Subj : New Defects reported by Coverity Scan for Synchronet
To   : cov-scan@synchro.net
From : scan-admin@coverity.com
Date : Sat Apr 24 2021 13:09:49

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

5 new defect(s) introduced to Synchronet found with Coverity Scan.
17 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 5 of 5 defect(s)


** CID 331194:  Error handling issues  (NEGATIVE_RETURNS)
/filedat.c: 986 in read_diz()


________________________________________________________________________________________________________
*** CID 331194:  Error handling issues  (NEGATIVE_RETURNS)
/filedat.c: 986 in read_diz()
980
981     	if(len > LEN_EXTDESC)
982     		len = LEN_EXTDESC;
983
984     	char* buf = calloc((size_t)len + 1, 1);
985     	if(buf != NULL)
>>>     CID 331194:  Error handling issues  (NEGATIVE_RETURNS)
>>>     "(size_t)len" is passed to a parameter that cannot be negative. [Note: The source code implementation of the function has been overridden by a builtin model.]
986     		fread(buf, (size_t)len, 1, fp);
987     	fclose(fp);
988
989     	char* eof = strchr(buf, CTRL_Z);	// CP/M EOF
990     	if(eof != NULL)
991     		*eof = '\0';

** CID 331193:  Memory - illegal accesses  (STRING_NULL)
/filedat.c: 989 in read_diz()


________________________________________________________________________________________________________
*** CID 331193:  Memory - illegal accesses  (STRING_NULL)
/filedat.c: 989 in read_diz()
983
984     	char* buf = calloc((size_t)len + 1, 1);
985     	if(buf != NULL)
986     		fread(buf, (size_t)len, 1, fp);
987     	fclose(fp);
988
>>>     CID 331193:  Memory - illegal accesses  (STRING_NULL)
>>>     Passing unterminated string "buf" to "strchr", which expects a null-terminated string. [Note: The source code implementation of the function has been overridden by a builtin model.]
989     	char* eof = strchr(buf, CTRL_Z);	// CP/M EOF
990     	if(eof != NULL)
991     		*eof = '\0';
992     	return buf;
993     }
994

** CID 331192:  Error handling issues  (CHECKED_RETURN)
/filedat.c: 986 in read_diz()


________________________________________________________________________________________________________
*** CID 331192:  Error handling issues  (CHECKED_RETURN)
/filedat.c: 986 in read_diz()
980
981     	if(len > LEN_EXTDESC)
982     		len = LEN_EXTDESC;
983
984     	char* buf = calloc((size_t)len + 1, 1);
985     	if(buf != NULL)
>>>     CID 331192:  Error handling issues  (CHECKED_RETURN)
>>>     "fread(void * restrict, size_t, size_t, FILE * restrict)" returns the number of bytes read, but it is ignored.
986     		fread(buf, (size_t)len, 1, fp);
987     	fclose(fp);
988
989     	char* eof = strchr(buf, CTRL_Z);	// CP/M EOF
990     	if(eof != NULL)
991     		*eof = '\0';

** CID 331191:  Null pointer dereferences  (FORWARD_NULL)
/filedat.c: 989 in read_diz()


________________________________________________________________________________________________________
*** CID 331191:  Null pointer dereferences  (FORWARD_NULL)
/filedat.c: 989 in read_diz()
983
984     	char* buf = calloc((size_t)len + 1, 1);
985     	if(buf != NULL)
986     		fread(buf, (size_t)len, 1, fp);
987     	fclose(fp);
988
>>>     CID 331191:  Null pointer dereferences  (FORWARD_NULL)
>>>     Passing null pointer "buf" to "strchr", which dereferences it. [Note: The source code implementation of the function has been overridden by a builtin model.]
989     	char* eof = strchr(buf, CTRL_Z);	// CP/M EOF
990     	if(eof != NULL)
991     		*eof = '\0';
992     	return buf;
993     }
994

** CID 331190:  Error handling issues  (CHECKED_RETURN)
/sauce.c: 40 in sauce_fread_record()


________________________________________________________________________________________________________
*** CID 331190:  Error handling issues  (CHECKED_RETURN)
/sauce.c: 40 in sauce_fread_record()
34     		return false;
35
36     	bool result = fread(record, sizeof(*record), 1, fp) == 1
37     		&& memcmp(record->id, SAUCE_ID, SAUCE_LEN_ID) == 0
38     		&& memcmp(record->ver, SAUCE_VERSION, SAUCE_LEN_VERSION) == 0;
39
>>>     CID 331190:  Error handling issues  (CHECKED_RETURN)
>>>     Calling "fseeko(fp, offset, 0)" without checking return value. This library function may fail and return an error code.
40     	fseeko(fp, offset, SEEK_SET);
41     	return result;
42     }
43
44     // Get 'type' and/or 'info' from SAUCE record of open file (fp) of DataType 'Character'
45     bool sauce_fread_charinfo(FILE* fp, enum sauce_char_filetype* type, struct sauce_charinfo* info)


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yp-2FP9gGRhvFklLaQKuBylUrkMFB3WMR2p7qIYKYTZrh4BbWTBf-2B-2Fi5ZUVF-2Fo-2B6flxo-3Dfm2a_g4j7BHlu96plUOfCQsO0yRjoWZCZl8YGnZ-2FUtT39hrAOYxrH4kA5Bz1vWDzCfmL8E2UcgRq1GtTsPDuyM67QJGDi03PEhQGtn-2BQQhVdp7zGgqCxo1SWhW2T6DWWZ12ezQT3Na1DehPW5kNwXbwArzaEO-2FlvzPwEAeRlY1-2F69gojdgtg5faxH-2FhuSUowy6VZneOstDk5csvQNbHO-2FFe7BJQ-3D-3D


--- SBBSecho 3.14-Linux
 * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

.