TZUTC: 0000   
   MSGID: 54118.syncprog@1:103/705 2dcb04f7   
   PID: Synchronet 3.21b-Linux master/f717faea9 Jan 12 2026 GCC 12.2.0   
   TID: SBBSecho 3.34-Linux master/f717faea9 Jan 12 2026 GCC 12.2.0   
   BBSID: VERT   
   CHRS: ASCII 1   
   FORMAT: flowed   
      
   ----==_mimepart_6964fb8d1cdba_2460bc2afbc97ad9ac59882   
   Content-Type: text/plain; charset=us-ascii   
   Content-Transfer-Encoding: 7bit   
      
   Hi,   
      
   Please find the latest report on new defect(s) introduced to Synchronet found   
   with Coverity Scan.   
      
   2 new defect(s) introduced to Synchronet found with Coverity Scan.   
   6 defect(s), reported by Coverity Scan earlier, were marked fixed in the   
   recent build analyzed by Coverity Scan.   
      
   New defect(s) Reported-by: Coverity Scan   
   Showing 2 of 2 defect(s)   
      
      
   ** CID 640971:       High impact quality  (Y2K38_SAFETY)   
   /atcodes.cpp: 620           in sbbs_t::atcode(const char *, char *, unsigned   
   long, int *, bool, unsigned int, JSObject *)()   
      
      
   ________________________________________________________________   
   ____________________________   
   *** CID 640971:         High impact quality  (Y2K38_SAFETY)   
   /atcodes.cpp: 620             in sbbs_t::atcode(const char *, char *, unsigned   
   long, int *, bool, unsigned int, JSObject *)()   
   614   
   615     	if (code_match(sp, "UPTIME", ¶m)) {   
   616     		extern volatile time_t uptime;   
   617     		time_t                 up = 0;   
   618     		if (uptime != 0 && time(&now) >= uptime)   
   619     			up = now - uptime;   
   >>>     CID 640971:         High impact quality  (Y2K38_SAFETY)   
   >>>     A "time_t" value is stored in an integer with too few bits to   
   accommodate it.  The expression "up" is cast to "uint".   
   620     		return duration((uint)up, str, maxlen, param, DURATION   
   MINIMAL_VERBAL);   
   621     	}   
   622   
   623     	if (!strcmp(sp, "SERVED")) {   
   624     		extern volatile uint served;   
   625     		safe_snprintf(str, maxlen, "%u", served);   
      
   ** CID 640970:       Insecure data handling  (INTEGER_OVERFLOW)   
   /atcodes.cpp: 1695           in sbbs_t::atcode(const char *, char *, unsigned   
   long, int *, bool, unsigned int, JSObject *)()   
      
      
   ________________________________________________________________   
   ____________________________   
   *** CID 640970:         Insecure data handling  (INTEGER_OVERFLOW)   
   /atcodes.cpp: 1695             in sbbs_t::atcode(const char *, char *,   
   unsigned long, int *, bool, unsigned int, JSObject *)()   
   1689     	if (!strcmp(sp, "BYTESLEFT")) {   
   1690     		safe_snprintf(str, maxlen, "%" PRIu64, user_available   
   credits(&useron));   
   1691     		return str;   
   1692     	}   
   1693   
   1694     	if (code_match(sp, "CDTLEFT", ¶m))   
   >>>     CID 640970:         Insecure data handling  (INTEGER_OVERFLOW)   
   >>>     The cast of "user_available_credits(&this->useron)" to a signed type   
   could result in a negative number.   
   1695     		return byte_count(static_cast(user_available   
   credits(&useron)), str, maxlen, param, BYTE_COUNT_VERBAL);   
   1696   
   1697     	if (code_match(sp, "CREDITS", ¶m))   
   1698     		return byte_count(useron.cdt, str, maxlen, param, BYTE_COUNT_BYTES);   
   1699   
   1700     	if (code_match(sp, "FREECDT", ¶m))   
      
      
   ________________________________________________________________   
   _______________________________________   
   To view the defects in Coverity Scan visit, https://scan.coverit   
   .com/projects/synchronet?tab=overview   
      
      
   ----==_mimepart_6964fb8d1cdba_2460bc2afbc97ad9ac59882   
   Content-Type: text/html; charset=us-ascii   
   Content-Transfer-Encoding: 7bit   
      
      
      
      
        
        
        
      
      
     
Hi,
   
      
     
   
       Please find the latest report on new defect(s) introduced to   
   Synchronet   
        found with Coverity Scan.   
     
