Forum: 4d2 dot org

New Defects reported by Coverity Scan for Synchronet

From scan-admin@coverity.com@1:103/705 to All on Sat Dec 27 13:44:41 2025

----==_mimepart_694fe2c8bcbb0_14b1952c2daae15998453b2
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

1 new defect(s) introduced to Synchronet found with Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 1 of 1 defect(s)

** CID 640112: (RESOURCE_LEAK)
/js_bbs.cpp: 1875 in js_logline(JSContext *, unsigned int, unsigned long *)()
/js_bbs.cpp: 1880 in js_logline(JSContext *, unsigned int, unsigned long *)()

_____________________________________________________________________________________________
*** CID 640112: (RESOURCE_LEAK)
/js_bbs.cpp: 1875 in js_logline(JSContext *, unsigned int, unsigned long *)()
1869
1870 JSSTRING_TO_MSTRING(cx, js_str, code, NULL);
1871 if (code == NULL)
1872 return JS_FALSE;
1873
1874 if ((js_str = JS_ValueToString(cx, argv[argn])) == NULL)

CID 640112: (RESOURCE_LEAK)
Variable "code" going out of scope leaks the storage it points to.

1875 return JS_FALSE;
1876 argn++;
1877
1878 JSSTRING_TO_MSTRING(cx, js_str, str, NULL);
1879 if (str == NULL)
1880 return JS_FALSE;
/js_bbs.cpp: 1880 in js_logline(JSContext *, unsigned int, unsigned long *)()
1874 if ((js_str = JS_ValueToString(cx, argv[argn])) == NULL)
1875 return JS_FALSE;
1876 argn++;
1877
1878 JSSTRING_TO_MSTRING(cx, js_str, str, NULL);
1879 if (str == NULL)

CID 640112: (RESOURCE_LEAK)
Variable "code" going out of scope leaks the storage it points to.

1880 return JS_FALSE;
1881
1882 rc = JS_SUSPENDREQUEST(cx);
1883 sbbs->logline(level, code, str);
1884 free(code);
1885 free(str);

________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://scan.coverity.com/projects/synchronet?tab=overview

----==_mimepart_694fe2c8bcbb0_14b1952c2daae15998453b2
Content-Type: text/html; charset=us-ascii
Content-Transfer-Encoding: 7bit

<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<title>New Defects Reported - Synchronet</title>
<style>
body { font-family: Arial, sans-serif; color: #222; line-height: 1.6; }
.button {
display: inline-block;
padding: 10px 20px;
margin: 20px 0;
font-size: 16px;
color: #fff !important;
background-color: #0056b3;
text-decoration: none;
border-radius: 5px;
}
pre {
background: #f8f9fa;
padding: 10px;
border-radius: 5px;
font-size: 14px;
overflow-x: auto;
}
</style>
</head>
<body>
<p>Hi,</p>

<p>
Please find the latest report on new defect(s) introduced to <strong>Synchronet</strong>
found with Coverity Scan.
</p>

<ul>
<li><strong>New Defects Found:</strong> 1</li>
<li><strong>Defects Shown:</strong> Showing 1 of 1 defect(s)</li>
</ul>

<h3>Defect Details</h3>
<pre>
** CID 640112: (RESOURCE_LEAK)
/js_bbs.cpp: 1875 in js_logline(JSContext *, unsigned int, unsigned long *)()
/js_bbs.cpp: 1880 in js_logline(JSContext *, unsigned int, unsigned long *)()

_____________________________________________________________________________________________
*** CID 640112: (RESOURCE_LEAK)
/js_bbs.cpp: 1875 in js_logline(JSContext *, unsigned int, unsigned long *)()
1869
1870 JSSTRING_TO_MSTRING(cx, js_str, code, NULL);
1871 if (code == NULL)
1872 return JS_FALSE;
1873
1874 if ((js_str = JS_ValueToString(cx, argv[argn])) == NULL) >>> CID 640112: (RESOURCE_LEAK)
>>> Variable "code" going out of scope leaks the storage it points to.
1875 return JS_FALSE;
1876 argn++;
1877
1878 JSSTRING_TO_MSTRING(cx, js_str, str, NULL);
1879 if (str == NULL)
1880 return JS_FALSE;
/js_bbs.cpp: 1880 in js_logline(JSContext *, unsigned int, unsigned long *)()
1874 if ((js_str = JS_ValueToString(cx, argv[argn])) == NULL)
1875 return JS_FALSE;
1876 argn++;
1877
1878 JSSTRING_TO_MSTRING(cx, js_str, str, NULL);
1879 if (str == NULL)
>>> CID 640112: (RESOURCE_LEAK)
>>> Variable "code" going out of scope leaks the storage it points to.
1880 return JS_FALSE;
1881
1882 rc = JS_SUSPENDREQUEST(cx);
1883 sbbs->logline(level, code, str);
1884 free(code);
1885 free(str);

</pre>

<p>
<a href="https://scan.coverity.com/projects/synchronet?tab=overview" class="button">View Defects in Coverity Scan</a>
</p>

<p>Best regards,</p>
<p>The Coverity Scan Admin Team</p>
<img class="logo" width="140" src="https://scan.coverity.com/assets/BlackDuckLogo-6697adc63e07340464201a2ad534d3d3e44f95d36edda20b140440d34f05372f.svg" />
</body>
</html>
----==_mimepart_694fe2c8bcbb0_14b1952c2daae15998453b2--

--- SBBSecho 3.34-Linux
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

From scan-admin@coverity.com@1:103/705 to All on Wed Dec 31 13:45:24 2025

----==_mimepart_695528f458f41_188c5a2c2daae1599845314
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

1 new defect(s) introduced to Synchronet found with Coverity Scan.
4 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 1 of 1 defect(s)

** CID 640333: (NEGATIVE_RETURNS)
/writemsg.cpp: 463 in sbbs_t::writemsg(const char *, const char *, char *, int, int, const char *, const char *, const char **, const char **)()
/writemsg.cpp: 428 in sbbs_t::writemsg(const char *, const char *, char *, int, int, const char *, const char *, const char **, const char **)()
/writemsg.cpp: 440 in sbbs_t::writemsg(const char *, const char *, char *, int, int, const char *, const char *, const char **, const char **)()

_____________________________________________________________________________________________
*** CID 640333: (NEGATIVE_RETURNS)
/writemsg.cpp: 463 in sbbs_t::writemsg(const char *, const char *, char *, int, int, const char *, const char *, const char **, const char **)()
457 while (p) {
458 if (*p == ',' || *p == ' ')
459 p++;
460 i = atoi(p);
461 if (!i)
462 break;

CID 640333: (NEGATIVE_RETURNS)
"l" is passed to a parameter that cannot be negative.

463 fseek(stream, l, SEEK_SET);
464 j = 1;
465 while (!feof(stream) && !ferror(stream) && j < i) {
466 if (!fgets(tmp, sizeof(tmp), stream))
467 break;
468 j++; /* skip beginning */
/writemsg.cpp: 428 in sbbs_t::writemsg(const char *, const char *, char *, int, int, const char *, const char *, const char **, const char **)()
422 free(buf);
423 return false;
424 }
425 if (!i && linesquoted)
426 break;
427 if (!i || quote[0] == all_key()) { /* Quote all */

CID 640333: (NEGATIVE_RETURNS)
"l" is passed to a parameter that cannot be negative.

428 fseek(stream, l, SEEK_SET);
429 while (!feof(stream) && !ferror(stream)) {
430 if (!fgets(str, sizeof(str), stream))
431 break;
432 quotestr(str);
433 SAFEPRINTF2(tmp, quote_fmt, term->cols - 4, str);
/writemsg.cpp: 440 in sbbs_t::writemsg(const char *, const char *, char *, int, int, const char *, const char *, const char **, const char **)()
434 if (write(file, tmp, strlen(tmp)) > 0)
435 linesquoted++; 436 }
437 break;
438 }
439 if (quote[0] == list_key()) {

CID 640333: (NEGATIVE_RETURNS)
"l" is passed to a parameter that cannot be negative.

440 fseek(stream, l, SEEK_SET);
441 i = 1;
442 term->newline();
443 attr(LIGHTGRAY);
444 while (!feof(stream) && !ferror(stream) && !msgabort()) {
445 if (!fgets(str, sizeof(str), stream))

________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://scan.coverity.com/projects/synchronet?tab=overview

----==_mimepart_695528f458f41_188c5a2c2daae1599845314
Content-Type: text/html; charset=us-ascii
Content-Transfer-Encoding: 7bit

<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<title>New Defects Reported - Synchronet</title>
<style>
body { font-family: Arial, sans-serif; color: #222; line-height: 1.6; }
.button {
display: inline-block;
padding: 10px 20px;
margin: 20px 0;
font-size: 16px;
color: #fff !important;
background-color: #0056b3;
text-decoration: none;
border-radius: 5px;
}
pre {
background: #f8f9fa;
padding: 10px;
border-radius: 5px;
font-size: 14px;
overflow-x: auto;
}
</style>
</head>
<body>
<p>Hi,</p>

<p>
Please find the latest report on new defect(s) introduced to <strong>Synchronet</strong>
found with Coverity Scan.
</p>

<ul>
<li><strong>New Defects Found:</strong> 1</li>
<li>
4 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.
</li>
<li><strong>Defects Shown:</strong> Showing 1 of 1 defect(s)</li>
</ul>

<h3>Defect Details</h3>
<pre>
** CID 640333: (NEGATIVE_RETURNS)
/writemsg.cpp: 463 in sbbs_t::writemsg(const char *, const char *, char *, int, int, const char *, const char *, const char **, const char **)()
/writemsg.cpp: 428 in sbbs_t::writemsg(const char *, const char *, char *, int, int, const char *, const char *, const char **, const char **)()
/writemsg.cpp: 440 in sbbs_t::writemsg(const char *, const char *, char *, int, int, const char *, const char *, const char **, const char **)()

