Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

14 new defect(s) introduced to Synchronet found with Coverity Scan.


New defect(s) Reported-by: Coverity Scan
Showing 14 of 14 defect(s)


** CID 515601: Program hangs (LOCK)
/js_bbs.cpp: 3400 in js_get_node_message(JSContext *, unsigned int, unsigned long *)()


________________________________________________________________________________________________________
*** CID 515601: Program hangs (LOCK)
/js_bbs.cpp: 3400 in js_get_node_message(JSContext *, unsigned int, unsigned long *)()
3394 clearline = JSVAL_TO_BOOLEAN(argv[0]);
3395
3396 rc=JS_SUSPENDREQUEST(cx);
3397 sbbs->getnmsg(clearline ? true : false);
3398 JS_RESUMEREQUEST(cx, rc);
3399

CID 515601: Program hangs (LOCK)
Returning without unlocking "sbbs->nodefile_mutex".

3400 return(JS_TRUE);
3401 }
3402
3403 static JSBool
3404 js_put_node_message(JSContext *cx, uintN argc, jsval *arglist)
3405 {

** CID 515600: Error handling issues (CHECKED_RETURN)
/download.cpp: 367 in sbbs_t::seqwait(unsigned int)()


________________________________________________________________________________________________________
*** CID 515600: Error handling issues (CHECKED_RETURN)
/download.cpp: 367 in sbbs_t::seqwait(unsigned int)()
361
362 if(!devnum)
363 return;
364 for(start=now=time(NULL);online && now-start<90;now=time(NULL)) {
365 if(msgabort()) /* max wait ^^^^ sec */
366 break;

CID 515600: Error handling issues (CHECKED_RETURN)
Calling "getnodedat" without checking return value (as is done elsewhere 52 out of 59 times).

367 getnodedat(cfg.node_num,&thisnode,true); /* open and lock this record */
368 for(i=1;i<=cfg.sys_nodes;i++) {
369 if(i==cfg.node_num) continue;
370 if(getnodedat(i,&node, true)) {
371 if((node.status==NODE_INUSE || node.status==NODE_QUIET)
372 && node.action==NODE_RFSD && node.aux==devnum) {

** CID 515599: Concurrent data access violations (MISSING_LOCK)
/putnode.cpp: 108 in sbbs_t::unlocknodedat(unsigned int)()


________________________________________________________________________________________________________
*** CID 515599: Concurrent data access violations (MISSING_LOCK) /putnode.cpp: 108 in sbbs_t::unlocknodedat(unsigned int)()
102 errormsg(WHERE, ERR_CHK, "node number", number);
103 return false;
104 }
105 int result = unlock(nodefile, (number - 1) * sizeof(node_t), sizeof(node_t));
106 if(cfg.node_misc & NM_CLOSENODEDAB) {
107 close(nodefile);

CID 515599: Concurrent data access violations (MISSING_LOCK)
Accessing "this->nodefile" without holding lock "sbbs_t.nodefile_mutex". Elsewhere, "sbbs_t.nodefile" is written to with "sbbs_t.nodefile_mutex" held 4 out of 5 times.

108 nodefile = -1;
109 }
110 pthread_mutex_unlock(&nodefile_mutex);
111 return result == 0;
112 }
113

** CID 515598: (SLEEP)


________________________________________________________________________________________________________
*** CID 515598: (SLEEP)
/getnode.cpp: 268 in sbbs_t::getnmsg(bool)()
262 buf[length]=0;
263
264 if(clearline)
265 this->clearline();
266 else if(column)
267 CRLF;

CID 515598: (SLEEP)
Call to "putmsg" might sleep while holding lock "this->nodefile_mutex". 268 putmsg(buf,P_NOATCODES);

269 free(buf);
270
271 return retval == 0;
272 }
273
/getnode.cpp: 265 in sbbs_t::getnmsg(bool)()
259 }
260 int retval = chsize(file,0L);
261 close(file);
262 buf[length]=0;
263
264 if(clearline)

CID 515598: (SLEEP)
Call to "clearline" might sleep while holding lock "this->nodefile_mutex".

265 this->clearline();
266 else if(column)
267 CRLF;
268 putmsg(buf,P_NOATCODES);
269 free(buf);
270

** CID 515597: Program hangs (LOCK)
/main.cpp: 2243 in input_thread(void *)()


________________________________________________________________________________________________________
*** CID 515597: Program hangs (LOCK)
/main.cpp: 2243 in input_thread(void *)()
2237 }
2238 else
2239 #endif
2240 rd = recv(sock, (char*)inbuf, rd, 0);
2241
2242 if(pthread_mutex_unlock(&sbbs->input_thread_mutex)!=0) >>> CID 515597: Program hangs (LOCK)

"errormsg" locks "sbbs->nodefile_mutex" while it is locked.

2243 sbbs->errormsg(WHERE,ERR_UNLOCK,"input_thread_mutex",0);
2244
2245 if (rd == 0 && !socket_recvdone(sock, 0))
2246 continue;
2247
2248 if(rd == SOCKET_ERROR)

** CID 515596: Program hangs (LOCK)
/logfile.cpp: 331 in sbbs_t::errormsg(int, const char *, const char *, const char *, const char *, int, const char *)()


________________________________________________________________________________________________________
*** CID 515596: Program hangs (LOCK)
/logfile.cpp: 331 in sbbs_t::errormsg(int, const char *, const char *, const char *, const char *, int, const char *)()
325 fprintf(logfile_fp,"!! %s%s", str, log_line_ending); 326 logcol=1;
327 fflush(logfile_fp);
328 }
329
330 errormsg_inside=false;

CID 515596: Program hangs (LOCK)
Returning without unlocking "this->nodefile_mutex".

331 }
332
333 /****************************************************************************/
334 /* Open a log file for append, supporting log rotation based on size */
335 /****************************************************************************/
336 extern "C" FILE* fopenlog(scfg_t* cfg, const char* path)

** CID 515595: Program hangs (LOCK)
/main.cpp: 4335 in sbbs_t::logoffstats()()


________________________________________________________________________________________________________
*** CID 515595: Program hangs (LOCK)
/main.cpp: 4335 in sbbs_t::logoffstats()()
4329
4330 for(i=0;i<2;i++) {
4331 FILE* fp = fopen_dstats(&cfg, i ? 0 : cfg.node_num, /* for_write: */true);
4332 if(fp == NULL)
4333 continue;
4334 if(!fread_dstats(fp, &stats)) {

CID 515595: Program hangs (LOCK)
"errormsg" locks "this->nodefile_mutex" while it is locked.

