• New Defects reported by Coverity Scan for Synchronet

    From scan-admin@coverity.com@1:103/705 to All on Tue May 20 12:44:44 2025
    <!DOCTYPE html>
    <html>
    <head>
    <style>
    body {
    font-family: Arial, sans-serif;
    line-height: 1.6;
    }
    .button {
    display: inline-block;
    padding: 10px 20px;
    margin: 20px 0;
    font-size: 16px;
    color: #fff;
    background-color: #007bff;
    text-decoration: none;
    border-radius: 5px;
    }
    .button:hover {
    background-color: #0056b3;
    }
    </style>
    </head>
    <body>
    <p>Hi,</p>

    <p>
    Coverity Scan has identified new defect(s) in the project <strong>Synchronet</strong>.
    </p>

    <h3>Defect Summary:</h3>
    <ul>
    <li><strong>New Defects Found:</strong> 2</li>
    <li><strong>Defects Fixed:</strong> 1</li>
    <li><strong>Defects Displayed:</strong> Showing 2 of 2</li>
    </ul>

    <p>
    To view the full list of defects and take action, click the button below:
    </p>

    <p>
    <a href="https://scan.coverity.com/projects/synchronet?tab=overview" class="button">View Defects</a>
    </p>

    <p>
    If you have any questions or need assistance, feel free to contact our support team.
    </p>


    <p>Best regards,</p>
    <p>The Coverity Scan Admin Team</p>
    <img class="logo" width="140" src="/assets/BlackDuckLogo-6697adc63e07340464201a2ad534d3d3e44f95d36edda20b140440d34f05372f.svg" />
    </body>
    </html>

    --- SBBSecho 3.27-Linux
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From scan-admin@coverity.com@1:103/705 to All on Sun Jul 6 12:47:03 2025

    ----==_mimepart_686a7047ce71_192e802d9f7544199c8471c
    Content-Type: text/plain; charset=us-ascii
    Content-Transfer-Encoding: 7bit

    Hi,

    Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

    2 new defect(s) introduced to Synchronet found with Coverity Scan.


    New defect(s) Reported-by: Coverity Scan
    Showing 2 of 2 defect(s)


    ** CID 569480: Resource leaks (RESOURCE_LEAK)
    /js_system.c: 1781 in js_notify()


    _____________________________________________________________________________________________
    *** CID 569480: Resource leaks (RESOURCE_LEAK)
    /js_system.c: 1781 in js_notify()
    1775 if (msg == NULL)
    1776 return JS_TRUE;
    1777 }
    1778
    1779 if (argc > 3 && !JSVAL_NULL_OR_VOID(argv[3])) {
    1780 if ((js_str = JS_ValueToString(cx, argv[3])) == NULL) >>> CID 569480: Resource leaks (RESOURCE_LEAK)
    Variable "msg" going out of scope leaks the storage it points to.
    1781 return JS_FALSE;
    1782
    1783 JSSTRING_TO_MSTRING(cx, js_str, replyto, NULL);
    1784 HANDLE_PENDING(cx, replyto);
    1785 if (replyto == NULL)
    1786 return JS_TRUE;

    ** CID 569479: Resource leaks (RESOURCE_LEAK)
    /js_system.c: 1793 in js_notify()


    _____________________________________________________________________________________________
    *** CID 569479: Resource leaks (RESOURCE_LEAK)
    /js_system.c: 1793 in js_notify()
    1787 }
    1788
    1789 JSSTRING_TO_MSTRING(cx, js_subj, subj, NULL);
    1790 HANDLE_PENDING(cx, subj);
    1791 if (subj == NULL) {
    1792 free(msg);
    CID 569479: Resource leaks (RESOURCE_LEAK)
    Variable "replyto" going out of scope leaks the storage it points to. 1793 return JS_TRUE;
    1794 }
    1795
    1796 rc = JS_SUSPENDREQUEST(cx);
    1797 ret = notify(sys->cfg, usernumber, subj, msg, replyto) == 0; 1798 free(subj);


    ________________________________________________________________________________________________________
    To view the defects in Coverity Scan visit, https://scan.coverity.com/projects/synchronet?tab=overview


    ----==_mimepart_686a7047ce71_192e802d9f7544199c8471c
    Content-Type: text/html; charset=us-ascii
    Content-Transfer-Encoding: 7bit