_____________________________________________________________________________________________
*** CID 640333: (NEGATIVE_RETURNS)
/writemsg.cpp: 463 in sbbs_t::writemsg(const char *, const char *, char *, int, int, const char *, const char *, const char **, const char **)()
457 while (p) {
458 if (*p == ',' || *p == ' ')
459 p++;
460 i = atoi(p);
461 if (!i)
462 break;
>>> CID 640333: (NEGATIVE_RETURNS)
>>> "l" is passed to a parameter that cannot be negative.
463 fseek(stream, l, SEEK_SET);
464 j = 1;
465 while (!feof(stream) && !ferror(stream) && j < i) {
466 if (!fgets(tmp, sizeof(tmp), stream))
467 break;
468 j++; /* skip beginning */
/writemsg.cpp: 428 in sbbs_t::writemsg(const char *, const char *, char *, int, int, const char *, const char *, const char **, const char **)()
422 free(buf);
423 return false;
424 }
425 if (!i && linesquoted)
426 break;
427 if (!i || quote[0] == all_key()) { /* Quote all */
>>> CID 640333: (NEGATIVE_RETURNS)
>>> "l" is passed to a parameter that cannot be negative.
428 fseek(stream, l, SEEK_SET);
429 while (!feof(stream) && !ferror(stream)) {
430 if (!fgets(str, sizeof(str), stream))
431 break;
432 quotestr(str);
433 SAFEPRINTF2(tmp, quote_fmt, term->cols - 4, str);
/writemsg.cpp: 440 in sbbs_t::writemsg(const char *, const char *, char *, int, int, const char *, const char *, const char **, const char **)()
434 if (write(file, tmp, strlen(tmp)) > 0)
435 linesquoted++; 436 }
437 break;
438 }
439 if (quote[0] == list_key()) { >>> CID 640333: (NEGATIVE_RETURNS)
>>> "l" is passed to a parameter that cannot be negative.
440 fseek(stream, l, SEEK_SET);
441 i = 1;
442 term->newline();
443 attr(LIGHTGRAY);
444 while (!feof(stream) && !ferror(stream) && !msgabort()) {
445 if (!fgets(str, sizeof(str), stream))

</pre>

<p>
<a href="https://scan.coverity.com/projects/synchronet?tab=overview" class="button">View Defects in Coverity Scan</a>
</p>

<p>Best regards,</p>
<p>The Coverity Scan Admin Team</p>
<img class="logo" width="140" src="https://scan.coverity.com/assets/BlackDuckLogo-6697adc63e07340464201a2ad534d3d3e44f95d36edda20b140440d34f05372f.svg" />
</body>
</html>
----==_mimepart_695528f458f41_188c5a2c2daae1599845314--

--- SBBSecho 3.34-Linux
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

From scan-admin@coverity.com@1:103/705 to All on Mon Jan 5 13:46:18 2026

----==_mimepart_695bc0a9c87c5_1d5c082c2daae1599845356
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

4 new defect(s) introduced to Synchronet found with Coverity Scan.
1 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 4 of 4 defect(s)

** CID 640406: High impact quality (Y2K38_SAFETY)
/getstats.c: 127 in fread_dstats()

_____________________________________________________________________________________________
*** CID 640406: High impact quality (Y2K38_SAFETY)
/getstats.c: 127 in fread_dstats()
121 if (fp == NULL)
122 return false;
123
124 memset(stats, 0, sizeof(*stats));
125 if ((ini = iniReadFile(fp)) == NULL)
126 return false;

CID 640406: High impact quality (Y2K38_SAFETY)
A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "iniGetDateTime(ini, NULL, "Date", 0L)" is cast to "time32_t".

127 stats->date = (time32_t)iniGetDateTime(ini, NULL, strStatsDate, 0);
128 gettotals(ini, strStatsToday, &stats->today);
129 gettotals(ini, strStatsTotal, &stats->total);
130 iniFreeStringList(ini);
131 stats->last = time32(NULL);
132

** CID 640405: API usage errors (PW.PRINTF_ARG_MISMATCH)
/atcodes.cpp: 844 in ()

_____________________________________________________________________________________________
*** CID 640405: API usage errors (PW.PRINTF_ARG_MISMATCH) /atcodes.cpp: 844 in ()
838 if (strcmp(sp, "CLOCK") == 0) {
839 snprintf(str, maxlen, "%" PRIu64, xp_timer64());
840 return str;
841 }
842
843 if (strcmp(sp, "TIMER") == 0) {

CID 640405: API usage errors (PW.PRINTF_ARG_MISMATCH)
argument is incompatible with corresponding format string conversion (expected type "double" but argument has type "long double")

844 snprintf(str, maxlen, "%f", xp_timer());
845 return str;
846 }
847
848 if (strcmp(sp, "GENDERS") == 0)
849 return cfg.new_genders;

** CID 640404: API usage errors (PRINTF_ARGS)
/atcodes.cpp: 844 in sbbs_t::atcode(const char *, char *, unsigned long, int *, bool, JSObject *)()

_____________________________________________________________________________________________
*** CID 640404: API usage errors (PRINTF_ARGS)
/atcodes.cpp: 844 in sbbs_t::atcode(const char *, char *, unsigned long, int *, bool, JSObject *)()
838 if (strcmp(sp, "CLOCK") == 0) {
839 snprintf(str, maxlen, "%" PRIu64, xp_timer64());
840 return str;
841 }
842
843 if (strcmp(sp, "TIMER") == 0) {

CID 640404: API usage errors (PRINTF_ARGS)
Argument "xp_timer()" to format specifier "%f" was expected to have type "double" but has type "long double". [Note: The source code implementation of the function has been overridden by a builtin model.]

844 snprintf(str, maxlen, "%f", xp_timer());
845 return str;
846 }
847
848 if (strcmp(sp, "GENDERS") == 0)
849 return cfg.new_genders;

** CID 640403: Error handling issues (CHECKED_RETURN)
/js_system.cpp: 1351 in js_minutestr(JSContext *, unsigned int, unsigned long *)()

_____________________________________________________________________________________________
*** CID 640403: Error handling issues (CHECKED_RETURN)
/js_system.cpp: 1351 in js_minutestr(JSContext *, unsigned int, unsigned long *)()
1345 if (js_argvIsNullOrVoid(cx, argv, 0))
1346 return JS_FALSE;
1347
1348 if (argc > 1 && JSVAL_IS_BOOLEAN(argv[1]))
1349 estimate = JSVAL_TO_BOOLEAN(argv[1]);
1350

CID 640403: Error handling issues (CHECKED_RETURN)
Calling "JS_ValueToECMAUint32" without checking return value (as is done elsewhere 96 out of 102 times).

1351 JS_ValueToECMAUint32(cx, argv[0], &t);
1352 if ((js_str = JS_NewStringCopyZ(cx, minutes_to_str(t, str, sizeof str, estimate))) == NULL)
1353 return JS_FALSE;
1354
1355 JS_SET_RVAL(cx, arglist, STRING_TO_JSVAL(js_str));
1356 return JS_TRUE;

________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://scan.coverity.com/projects/synchronet?tab=overview

----==_mimepart_695bc0a9c87c5_1d5c082c2daae1599845356
Content-Type: text/html; charset=us-ascii
Content-Transfer-Encoding: 7bit

<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<title>New Defects Reported - Synchronet</title>
<style>
body { font-family: Arial, sans-serif; color: #222; line-height: 1.6; }
.button {
display: inline-block;
padding: 10px 20px;
margin: 20px 0;
font-size: 16px;
color: #fff !important;
background-color: #0056b3;
text-decoration: none;
border-radius: 5px;
}
pre {
background: #f8f9fa;
padding: 10px;
border-radius: 5px;
font-size: 14px;
overflow-x: auto;
}
</style>
</head>
<body>
<p>Hi,</p>

<p>
Please find the latest report on new defect(s) introduced to <strong>Synchronet</strong>
found with Coverity Scan.
</p>

<ul>
<li><strong>New Defects Found:</strong> 4</li>
<li>
1 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.
</li>
<li><strong>Defects Shown:</strong> Showing 4 of 4 defect(s)</li>
</ul>

<h3>Defect Details</h3>
<pre>
** CID 640406: High impact quality (Y2K38_SAFETY)
/getstats.c: 127 in fread_dstats()

_____________________________________________________________________________________________
*** CID 640406: High impact quality (Y2K38_SAFETY)
/getstats.c: 127 in fread_dstats()
121 if (fp == NULL)
122 return false;
123
124 memset(stats, 0, sizeof(*stats));
125 if ((ini = iniReadFile(fp)) == NULL)
126 return false;
>>> CID 640406: High impact quality (Y2K38_SAFETY) >>> A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "iniGetDateTime(ini, NULL, "Date", 0L)" is cast to "time32_t".
127 stats->date = (time32_t)iniGetDateTime(ini, NULL, strStatsDate, 0);
128 gettotals(ini, strStatsToday, &stats->today);
129 gettotals(ini, strStatsTotal, &stats->total);
130 iniFreeStringList(ini);
131 stats->last = time32(NULL);
132

** CID 640405: API usage errors (PW.PRINTF_ARG_MISMATCH)
/atcodes.cpp: 844 in ()

_____________________________________________________________________________________________
*** CID 640405: API usage errors (PW.PRINTF_ARG_MISMATCH) /atcodes.cpp: 844 in ()
838 if (strcmp(sp, "CLOCK") == 0) {
839 snprintf(str, maxlen, "%" PRIu64, xp_timer64());
840 return str;
841 }
842
843 if (strcmp(sp, "TIMER") == 0) {
>>> CID 640405: API usage errors (PW.PRINTF_ARG_MISMATCH) >>> argument is incompatible with corresponding format string conversion (expected type "double" but argument has type "long double")
844 snprintf(str, maxlen, "%f", xp_timer());
845 return str;
846 }
847
848 if (strcmp(sp, "GENDERS") == 0)
849 return cfg.new_genders;

** CID 640404: API usage errors (PRINTF_ARGS)
/atcodes.cpp: 844 in sbbs_t::atcode(const char *, char *, unsigned long, int *, bool, JSObject *)()

_____________________________________________________________________________________________
*** CID 640404: API usage errors (PRINTF_ARGS)
/atcodes.cpp: 844 in sbbs_t::atcode(const char *, char *, unsigned long, int *, bool, JSObject *)()
838 if (strcmp(sp, "CLOCK") == 0) {
839 snprintf(str, maxlen, "%" PRIu64, xp_timer64());
840 return str;
841 }
842
843 if (strcmp(sp, "TIMER") == 0) {
>>> CID 640404: API usage errors (PRINTF_ARGS) >>> Argument "xp_timer()" to format specifier "%f" was expected to have type "double" but has type "long double". [Note: The source code implementation of the function has been overridden by a builtin model.]
844 snprintf(str, maxlen, "%f", xp_timer());
845 return str;
846 }
847
848 if (strcmp(sp, "GENDERS") == 0)
849 return cfg.new_genders;

