OVERRUN) >>> Overrunning array "huff->freq" of 628 2-byte elements at element index 628 (byte offset 1257) using index "l" (which evaluates to 628). 445 if (tmp <= huff->freq[l]) 446 l--; 447 448 // Now swap nodes 449 huff->freq[c] = huff->freq[l]; 450 huff->freq[l] = tmp; ________________________________________________________________________________________________________ To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=u001.AxU2LYlgjL6eX23u9ErQy-2BKADyCpvUKOL6EWmZljiu4gdQbQRNsarCbK0jIoVQSWT2zCPijRqaed4AhLiEI9Z7MR9SJQ09ot5XPbn9SW-2F14-3DVjXG_7FYjIqE8olEh4k02KWtt1r1LGSyuXVEtCuKuJCXgAQYmOS4dF7bzpu1cVppVHTeUZERPDt2v2E4lCt9lCuWdNtkNglNtUqzAPEUlnwGBzZlBueizPFLO26MyF5roLbzi-2F0G80IHg4mwTrYLGZfPUf8Sg5333ueo95zQQtd4OVT7zx85Gr8TBXnJTKyUKhNeMTemzlJoM0HPQHEa-2FpXlaaw-3D-3D --- SBBSecho 3.23-Linux * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705) .