1. Forum
  2. FidoNet
  3. SYNC PROGRAMMING

  • src/sbbs3/netmail.cpp qwktomsg.cpp

    From Rob Swindell (on Debian Linux)@1:103/705 to Git commit to main/sbbs/master on Wed May 6 19:41:53 2026
    https://gitlab.synchro.net/main/sbbs/-/commit/22d5c8a53a3577b45978b6b1
    Modified Files:
    src/sbbs3/netmail.cpp qwktomsg.cpp
    Log Message:
    qwk: make sentinel NUL after fread explicit (CIDs 645830, 645831, 645832)

    Both qwktomsg.cpp and netmail.cpp over-allocate the QWK message buffer
    by one block (calloc-zeroed, never written by fread) so downstream strchr/strlen/strlcpy/SAFECOPY scans always terminate within the
    allocation. Coverity can't see the over-allocation invariant and flags SAFECOPY/strListPush/whitespace-loop on the buffer as STRING_NULL or TAINTED_SCALAR. Write the trailing NUL explicitly after each fread so
    the sentinel action is visible. No runtime change (calloc already
    zeroed it).

    Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
    --- SBBSecho 3.37-Linux
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)