4335 errormsg(WHERE, ERR_READ, "dsts.ini", i);
4336 } else {
4337 stats.total.timeon += minutes_used;
4338 stats.today.timeon += minutes_used;
4339 if(!fwrite_dstats(fp, &stats, __FUNCTION__)) 4340 errormsg(WHERE, ERR_WRITE, "dsts.ini", i);

** CID 515594: (SLEEP)


________________________________________________________________________________________________________
*** CID 515594: (SLEEP)
/main.cpp: 4649 in sbbs_t::daily_maint()()
4643 backup(str,cfg.user_backup_level,false);
4644 }
4645
4646 if(cfg.mail_backup_level) {
4647 lputs(LOG_INFO,"DAILY: Backing-up mail data...");
4648 smb_t mail;

CID 515594: (SLEEP)
Call to "smb_open_sub" might sleep while holding lock "this->nodefile_mutex".

4649 int result = smb_open_sub(&cfg, &mail, INVALID_SUB); 4650 if(result != SMB_SUCCESS)
4651 lprintf(LOG_ERR, "ERROR %d (%s) opening mail base", result, mail.last_error);
4652 else {
4653 result = smb_lock(&mail);
4654 if(result != SMB_SUCCESS)
/main.cpp: 4778 in sbbs_t::daily_maint()()
4772 closeuserdat(userfile);
4773
4774 lputs(LOG_INFO,"DAILY: Purging deleted/expired e-mail");
4775 SAFEPRINTF(smb.file,"%smail",cfg.data_dir);
4776 smb.retry_time=cfg.smb_retry_time;
4777 smb.subnum=INVALID_SUB;

CID 515594: (SLEEP)
Call to "smb_open" might sleep while holding lock "this->nodefile_mutex".

4778 if((i=smb_open(&smb))!=0)
4779 errormsg(WHERE,ERR_OPEN,smb.file,i,smb.last_error); 4780 else {
4781 if(filelength(fileno(smb.shd_fp))>0) {
4782 if((i=smb_locksmbhdr(&smb))!=0)
4783 errormsg(WHERE,ERR_LOCK,smb.file,i,smb.last_error);

** CID 515593: (LOCK)
/getnode.cpp: 258 in sbbs_t::getnmsg(bool)()
/getnode.cpp: 252 in sbbs_t::getnmsg(bool)()
/getnode.cpp: 242 in sbbs_t::getnmsg(bool)()
/getnode.cpp: 271 in sbbs_t::getnmsg(bool)()
/getnode.cpp: 237 in sbbs_t::getnmsg(bool)()
/getnode.cpp: 247 in sbbs_t::getnmsg(bool)()


________________________________________________________________________________________________________
*** CID 515593: (LOCK)
/getnode.cpp: 258 in sbbs_t::getnmsg(bool)()
252 return false;
253 }
254 if(read(file,buf,length)!=length) {
255 close(file);
256 free(buf);
257 errormsg(WHERE,ERR_READ,str,length);

CID 515593: (LOCK)
Returning without unlocking "this->nodefile_mutex".

258 return false;
259 }
260 int retval = chsize(file,0L);
261 close(file);
262 buf[length]=0;
263
/getnode.cpp: 252 in sbbs_t::getnmsg(bool)()
246 close(file);
247 return true;
248 }
249 if((buf=(char *)malloc(length+1))==NULL) {
250 close(file);
251 errormsg(WHERE,ERR_ALLOC,str,length+1);

CID 515593: (LOCK)
Returning without unlocking "this->nodefile_mutex".

252 return false;
253 }
254 if(read(file,buf,length)!=length) {
255 close(file);
256 free(buf);
257 errormsg(WHERE,ERR_READ,str,length);
/getnode.cpp: 242 in sbbs_t::getnmsg(bool)()
236 if(flength(str)<1L)
237 return true;
238 if((file=nopen(str,O_RDWR))==-1) {
239 /**
240 errormsg(WHERE,ERR_OPEN,str,O_RDWR);
241 **/

CID 515593: (LOCK)
Returning without unlocking "this->nodefile_mutex".

242 return false;
243 }
244 length=(long)filelength(file);
245 if(length <= 0) {
246 close(file);
247 return true;
/getnode.cpp: 271 in sbbs_t::getnmsg(bool)()
265 this->clearline();
266 else if(column)
267 CRLF;
268 putmsg(buf,P_NOATCODES);
269 free(buf);
270

CID 515593: (LOCK)
Returning without unlocking "this->nodefile_mutex".

271 return retval == 0;
272 }
273
274 /****************************************************************************/
275 /* 'ext' must be at least 128 bytes! */
276 /****************************************************************************/
/getnode.cpp: 237 in sbbs_t::getnmsg(bool)()
231 thisnode.misc&=~NODE_NMSG; /* clear the NMSG flag */
232 putnodedat(cfg.node_num,&thisnode);
233 }
234
235 SAFEPRINTF2(str,"%smsgs/n%3.3u.msg",cfg.data_dir,cfg.node_num); 236 if(flength(str)<1L)

CID 515593: (LOCK)
Returning without unlocking "this->nodefile_mutex".

237 return true;
238 if((file=nopen(str,O_RDWR))==-1) {
239 /**
240 errormsg(WHERE,ERR_OPEN,str,O_RDWR);
241 **/
242 return false;
/getnode.cpp: 247 in sbbs_t::getnmsg(bool)()
241 **/
242 return false;
243 }
244 length=(long)filelength(file);
245 if(length <= 0) {
246 close(file);

CID 515593: (LOCK)
Returning without unlocking "this->nodefile_mutex".

247 return true;
248 }
249 if((buf=(char *)malloc(length+1))==NULL) {
250 close(file);
251 errormsg(WHERE,ERR_ALLOC,str,length+1);
252 return false;

** CID 515592: (SLEEP)


________________________________________________________________________________________________________
*** CID 515592: (SLEEP)
/getnode.cpp: 162 in sbbs_t::nodesync(bool)()
156 thisnode.misc&=~NODE_UDAT;
157 putnodedat(cfg.node_num,&thisnode);
158 }
159 }
160 if(!(sys_status&SS_MOFF)) {
161 if(thisnode.misc&NODE_MSGW)

CID 515592: (SLEEP)
Call to "getsmsg" might sleep while holding lock "this->nodefile_mutex".

