Subj : New Defects reported by Coverity Scan for Synchronet
To   : All
From : scan-admin@coverity.com
Date : Sun Jan 26 2025 15:12:28

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

1 new defect(s) introduced to Synchronet found with Coverity Scan.
2 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 1 of 1 defect(s)


** CID 531919:  Integer handling issues  (INTEGER_OVERFLOW)
/tmp/sbbs-Jan-26-2025/src/xpdev/named_str_list.c: 43 in namedStrListDelete()


________________________________________________________________________________________________________
*** CID 531919:  Integer handling issues  (INTEGER_OVERFLOW)
/tmp/sbbs-Jan-26-2025/src/xpdev/named_str_list.c: 43 in namedStrListDelete()
37     	size_t count;
38     	named_string_t *old;
39     	named_string_t **newlist;
40
41     	COUNT_LIST_ITEMS(*list, count);
42     	if (index == NAMED_STR_LIST_LAST_INDEX)
>>>     CID 531919:  Integer handling issues  (INTEGER_OVERFLOW)
>>>     Expression "count - 1UL", where "count" is known to be equal to 0, underflows the type of "count - 1UL", which is type "unsigned long".
43     		index = count - 1;
44     	if (index >= count)
45     		return false;
46     	newlist = (named_string_t **)realloc(*list, (count + 1) * sizeof(named_string_t*));
47     	if (newlist != NULL)
48     		*list = newlist;


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://scan.coverity.com/projects/synchronet?tab=overview


--- SBBSecho 3.23-Linux
 * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

.