** CID 640403: Error handling issues (CHECKED_RETURN)
/js_system.cpp: 1351 in js_minutestr(JSContext *, unsigned int, unsigned long *)()

_____________________________________________________________________________________________
*** CID 640403: Error handling issues (CHECKED_RETURN)
/js_system.cpp: 1351 in js_minutestr(JSContext *, unsigned int, unsigned long *)()
1345 if (js_argvIsNullOrVoid(cx, argv, 0))
1346 return JS_FALSE;
1347
1348 if (argc > 1 && JSVAL_IS_BOOLEAN(argv[1]))
1349 estimate = JSVAL_TO_BOOLEAN(argv[1]);
1350
>>> CID 640403: Error handling issues (CHECKED_RETURN) >>> Calling "JS_ValueToECMAUint32" without checking return value (as is done elsewhere 96 out of 102 times).
1351 JS_ValueToECMAUint32(cx, argv[0], &t);
1352 if ((js_str = JS_NewStringCopyZ(cx, minutes_to_str(t, str, sizeof str, estimate))) == NULL)
1353 return JS_FALSE;
1354
1355 JS_SET_RVAL(cx, arglist, STRING_TO_JSVAL(js_str));
1356 return JS_TRUE;

</pre>

<p>
<a href="https://scan.coverity.com/projects/synchronet?tab=overview" class="button">View Defects in Coverity Scan</a>
</p>

<p>Best regards,</p>
<p>The Coverity Scan Admin Team</p>
<img class="logo" width="140" src="https://scan.coverity.com/assets/BlackDuckLogo-6697adc63e07340464201a2ad534d3d3e44f95d36edda20b140440d34f05372f.svg" />
</body>
</html>
----==_mimepart_695bc0a9c87c5_1d5c082c2daae1599845356--

--- SBBSecho 3.34-Linux
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

From scan-admin@coverity.com@1:103/705 to All on Wed Jan 7 13:48:08 2026

----==_mimepart_695e6417e6a62_1f55b62c2daae1599845373
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

3 new defect(s) introduced to Synchronet found with Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 3 of 3 defect(s)

** CID 640928: Performance inefficiencies (PASS_BY_VALUE)
/js_user.cpp: 60 in user_private_t::user_private_t(scfg_t *, user_t)()

_____________________________________________________________________________________________
*** CID 640928: Performance inefficiencies (PASS_BY_VALUE) /js_user.cpp: 60 in user_private_t::user_private_t(scfg_t *, user_t)()
54 cached_mail_count mail_pending{cfg, user, true, 0};
55 cached_mail_count spam_waiting{cfg, user, false, MSG_SPAM};
56
57 user_private_t(scfg_t* cfg)
58 : cfg(cfg)
59 {}

CID 640928: Performance inefficiencies (PASS_BY_VALUE)
Passing parameter user of type "user_t" (size 784 bytes) by value, which exceeds the high threshold of 512 bytes.

60 user_private_t(scfg_t* cfg, user_t user)
61 : storage(user)
62 , cached(user.number == 0 ? false : true)
63 , cfg(cfg)
64 {}
65 };

** CID 640927: API usage errors (PRINTF_ARGS)

_____________________________________________________________________________________________
*** CID 640927: API usage errors (PRINTF_ARGS)
/date_str.c: 301 in tm_as_hhmmss()
295 /* Returns 8 character string (e.g. hh:mm:ss or hh:mm am/pm) */
296 /****************************************************************************/
297 char* tm_as_hhmmss(scfg_t* cfg, struct tm* tm, char* str, size_t size) 298 {
299 if (cfg != NULL && (cfg->sys_misc & SM_MILITARY))
300 snprintf(str, size, "%02d:%02d:02d"

CID 640927: API usage errors (PRINTF_ARGS)
This argument was not used by the format string: "tm->tm_sec".

301 , tm->tm_hour, tm->tm_min, tm->tm_sec);
302 else
303 snprintf(str, size, "%02d:%02d %cm"
304 , tm->tm_hour > 12 ? tm->tm_hour - 12 : tm->tm_hour == 0 ? 12 : tm->tm_hour
305 , tm->tm_min, tm->tm_hour >= 12 ? 'p' : 'a'); 306 return str;

** CID 640926: API usage errors (PW.TOO_MANY_PRINTF_ARGS)
/date_str.c: 301 in ()

_____________________________________________________________________________________________
*** CID 640926: API usage errors (PW.TOO_MANY_PRINTF_ARGS) /date_str.c: 301 in ()
295 /* Returns 8 character string (e.g. hh:mm:ss or hh:mm am/pm) */
296 /****************************************************************************/
297 char* tm_as_hhmmss(scfg_t* cfg, struct tm* tm, char* str, size_t size) 298 {
299 if (cfg != NULL && (cfg->sys_misc & SM_MILITARY))
300 snprintf(str, size, "%02d:%02d:02d"

CID 640926: API usage errors (PW.TOO_MANY_PRINTF_ARGS)
the format string ends before this argument

301 , tm->tm_hour, tm->tm_min, tm->tm_sec);
302 else
303 snprintf(str, size, "%02d:%02d %cm"
304 , tm->tm_hour > 12 ? tm->tm_hour - 12 : tm->tm_hour == 0 ? 12 : tm->tm_hour
305 , tm->tm_min, tm->tm_hour >= 12 ? 'p' : 'a'); 306 return str;

________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://scan.coverity.com/projects/synchronet?tab=overview

----==_mimepart_695e6417e6a62_1f55b62c2daae1599845373
Content-Type: text/html; charset=us-ascii
Content-Transfer-Encoding: 7bit

<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<title>New Defects Reported - Synchronet</title>
<style>
body { font-family: Arial, sans-serif; color: #222; line-height: 1.6; }
.button {
display: inline-block;
padding: 10px 20px;
margin: 20px 0;
font-size: 16px;
color: #fff !important;
background-color: #0056b3;
text-decoration: none;
border-radius: 5px;
}
pre {
background: #f8f9fa;
padding: 10px;
border-radius: 5px;
font-size: 14px;
overflow-x: auto;
}
</style>
</head>
<body>
<p>Hi,</p>

<p>
Please find the latest report on new defect(s) introduced to <strong>Synchronet</strong>
found with Coverity Scan.
</p>

<ul>
<li><strong>New Defects Found:</strong> 3</li>
<li><strong>Defects Shown:</strong> Showing 3 of 3 defect(s)</li>
</ul>

<h3>Defect Details</h3>
<pre>
** CID 640928: Performance inefficiencies (PASS_BY_VALUE)
/js_user.cpp: 60 in user_private_t::user_private_t(scfg_t *, user_t)()

_____________________________________________________________________________________________
*** CID 640928: Performance inefficiencies (PASS_BY_VALUE) /js_user.cpp: 60 in user_private_t::user_private_t(scfg_t *, user_t)()
54 cached_mail_count mail_pending{cfg, user, true, 0};
55 cached_mail_count spam_waiting{cfg, user, false, MSG_SPAM};
56
57 user_private_t(scfg_t* cfg)
58 : cfg(cfg)
59 {}
>>> CID 640928: Performance inefficiencies (PASS_BY_VALUE)
>>> Passing parameter user of type "user_t" (size 784 bytes) by value, which exceeds the high threshold of 512 bytes.
60 user_private_t(scfg_t* cfg, user_t user)
61 : storage(user)
62 , cached(user.number == 0 ? false : true)
63 , cfg(cfg)
64 {}
65 };

** CID 640927: API usage errors (PRINTF_ARGS)

_____________________________________________________________________________________________
*** CID 640927: API usage errors (PRINTF_ARGS)
/date_str.c: 301 in tm_as_hhmmss()
295 /* Returns 8 character string (e.g. hh:mm:ss or hh:mm am/pm) */
296 /****************************************************************************/
297 char* tm_as_hhmmss(scfg_t* cfg, struct tm* tm, char* str, size_t size) 298 {
299 if (cfg != NULL && (cfg->sys_misc & SM_MILITARY))
300 snprintf(str, size, "%02d:%02d:02d" >>> CID 640927: API usage errors (PRINTF_ARGS) >>> This argument was not used by the format string: "tm->tm_sec".
301 , tm->tm_hour, tm->tm_min, tm->tm_sec);
302 else
303 snprintf(str, size, "%02d:%02d %cm"
304 , tm->tm_hour > 12 ? tm->tm_hour - 12 : tm->tm_hour == 0 ? 12 : tm->tm_hour
305 , tm->tm_min, tm->tm_hour >= 12 ? 'p' : 'a');
306 return str;

** CID 640926: API usage errors (PW.TOO_MANY_PRINTF_ARGS)
/date_str.c: 301 in ()

_____________________________________________________________________________________________
*** CID 640926: API usage errors (PW.TOO_MANY_PRINTF_ARGS) /date_str.c: 301 in ()
295 /* Returns 8 character string (e.g. hh:mm:ss or hh:mm am/pm) */
296 /****************************************************************************/
297 char* tm_as_hhmmss(scfg_t* cfg, struct tm* tm, char* str, size_t size) 298 {
299 if (cfg != NULL && (cfg->sys_misc & SM_MILITARY))
300 snprintf(str, size, "%02d:%02d:02d" >>> CID 640926: API usage errors (PW.TOO_MANY_PRINTF_ARGS)
>>> the format string ends before this argument
301 , tm->tm_hour, tm->tm_min, tm->tm_sec);
302 else
303 snprintf(str, size, "%02d:%02d %cm"
304 , tm->tm_hour > 12 ? tm->tm_hour - 12 : tm->tm_hour == 0 ? 12 : tm->tm_hour
305 , tm->tm_min, tm->tm_hour >= 12 ? 'p' : 'a');
306 return str;

</pre>

<p>
<a href="https://scan.coverity.com/projects/synchronet?tab=overview" class="button">View Defects in Coverity Scan</a>
</p>

<p>Best regards,</p>
<p>The Coverity Scan Admin Team</p>
<img class="logo" width="140" src="https://scan.coverity.com/assets/BlackDuckLogo-6697adc63e07340464201a2ad534d3d3e44f95d36edda20b140440d34f05372f.svg" />
</body>
</html>
----==_mimepart_695e6417e6a62_1f55b62c2daae1599845373--

--- SBBSecho 3.34-Linux
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

From scan-admin@coverity.com@1:103/705 to All on Thu Jan 8 13:44:45 2026

----==_mimepart_695fb4cd3c9f7_2053bf2c2daae15998453fd
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

1 new defect(s) introduced to Synchronet found with Coverity Scan.
2 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 1 of 1 defect(s)

** CID 640932: Insecure data handling (INTEGER_OVERFLOW)
/atcodes.cpp: 1664 in sbbs_t::atcode(const char *, char *, unsigned long, int *, bool, JSObject *)()

_____________________________________________________________________________________________
*** CID 640932: Insecure data handling (INTEGER_OVERFLOW) /atcodes.cpp: 1664 in sbbs_t::atcode(const char *, char *, unsigned long, int *, bool, JSObject *)()
1658 if (!strcmp(sp, "BYTESLEFT")) {
1659 safe_snprintf(str, maxlen, "%" PRIu64, user_available_credits(&useron));
1660 return str;
1661 }
1662
1663 if (code_match(sp, "CDTLEFT", &param))

CID 640932: Insecure data handling (INTEGER_OVERFLOW)
The cast of "user_available_credits(&this->useron)" to a signed type could result in a negative number.

