Just a sample of the Echomail archive
Cooperative anarchy at its finest, still active today. Darkrealms is the Zone 1 Hub.
| SYNC_PROGRAMMING | Synchronet/Baja/XSDK Programming | 49,116 messages |
[ << oldest | < older | list | newer > | newest >> ]
| Message 48,564 of 49,116 |
| scan-admin@coverity.com to All |
| New Defects reported by Coverity Scan fo |
| 05 Jan 26 13:46:18 |
TZUTC: 0000
MSGID: 53994.syncprog@1:103/705 2dc1c996
PID: Synchronet 3.21b-Linux master/5ccae58ca Jan 05 2026 GCC 12.2.0
TID: SBBSecho 3.34-Linux master/5ccae58ca Jan 05 2026 GCC 12.2.0
BBSID: VERT
CHRS: ASCII 1
FORMAT: flowed
----==_mimepart_695bc0a9c87c5_1d5c082c2daae1599845356
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Hi,
Please find the latest report on new defect(s) introduced to Synchronet found
with Coverity Scan.
4 new defect(s) introduced to Synchronet found with Coverity Scan.
1 defect(s), reported by Coverity Scan earlier, were marked fixed in the
recent build analyzed by Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 4 of 4 defect(s)
** CID 640406: High impact quality (Y2K38_SAFETY)
/getstats.c: 127 in fread_dstats()
________________________________________________________________
____________________________
*** CID 640406: High impact quality (Y2K38_SAFETY)
/getstats.c: 127 in fread_dstats()
121 if (fp == NULL)
122 return false;
123
124 memset(stats, 0, sizeof(*stats));
125 if ((ini = iniReadFile(fp)) == NULL)
126 return false;
>>> CID 640406: High impact quality (Y2K38_SAFETY)
>>> A "time_t" value is stored in an integer with too few bits to
accommodate it. The expression "iniGetDateTime(ini, NULL, "Date", 0L)" is
cast to "time32_t".
127 stats->date = (time32_t)iniGetDateTime(ini, NULL, strStatsDate, 0);
128 gettotals(ini, strStatsToday, &stats->today);
129 gettotals(ini, strStatsTotal, &stats->total);
130 iniFreeStringList(ini);
131 stats->last = time32(NULL);
132
** CID 640405: API usage errors (PW.PRINTF_ARG_MISMATCH)
/atcodes.cpp: 844 in ()
________________________________________________________________
____________________________
*** CID 640405: API usage errors (PW.PRINTF_ARG_MISMATCH)
/atcodes.cpp: 844 in ()
838 if (strcmp(sp, "CLOCK") == 0) {
839 snprintf(str, maxlen, "%" PRIu64, xp_timer64());
840 return str;
841 }
842
843 if (strcmp(sp, "TIMER") == 0) {
>>> CID 640405: API usage errors (PW.PRINTF_ARG_MISMATCH)
>>> argument is incompatible with corresponding format string conversion
(expected type "double" but argument has type "long double")
844 snprintf(str, maxlen, "%f", xp_timer());
845 return str;
846 }
847
848 if (strcmp(sp, "GENDERS") == 0)
849 return cfg.new_genders;
** CID 640404: API usage errors (PRINTF_ARGS)
/atcodes.cpp: 844 in sbbs_t::atcode(const char *, char *, unsigned
long, int *, bool, JSObject *)()
________________________________________________________________
____________________________
*** CID 640404: API usage errors (PRINTF_ARGS)
/atcodes.cpp: 844 in sbbs_t::atcode(const char *, char *, unsigned
long, int *, bool, JSObject *)()
838 if (strcmp(sp, "CLOCK") == 0) {
839 snprintf(str, maxlen, "%" PRIu64, xp_timer64());
840 return str;
841 }
842
843 if (strcmp(sp, "TIMER") == 0) {
>>> CID 640404: API usage errors (PRINTF_ARGS)
>>> Argument "xp_timer()" to format specifier "%f" was expected to have
type "double" but has type "long double". [Note: The source code
implementation of the function has been overridden by a builtin model.]
844 snprintf(str, maxlen, "%f", xp_timer());
845 return str;
846 }
847
848 if (strcmp(sp, "GENDERS") == 0)
849 return cfg.new_genders;
** CID 640403: Error handling issues (CHECKED_RETURN)
/js_system.cpp: 1351 in js_minutestr(JSContext *, unsigned int,
unsigned long *)()
________________________________________________________________
____________________________
*** CID 640403: Error handling issues (CHECKED_RETURN)
/js_system.cpp: 1351 in js_minutestr(JSContext *, unsigned int,
unsigned long *)()
1345 if (js_argvIsNullOrVoid(cx, argv, 0))
1346 return JS_FALSE;
1347
1348 if (argc > 1 && JSVAL_IS_BOOLEAN(argv[1]))
1349 estimate = JSVAL_TO_BOOLEAN(argv[1]);
1350
>>> CID 640403: Error handling issues (CHECKED_RETURN)
>>> Calling "JS_ValueToECMAUint32" without checking return value (as is
done elsewhere 96 out of 102 times).