162 getsmsg(useron.number, clearline); /* getsmsg clears MSGW flag */
163 if(thisnode.misc&NODE_NMSG)
164 getnmsg(clearline); /* getnmsg clears NMSG flag */
165 }
166 }
167
/getnode.cpp: 174 in sbbs_t::nodesync(bool)()
168 if(cfg.sync_mod[0])
169 exec_bin(cfg.sync_mod,&main_csi);
170
171 if(thisnode.misc&NODE_INTR) {
172 bputs(text[NodeLocked]);
173 logline(LOG_NOTICE,nulstr,"Interrupted");

CID 515592: (SLEEP)
Call to "hangup" might sleep while holding lock "this->nodefile_mutex". 174 hangup();

175 nodesync_inside=0;
176 return;
177 }
178
179 if(thisnode.misc&NODE_LCHAT) { // pulled into local chat with sysop
/getnode.cpp: 164 in sbbs_t::nodesync(bool)()
158 }
159 }
160 if(!(sys_status&SS_MOFF)) {
161 if(thisnode.misc&NODE_MSGW)
162 getsmsg(useron.number, clearline); /* getsmsg clears MSGW flag */
163 if(thisnode.misc&NODE_NMSG)

CID 515592: (SLEEP)
Call to "getnmsg" might sleep while holding lock "this->nodefile_mutex".

164 getnmsg(clearline); /* getnmsg clears NMSG flag */
165 }
166 }
167
168 if(cfg.sync_mod[0])
169 exec_bin(cfg.sync_mod,&main_csi);
/getnode.cpp: 211 in sbbs_t::nodesync(bool)()
205 }
206
207 if(sys_status&SS_USERON && online && (timeleft/60)<(5-timeleft_warn)
208 && !SYSOP) {
209 timeleft_warn=5-(timeleft/60);
210 if(!(sys_status&SS_MOFF)) {

CID 515592: (SLEEP)
Call to "attr" might sleep while holding lock "this->nodefile_mutex". 211 attr(LIGHTGRAY);

212 bprintf(text[OnlyXminutesLeft]
213 ,((ushort)timeleft/60)+1,(timeleft/60) ? "s" : nulstr);
214 }
215 }
216
/getnode.cpp: 217 in sbbs_t::nodesync(bool)()
211 attr(LIGHTGRAY);
212 bprintf(text[OnlyXminutesLeft]
213 ,((ushort)timeleft/60)+1,(timeleft/60) ? "s" : nulstr);
214 }
215 }
216

CID 515592: (SLEEP)
Call to "attr" might sleep while holding lock "this->nodefile_mutex". 217 attr(atr); /* replace original attributes */

218 nodesync_inside=0;
219 }
220
221 /****************************************************************************/
222 /* Prints short messages waiting for this node, if any... */
/getnode.cpp: 181 in sbbs_t::nodesync(bool)()
175 nodesync_inside=0;
176 return;
177 }
178
179 if(thisnode.misc&NODE_LCHAT) { // pulled into local chat with sysop
180 saveline();

CID 515592: (SLEEP)
Call to "privchat" might sleep while holding lock "this->nodefile_mutex".

181 privchat(true);
182 restoreline();
183 }
184
185 if(thisnode.misc&NODE_FCHAT) { // forced into private chat
186 int n = getpagingnode(&cfg);
/getnode.cpp: 182 in sbbs_t::nodesync(bool)()
176 return;
177 }
178
179 if(thisnode.misc&NODE_LCHAT) { // pulled into local chat with sysop
180 saveline();
181 privchat(true);

CID 515592: (SLEEP)
Call to "restoreline" might sleep while holding lock "this->nodefile_mutex".

182 restoreline();
183 }
184
185 if(thisnode.misc&NODE_FCHAT) { // forced into private chat
186 int n = getpagingnode(&cfg);
187 if(n) {
/getnode.cpp: 197 in sbbs_t::nodesync(bool)()
191 action = save_action;
192 restoreline();
193 }
194 if(getnodedat(cfg.node_num, &thisnode, true)) {
195 thisnode.action = action;
196 thisnode.misc &= ~NODE_FCHAT;

CID 515592: (SLEEP)
Call to "putnodedat" might sleep while holding lock "this->nodefile_mutex".

197 putnodedat(cfg.node_num, &thisnode);
198 }
199 }
200
201 if(sys_status&SS_USERON && memcmp(&nodesync_user,&useron,sizeof(user_t))) {
202 getusrdirs();

** CID 515591: (LOCK)
/getnode.cpp: 219 in sbbs_t::nodesync(bool)()
/getnode.cpp: 157 in sbbs_t::nodesync(bool)()


________________________________________________________________________________________________________
*** CID 515591: (LOCK)
/getnode.cpp: 219 in sbbs_t::nodesync(bool)()
213 ,((ushort)timeleft/60)+1,(timeleft/60) ? "s" : nulstr);
214 }
215 }
216
217 attr(atr); /* replace original attributes */
218 nodesync_inside=0;

CID 515591: (LOCK)
Returning without unlocking "this->nodefile_mutex".

219 }
220
221 /****************************************************************************/
222 /* Prints short messages waiting for this node, if any... */
223 /****************************************************************************/
224 bool sbbs_t::getnmsg(bool clearline)
/getnode.cpp: 164 in sbbs_t::nodesync(bool)()
158 }
159 }
160 if(!(sys_status&SS_MOFF)) {
161 if(thisnode.misc&NODE_MSGW)
162 getsmsg(useron.number, clearline); /* getsmsg clears MSGW flag */
163 if(thisnode.misc&NODE_NMSG)

CID 515591: (LOCK)
"getnmsg" locks "this->nodefile_mutex" while it is locked.

164 getnmsg(clearline); /* getnmsg clears NMSG flag */
165 }
166 }
167
168 if(cfg.sync_mod[0])
169 exec_bin(cfg.sync_mod,&main_csi);
/getnode.cpp: 197 in sbbs_t::nodesync(bool)()
191 action = save_action;
192 restoreline();
193 }
194 if(getnodedat(cfg.node_num, &thisnode, true)) {
195 thisnode.action = action;
196 thisnode.misc &= ~NODE_FCHAT;

CID 515591: (LOCK)
"putnodedat" locks "this->nodefile_mutex" while it is locked.