1664 return byte_count(user_available_credits(&useron), str, maxlen, param, BYTE_COUNT_VERBAL);
1665
1666 if (code_match(sp, "CREDITS", &param))
1667 return byte_count(useron.cdt, str, maxlen, param, BYTE_COUNT_BYTES);
1668
1669 if (code_match(sp, "FREECDT", &param))

________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://scan.coverity.com/projects/synchronet?tab=overview

----==_mimepart_695fb4cd3c9f7_2053bf2c2daae15998453fd
Content-Type: text/html; charset=us-ascii
Content-Transfer-Encoding: 7bit

<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<title>New Defects Reported - Synchronet</title>
<style>
body { font-family: Arial, sans-serif; color: #222; line-height: 1.6; }
.button {
display: inline-block;
padding: 10px 20px;
margin: 20px 0;
font-size: 16px;
color: #fff !important;
background-color: #0056b3;
text-decoration: none;
border-radius: 5px;
}
pre {
background: #f8f9fa;
padding: 10px;
border-radius: 5px;
font-size: 14px;
overflow-x: auto;
}
</style>
</head>
<body>
<p>Hi,</p>

<p>
Please find the latest report on new defect(s) introduced to <strong>Synchronet</strong>
found with Coverity Scan.
</p>

<ul>
<li><strong>New Defects Found:</strong> 1</li>
<li>
2 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.
</li>
<li><strong>Defects Shown:</strong> Showing 1 of 1 defect(s)</li>
</ul>

<h3>Defect Details</h3>
<pre>
** CID 640932: Insecure data handling (INTEGER_OVERFLOW)
/atcodes.cpp: 1664 in sbbs_t::atcode(const char *, char *, unsigned long, int *, bool, JSObject *)()

_____________________________________________________________________________________________
*** CID 640932: Insecure data handling (INTEGER_OVERFLOW) /atcodes.cpp: 1664 in sbbs_t::atcode(const char *, char *, unsigned long, int *, bool, JSObject *)()
1658 if (!strcmp(sp, "BYTESLEFT")) {
1659 safe_snprintf(str, maxlen, "%" PRIu64, user_available_credits(&useron));
1660 return str;
1661 }
1662
1663 if (code_match(sp, "CDTLEFT", &param)) >>> CID 640932: Insecure data handling (INTEGER_OVERFLOW) >>> The cast of "user_available_credits(&this->useron)" to a signed type could result in a negative number.
1664 return byte_count(user_available_credits(&useron), str, maxlen, param, BYTE_COUNT_VERBAL);
1665
1666 if (code_match(sp, "CREDITS", &param))
1667 return byte_count(useron.cdt, str, maxlen, param, BYTE_COUNT_BYTES);
1668
1669 if (code_match(sp, "FREECDT", &param))

</pre>

<p>
<a href="https://scan.coverity.com/projects/synchronet?tab=overview" class="button">View Defects in Coverity Scan</a>
</p>

<p>Best regards,</p>
<p>The Coverity Scan Admin Team</p>
<img class="logo" width="140" src="https://scan.coverity.com/assets/BlackDuckLogo-6697adc63e07340464201a2ad534d3d3e44f95d36edda20b140440d34f05372f.svg" />
</body>
</html>
----==_mimepart_695fb4cd3c9f7_2053bf2c2daae15998453fd--

--- SBBSecho 3.34-Linux
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

From scan-admin@coverity.com@1:103/705 to All on Sat Jan 10 13:44:53 2026

----==_mimepart_696257d4e4005_22599f2afbc97ad9ac59824
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

1 new defect(s) introduced to Synchronet found with Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 1 of 1 defect(s)

** CID 640959: (CHECKED_RETURN) /tmp/sbbs-Jan-10-2026/src/xpdev/genwrap.c: 479 in add_suffix() /tmp/sbbs-Jan-10-2026/src/xpdev/genwrap.c: 481 in add_suffix() /tmp/sbbs-Jan-10-2026/src/xpdev/genwrap.c: 483 in add_suffix() /tmp/sbbs-Jan-10-2026/src/xpdev/genwrap.c: 480 in add_suffix()

_____________________________________________________________________________________________
*** CID 640959: (CHECKED_RETURN) /tmp/sbbs-Jan-10-2026/src/xpdev/genwrap.c: 479 in add_suffix()
473 char* p = strstr(str, ".0");
474 if (p != NULL && *(p + 2) == '\0') // remove trailing ".0"
475 *p = '\0';
476 if (strcmp(str, "1") == 0)
477 plural = "";
478 if (is_word) {

CID 640959: (CHECKED_RETURN)
Calling "strlcat" without checking return value (as is done elsewhere 29 out of 33 times).

479 strlcat(str, " ", size);
480 strlcat(str, suffix, size);
481 strlcat(str, plural, size);
482 } else
483 strlcat(str, suffix, size);
484 }
/tmp/sbbs-Jan-10-2026/src/xpdev/genwrap.c: 481 in add_suffix()
475 *p = '\0';
476 if (strcmp(str, "1") == 0)
477 plural = "";
478 if (is_word) {
479 strlcat(str, " ", size);
480 strlcat(str, suffix, size);

CID 640959: (CHECKED_RETURN)
Calling "strlcat" without checking return value (as is done elsewhere 29 out of 33 times).

481 strlcat(str, plural, size);
482 } else
483 strlcat(str, suffix, size);
484 }
485
486 /* Convert a duration estimate (in seconds) to a string /tmp/sbbs-Jan-10-2026/src/xpdev/genwrap.c: 483 in add_suffix()
477 plural = "";
478 if (is_word) {
479 strlcat(str, " ", size);
480 strlcat(str, suffix, size);
481 strlcat(str, plural, size);
482 } else

CID 640959: (CHECKED_RETURN)
Calling "strlcat" without checking return value (as is done elsewhere 29 out of 33 times).

483 strlcat(str, suffix, size);
484 }
485
486 /* Convert a duration estimate (in seconds) to a string
487 * with a single letter multiplier/suffix:
488 * (y)ears, (w)eeks, (d)ays, (h)ours, (m)inutes, or (s)econds /tmp/sbbs-Jan-10-2026/src/xpdev/genwrap.c: 480 in add_suffix()
474 if (p != NULL && *(p + 2) == '\0') // remove trailing ".0"
475 *p = '\0';
476 if (strcmp(str, "1") == 0)
477 plural = "";
478 if (is_word) {
479 strlcat(str, " ", size);

CID 640959: (CHECKED_RETURN)
Calling "strlcat" without checking return value (as is done elsewhere 29 out of 33 times).

480 strlcat(str, suffix, size);
481 strlcat(str, plural, size);
482 } else
483 strlcat(str, suffix, size);
484 }
485

________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://scan.coverity.com/projects/synchronet?tab=overview

----==_mimepart_696257d4e4005_22599f2afbc97ad9ac59824
Content-Type: text/html; charset=us-ascii
Content-Transfer-Encoding: 7bit

<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<title>New Defects Reported - Synchronet</title>
<style>
body { font-family: Arial, sans-serif; color: #222; line-height: 1.6; }
.button {
display: inline-block;
padding: 10px 20px;
margin: 20px 0;
font-size: 16px;
color: #fff !important;
background-color: #0056b3;
text-decoration: none;
border-radius: 5px;
}
pre {
background: #f8f9fa;
padding: 10px;
border-radius: 5px;
font-size: 14px;
overflow-x: auto;
}
</style>
</head>
<body>
<p>Hi,</p>

<p>
Please find the latest report on new defect(s) introduced to <strong>Synchronet</strong>
found with Coverity Scan.
</p>

<ul>
<li><strong>New Defects Found:</strong> 1</li>
<li><strong>Defects Shown:</strong> Showing 1 of 1 defect(s)</li>
</ul>

<h3>Defect Details</h3>
<pre>
** CID 640959: (CHECKED_RETURN) /tmp/sbbs-Jan-10-2026/src/xpdev/genwrap.c: 479 in add_suffix() /tmp/sbbs-Jan-10-2026/src/xpdev/genwrap.c: 481 in add_suffix() /tmp/sbbs-Jan-10-2026/src/xpdev/genwrap.c: 483 in add_suffix() /tmp/sbbs-Jan-10-2026/src/xpdev/genwrap.c: 480 in add_suffix()