   
      
     
   
       
New Defects Found: 2
   
         
   
           6 defect(s), reported by Coverity Scan earlier, were marked fixed in   
   the recent build analyzed by Coverity Scan.   
         
   
       
Defects Shown: Showing 2 of 2 defect(s)
   
     
   
      
     
Defect Details
   
     
   
   ** CID 640971:       High impact quality  (Y2K38_SAFETY)   
   /atcodes.cpp: 620           in sbbs_t::atcode(const char *, char *, unsigned   
   long, int *, bool, unsigned int, JSObject *)()   
      
      
   ________________________________________________________________   
   ____________________________   
   *** CID 640971:         High impact quality  (Y2K38_SAFETY)   
   /atcodes.cpp: 620             in sbbs_t::atcode(const char *, char *, unsigned   
   long, int *, bool, unsigned int, JSObject *)()   
   614   
   615     	if (code_match(sp, "UPTIME", &param)) {   
   616     		extern volatile time_t uptime;   
   617     		time_t                 up = 0;   
   618     		if (uptime != 0 && time(&now) >= uptime)   
   619     			up = now - uptime;   
   >>>     CID 640971:         High impact quality  (Y2K38_SAFETY)   
   >>>     A "time_t" value is stored in an integer with too   
   few bits to accommodate it.  The expression "up" is cast to   
   "uint".   
   620     		return duration((uint)up, str, maxlen, param, DURATION   
   MINIMAL_VERBAL);   
   621     	}   
   622   
   623     	if (!strcmp(sp, "SERVED")) {   
   624     		extern volatile uint served;   
   625     		safe_snprintf(str, maxlen, "%u", served);   
      
   ** CID 640970:       Insecure data handling  (INTEGER_OVERFLOW)   
   /atcodes.cpp: 1695           in sbbs_t::atcode(const char *, char *, unsigned   
   long, int *, bool, unsigned int, JSObject *)()   
      
      
   ________________________________________________________________   
   ____________________________   
   *** CID 640970:         Insecure data handling  (INTEGER_OVERFLOW)   
   /atcodes.cpp: 1695             in sbbs_t::atcode(const char *, char *,   
   unsigned long, int *, bool, unsigned int, JSObject *)()   
   1689     	if (!strcmp(sp, "BYTESLEFT")) {   
   1690     		safe_snprintf(str, maxlen, "%" PRIu64, user   
   available_credits(&useron));   
   1691     		return str;   
   1692     	}   
   1693   
   1694     	if (code_match(sp, "CDTLEFT", &param))   
   >>>     CID 640970:         Insecure data handling  (INTEGER_OVERFLOW)   
   >>>     The cast of "user_available_credits(&t   
   is->useron)" to a signed type could result in a negative number.   
   1695     		return byte_count(static_cast<int64_t>(user_ava   
   lable_credits(&useron)), str, maxlen, param, BYTE_COUNT_VERBAL);   
   1696   
   1697     	if (code_match(sp, "CREDITS", &param))   
   1698     		return byte_count(useron.cdt, str, maxlen, param, BYTE_COUNT_BYTES);   
   1699   
   1700     	if (code_match(sp, "FREECDT", &param))   
      
     
   
      
     
   
       View Defects in Coverity Scan   
     
   
      
     
Best regards,
   
     
The Coverity Scan Admin Team
   
        
      
      
   ----==_mimepart_6964fb8d1cdba_2460bc2afbc97ad9ac59882--   
      
   --- SBBSecho 3.34-Linux   
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)   
   SEEN-BY: 1/19 100 16/0 19/37 103/705 105/81 106/201 123/130 124/5016   
   SEEN-BY: 128/187 129/14 142/104 153/757 7715 154/10 30 110 203/0 218/700   
   SEEN-BY: 221/0 1 6 226/30 227/114 229/110 134 206 317 400 426 428   
   SEEN-BY: 229/470 700 705 240/1120 5832 263/1 266/512 280/464 5003   
   SEEN-BY: 280/5006 291/111 292/8125 301/1 320/119 219 319 2119 322/757   
   SEEN-BY: 322/762 341/66 234 342/200 396/45 423/81 120 460/58 633/280   
   SEEN-BY: 712/848 770/1 902/26 5020/400 5075/35   
   PATH: 103/705 280/464 221/1 320/219 229/426