1351 JS_ValueToECMAUint32(cx, argv[0], &t);
1352 if ((js_str = JS_NewStringCopyZ(cx, minutes_to_str(t, str, sizeof
str, estimate))) == NULL)
1353 return JS_FALSE;
1354
1355 JS_SET_RVAL(cx, arglist, STRING_TO_JSVAL(js_str));
1356 return JS_TRUE;
________________________________________________________________
_______________________________________
To view the defects in Coverity Scan visit, https://scan.coverit
.com/projects/synchronet?tab=overview
----==_mimepart_695bc0a9c87c5_1d5c082c2daae1599845356
Content-Type: text/html; charset=us-ascii
Content-Transfer-Encoding: 7bit
Defect Details
** CID 640406: High impact quality (Y2K38_SAFETY)
/getstats.c: 127 in fread_dstats()
________________________________________________________________
____________________________
*** CID 640406: High impact quality (Y2K38_SAFETY)
/getstats.c: 127 in fread_dstats()
121 if (fp == NULL)
122 return false;
123
124 memset(stats, 0, sizeof(*stats));
125 if ((ini = iniReadFile(fp)) == NULL)
126 return false;
>>> CID 640406: High impact quality (Y2K38_SAFETY)
>>> A "time_t" value is stored in an integer with too
few bits to accommodate it. The expression "iniGetDateTime(ini, NULL,
"Date", 0L)" is cast to "time32_t".
127 stats->date = (time32_t)iniGetDateTime(ini, NULL, strStatsDate,
0);
128 gettotals(ini, strStatsToday, &stats->today);
129 gettotals(ini, strStatsTotal, &stats->total);
130 iniFreeStringList(ini);
131 stats->last = time32(NULL);
132
** CID 640405: API usage errors (PW.PRINTF_ARG_MISMATCH)
/atcodes.cpp: 844 in ()
________________________________________________________________
____________________________
*** CID 640405: API usage errors (PW.PRINTF_ARG_MISMATCH)
/atcodes.cpp: 844 in ()
838 if (strcmp(sp, "CLOCK") == 0) {
839 snprintf(str, maxlen, "%" PRIu64, xp_timer64());
840 return str;
841 }
842
843 if (strcmp(sp, "TIMER") == 0) {
>>> CID 640405: API usage errors (PW.PRINTF_ARG_MISMATCH)
>>> argument is incompatible with corresponding format string
conversion (expected type "double" but argument has type "long
double")
844 snprintf(str, maxlen, "%f", xp_timer());
845 return str;
846 }
847
848 if (strcmp(sp, "GENDERS") == 0)
849 return cfg.new_genders;
** CID 640404: API usage errors (PRINTF_ARGS)
/atcodes.cpp: 844 in sbbs_t::atcode(const char *, char *, unsigned
long, int *, bool, JSObject *)()
________________________________________________________________
____________________________
*** CID 640404: API usage errors (PRINTF_ARGS)
/atcodes.cpp: 844 in sbbs_t::atcode(const char *, char *, unsigned
long, int *, bool, JSObject *)()
838 if (strcmp(sp, "CLOCK") == 0) {
839 snprintf(str, maxlen, "%" PRIu64, xp_timer64());
840 return str;
841 }
842
843 if (strcmp(sp, "TIMER") == 0) {
>>> CID 640404: API usage errors (PRINTF_ARGS)
>>> Argument "xp_timer()" to format specifier
"%f" was expected to have type "double" but has type
"long double". [Note: The source code implementation of the function
has been overridden by a builtin model.]
844 snprintf(str, maxlen, "%f", xp_timer());
845 return str;
846 }
847
848 if (strcmp(sp, "GENDERS") == 0)
849 return cfg.new_genders;
** CID 640403: Error handling issues (CHECKED_RETURN)
/js_system.cpp: 1351 in js_minutestr(JSContext *, unsigned int,
unsigned long *)()
________________________________________________________________
____________________________
*** CID 640403: Error handling issues (CHECKED_RETURN)
/js_system.cpp: 1351 in js_minutestr(JSContext *, unsigned int,
unsigned long *)()
1345 if (js_argvIsNullOrVoid(cx, argv, 0))
1346 return JS_FALSE;
1347
1348 if (argc > 1 && JSVAL_IS_BOOLEAN(argv[1]))
1349 estimate = JSVAL_TO_BOOLEAN(argv[1]);
1350
>>> CID 640403: Error handling issues (CHECKED_RETURN)
>>> Calling "JS_ValueToECMAUint32" without checking
return value (as is done elsewhere 96 out of 102 times).
1351 JS_ValueToECMAUint32(cx, argv[0], &t);
1352 if ((js_str = JS_NewStringCopyZ(cx, minutes_to_str(t, str, sizeof
str, estimate))) == NULL)
1353 return JS_FALSE;
1354
1355 JS_SET_RVAL(cx, arglist, STRING_TO_JSVAL(js_str));
1356 return JS_TRUE;
Best regards, The Coverity Scan Admin Team 
----==_mimepart_695bc0a9c87c5_1d5c082c2daae1599845356--
--- SBBSecho 3.34-Linux
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
SEEN-BY: 10/0 1 102/401 103/705 105/81 106/201 124/5016 128/187 129/14
SEEN-BY: 153/7715 154/110 214/22 218/0 1 215 700 810 226/30 227/114
SEEN-BY: 229/110 134 206 275 317 400 426 428 470 700 705 266/512 280/464
SEEN-BY: 291/111 301/1 320/219 322/757 342/200 396/45 460/58 633/280
SEEN-BY: 712/848 902/26 5075/35
PATH: 103/705 218/700 229/426
|
(c) 1994, bbs@darkrealms.ca