_____________________________________________________________________________________________
*** CID 640959: (CHECKED_RETURN) /tmp/sbbs-Jan-10-2026/src/xpdev/genwrap.c: 479 in add_suffix()
473 char* p = strstr(str, ".0");
474 if (p != NULL && *(p + 2) == '\0') // remove trailing ".0"
475 *p = '\0';
476 if (strcmp(str, "1") == 0)
477 plural = "";
478 if (is_word) {
>>> CID 640959: (CHECKED_RETURN)
>>> Calling "strlcat" without checking return value (as is done elsewhere 29 out of 33 times).
479 strlcat(str, " ", size);
480 strlcat(str, suffix, size);
481 strlcat(str, plural, size);
482 } else
483 strlcat(str, suffix, size);
484 }
/tmp/sbbs-Jan-10-2026/src/xpdev/genwrap.c: 481 in add_suffix()
475 *p = '\0';
476 if (strcmp(str, "1") == 0)
477 plural = "";
478 if (is_word) {
479 strlcat(str, " ", size);
480 strlcat(str, suffix, size);
>>> CID 640959: (CHECKED_RETURN)
>>> Calling "strlcat" without checking return value (as is done elsewhere 29 out of 33 times).
481 strlcat(str, plural, size);
482 } else
483 strlcat(str, suffix, size);
484 }
485
486 /* Convert a duration estimate (in seconds) to a string /tmp/sbbs-Jan-10-2026/src/xpdev/genwrap.c: 483 in add_suffix()
477 plural = "";
478 if (is_word) {
479 strlcat(str, " ", size);
480 strlcat(str, suffix, size);
481 strlcat(str, plural, size);
482 } else
>>> CID 640959: (CHECKED_RETURN)
>>> Calling "strlcat" without checking return value (as is done elsewhere 29 out of 33 times).
483 strlcat(str, suffix, size);
484 }
485
486 /* Convert a duration estimate (in seconds) to a string
487 * with a single letter multiplier/suffix:
488 * (y)ears, (w)eeks, (d)ays, (h)ours, (m)inutes, or (s)econds /tmp/sbbs-Jan-10-2026/src/xpdev/genwrap.c: 480 in add_suffix()
474 if (p != NULL && *(p + 2) == '\0') // remove trailing ".0"
475 *p = '\0';
476 if (strcmp(str, "1") == 0)
477 plural = "";
478 if (is_word) {
479 strlcat(str, " ", size);
>>> CID 640959: (CHECKED_RETURN)
>>> Calling "strlcat" without checking return value (as is done elsewhere 29 out of 33 times).
480 strlcat(str, suffix, size);
481 strlcat(str, plural, size);
482 } else
483 strlcat(str, suffix, size);
484 }
485

</pre>

<p>
<a href="https://scan.coverity.com/projects/synchronet?tab=overview" class="button">View Defects in Coverity Scan</a>
</p>

<p>Best regards,</p>
<p>The Coverity Scan Admin Team</p>
<img class="logo" width="140" src="https://scan.coverity.com/assets/BlackDuckLogo-6697adc63e07340464201a2ad534d3d3e44f95d36edda20b140440d34f05372f.svg" />
</body>
</html>
----==_mimepart_696257d4e4005_22599f2afbc97ad9ac59824--

--- SBBSecho 3.34-Linux
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

From scan-admin@coverity.com@1:103/705 to All on Sun Jan 11 13:48:17 2026

----==_mimepart_6963aa20b22c3_235b0c2afbc97ad9ac59882
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

2 new defect(s) introduced to Synchronet found with Coverity Scan.
1 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 2 of 2 defect(s)

** CID 640963: Resource leaks (RESOURCE_LEAK)
/sbbs_ini.c: 401 in sbbs_read_ini()

_____________________________________________________________________________________________
*** CID 640963: Resource leaks (RESOURCE_LEAK)
/sbbs_ini.c: 401 in sbbs_read_ini()
395 , services
396 );
397
398 list = iniReadFile(fp);
399
400 if (!get_ini_globals(list, global))

CID 640963: Resource leaks (RESOURCE_LEAK)
Variable "list" going out of scope leaks the storage it points to.

401 return false;
402
403 if (global->ctrl_dir[0]) {
404 if (bbs != NULL)
405 SAFECOPY(bbs->ctrl_dir, global->ctrl_dir);
406 if (ftp != NULL)

** CID 640962: Resource leaks (RESOURCE_LEAK)
/sbbs_ini.c: 442 in sbbs_read_ini()

_____________________________________________________________________________________________
*** CID 640962: Resource leaks (RESOURCE_LEAK)
/sbbs_ini.c: 442 in sbbs_read_ini()
436 if (run_bbs != NULL)
437 *run_bbs = iniGetBool(list, section, strAutoStart, true);
438
439 if (bbs != NULL) {
440
441 if (bbs->size != sizeof *bbs)

CID 640962: Resource leaks (RESOURCE_LEAK)
Variable "global_interfaces" going out of scope leaks the storage it points to.

442 return false;
443
444 bbs->outgoing4.s_addr
445 = iniGetIpAddress(list, section, strOutgoing4, global->outgoing4.s_addr);
446 bbs->outgoing6
447 = iniGetIp6Address(list, section, strOutgoing6, global->outgoing6);

________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://scan.coverity.com/projects/synchronet?tab=overview

----==_mimepart_6963aa20b22c3_235b0c2afbc97ad9ac59882
Content-Type: text/html; charset=us-ascii
Content-Transfer-Encoding: 7bit

<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<title>New Defects Reported - Synchronet</title>
<style>
body { font-family: Arial, sans-serif; color: #222; line-height: 1.6; }
.button {
display: inline-block;
padding: 10px 20px;
margin: 20px 0;
font-size: 16px;
color: #fff !important;
background-color: #0056b3;
text-decoration: none;
border-radius: 5px;
}
pre {
background: #f8f9fa;
padding: 10px;
border-radius: 5px;
font-size: 14px;
overflow-x: auto;
}
</style>
</head>
<body>
<p>Hi,</p>

<p>
Please find the latest report on new defect(s) introduced to <strong>Synchronet</strong>
found with Coverity Scan.
</p>

<ul>
<li><strong>New Defects Found:</strong> 2</li>
<li>
1 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.
</li>
<li><strong>Defects Shown:</strong> Showing 2 of 2 defect(s)</li>
</ul>

<h3>Defect Details</h3>
<pre>
** CID 640963: Resource leaks (RESOURCE_LEAK)
/sbbs_ini.c: 401 in sbbs_read_ini()

_____________________________________________________________________________________________
*** CID 640963: Resource leaks (RESOURCE_LEAK)
/sbbs_ini.c: 401 in sbbs_read_ini()
395 , services
396 );
397
398 list = iniReadFile(fp);
399
400 if (!get_ini_globals(list, global))
>>> CID 640963: Resource leaks (RESOURCE_LEAK) >>> Variable "list" going out of scope leaks the storage it points to.
401 return false;
402
403 if (global->ctrl_dir[0]) {
404 if (bbs != NULL)
405 SAFECOPY(bbs->ctrl_dir, global->ctrl_dir);
406 if (ftp != NULL)

** CID 640962: Resource leaks (RESOURCE_LEAK)
/sbbs_ini.c: 442 in sbbs_read_ini()

_____________________________________________________________________________________________
*** CID 640962: Resource leaks (RESOURCE_LEAK)
/sbbs_ini.c: 442 in sbbs_read_ini()
436 if (run_bbs != NULL)
437 *run_bbs = iniGetBool(list, section, strAutoStart, true);
438
439 if (bbs != NULL) {
440
441 if (bbs->size != sizeof *bbs)
>>> CID 640962: Resource leaks (RESOURCE_LEAK) >>> Variable "global_interfaces" going out of scope leaks the storage it points to.
442 return false;
443
444 bbs->outgoing4.s_addr
445 = iniGetIpAddress(list, section, strOutgoing4, global->outgoing4.s_addr);
446 bbs->outgoing6
447 = iniGetIp6Address(list, section, strOutgoing6, global->outgoing6);

</pre>

<p>
<a href="https://scan.coverity.com/projects/synchronet?tab=overview" class="button">View Defects in Coverity Scan</a>
</p>

<p>Best regards,</p>
<p>The Coverity Scan Admin Team</p>
<img class="logo" width="140" src="https://scan.coverity.com/assets/BlackDuckLogo-6697adc63e07340464201a2ad534d3d3e44f95d36edda20b140440d34f05372f.svg" />
</body>
</html>
----==_mimepart_6963aa20b22c3_235b0c2afbc97ad9ac59882--

--- SBBSecho 3.34-Linux
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

From scan-admin@coverity.com@1:103/705 to All on Mon Jan 12 13:47:57 2026

----==_mimepart_6964fb8d1cdba_2460bc2afbc97ad9ac59882
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

2 new defect(s) introduced to Synchronet found with Coverity Scan.
6 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 2 of 2 defect(s)

** CID 640971: High impact quality (Y2K38_SAFETY)
/atcodes.cpp: 620 in sbbs_t::atcode(const char *, char *, unsigned long, int *, bool, unsigned int, JSObject *)()

_____________________________________________________________________________________________
*** CID 640971: High impact quality (Y2K38_SAFETY)
/atcodes.cpp: 620 in sbbs_t::atcode(const char *, char *, unsigned long, int *, bool, unsigned int, JSObject *)()
614
615 if (code_match(sp, "UPTIME", &param)) {
616 extern volatile time_t uptime;
617 time_t up = 0;
618 if (uptime != 0 && time(&now) >= uptime)
619 up = now - uptime;

CID 640971: High impact quality (Y2K38_SAFETY)
A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "up" is cast to "uint".

620 return duration((uint)up, str, maxlen, param, DURATION_MINIMAL_VERBAL);
621 }
622
623 if (!strcmp(sp, "SERVED")) {
624 extern volatile uint served;
625 safe_snprintf(str, maxlen, "%u", served);

** CID 640970: Insecure data handling (INTEGER_OVERFLOW)
/atcodes.cpp: 1695 in sbbs_t::atcode(const char *, char *, unsigned long, int *, bool, unsigned int, JSObject *)()

_____________________________________________________________________________________________
*** CID 640970: Insecure data handling (INTEGER_OVERFLOW) /atcodes.cpp: 1695 in sbbs_t::atcode(const char *, char *, unsigned long, int *, bool, unsigned int, JSObject *)()
1689 if (!strcmp(sp, "BYTESLEFT")) {
1690 safe_snprintf(str, maxlen, "%" PRIu64, user_available_credits(&useron));
1691 return str;
1692 }
1693
1694 if (code_match(sp, "CDTLEFT", &param))

CID 640970: Insecure data handling (INTEGER_OVERFLOW)
The cast of "user_available_credits(&this->useron)" to a signed type could result in a negative number.

