Subj : New Defects reported by Coverity Scan for Synchronet
To   : cov-scan@synchro.net
From : scan-admin@coverity.com
Date : Mon Apr 12 2021 13:23:17

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

3 new defect(s) introduced to Synchronet found with Coverity Scan.


New defect(s) Reported-by: Coverity Scan
Showing 3 of 3 defect(s)


** CID 331093:  Null pointer dereferences  (FORWARD_NULL)


________________________________________________________________________________________________________
*** CID 331093:  Null pointer dereferences  (FORWARD_NULL)
/js_filebase.c: 787 in js_format_file_name()
781     	char* buf = calloc(size + 1, 1);
782     	if(buf == NULL) {
783     		JS_ReportError(cx, "malloc failure: %d", size + 1);
784     		return JS_FALSE;
785     	}
786     	JSString* js_str;
>>>     CID 331093:  Null pointer dereferences  (FORWARD_NULL)
>>>     Passing null pointer "filepath" to "getfname", which dereferences it.
787     	if((js_str = JS_NewStringCopyZ(cx, format_filename(getfname(filepath), buf, size, pad))) != NULL)
788     		JS_SET_RVAL(cx, arglist, STRING_TO_JSVAL(js_str));
789     	free(buf);
790
791     	return JS_TRUE;
792     }

** CID 331092:  Error handling issues  (CHECKED_RETURN)
/js_filebase.c: 770 in js_format_file_name()


________________________________________________________________________________________________________
*** CID 331092:  Error handling issues  (CHECKED_RETURN)
/js_filebase.c: 770 in js_format_file_name()
764
765     	uintN argn = 0;
766     	JSVALUE_TO_MSTRING(cx, argv[argn], filepath, NULL);
767     	HANDLE_PENDING(cx, filepath);
768     	argn++;
769     	if(argn < argc && JSVAL_IS_NUMBER(argv[argn])) {
>>>     CID 331092:  Error handling issues  (CHECKED_RETURN)
>>>     Calling "JS_ValueToInt32" without checking return value (as is done elsewhere 251 out of 286 times).
770     		JS_ValueToInt32(cx, argv[argn], &size);
771     		argn++;
772     	}
773     	if(argn < argc && JSVAL_IS_BOOLEAN(argv[argn])) {
774     		pad = JSVAL_TO_BOOLEAN(argv[argn]);
775     		argn++;

** CID 331091:  Resource leaks  (RESOURCE_LEAK)
/js_filebase.c: 791 in js_format_file_name()


________________________________________________________________________________________________________
*** CID 331091:  Resource leaks  (RESOURCE_LEAK)
/js_filebase.c: 791 in js_format_file_name()
785     	}
786     	JSString* js_str;
787     	if((js_str = JS_NewStringCopyZ(cx, format_filename(getfname(filepath), buf, size, pad))) != NULL)
788     		JS_SET_RVAL(cx, arglist, STRING_TO_JSVAL(js_str));
789     	free(buf);
790
>>>     CID 331091:  Resource leaks  (RESOURCE_LEAK)
>>>     Variable "filepath" going out of scope leaks the storage it points to.
791     	return JS_TRUE;
792     }
793
794     static JSBool
795     js_get_file_path(JSContext *cx, uintN argc, jsval *arglist)
796     {


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yp-2FP9gGRhvFklLaQKuBylUrkMFB3WMR2p7qIYKYTZrh4BbWTBf-2B-2Fi5ZUVF-2Fo-2B6flxo-3D_3Y-_g4j7BHlu96plUOfCQsO0yRjoWZCZl8YGnZ-2FUtT39hrC7FANwsVdFwih-2FjPAXRxXGX34KRXZbBdXxOOAU7lJYW8pbmw95O7UTCtXb0ZgUhHFEGOGSGAyaaIO4ryGxJ7ZPeRRNFlmb2kno8DS-2F38-2F5TX0-2BTnlBt5pcsAcH56lj-2FVvAeb9GYtA4sx8wGHR7G8sFHI9wDyF5-2BeU9tjfezDB0FQ-3D-3D


--- SBBSecho 3.14-Linux
 * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

.