197 putnodedat(cfg.node_num, &thisnode);
198 }
199 }
200
201 if(sys_status&SS_USERON && memcmp(&nodesync_user,&useron,sizeof(user_t))) {
202 getusrdirs();
/getnode.cpp: 157 in sbbs_t::nodesync(bool)()
151 }
152 }
153 if(thisnode.misc&NODE_UDAT && !(useron.rest&FLAG('G'))) { /* not guest */
154 getuserdat(&cfg, &useron);
155 if(getnodedat(cfg.node_num,&thisnode, true)) { 156 thisnode.misc&=~NODE_UDAT;

CID 515591: (LOCK)
"putnodedat" locks "this->nodefile_mutex" while it is locked.

157 putnodedat(cfg.node_num,&thisnode);
158 }
159 }
160 if(!(sys_status&SS_MOFF)) {
161 if(thisnode.misc&NODE_MSGW)
162 getsmsg(useron.number, clearline); /* getsmsg clears MSGW flag */

** CID 515590: (LOCK)
/un_qwk.cpp: 94 in sbbs_t::unpack_qwk(char *, unsigned int)()
/un_qwk.cpp: 123 in sbbs_t::unpack_qwk(char *, unsigned int)()


________________________________________________________________________________________________________
*** CID 515590: (LOCK)
/un_qwk.cpp: 94 in sbbs_t::unpack_qwk(char *, unsigned int)()
88 lprintf(LOG_ERR, "libarchive error %ld (%s) extracting %s", file_count, error, packet);
89 if(*cfg.qhub[hubnum]->unpack == '\0')
90 return false;
91 i=external(cmdstr(cfg.qhub[hubnum]->unpack,packet,ALLFILES,NULL),EX_OFFLINE);
92 if(i) {
93 errormsg(WHERE,ERR_EXEC,cmdstr(cfg.qhub[hubnum]->unpack,packet,ALLFILES,NULL),i);

CID 515590: (LOCK)
Returning without unlocking "this->input_thread_mutex".

94 return(false);
95 }
96 }
97 SAFEPRINTF(str,"%sMESSAGES.DAT",cfg.temp_dir);
98 if(!fexistcase(str)) {
99 lprintf(LOG_WARNING,"%s doesn't contain MESSAGES.DAT (%s)",packet,str);
/un_qwk.cpp: 123 in sbbs_t::unpack_qwk(char *, unsigned int)()
117 remove(fname);
118 }
119 SAFEPRINTF(fname, "%sVOTING.DAT", cfg.temp_dir);
120 if(fexistcase(fname)) {
121 lprintf(LOG_DEBUG, "Reading %s", fname);
122 if((fp=fopen(fname,"r")) == NULL)

CID 515590: (LOCK)
"errormsg" locks "this->nodefile_mutex" while it is locked.

123 errormsg(WHERE,ERR_OPEN,fname,O_RDONLY);
124 else {
125 voting=iniReadFile(fp);
126 fclose(fp);
127 }
128 remove(fname);

** CID 515589: Error handling issues (CHECKED_RETURN)
/logon.cpp: 124 in sbbs_t::logon()()


________________________________________________________________________________________________________
*** CID 515589: Error handling issues (CHECKED_RETURN)
/logon.cpp: 124 in sbbs_t::logon()()
118 ,useron.number,useron.alias);
119 logline(LOG_NOTICE,"+!",str);
120 hangup();
121 return(false);
122 }
123 if(yesno(text[RemoveNodeLockQ])) {

CID 515589: Error handling issues (CHECKED_RETURN)
Calling "getnodedat" without checking return value (as is done elsewhere 52 out of 59 times).

124 getnodedat(cfg.node_num,&thisnode, true);
125 logline("S-","Removed Node Lock");
126 thisnode.misc&=~NODE_LOCK;
127 }
128 else
129 getnodedat(cfg.node_num,&thisnode, true);

** CID 515588: (SLEEP)
/main.cpp: 3450 in event_thread(void *)()
/main.cpp: 3272 in event_thread(void *)()


________________________________________________________________________________________________________
*** CID 515588: (SLEEP)
/main.cpp: 3277 in event_thread(void *)()
3271 while(!sbbs->terminated) {
3272 mswait(1000); 3273 now=time(NULL); 3274 if(now-start>10 && now-lastnodechk<10)
3275 continue;
3276 for(j=first_node;j<=last_node;j++) {

CID 515588: (SLEEP)
Call to "getnodedat" might sleep while holding lock "sbbs->nodefile_mutex".

3277 if(!sbbs->getnodedat(j,&node, true))
3278 continue;
3279 if(node.status==NODE_WFC)
3280 node.status=NODE_EVENT_LIMBO;
3281 node.aux=sbbs->cfg.event[i]->node;
3282 sbbs->putnodedat(j,&node);
/main.cpp: 3450 in event_thread(void *)()
3444 }
3445 }
3446 }
3447 }
3448 }
3449 sbbs->event_code = nulstr;

CID 515588: (SLEEP)
Call to "nanosleep" might sleep while holding lock "sbbs->nodefile_mutex".

3450 mswait(1000);
3451 }
3452 sbbs->cfg.node_num=0;
3453 sbbs->useron.number = 0;
3454 sbbs->js_cleanup();
3455
/main.cpp: 3373 in event_thread(void *)()
3367 && (sbbs->cfg.event[i]->node<first_node || sbbs->cfg.event[i]->node>last_node)) {
3368 sbbs->lprintf(LOG_NOTICE,"Changing node status for nodes %d through %d to WFC"
3369 ,first_node,last_node); 3370 sbbs->cfg.event[i]->last=(time32_t)now;
3371 for(j=first_node;j<=last_node;j++) {
3372 node.status=NODE_INVALID_STATUS;

CID 515588: (SLEEP)
Call to "getnodedat" might sleep while holding lock "sbbs->nodefile_mutex".

3373 if(!sbbs->getnodedat(j,&node, true))
3374 continue;
3375 node.status=NODE_WFC; 3376 sbbs->putnodedat(j,&node);
3377 }
3378 }
/main.cpp: 3413 in event_thread(void *)()
3407 cmd = sbbs->cmdstr(cmd, nulstr, sbbs->cfg.event[i]->dir, NULL);
3408 sbbs->lprintf(LOG_INFO,"Running %s%stimed event: %s"
3409 ,native_executable(&sbbs->cfg, cmd, ex_mode) ? "native ":"16-bit DOS "
3410 ,(ex_mode&EX_BG) ? "background ":""
3411 ,cmd);
3412 {

CID 515588: (SLEEP)
Call to "external" might sleep while holding lock "sbbs->nodefile_mutex".