1695 return byte_count(static_cast<int64_t>(user_available_credits(&useron)), str, maxlen, param, BYTE_COUNT_VERBAL);
1696
1697 if (code_match(sp, "CREDITS", &param))
1698 return byte_count(useron.cdt, str, maxlen, param, BYTE_COUNT_BYTES);
1699
1700 if (code_match(sp, "FREECDT", &param))

________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://scan.coverity.com/projects/synchronet?tab=overview

----==_mimepart_6964fb8d1cdba_2460bc2afbc97ad9ac59882
Content-Type: text/html; charset=us-ascii
Content-Transfer-Encoding: 7bit

<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<title>New Defects Reported - Synchronet</title>
<style>
body { font-family: Arial, sans-serif; color: #222; line-height: 1.6; }
.button {
display: inline-block;
padding: 10px 20px;
margin: 20px 0;
font-size: 16px;
color: #fff !important;
background-color: #0056b3;
text-decoration: none;
border-radius: 5px;
}
pre {
background: #f8f9fa;
padding: 10px;
border-radius: 5px;
font-size: 14px;
overflow-x: auto;
}
</style>
</head>
<body>
<p>Hi,</p>

<p>
Please find the latest report on new defect(s) introduced to <strong>Synchronet</strong>
found with Coverity Scan.
</p>

<ul>
<li><strong>New Defects Found:</strong> 2</li>
<li>
6 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.
</li>
<li><strong>Defects Shown:</strong> Showing 2 of 2 defect(s)</li>
</ul>

<h3>Defect Details</h3>
<pre>
** CID 640971: High impact quality (Y2K38_SAFETY)
/atcodes.cpp: 620 in sbbs_t::atcode(const char *, char *, unsigned long, int *, bool, unsigned int, JSObject *)()

_____________________________________________________________________________________________
*** CID 640971: High impact quality (Y2K38_SAFETY)
/atcodes.cpp: 620 in sbbs_t::atcode(const char *, char *, unsigned long, int *, bool, unsigned int, JSObject *)()
614
615 if (code_match(sp, "UPTIME", &param)) {
616 extern volatile time_t uptime;
617 time_t up = 0;
618 if (uptime != 0 && time(&now) >= uptime) 619 up = now - uptime;
>>> CID 640971: High impact quality (Y2K38_SAFETY) >>> A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "up" is cast to "uint".
620 return duration((uint)up, str, maxlen, param, DURATION_MINIMAL_VERBAL);
621 }
622
623 if (!strcmp(sp, "SERVED")) {
624 extern volatile uint served;
625 safe_snprintf(str, maxlen, "%u", served);

** CID 640970: Insecure data handling (INTEGER_OVERFLOW)
/atcodes.cpp: 1695 in sbbs_t::atcode(const char *, char *, unsigned long, int *, bool, unsigned int, JSObject *)()

_____________________________________________________________________________________________
*** CID 640970: Insecure data handling (INTEGER_OVERFLOW) /atcodes.cpp: 1695 in sbbs_t::atcode(const char *, char *, unsigned long, int *, bool, unsigned int, JSObject *)()
1689 if (!strcmp(sp, "BYTESLEFT")) {
1690 safe_snprintf(str, maxlen, "%" PRIu64, user_available_credits(&useron));
1691 return str;
1692 }
1693
1694 if (code_match(sp, "CDTLEFT", &param)) >>> CID 640970: Insecure data handling (INTEGER_OVERFLOW) >>> The cast of "user_available_credits(&this->useron)" to a signed type could result in a negative number.
1695 return byte_count(static_cast<int64_t>(user_available_credits(&useron)), str, maxlen, param, BYTE_COUNT_VERBAL);
1696
1697 if (code_match(sp, "CREDITS", &param))
1698 return byte_count(useron.cdt, str, maxlen, param, BYTE_COUNT_BYTES);
1699
1700 if (code_match(sp, "FREECDT", &param))

</pre>

<p>
<a href="https://scan.coverity.com/projects/synchronet?tab=overview" class="button">View Defects in Coverity Scan</a>
</p>

<p>Best regards,</p>
<p>The Coverity Scan Admin Team</p>
<img class="logo" width="140" src="https://scan.coverity.com/assets/BlackDuckLogo-6697adc63e07340464201a2ad534d3d3e44f95d36edda20b140440d34f05372f.svg" />
</body>
</html>
----==_mimepart_6964fb8d1cdba_2460bc2afbc97ad9ac59882--

--- SBBSecho 3.34-Linux
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

From scan-admin@coverity.com@1:103/705 to All on Tue Jan 13 13:45:40 2026

----==_mimepart_69664c8455017_2561de2afbc97ad9ac598df
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

3 new defect(s) introduced to Synchronet found with Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 3 of 3 defect(s)

** CID 640989: (CONSTANT_EXPRESSION_RESULT)
/chk_ar.cpp: 752 in sbbs_t::ar_exp(const unsigned char **, user_t *, client_t *)()
/chk_ar.cpp: 763 in sbbs_t::ar_exp(const unsigned char **, user_t *, client_t *)()

_____________________________________________________________________________________________
*** CID 640989: (CONSTANT_EXPRESSION_RESULT)
/chk_ar.cpp: 752 in sbbs_t::ar_exp(const unsigned char **, user_t *, client_t *)()
746 while (**ptrptr != '\0' && **ptrptr != ']' && i < sizeof(tmp) - 1)
747 tmp[i++] = *(*ptrptr)++;
748 tmp[i] = '\0';
749 if (**ptrptr == ']') {
750 (*ptrptr)++;
751 section = tmp;

CID 640989: (CONSTANT_EXPRESSION_RESULT)
"**ptrptr == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".

752 SKIP_WHITESPACE(*ptrptr);
753 }
754 }
755 else if (strchr((char *)(*ptrptr), ':') != nullptr) { // [section:]key
756 i = 0;
757 while (**ptrptr != '\0' && **ptrptr != ':' && i < sizeof(tmp) - 1)
/chk_ar.cpp: 763 in sbbs_t::ar_exp(const unsigned char **, user_t *, client_t *)()
757 while (**ptrptr != '\0' && **ptrptr != ':' && i < sizeof(tmp) - 1)
758 tmp[i++] = *(*ptrptr)++;
759 tmp[i] = '\0';
760 if (**ptrptr != '\0') {
761 (*ptrptr)++;
762 section = tmp;

CID 640989: (CONSTANT_EXPRESSION_RESULT)
"**ptrptr == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".

763 SKIP_WHITESPACE(*ptrptr);
764 }
765 }
766 SKIP_CHAR((*ptrptr), ':');
767 if (!user_get_bool_property(&cfg, user->number, section, (char*)*ptrptr, false))
768 result = _not;

** CID 640988: Null pointer dereferences (FORWARD_NULL)

_____________________________________________________________________________________________
*** CID 640988: Null pointer dereferences (FORWARD_NULL)
/userdat.c: 4877 in user_get_bool_property()
4871 c_unescape_printable((char*)section);
4872 }
4873 if (key != NULL) {
4874 key = strdup(key);
4875 c_unescape_printable((char*)key);
4876 }

CID 640988: Null pointer dereferences (FORWARD_NULL)
Passing null pointer "key" to "iniReadBool", which dereferences it. 4877 bool result = iniReadBool(fp, section, key, deflt);

4878 iniCloseFile(fp);
4879 free((char*)section);
4880 free((char*)key);
4881 return result;
4882 }

** CID 640987: (CONSTANT_EXPRESSION_RESULT)
/userdat.c: 2740 in ar_exp()
/userdat.c: 2729 in ar_exp()

_____________________________________________________________________________________________
*** CID 640987: (CONSTANT_EXPRESSION_RESULT)
/userdat.c: 2740 in ar_exp()
2734 while (**ptrptr != '\0' && **ptrptr != ':' && i < sizeof(tmp) - 1)
2735 tmp[i++] = *(*ptrptr)++;
2736 tmp[i] = '\0';
2737 if (**ptrptr != '\0') {
2738 (*ptrptr)++;
2739 section = tmp;

CID 640987: (CONSTANT_EXPRESSION_RESULT)
"**ptrptr == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".

2740 SKIP_WHITESPACE(*ptrptr);
2741 }
2742 }
2743 SKIP_CHAR((*ptrptr), ':');
2744 if (!user_get_bool_property(cfg, user->number, section, (char*)*ptrptr, false))
2745 result = not;
/userdat.c: 2729 in ar_exp()
2723 while (**ptrptr != '\0' && **ptrptr != ']' && i < sizeof(tmp) - 1)
2724 tmp[i++] = *(*ptrptr)++;
2725 tmp[i] = '\0';
2726 if (**ptrptr == ']') {
2727 (*ptrptr)++;
2728 section = tmp;

CID 640987: (CONSTANT_EXPRESSION_RESULT)
"**ptrptr == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".

