Subj : New Defects reported by Coverity Scan for Synchronet
To   : All
From : scan-admin@coverity.com
Date : Fri Apr 11 2025 15:36:53

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

2 new defect(s) introduced to Synchronet found with Coverity Scan.


New defect(s) Reported-by: Coverity Scan
Showing 2 of 2 defect(s)


** CID 549016:  Integer handling issues  (INTEGER_OVERFLOW)
/str.cpp: 1194 in sbbs_t::spy(unsigned int)()


________________________________________________________________________________________________________
*** CID 549016:  Integer handling issues  (INTEGER_OVERFLOW)
/str.cpp: 1194 in sbbs_t::spy(unsigned int)()
1188     	       && !msgabort()) {
1189     		in = incom(1000);
1190     		if (in == NOINP) {
1191     			gettimeleft();
1192     			continue;
1193     		}
>>>     CID 549016:  Integer handling issues  (INTEGER_OVERFLOW)
>>>     Expression "ch", where "in" is known to be equal to 256, overflows the type of "ch", which is type "char".
1194     		ch = in;
1195     		if (ch == ESC) {
1196     			if (ansi_len)
1197     				ansi_len = 0;
1198     			else {
1199     				if ((in = incom(500)) != NOINP) {

** CID 549015:  Uninitialized variables  (UNINIT)


________________________________________________________________________________________________________
*** CID 549015:  Uninitialized variables  (UNINIT)
/js_system.c: 2089 in js_chkpassword()
2083
2084     	js_system_private_t* sys;
2085     	if ((sys = (js_system_private_t*)js_GetClassPrivate(cx, obj, &js_system_class)) == NULL)
2086     		return JS_FALSE;
2087
2088     	rc = JS_SUSPENDREQUEST(cx);
>>>     CID 549015:  Uninitialized variables  (UNINIT)
>>>     Using uninitialized value "*str" when calling "check_pass".
2089     	bool result = check_pass(sys->cfg, str, /* user: */NULL, /* unique: */false, /* reason: */NULL)
2090     		              && !trashcan(sys->cfg, str, "password");
2091     	JS_SET_RVAL(cx, arglist, BOOLEAN_TO_JSVAL(result));
2092     	JS_RESUMEREQUEST(cx, rc);
2093
2094     	return JS_TRUE;


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://scan.coverity.com/projects/synchronet?tab=overview


--- SBBSecho 3.24-Linux
 * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

.