3413 int result = sbbs->external(cmd, ex_mode, sbbs->cfg.event[i]->dir);
3414 if(!(ex_mode&EX_BG)) 3415 sbbs->lprintf(result ? sbbs->cfg.event[i]->errlevel : LOG_INFO, "Timed event: '%s' returned %d", cmd, result);
3416 else
3417 sbbs->lprintf(LOG_DEBUG, "Background timed event spawned: %s", cmd);
3418 }
/main.cpp: 3277 in event_thread(void *)()
3271 while(!sbbs->terminated) {
3272 mswait(1000); 3273 now=time(NULL); 3274 if(now-start>10 && now-lastnodechk<10)
3275 continue;
3276 for(j=first_node;j<=last_node;j++) {

CID 515588: (SLEEP)
Call to "getnodedat" might sleep while holding lock "sbbs->nodefile_mutex".

3277 if(!sbbs->getnodedat(j,&node, true))
3278 continue;
3279 if(node.status==NODE_WFC)
3280 node.status=NODE_EVENT_LIMBO;
3281 node.aux=sbbs->cfg.event[i]->node;
3282 sbbs->putnodedat(j,&node);
/main.cpp: 2986 in event_thread(void *)()
2980 if(!fexist(fname))
2981 continue;
2982 sbbs->useron.number = 0;
2983 sbbs->lprintf(LOG_INFO, "QWK pack semaphore signaled: %s", fname);
2984 int usernum = atoi(fname+offset);
2985 sbbs->useron.number = usernum;

CID 515588: (SLEEP)
Call to "getuserdat" might sleep while holding lock "sbbs->nodefile_mutex".

2986 int retval = getuserdat(&sbbs->cfg,&sbbs->useron);
2987 if(retval != 0) {
2988 sbbs->lprintf(LOG_WARNING, "ERROR %d reading user data for user #%d", retval, usernum);
2989 sbbs->fremove(WHERE, fname, /* log-all-errors: */true);
2990 continue;
2991 }
/main.cpp: 3272 in event_thread(void *)()
3266 sbbs->lprintf(LOG_DEBUG,"event last run: %s (0x%08x)"
3267 ,sbbs->timestr(sbbs->cfg.event[i]->last)
3268 ,sbbs->cfg.event[i]->last);
3269 lastnodechk=0; /* really last event time check */
3270 start=time(NULL);
3271 while(!sbbs->terminated) {

CID 515588: (SLEEP)
Call to "nanosleep" might sleep while holding lock "sbbs->nodefile_mutex".

3272 mswait(1000); 3273 now=time(NULL); 3274 if(now-start>10 && now-lastnodechk<10)
3275 continue;
3276 for(j=first_node;j<=last_node;j++) {
3277 if(!sbbs->getnodedat(j,&node, true))


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=u001.AxU2LYlgjL6eX23u9ErQy-2BKADyCpvUKOL6EWmZljiu4gdQbQRNsarCbK0jIoVQSWT2zCPijRqaed4AhLiEI9Z7MR9SJQ09ot5XPbn9SW-2F14-3D0VuE_7FYjIqE8olEh4k02KWtt1r1LGSyuXVEtCuKuJCXgAQZXtRHBZwsv7Kfty0nOtNaK0UAFlR-2FrVR2f6CKktOSW3KEH5A-2BAGbll45RILco6MRWsB-2BPA-2F5LbzoDmAwnm2EdPSGWu8DKQDA8ovxbR0nzs0zWwn4zpQwqZ0g5MQ5Uxv60wCv-2BEyap91XzPuWSQ2OUE7j0iN0wndXT1J2mredhBFg-3D-3D


--- SBBSecho 3.23-Linux
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

1 new defect(s) introduced to Synchronet found with Coverity Scan.
8 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 1 of 1 defect(s)


** CID 515673: Code maintainability issues (SIZEOF_MISMATCH)
/sbbsecho.c: 1309 in link_area()


________________________________________________________________________________________________________
*** CID 515673: Code maintainability issues (SIZEOF_MISMATCH)
/sbbsecho.c: 1309 in link_area()
1303 return false;
1304 }
1305
1306 void link_area(unsigned area_num, const fidoaddr_t* addr)
1307 {
1308 area_t* area = &cfg.area[area_num];

CID 515673: Code maintainability issues (SIZEOF_MISMATCH)
Passing argument "area->link" of type "fidoaddr_t const *" and argument "8UL /* sizeof (addr) */ * (area->links + 1)" to function "realloc_or_free" is suspicious. In this case, "sizeof (fidoaddr_t const *)" is equal to "sizeof (fidoaddr_t const)", but this is not a portable assumption.

1309 if((area->link = realloc_or_free(area->link, (sizeof addr) * (area->links + 1))) == NULL) {
1310 lprintf(LOG_ERR,"ERROR line %d allocating memory for area "
1311 "#%u links.",__LINE__, area_num + 1);
1312 bail(1);
1313 return;
1314 }


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=u001.AxU2LYlgjL6eX23u9ErQy-2BKADyCpvUKOL6EWmZljiu4gdQbQRNsarCbK0jIoVQSWT2zCPijRqaed4AhLiEI9Z7MR9SJQ09ot5XPbn9SW-2F14-3DjswB_7FYjIqE8olEh4k02KWtt1r1LGSyuXVEtCuKuJCXgAQZTIkIcVsFEubRKPyVR-2BCuKY5oHLU9ayFn6T1x6if3eS0nVM4zzDglf0kSu84NvdLQvLmLpVUMBWFTCqIbKw97TOhNhU4Up-2FQ0gGVaItXyTTfc3Uu2zZfP2qWOCQU0YU4SaCyb8-2B3kJNnxUzaATxOedk4YqKEgN0RG-2F7ZgTWOZJ5A-3D-3D


--- SBBSecho 3.23-Linux
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

3 new defect(s) introduced to Synchronet found with Coverity Scan.
1 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 3 of 3 defect(s)


** CID 515715: Incorrect expression (SIZEOF_MISMATCH)
/userdat.c: 1420 in node_vstatus()


________________________________________________________________________________________________________
*** CID 515715: Incorrect expression (SIZEOF_MISMATCH)
/userdat.c: 1420 in node_vstatus()
1414 return cfg->text != NULL ? cfg->text[NodeStatusOffline] : "Offline";
1415 case NODE_NETTING: /* Obsolete */
1416 return "Networking";
1417 case NODE_LOGON:
1418 return cfg->text != NULL ? cfg->text[NodeStatusLogon] : "At login prompt";
1419 case NODE_LOGOUT:

CID 515715: Incorrect expression (SIZEOF_MISMATCH)
Passing argument "str" of type "char *" and argument "8UL /* sizeof (str) */" to function "safe_snprintf" is suspicious.