2729 SKIP_WHITESPACE(*ptrptr);
2730 }
2731 }
2732 else if (strchr((char *)(*ptrptr), ':') != NULL) { // [section:]key
2733 i = 0;
2734 while (**ptrptr != '\0' && **ptrptr != ':' && i < sizeof(tmp) - 1)

________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://scan.coverity.com/projects/synchronet?tab=overview

----==_mimepart_69664c8455017_2561de2afbc97ad9ac598df
Content-Type: text/html; charset=us-ascii
Content-Transfer-Encoding: 7bit

<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<title>New Defects Reported - Synchronet</title>
<style>
body { font-family: Arial, sans-serif; color: #222; line-height: 1.6; }
.button {
display: inline-block;
padding: 10px 20px;
margin: 20px 0;
font-size: 16px;
color: #fff !important;
background-color: #0056b3;
text-decoration: none;
border-radius: 5px;
}
pre {
background: #f8f9fa;
padding: 10px;
border-radius: 5px;
font-size: 14px;
overflow-x: auto;
}
</style>
</head>
<body>
<p>Hi,</p>

<p>
Please find the latest report on new defect(s) introduced to <strong>Synchronet</strong>
found with Coverity Scan.
</p>

<ul>
<li><strong>New Defects Found:</strong> 3</li>
<li><strong>Defects Shown:</strong> Showing 3 of 3 defect(s)</li>
</ul>

<h3>Defect Details</h3>
<pre>
** CID 640989: (CONSTANT_EXPRESSION_RESULT)
/chk_ar.cpp: 752 in sbbs_t::ar_exp(const unsigned char **, user_t *, client_t *)()
/chk_ar.cpp: 763 in sbbs_t::ar_exp(const unsigned char **, user_t *, client_t *)()

_____________________________________________________________________________________________
*** CID 640989: (CONSTANT_EXPRESSION_RESULT)
/chk_ar.cpp: 752 in sbbs_t::ar_exp(const unsigned char **, user_t *, client_t *)()
746 while (**ptrptr != '\0' && **ptrptr != ']' && i < sizeof(tmp) - 1)
747 tmp[i++] = *(*ptrptr)++;
748 tmp[i] = '\0';
749 if (**ptrptr == ']') { 750 (*ptrptr)++;
751 section = tmp; >>> CID 640989: (CONSTANT_EXPRESSION_RESULT) >>> "**ptrptr == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
752 SKIP_WHITESPACE(*ptrptr);
753 }
754 }
755 else if (strchr((char *)(*ptrptr), ':') != nullptr) { // [section:]key
756 i = 0;
757 while (**ptrptr != '\0' && **ptrptr != ':' && i < sizeof(tmp) - 1)
/chk_ar.cpp: 763 in sbbs_t::ar_exp(const unsigned char **, user_t *, client_t *)()
757 while (**ptrptr != '\0' && **ptrptr != ':' && i < sizeof(tmp) - 1)
758 tmp[i++] = *(*ptrptr)++;
759 tmp[i] = '\0';
760 if (**ptrptr != '\0') { 761 (*ptrptr)++;
762 section = tmp; >>> CID 640989: (CONSTANT_EXPRESSION_RESULT) >>> "**ptrptr == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
763 SKIP_WHITESPACE(*ptrptr);
764 }
765 }
766 SKIP_CHAR((*ptrptr), ':');
767 if (!user_get_bool_property(&cfg, user->number, section, (char*)*ptrptr, false))
768 result = _not;

** CID 640988: Null pointer dereferences (FORWARD_NULL)

_____________________________________________________________________________________________
*** CID 640988: Null pointer dereferences (FORWARD_NULL)
/userdat.c: 4877 in user_get_bool_property()
4871 c_unescape_printable((char*)section);
4872 }
4873 if (key != NULL) {
4874 key = strdup(key);
4875 c_unescape_printable((char*)key);
4876 }
>>> CID 640988: Null pointer dereferences (FORWARD_NULL) >>> Passing null pointer "key" to "iniReadBool", which dereferences it.
4877 bool result = iniReadBool(fp, section, key, deflt);
4878 iniCloseFile(fp);
4879 free((char*)section);
4880 free((char*)key);
4881 return result;
4882 }

** CID 640987: (CONSTANT_EXPRESSION_RESULT)
/userdat.c: 2740 in ar_exp()
/userdat.c: 2729 in ar_exp()

_____________________________________________________________________________________________
*** CID 640987: (CONSTANT_EXPRESSION_RESULT)
/userdat.c: 2740 in ar_exp()
2734 while (**ptrptr != '\0' && **ptrptr != ':' && i < sizeof(tmp) - 1)
2735 tmp[i++] = *(*ptrptr)++;
2736 tmp[i] = '\0';
2737 if (**ptrptr != '\0') { 2738 (*ptrptr)++;
2739 section = tmp; >>> CID 640987: (CONSTANT_EXPRESSION_RESULT) >>> "**ptrptr == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
2740 SKIP_WHITESPACE(*ptrptr);
2741 }
2742 }
2743 SKIP_CHAR((*ptrptr), ':');
2744 if (!user_get_bool_property(cfg, user->number, section, (char*)*ptrptr, false))
2745 result = not;
/userdat.c: 2729 in ar_exp()
2723 while (**ptrptr != '\0' && **ptrptr != ']' && i < sizeof(tmp) - 1)
2724 tmp[i++] = *(*ptrptr)++;
2725 tmp[i] = '\0';
2726 if (**ptrptr == ']') { 2727 (*ptrptr)++;
2728 section = tmp; >>> CID 640987: (CONSTANT_EXPRESSION_RESULT) >>> "**ptrptr == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
2729 SKIP_WHITESPACE(*ptrptr);
2730 }
2731 }
2732 else if (strchr((char *)(*ptrptr), ':') != NULL) { // [section:]key
2733 i = 0;
2734 while (**ptrptr != '\0' && **ptrptr != ':' && i < sizeof(tmp) - 1)

</pre>

<p>
<a href="https://scan.coverity.com/projects/synchronet?tab=overview" class="button">View Defects in Coverity Scan</a>
</p>

<p>Best regards,</p>
<p>The Coverity Scan Admin Team</p>
<img class="logo" width="140" src="https://scan.coverity.com/assets/BlackDuckLogo-6697adc63e07340464201a2ad534d3d3e44f95d36edda20b140440d34f05372f.svg" />
</body>
</html>
----==_mimepart_69664c8455017_2561de2afbc97ad9ac598df--

--- SBBSecho 3.34-Linux
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

From scan-admin@coverity.com@1:103/705 to All on Wed Jan 28 13:46:25 2026

----==_mimepart_697a13306f491_cf6782d0dbe50d9a0894b
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

3 new defect(s) introduced to Synchronet found with Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 3 of 3 defect(s)

** CID 642982: (FORWARD_NULL)
/prntfile.cpp: 263 in sbbs_t::printfile(const char *, int, int, JSObject *)()
/prntfile.cpp: 228 in sbbs_t::printfile(const char *, int, int, JSObject *)()

_____________________________________________________________________________________________
*** CID 642982: (FORWARD_NULL)
/prntfile.cpp: 263 in sbbs_t::printfile(const char *, int, int, JSObject *)()
257 default:
258 case TERM_KEY_DOWN:
259 nextline = line + 1; 260 break;
261 }
262 if (nextline != line + 1 && nextline < lines)

CID 642982: (FORWARD_NULL)
Dereferencing null pointer "offset".

263 fseeko(stream, offset[nextline], 0);
264 line = nextline;
265 }
266 else
267 ++line;
268 }
/prntfile.cpp: 228 in sbbs_t::printfile(const char *, int, int, JSObject *)()
222 else
223 nextline = line - (((term->rows - 1) * 2) - 1);
224 break;
225 case TERM_KEY_END:
226 {
227 bputs(text[SeekingFile]);

CID 642982: (FORWARD_NULL)
Dereferencing null pointer "offset".

228 fseeko(stream, offset[lines - 1], SEEK_SET);
229 if (fgets(buf, length + 1, stream) == NULL)
230 break;
231 off_t lastline = lines - 1;
232 while (!feof(stream) && !msgabort()) {
233 o = ftello(stream);

** CID 642981: Error handling issues (CHECKED_RETURN)
/prntfile.cpp: 228 in sbbs_t::printfile(const char *, int, int, JSObject *)()

_____________________________________________________________________________________________
*** CID 642981: Error handling issues (CHECKED_RETURN)
/prntfile.cpp: 228 in sbbs_t::printfile(const char *, int, int, JSObject *)()
222 else
223 nextline = line - (((term->rows - 1) * 2) - 1);
224 break;
225 case TERM_KEY_END:
226 {
227 bputs(text[SeekingFile]);

CID 642981: Error handling issues (CHECKED_RETURN)
Calling "fseeko(stream, offset[lines - 1UL], 0)" without checking return value. This library function may fail and return an error code.

228 fseeko(stream, offset[lines - 1], SEEK_SET);
229 if (fgets(buf, length + 1, stream) == NULL)
230 break;
231 off_t lastline = lines - 1;
232 while (!feof(stream) && !msgabort()) {
233 o = ftello(stream);

** CID 642980: Integer handling issues (INTEGER_OVERFLOW)
/prntfile.cpp: 228 in sbbs_t::printfile(const char *, int, int, JSObject *)()

_____________________________________________________________________________________________
*** CID 642980: Integer handling issues (INTEGER_OVERFLOW) /prntfile.cpp: 228 in sbbs_t::printfile(const char *, int, int, JSObject *)()
222 else
223 nextline = line - (((term->rows - 1) * 2) - 1);
224 break;
225 case TERM_KEY_END:
226 {
227 bputs(text[SeekingFile]);

CID 642980: Integer handling issues (INTEGER_OVERFLOW)
Expression "lines - 1UL", where "lines" is known to be equal to 0, underflows the type of "lines - 1UL", which is type "unsigned long".

228 fseeko(stream, offset[lines - 1], SEEK_SET);
229 if (fgets(buf, length + 1, stream) == NULL)
230 break;
231 off_t lastline = lines - 1;
232 while (!feof(stream) && !msgabort()) {
233 o = ftello(stream);

________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://scan.coverity.com/projects/synchronet?tab=overview

----==_mimepart_697a13306f491_cf6782d0dbe50d9a0894b
Content-Type: text/html; charset=us-ascii
Content-Transfer-Encoding: 7bit

<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<title>New Defects Reported - Synchronet</title>
<style>
body { font-family: Arial, sans-serif; color: #222; line-height: 1.6; }
.button {
display: inline-block;
padding: 10px 20px;
margin: 20px 0;
font-size: 16px;
color: #fff !important;
background-color: #0056b3;
text-decoration: none;
border-radius: 5px;
}
pre {
background: #f8f9fa;
padding: 10px;
border-radius: 5px;
font-size: 14px;
overflow-x: auto;
}
</style>
</head>
<body>
<p>Hi,</p>

<p>
Please find the latest report on new defect(s) introduced to <strong>Synchronet</strong>
found with Coverity Scan.
</p>

<ul>
<li><strong>New Defects Found:</strong> 3</li>
<li><strong>Defects Shown:</strong> Showing 3 of 3 defect(s)</li>
</ul>

<h3>Defect Details</h3>
<pre>
** CID 642982: (FORWARD_NULL)
/prntfile.cpp: 263 in sbbs_t::printfile(const char *, int, int, JSObject *)()
/prntfile.cpp: 228 in sbbs_t::printfile(const char *, int, int, JSObject *)()

