Just a sample of the Echomail archive
Cooperative anarchy at its finest, still active today. Darkrealms is the Zone 1 Hub.
| SYNC_PROGRAMMING | Synchronet/Baja/XSDK Programming | 49,116 messages |
[ << oldest | < older | list | newer > | newest >> ]
| Message 47,318 of 49,116 |
| scan-admin@coverity.com to All |
| New Defects reported by Coverity Scan fo |
| 30 Sep 25 14:17:12 |
TZUTC: 0000
MSGID: 52719.syncprog@1:103/705 2d41ea59
PID: Synchronet 3.21a-Linux master/2287878bd Sep 27 2025 GCC 12.2.0
TID: SBBSecho 3.30-Linux master/88b423313 Sep 29 2025 GCC 12.2.0
BBSID: VERT
CHRS: ASCII 1
FORMAT: flowed
----==_mimepart_68dbe667f0fba_4d6e62b4f2a4a99a44915
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Hi,
Please find the latest report on new defect(s) introduced to Synchronet found
with Coverity Scan.
3 new defect(s) introduced to Synchronet found with Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 3 of 3 defect(s)
** CID 631052: Null pointer dereferences (FORWARD_NULL)
/tmp/sbbs-Sep-30-2025/src/xpdev/ini_file.c: 3367 in in
GetFastParsedSectionCmp()
________________________________________________________________
____________________________
*** CID 631052: Null pointer dereferences (FORWARD_NULL)
/tmp/sbbs-Sep-30-2025/src/xpdev/ini_file.c: 3367 in
niGetFastParsedSectionCmp()
3361 return 0;
3362 }
3363 if (name == NULL || name->str == NULL)
3364 return -1;
3365 entShorter = fp->name.len < name->len;
3366 cmplen = entShorter ? fp->name.len : name->len;
>>> CID 631052: Null pointer dereferences (FORWARD_NULL)
>>> Passing null pointer "fp->name.str" to "strncasecmp", which
dereferences it.
3367 cmp = strnicmp(name->str, fp->name.str, cmplen);
3368 if (cmp == 0) {
3369 if (fp->name.len == name->len)
3370 return 0;
3371 if (entShorter)
3372 return 1;
** CID 631051: Integer handling issues (INTEGER_OVERFLOW)
/tmp/sbbs-Sep-30-2025/src/xpdev/ini_file.c: 3159 in in
FastParseSections()
________________________________________________________________
____________________________
*** CID 631051: Integer handling issues (INTEGER_OVERFLOW)
/tmp/sbbs-Sep-30-2025/src/xpdev/ini_file.c: 3159 in
niFastParseSections()
3153 struct fp_section *sect;
3154 size_t slen;
3155 str++;
3156 slen = strlen(str);
3157 while (slen && (IS_WHITESPACE(str[slen - 1])))
3158 slen--;
>>> CID 631051: Integer handling issues (INTEGER_OVERFLOW)
>>> Expression "slen - 1UL", where "slen" is known to be equal to 0,
underflows the type of "slen - 1UL", which is type "unsigned long".
3159 if (str[slen - 1] == INI_CLOSE_SECTION_CHAR)
3160 slen--;
3161 else // Discard line
3162 continue;
3163 ret->totalSections++;
3164 if ((ret->totalSections) >= arraySz) {
** CID 631050: Integer handling issues (INTEGER_OVERFLOW)
/tmp/sbbs-Sep-30-2025/src/xpdev/ini_file.c: 3331 in in
GetFastParsedSectionList()
________________________________________________________________
____________________________
*** CID 631050: Integer handling issues (INTEGER_OVERFLOW)
/tmp/sbbs-Sep-30-2025/src/xpdev/ini_file.c: 3331 in
niGetFastParsedSectionList()
3325 if (sz)
3326 *sz = 0;
3327 return ret;
3328 }
3329 if (prefix)
3330 prefixLen = strlen(prefix);
>>> CID 631050: Integer handling issues (INTEGER_OVERFLOW)
>>> Expression "i++", where "i" is known to be equal to 1844
744073709551615, overflows the type of "i++", which is type "size_t".