1420 snprintf(str, sizeof str, cfg->text != NULL ? cfg->text[NodeStatusLogout] : "Logging out %s", username(cfg,node->useron,tmp));
1421 return str;
1422 case NODE_EVENT_WAITING:
1423 return cfg->text != NULL ? cfg->text[NodeStatusEventWaiting] : "Waiting for all nodes to become inactive";
1424 case NODE_EVENT_LIMBO:
1425 snprintf(str, size, cfg->text != NULL ? cfg->text[NodeStatusEventLimbo] : "Waiting for node %d to finish external event"

** CID 515714: Uninitialized variables (UNINIT)


________________________________________________________________________________________________________
*** CID 515714: Uninitialized variables (UNINIT)
/getnode.cpp: 289 in sbbs_t::getnodeext(unsigned int, char *)()
283 errormsg(WHERE,ERR_CHK,"node number",number);
284 return false;
285 }
286
287 if((node_ext=opennodeext(&cfg))==-1) {
288 memset(ext,0,128);

CID 515714: Uninitialized variables (UNINIT)
Using uninitialized value "*str" when calling "errormsg".

289 errormsg(WHERE,ERR_OPEN,str,O_RDONLY|O_DENYNONE);
290 return false;
291 }
292
293 number--; /* make zero based */
294 for(count=0;count<LOOP_NODEDAB;count++) {

** CID 515713: Incorrect expression (SIZEOF_MISMATCH)
/userdat.c: 1512 in node_activity()


________________________________________________________________________________________________________
*** CID 515713: Incorrect expression (SIZEOF_MISMATCH)
/userdat.c: 1512 in node_activity()
1506 return cfg->text != NULL ? cfg->text[NodeActivityLoggingOn] : "logging on";
1507 case NODE_LCHT:
1508 snprintf(str, size, cfg->text != NULL ? cfg->text[NodeActivityLocalChat] : "chatting with %s", cfg->sys_op);
1509 break;
1510 case NODE_MCHT:
1511 if(node->aux != 0)

CID 515713: Incorrect expression (SIZEOF_MISMATCH)
Passing argument "str" of type "char *" and argument "8UL /* sizeof (str) */" to function "safe_snprintf" is suspicious.

1512 snprintf(str, sizeof str
1513 ,cfg->text != NULL ? cfg->text[NodeActivityChatChannel] : "in multinode chat channel %d"
1514 ,node->aux & 0xff);
1515 else
1516 return cfg->text != NULL ? cfg->text[NodeActivityGlobalChat] : "in multinode global chat channel";
1517 break;


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=u001.AxU2LYlgjL6eX23u9ErQy-2BKADyCpvUKOL6EWmZljiu4gdQbQRNsarCbK0jIoVQSWT2zCPijRqaed4AhLiEI9Z7MR9SJQ09ot5XPbn9SW-2F14-3Drf1g_7FYjIqE8olEh4k02KWtt1r1LGSyuXVEtCuKuJCXgAQY9ty8xtnl2sw1SqlPRU2WILlz6B-2F41RYA0wpD7iGPK7iJJRJMlj06LpTw8H4oLu0ZD6NOR-2Fs4yPZ6xU2n8ZKWHL4-2F4cgQ0xljfi-2B5nJtvQuTTNG4kyAp2Ph0XvRGRr1KcMs8Gin6jWDWu2x-2Bkj9Q6Trx86Of-2BJRienYR-2Fbv9gQgw-3D-3D


--- SBBSecho 3.23-Linux
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

1 new defect(s) introduced to Synchronet found with Coverity Scan.
2 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 1 of 1 defect(s)


** CID 516068: Null pointer dereferences (FORWARD_NULL)
/websrvr.c: 5419 in js_ErrorReporter()


________________________________________________________________________________________________________
*** CID 516068: Null pointer dereferences (FORWARD_NULL)
/websrvr.c: 5419 in js_ErrorReporter()
5413 pthread_mutex_lock(&mutex);
5414 if(lastline == report->lineno && report->filename != NULL && strcmp(lastfile, report->filename) == 0)
5415 log_level = LOG_WARNING;
5416 else
5417 log_level = LOG_ERR;
5418 lastline = report->lineno;

CID 516068: Null pointer dereferences (FORWARD_NULL)
Passing null pointer "report->filename" to "strlcpy", which dereferences it. [Note: The source code implementation of the function has been overridden by a builtin model.]

5419 SAFECOPY(lastfile, report->filename);
5420 pthread_mutex_unlock(&mutex);
5421 warning="";
5422 }
5423
5424 lprintf(log_level,"%04d !JavaScript %s%s%s: %s, Request: %s"


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=u001.AxU2LYlgjL6eX23u9ErQy-2BKADyCpvUKOL6EWmZljiu4gdQbQRNsarCbK0jIoVQSWT2zCPijRqaed4AhLiEI9Z7MR9SJQ09ot5XPbn9SW-2F14-3DwGMb_7FYjIqE8olEh4k02KWtt1r1LGSyuXVEtCuKuJCXgAQYoPlNm5BibC088PrWc35An4cdaeXCJhAHOfo6MdQKpuyixiVEFSUvV84YSqGOWCuXdzqHO6D3vFmsefEKTNsriv31FvxSemaYCwQ1e-2F5VqBGX6SKqkk-2F5GGTcyG8HHnvAZdIDYA7eRF8DYP-2F3cg26HCdIpmNxtLPnr6lFDWLJb2Q-3D-3D


--- SBBSecho 3.23-Linux
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

9 new defect(s) introduced to Synchronet found with Coverity Scan.


New defect(s) Reported-by: Coverity Scan
Showing 9 of 9 defect(s)


** CID 516415: Error handling issues (CHECKED_RETURN)
/userdat.c: 1472 in node_activity()


________________________________________________________________________________________________________
*** CID 516415: Error handling issues (CHECKED_RETURN)
/userdat.c: 1472 in node_activity()
1466 case NODE_AMSG:
1467 return cfg->text != NULL ? cfg->text[NodeActivityAutoMsg] : "posting auto-message";
1468 case NODE_XTRN:
1469 if(node->aux == 0)
1470 return cfg->text != NULL ? cfg->text[NodeActivityXtrnMenu] : "at external program menu";
1471 user.number = node->useron;

CID 516415: Error handling issues (CHECKED_RETURN)
Calling "getuserdat" without checking return value (as is done elsewhere 83 out of 98 times).

