TZUTC: 0000   
   MSGID: 52153.syncprog@1:103/705 2c5f38d1   
   PID: Synchronet 3.21a-Linux master/b6cebf829 Apr 08 2025 GCC 12.2.0   
   TID: SBBSecho 3.24-Linux master/b6cebf829 Apr 08 2025 GCC 12.2.0   
   BBSID: VERT   
   CHRS: ASCII 1   
   Hi,   
      
   Please find the latest report on new defect(s) introduced to Synchronet found   
   with Coverity Scan.   
      
   2 new defect(s) introduced to Synchronet found with Coverity Scan.   
      
      
   New defect(s) Reported-by: Coverity Scan   
   Showing 2 of 2 defect(s)   
      
      
   ** CID 549016:  Integer handling issues  (INTEGER_OVERFLOW)   
   /str.cpp: 1194 in sbbs_t::spy(unsigned int)()   
      
      
   ________________________________________________________________   
   _______________________________________   
   *** CID 549016:  Integer handling issues  (INTEGER_OVERFLOW)   
   /str.cpp: 1194 in sbbs_t::spy(unsigned int)()   
   1188     	       && !msgabort()) {   
   1189     		in = incom(1000);   
   1190     		if (in == NOINP) {   
   1191     			gettimeleft();   
   1192     			continue;   
   1193     		}   
   >>>     CID 549016:  Integer handling issues  (INTEGER_OVERFLOW)   
   >>>     Expression "ch", where "in" is known to be equal to 256, overflows the   
   type of "ch", which is type "char".   
   1194     		ch = in;   
   1195     		if (ch == ESC) {   
   1196     			if (ansi_len)   
   1197     				ansi_len = 0;   
   1198     			else {   
   1199     				if ((in = incom(500)) != NOINP) {   
      
   ** CID 549015:  Uninitialized variables  (UNINIT)   
      
      
   ________________________________________________________________   
   _______________________________________   
   *** CID 549015:  Uninitialized variables  (UNINIT)   
   /js_system.c: 2089 in js_chkpassword()   
   2083   
   2084     	js_system_private_t* sys;   
   2085     	if ((sys = (js_system_private_t*)js_GetClassPrivate(cx, obj,   
   &js_system_class)) == NULL)   
   2086     		return JS_FALSE;   
   2087   
   2088     	rc = JS_SUSPENDREQUEST(cx);   
   >>>     CID 549015:  Uninitialized variables  (UNINIT)   
   >>>     Using uninitialized value "*str" when calling "check_pass".   
   2089     	bool result = check_pass(sys->cfg, str, /* user: */NULL, /* unique:   
   */false, /* reason: */NULL)   
   2090     		              && !trashcan(sys->cfg, str, "password");   
   2091     	JS_SET_RVAL(cx, arglist, BOOLEAN_TO_JSVAL(result));   
   2092     	JS_RESUMEREQUEST(cx, rc);   
   2093   
   2094     	return JS_TRUE;   
      
      
   ________________________________________________________________   
   _______________________________________   
   To view the defects in Coverity Scan visit, https://scan.coverit   
   .com/projects/synchronet?tab=overview   
      
      
   --- SBBSecho 3.24-Linux   
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)   
   SEEN-BY: 103/705 105/81 106/201 124/5016 128/187 153/757 7715 154/10   
   SEEN-BY: 154/30 110 203/0 218/700 221/0 226/30 227/114 229/110 114   
   SEEN-BY: 229/206 317 400 426 428 470 550 700 705 240/1120 5832 266/512   
   SEEN-BY: 280/464 5003 5006 291/111 292/8125 301/1 320/219 322/757   
   SEEN-BY: 341/66 234 342/200 396/45 423/120 460/58 256 1124 467/888   
   SEEN-BY: 633/280 712/848 770/1 902/26 5020/400 8912 5054/30 5075/35   
   PATH: 103/705 280/464 460/58 229/426