3331 for (i = iniGetFastPrefixStart(fp, prefix); i <= fp->lastUncut; i++)
{
3332 if (fp->sections[i].name.str == NULL)
3333 continue;
3334 if (fp->sections[i].cut)
3335 continue;
3336 if (fp->sections[i].name.len < prefixLen)
________________________________________________________________
_______________________________________
To view the defects in Coverity Scan visit, https://scan.coverit
.com/projects/synchronet?tab=overview
----==_mimepart_68dbe667f0fba_4d6e62b4f2a4a99a44915
Content-Type: text/html; charset=us-ascii
Content-Transfer-Encoding: 7bit
Defect Details
** CID 631052: Null pointer dereferences (FORWARD_NULL)
/tmp/sbbs-Sep-30-2025/src/xpdev/ini_file.c: 3367 in in
GetFastParsedSectionCmp()
________________________________________________________________
____________________________
*** CID 631052: Null pointer dereferences (FORWARD_NULL)
/tmp/sbbs-Sep-30-2025/src/xpdev/ini_file.c: 3367 in
niGetFastParsedSectionCmp()
3361 return 0;
3362 }
3363 if (name == NULL || name->str == NULL)
3364 return -1;
3365 entShorter = fp->name.len < name->len;
3366 cmplen = entShorter ? fp->name.len : name->len;
>>> CID 631052: Null pointer dereferences (FORWARD_NULL)
>>> Passing null pointer "fp->name.str" to
"strncasecmp", which dereferences it.
3367 cmp = strnicmp(name->str, fp->name.str, cmplen);
3368 if (cmp == 0) {
3369 if (fp->name.len == name->len)
3370 return 0;
3371 if (entShorter)
3372 return 1;
** CID 631051: Integer handling issues (INTEGER_OVERFLOW)
/tmp/sbbs-Sep-30-2025/src/xpdev/ini_file.c: 3159 in in
FastParseSections()
________________________________________________________________
____________________________
*** CID 631051: Integer handling issues (INTEGER_OVERFLOW)
/tmp/sbbs-Sep-30-2025/src/xpdev/ini_file.c: 3159 in
niFastParseSections()
3153 struct fp_section *sect;
3154 size_t slen;
3155 str++;
3156 slen = strlen(str);
3157 while (slen && (IS_WHITESPACE(str[slen - 1])))
3158 slen--;
>>> CID 631051: Integer handling issues (I
TEGER_OVERFLOW)
>>> Expression "slen - 1UL", where "slen" is
known to be equal to 0, underflows the type of "slen - 1UL", which
is type "unsigned long".
3159 if (str[slen - 1] == INI_CLOSE_SECTION_CHAR)
3160 slen--;
3161 else // Discard line
3162 continue;
3163 ret->totalSections++;
3164 if ((ret->totalSections) >= arraySz) {
** CID 631050: Integer handling issues (INTEGER_OVERFLOW)
/tmp/sbbs-Sep-30-2025/src/xpdev/ini_file.c: 3331 in in
GetFastParsedSectionList()
________________________________________________________________
____________________________
*** CID 631050: Integer handling issues (INTEGER_OVERFLOW)
/tmp/sbbs-Sep-30-2025/src/xpdev/ini_file.c: 3331 in
niGetFastParsedSectionList()
3325 if (sz)
3326 *sz = 0;
3327 return ret;
3328 }
3329 if (prefix)
3330 prefixLen = strlen(prefix);
>>> CID 631050: Integer handling issues (I
TEGER_OVERFLOW)
>>> Expression "i++", where "i" is known to
be equal to 18446744073709551615, overflows the type of "i++", which
is type "size_t".
3331 for (i = iniGetFastPrefixStart(fp, prefix); i <= fp
>lastUncut; i++) {
3332 if (fp->sections[i].name.str == NULL)
3333 continue;
3334 if (fp->sections[i].cut)
3335 continue;
3336 if (fp->sections[i].name.len < prefixLen)
Best regards, The Coverity Scan Admin Team 
----==_mimepart_68dbe667f0fba_4d6e62b4f2a4a99a44915--
--- SBBSecho 3.30-Linux
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
SEEN-BY: 10/0 1 102/401 103/1 705 105/81 106/201 124/5016 128/187
SEEN-BY: 129/14 153/7715 154/110 214/22 218/0 1 215 610 700 810 226/30
SEEN-BY: 227/114 229/110 206 317 400 426 428 470 700 705 266/512 280/464
SEEN-BY: 291/111 301/1 320/219 322/757 342/200 396/45 460/58 633/280
SEEN-BY: 712/848 902/26 5075/35
PATH: 103/705 218/700 229/426
|
(c) 1994, bbs@darkrealms.ca