1472 getuserdat(cfg, &user);
1473 xtrnnum = getxtrnnum(cfg, user.curxtrn);
1474 if(is_valid_xtrnnum(cfg, xtrnnum))
1475 snprintf(str, size, "%s %s"
1476 ,cfg->text != NULL ? cfg->text[NodeActivityRunningXtrn] : "running"
1477 ,cfg->xtrn[xtrnnum]->name);

** CID 516414: Error handling issues (CHECKED_RETURN)
/useredit.cpp: 65 in sbbs_t::useredit(int)()


________________________________________________________________________________________________________
*** CID 516414: Error handling issues (CHECKED_RETURN)
/useredit.cpp: 65 in sbbs_t::useredit(int)()
59 if(sys_status&SS_INUEDIT)
60 return;
61 sys_status|=SS_INUEDIT;
62 while(online) {
63 CLS;
64 attr(LIGHTGRAY);

CID 516414: Error handling issues (CHECKED_RETURN)
Calling "getuserdat" without checking return value (as is done elsewhere 83 out of 98 times).

65 getuserdat(&cfg,&user);
66 if(!user.number) {
67 user.number=1;
68 getuserdat(&cfg,&user);
69 if(!user.number) {
70 bputs(text[NoUserData]);

** CID 516413: Error handling issues (CHECKED_RETURN)
/answer.cpp: 168 in sbbs_t::answer()()


________________________________________________________________________________________________________
*** CID 516413: Error handling issues (CHECKED_RETURN)
/answer.cpp: 168 in sbbs_t::answer()()
162 (but keep full terminal type/speed string in rlogin_term): */
163 truncstr(terminal,"/");
164 useron.number = 0;
165 if(rlogin_name[0])
166 useron.number = find_login_id(&cfg, rlogin_name);
167 if(useron.number) {

CID 516413: Error handling issues (CHECKED_RETURN)
Calling "getuserdat" without checking return value (as is done elsewhere 83 out of 98 times).

168 getuserdat(&cfg,&useron);
169 SAFEPRINTF(path,"%srlogin.cfg",cfg.ctrl_dir);
170 if(!findstr(client.addr,path)) {
171 SAFECOPY(tmp, rlogin_pass);
172 for(i=0;i<3 && online;i++) { 173 if(stricmp(tmp,useron.pass)) {

** CID 516412: Error handling issues (CHECKED_RETURN)
/login.cpp: 51 in sbbs_t::login(const char *, const char *, const char *, const char *)()


________________________________________________________________________________________________________
*** CID 516412: Error handling issues (CHECKED_RETURN)
/login.cpp: 51 in sbbs_t::login(const char *, const char *, const char *, const char *)()
45 long useron_misc=useron.misc;
46
47 username = parse_login(username);
48
49 useron.number = find_login_id(&cfg, username);
50 if(useron.number) {

CID 516412: Error handling issues (CHECKED_RETURN)
Calling "getuserdat" without checking return value (as is done elsewhere 83 out of 98 times).

51 getuserdat(&cfg,&useron);
52 if(useron.number && useron.misc&(DELETED|INACTIVE))
53 useron.number=0;
54 }
55
56 if(!useron.number) {

** CID 516411: (CHECKED_RETURN)
/useredit.cpp: 733 in sbbs_t::maindflts(user_t *)()
/useredit.cpp: 738 in sbbs_t::maindflts(user_t *)()


________________________________________________________________________________________________________
*** CID 516411: (CHECKED_RETURN)
/useredit.cpp: 733 in sbbs_t::maindflts(user_t *)()
727
728 action=NODE_DFLT;
729 if (cfg.usercfg_mod[0]) {
730 char cmdline[256];
731 snprintf(cmdline, sizeof(cmdline), "%s %u", cfg.usercfg_mod, user->number);
732 exec_bin(cmdline, &main_csi);

CID 516411: (CHECKED_RETURN)
Calling "getuserdat" without checking return value (as is done elsewhere 83 out of 98 times).

733 getuserdat(&cfg, user);
734 return;
735 }
736 while(online) {
737 CLS;
738 getuserdat(&cfg,user);
/useredit.cpp: 738 in sbbs_t::maindflts(user_t *)()
732 exec_bin(cmdline, &main_csi);
733 getuserdat(&cfg, user);
734 return;
735 }
736 while(online) {
737 CLS;

CID 516411: (CHECKED_RETURN)
Calling "getuserdat" without checking return value (as is done elsewhere 83 out of 98 times).

738 getuserdat(&cfg,user);
739 bprintf(text[UserDefaultsHdr],user->alias,user->number);
740 if(user == &useron) {
741 update_nodeterm();
742 load_user_text();
743 }

** CID 516410: Error handling issues (CHECKED_RETURN)
/websrvr.c: 1662 in http_logon()


________________________________________________________________________________________________________
*** CID 516410: Error handling issues (CHECKED_RETURN)
/websrvr.c: 1662 in http_logon()
1656 session->req.finished=true;
1657 }
1658
1659 void http_logon(http_session_t * session, user_t *usr)
1660 {
1661 if(usr==NULL)

CID 516410: Error handling issues (CHECKED_RETURN)
Calling "getuserdat" without checking return value (as is done elsewhere 83 out of 98 times).

1662 getuserdat(&scfg, &session->user);
1663 else
1664 session->user=*usr;
1665
1666 if(session->user.number==session->last_user_num)
1667 return;

** CID 516409: Error handling issues (CHECKED_RETURN)
/str.cpp: 1388 in sbbs_t::change_user()()


________________________________________________________________________________________________________
*** CID 516409: Error handling issues (CHECKED_RETURN)
/str.cpp: 1388 in sbbs_t::change_user()()
1382 putmsgptrs();
1383 putuserstr(useron.number, USER_CURSUB
1384 ,cfg.sub[usrsub[curgrp][cursub[curgrp]]]->code);
1385 putuserstr(useron.number, USER_CURDIR
1386 ,cfg.dir[usrdir[curlib][curdir[curlib]]]->code);
1387 useron.number=i;

CID 516409: Error handling issues (CHECKED_RETURN)
Calling "getuserdat" without checking return value (as is done elsewhere 83 out of 98 times).