_____________________________________________________________________________________________
*** CID 642982: (FORWARD_NULL)
/prntfile.cpp: 263 in sbbs_t::printfile(const char *, int, int, JSObject *)()
257 default:
258 case TERM_KEY_DOWN:
259 nextline = line + 1; 260 break;
261 }
262 if (nextline != line + 1 && nextline < lines)
>>> CID 642982: (FORWARD_NULL)
>>> Dereferencing null pointer "offset".
263 fseeko(stream, offset[nextline], 0);
264 line = nextline;
265 }
266 else
267 ++line;
268 }
/prntfile.cpp: 228 in sbbs_t::printfile(const char *, int, int, JSObject *)()
222 else
223 nextline = line - (((term->rows - 1) * 2) - 1);
224 break;
225 case TERM_KEY_END:
226 {
227 bputs(text[SeekingFile]);
>>> CID 642982: (FORWARD_NULL)
>>> Dereferencing null pointer "offset".
228 fseeko(stream, offset[lines - 1], SEEK_SET);
229 if (fgets(buf, length + 1, stream) == NULL)
230 break;
231 off_t lastline = lines - 1;
232 while (!feof(stream) && !msgabort()) {
233 o = ftello(stream);

** CID 642981: Error handling issues (CHECKED_RETURN)
/prntfile.cpp: 228 in sbbs_t::printfile(const char *, int, int, JSObject *)()

_____________________________________________________________________________________________
*** CID 642981: Error handling issues (CHECKED_RETURN)
/prntfile.cpp: 228 in sbbs_t::printfile(const char *, int, int, JSObject *)()
222 else
223 nextline = line - (((term->rows - 1) * 2) - 1);
224 break;
225 case TERM_KEY_END:
226 {
227 bputs(text[SeekingFile]);
>>> CID 642981: Error handling issues (CHECKED_RETURN) >>> Calling "fseeko(stream, offset[lines - 1UL], 0)" without checking return value. This library function may fail and return an error code.
228 fseeko(stream, offset[lines - 1], SEEK_SET);
229 if (fgets(buf, length + 1, stream) == NULL)
230 break;
231 off_t lastline = lines - 1;
232 while (!feof(stream) && !msgabort()) {
233 o = ftello(stream);

** CID 642980: Integer handling issues (INTEGER_OVERFLOW)
/prntfile.cpp: 228 in sbbs_t::printfile(const char *, int, int, JSObject *)()

_____________________________________________________________________________________________
*** CID 642980: Integer handling issues (INTEGER_OVERFLOW) /prntfile.cpp: 228 in sbbs_t::printfile(const char *, int, int, JSObject *)()
222 else
223 nextline = line - (((term->rows - 1) * 2) - 1);
224 break;
225 case TERM_KEY_END:
226 {
227 bputs(text[SeekingFile]);
>>> CID 642980: Integer handling issues (INTEGER_OVERFLOW)
>>> Expression "lines - 1UL", where "lines" is known to be equal to 0, underflows the type of "lines - 1UL", which is type "unsigned long".
228 fseeko(stream, offset[lines - 1], SEEK_SET);
229 if (fgets(buf, length + 1, stream) == NULL)
230 break;
231 off_t lastline = lines - 1;
232 while (!feof(stream) && !msgabort()) {
233 o = ftello(stream);

</pre>

<p>
<a href="https://scan.coverity.com/projects/synchronet?tab=overview" class="button">View Defects in Coverity Scan</a>
</p>

<p>Best regards,</p>
<p>The Coverity Scan Admin Team</p>
<img class="logo" width="140" src="https://scan.coverity.com/assets/BlackDuckLogo-6697adc63e07340464201a2ad534d3d3e44f95d36edda20b140440d34f05372f.svg" />
</body>
</html>
----==_mimepart_697a13306f491_cf6782d0dbe50d9a0894b--

--- SBBSecho 3.35-Linux
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

From scan-admin@coverity.com@1:103/705 to All on Thu Jan 29 13:46:20 2026

----==_mimepart_697b64ac475f5_def0e2bd3c9d4b9a8620dd
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

2 new defect(s) introduced to Synchronet found with Coverity Scan.
5 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 2 of 2 defect(s)

** CID 642992: API usage errors (PRINTF_ARGS)

_____________________________________________________________________________________________
*** CID 642992: API usage errors (PRINTF_ARGS)
/ftpsrvr.c: 5024 in ctrl_thread()
5018 transfer_aborted = TRUE;
5019 }
5020 }
5021 if (count && (count % 60) == 0)
5022 lprintf(LOG_WARNING, "%04d Still waiting (%us) for transfer to complete "
5023 "(aborted=%d, lastactive=%" PRId64 "s, max_inactivity=%us) ..."

CID 642992: API usage errors (PRINTF_ARGS)
Argument "count" to format specifier "%u" was expected to have type "unsigned int" but has type "unsigned long".

5024 , sock, count, transfer_aborted, (uint64_t)(time(NULL)-lastactive)
5025 , startup->max_inactivity);
5026 count++;
5027 mswait(1000);
5028 }
5029 lprintf(LOG_DEBUG, "%04d Done waiting for transfer to complete", sock);

** CID 642991: API usage errors (PW.PRINTF_ARG_MISMATCH)
/ftpsrvr.c: 5024 in ()

_____________________________________________________________________________________________
*** CID 642991: API usage errors (PW.PRINTF_ARG_MISMATCH)
/ftpsrvr.c: 5024 in ()
5018 transfer_aborted = TRUE;
5019 }
5020 }
5021 if (count && (count % 60) == 0)
5022 lprintf(LOG_WARNING, "%04d Still waiting (%us) for transfer to complete "
5023 "(aborted=%d, lastactive=%" PRId64 "s, max_inactivity=%us) ..."

CID 642991: API usage errors (PW.PRINTF_ARG_MISMATCH)
argument is incompatible with corresponding format string conversion (expected type "unsigned int" but argument has type "unsigned long")

5024 , sock, count, transfer_aborted, (uint64_t)(time(NULL)-lastactive)
5025 , startup->max_inactivity);
5026 count++;
5027 mswait(1000);
5028 }
5029 lprintf(LOG_DEBUG, "%04d Done waiting for transfer to complete", sock);

________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://scan.coverity.com/projects/synchronet?tab=overview

----==_mimepart_697b64ac475f5_def0e2bd3c9d4b9a8620dd
Content-Type: text/html; charset=us-ascii
Content-Transfer-Encoding: 7bit

<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<title>New Defects Reported - Synchronet</title>
<style>
body { font-family: Arial, sans-serif; color: #222; line-height: 1.6; }
.button {
display: inline-block;
padding: 10px 20px;
margin: 20px 0;
font-size: 16px;
color: #fff !important;
background-color: #0056b3;
text-decoration: none;
border-radius: 5px;
}
pre {
background: #f8f9fa;
padding: 10px;
border-radius: 5px;
font-size: 14px;
overflow-x: auto;
}
</style>
</head>
<body>
<p>Hi,</p>

<p>
Please find the latest report on new defect(s) introduced to <strong>Synchronet</strong>
found with Coverity Scan.
</p>

<ul>
<li><strong>New Defects Found:</strong> 2</li>
<li>
5 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.
</li>
<li><strong>Defects Shown:</strong> Showing 2 of 2 defect(s)</li>
</ul>

<h3>Defect Details</h3>
<pre>
** CID 642992: API usage errors (PRINTF_ARGS)

_____________________________________________________________________________________________
*** CID 642992: API usage errors (PRINTF_ARGS)
/ftpsrvr.c: 5024 in ctrl_thread()
5018 transfer_aborted = TRUE;
5019 }
5020 }
5021 if (count && (count % 60) == 0)
5022 lprintf(LOG_WARNING, "%04d Still waiting (%us) for transfer to complete "
5023 "(aborted=%d, lastactive=%" PRId64 "s, max_inactivity=%us) ..."
>>> CID 642992: API usage errors (PRINTF_ARGS) >>> Argument "count" to format specifier "%u" was expected to have type "unsigned int" but has type "unsigned long".
5024 , sock, count, transfer_aborted, (uint64_t)(time(NULL)-lastactive)
5025 , startup->max_inactivity);
5026 count++;
5027 mswait(1000);
5028 }
5029 lprintf(LOG_DEBUG, "%04d Done waiting for transfer to complete", sock);

** CID 642991: API usage errors (PW.PRINTF_ARG_MISMATCH)
/ftpsrvr.c: 5024 in ()

_____________________________________________________________________________________________
*** CID 642991: API usage errors (PW.PRINTF_ARG_MISMATCH)
/ftpsrvr.c: 5024 in ()
5018 transfer_aborted = TRUE;
5019 }
5020 }
5021 if (count && (count % 60) == 0)
5022 lprintf(LOG_WARNING, "%04d Still waiting (%us) for transfer to complete "
5023 "(aborted=%d, lastactive=%" PRId64 "s, max_inactivity=%us) ..."
>>> CID 642991: API usage errors (PW.PRINTF_ARG_MISMATCH) >>> argument is incompatible with corresponding format string conversion (expected type "unsigned int" but argument has type "unsigned long")
5024 , sock, count, transfer_aborted, (uint64_t)(time(NULL)-lastactive)
5025 , startup->max_inactivity);
5026 count++;
5027 mswait(1000);
5028 }
5029 lprintf(LOG_DEBUG, "%04d Done waiting for transfer to complete", sock);

</pre>

<p>
<a href="https://scan.coverity.com/projects/synchronet?tab=overview" class="button">View Defects in Coverity Scan</a>
</p>

<p>Best regards,</p>
<p>The Coverity Scan Admin Team</p>
<img class="logo" width="140" src="https://scan.coverity.com/assets/BlackDuckLogo-6697adc63e07340464201a2ad534d3d3e44f95d36edda20b140440d34f05372f.svg" />
</body>
</html>
----==_mimepart_697b64ac475f5_def0e2bd3c9d4b9a8620dd--

--- SBBSecho 3.35-Linux
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

Sysop:	Sarah
Location:	Portland, Oregon
Users:	212
Nodes:	16 (0 / 16)
Uptime:	92:15:14
Calls:	1,423
Calls today:	1,423
Files:	85,097
U/L today:	554 files (10,683M bytes)
D/L today:	4,409 files (11,184M bytes)
Messages:	73,519
Posted today:	65

New Defects reported by Coverity Scan for Synchronet

Who's Online

Recent Visitors

System Info