1388 getuserdat(&cfg,&useron);
1389 if(getnodedat(cfg.node_num,&thisnode, true)) {
1390 thisnode.useron=useron.number;
1391 putnodedat(cfg.node_num,&thisnode);
1392 }
1393 getmsgptrs();

** CID 516408: Error handling issues (CHECKED_RETURN)
/useredit.cpp: 1166 in sbbs_t::purgeuser(int)()


________________________________________________________________________________________________________
*** CID 516408: Error handling issues (CHECKED_RETURN)
/useredit.cpp: 1166 in sbbs_t::purgeuser(int)()
1160
1161 void sbbs_t::purgeuser(int usernumber)
1162 { char str[128];
1163 user_t user;
1164
1165 user.number=usernumber;

CID 516408: Error handling issues (CHECKED_RETURN)
Calling "getuserdat" without checking return value (as is done elsewhere 83 out of 98 times).

1166 getuserdat(&cfg,&user);
1167 SAFEPRINTF2(str,"Purged %s #%u",user.alias,usernumber);
1168 logentry("!*",str);
1169 delallmail(usernumber, MAIL_ANY);
1170 putusername(&cfg,usernumber,nulstr);
1171 putusermisc(usernumber, user.misc | DELETED);

** CID 516407: Error handling issues (CHECKED_RETURN)
/websrvr.c: 2037 in check_ars()


________________________________________________________________________________________________________
*** CID 516407: Error handling issues (CHECKED_RETURN)
/websrvr.c: 2037 in check_ars()
2031 else
2032 lprintf(LOG_NOTICE,"%04d !UNKNOWN USER: '%s'" 2033 ,session->socket,session->req.auth.username);
2034 return(false);
2035 }
2036 thisuser.number=i;

CID 516407: Error handling issues (CHECKED_RETURN)
Calling "getuserdat" without checking return value (as is done elsewhere 83 out of 98 times).

2037 getuserdat(&scfg, &thisuser);
2038 switch(session->req.auth.type) {
2039 case AUTHENTICATION_TLS_PSK:
2040 if((auth_allowed & (1<<AUTHENTICATION_TLS_PSK))==0)
2041 return(false);
2042 if(session->last_user_num!=0) {


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=u001.AxU2LYlgjL6eX23u9ErQy-2BKADyCpvUKOL6EWmZljiu4gdQbQRNsarCbK0jIoVQSWT2zCPijRqaed4AhLiEI9Z7MR9SJQ09ot5XPbn9SW-2F14-3DQyWe_7FYjIqE8olEh4k02KWtt1r1LGSyuXVEtCuKuJCXgAQZaRdcpKH1DbVbWKil-2BYXbuPo6Nlz2IWCRH2bHbIl-2BZWutyiZLTcraL5FS1iiZSM0cIaa70yw-2BvQnYvTFtY90cnRY6AunfTZ3TOchBhkmrNG5r6R9YGJilsgu5Suh4msrRA-2BqV-2BHoo-2B29c88W6IVBSZdgQoHyw-2Bn9zmKTgeEHvaqQ-3D-3D


--- SBBSecho 3.23-Linux
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

1 new defect(s) introduced to Synchronet found with Coverity Scan.
3 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 1 of 1 defect(s)


** CID 516431: Incorrect expression (EVALUATION_ORDER)
/scfg/scfgsys.c: 1740 in sys_cfg()


________________________________________________________________________________________________________
*** CID 516431: Incorrect expression (EVALUATION_ORDER)
/scfg/scfgsys.c: 1740 in sys_cfg()
1734 char sys_pass[sizeof(cfg.sys_pass)];
1735 SAFECOPY(sys_pass, cfg.sys_pass);
1736 while(1) {
1737 i=0;
1738 snprintf(opt[i++],MAX_OPLN,"%-20s%s","BBS Name",cfg.sys_name);
1739 snprintf(opt[i++],MAX_OPLN,"%-20s%s","Location",cfg.sys_location);

CID 516431: Incorrect expression (EVALUATION_ORDER)
In argument #6 of "safe_snprintf(opt[i++], 75UL, "%-20s%s%s %s", "Local Time Zone", ((cfg.sys_timezone == -1) ? "Auto: " : ""), smb_zonestr(sys_timezone(&cfg), NULL), ((!(cfg.sys_timezone <= 1000 && cfg.sys_timezone >= -1000) && (cfg.sys_timezone & 0xc000 || cfg.sys_timezone == 4096 || cfg.sys_timezone == 4156 || cfg.sys_timezone == 4216 || cfg.sys_timezone == 4816 || cfg.sys_timezone == 4696 || cfg.sys_timezone == 4666) && cfg.sys_misc & 0x4000U) ? "(Auto-DST)" : ""))", a call is made to "sys_timezone(&cfg)". In argument #1 of this function, the object "cfg.sys_timezone" is modified. This object is also used in "(cfg.sys_timezone == -1) ? "Auto: " : """, the argument #5 of the outer function call. The order in which these arguments are evaluated is not specified, and will vary between platforms.

1740 snprintf(opt[i++],MAX_OPLN,"%-20s%s%s %s","Local Time Zone"
1741 ,cfg.sys_timezone == SYS_TIMEZONE_AUTO ? "Auto: " : ""
1742 ,smb_zonestr(sys_timezone(&cfg),NULL)
1743 ,SMB_TZ_HAS_DST(cfg.sys_timezone) && cfg.sys_misc&SM_AUTO_DST ? "(Auto-DST)" : "");
1744 snprintf(opt[i++],MAX_OPLN,"%-20s%s (e.g. %s)","Short Date Format"
1745 ,date_format(&cfg, str, sizeof str)


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=u001.AxU2LYlgjL6eX23u9ErQy-2BKADyCpvUKOL6EWmZljiu4gdQbQRNsarCbK0jIoVQSWT2zCPijRqaed4AhLiEI9Z7MR9SJQ09ot5XPbn9SW-2F14-3Du0AK_7FYjIqE8olEh4k02KWtt1r1LGSyuXVEtCuKuJCXgAQZX-2BkC2-2BAZJhPPYfXPDeIQ-2B4YvLEfkbd-2Bd6D-2Bq6Hgb3A8yT9nXPdJTazBcJukBEh03pJKxvVooRsB2exFituB7-2FZiW-2B-2FFf3SbStI-2Fat2UXSZKXBODkmruS46NddedKGixq1GgfIg-2BgPQfkssXqpoMR-2BzxwZcTjLKvzCO0Vk2ny9Gw-3D-3D


--- SBBSecho 3.23-Linux
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)