    <!DOCTYPE html>
    <html>
    <head>
    <meta charset="UTF-8">
    <title>New Defects Reported - Synchronet</title>
    <style>
    body { font-family: Arial, sans-serif; color: #222; line-height: 1.6; }
    .button {
    display: inline-block;
    padding: 10px 20px;
    margin: 20px 0;
    font-size: 16px;
    color: #fff !important;
    background-color: #0056b3;
    text-decoration: none;
    border-radius: 5px;
    }
    pre {
    background: #f8f9fa;
    padding: 10px;
    border-radius: 5px;
    font-size: 14px;
    overflow-x: auto;
    }
    </style>
    </head>
    <body>
    <p>Hi,</p>

    <p>
    Please find the latest report on new defect(s) introduced to <strong>Synchronet</strong>
    found with Coverity Scan.
    </p>

    <ul>
    <li><strong>New Defects Found:</strong> 2</li>
    <li><strong>Defects Shown:</strong> Showing 2 of 2 defect(s)</li>
    </ul>

    <h3>Defect Details</h3>
    <pre>
    ** CID 569480: Resource leaks (RESOURCE_LEAK)
    /js_system.c: 1781 in js_notify()


    _____________________________________________________________________________________________
    *** CID 569480: Resource leaks (RESOURCE_LEAK)
    /js_system.c: 1781 in js_notify()
    1775 if (msg == NULL)
    1776 return JS_TRUE;
    1777 }
    1778
    1779 if (argc &gt; 3 &amp;&amp; !JSVAL_NULL_OR_VOID(argv[3])) {
    1780 if ((js_str = JS_ValueToString(cx, argv[3])) == NULL) &gt;&gt;&gt; CID 569480: Resource leaks (RESOURCE_LEAK) &gt;&gt;&gt; Variable &quot;msg&quot; going out of scope leaks the storage it points to.
    1781 return JS_FALSE;
    1782
    1783 JSSTRING_TO_MSTRING(cx, js_str, replyto, NULL);
    1784 HANDLE_PENDING(cx, replyto);
    1785 if (replyto == NULL)
    1786 return JS_TRUE;

    ** CID 569479: Resource leaks (RESOURCE_LEAK)
    /js_system.c: 1793 in js_notify()


    _____________________________________________________________________________________________
    *** CID 569479: Resource leaks (RESOURCE_LEAK)
    /js_system.c: 1793 in js_notify()
    1787 }
    1788
    1789 JSSTRING_TO_MSTRING(cx, js_subj, subj, NULL);
    1790 HANDLE_PENDING(cx, subj);
    1791 if (subj == NULL) {
    1792 free(msg);
    &gt;&gt;&gt; CID 569479: Resource leaks (RESOURCE_LEAK) &gt;&gt;&gt; Variable &quot;replyto&quot; going out of scope leaks the storage it points to.
    1793 return JS_TRUE;
    1794 }
    1795
    1796 rc = JS_SUSPENDREQUEST(cx);
    1797 ret = notify(sys-&gt;cfg, usernumber, subj, msg, replyto) == 0; 1798 free(subj);

    </pre>

    <p>
    <a href="https://scan.coverity.com/projects/synchronet?tab=overview" class="button">View Defects in Coverity Scan</a>
    </p>

    <p>Best regards,</p>
    <p>The Coverity Scan Admin Team</p>
    <img class="logo" width="140" src="https://scan.coverity.com/assets/BlackDuckLogo-6697adc63e07340464201a2ad534d3d3e44f95d36edda20b140440d34f05372f.svg" />
    </body>
    </html>
    ----==_mimepart_686a7047ce71_192e802d9f7544199c8471c--

    --- SBBSecho 3.28-Linux
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From scan-admin@coverity.com@1:103/705 to All on Sun Jul 20 12:45:55 2025

    ----==_mimepart_687ce502ba0a3_2748642bf92199999045dc
    Content-Type: text/plain; charset=us-ascii
    Content-Transfer-Encoding: 7bit

    Hi,

    Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

    2 new defect(s) introduced to Synchronet found with Coverity Scan.


    New defect(s) Reported-by: Coverity Scan
    Showing 2 of 2 defect(s)


    ** CID 582443: High impact quality (Y2K38_SAFETY)
    /sexyz.c: 1356 in receive_files()


    _____________________________________________________________________________________________
    *** CID 582443: High impact quality (Y2K38_SAFETY)
    /sexyz.c: 1356 in receive_files()
    1350 if (!t)
    1351 t = 1;
    1352 if (zm.file_skipped)
    1353 lprintf(LOG_WARNING, "File Skipped");
    1354 else if (success)
    1355 lprintf(LOG_INFO, "Successful - Time: %s CPS: %lu"
    CID 582443: High impact quality (Y2K38_SAFETY)
    A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "t" is cast to "uint".
    1356 , seconds_to_str((uint)t, tmp), (ulong)(file_bytes / t));
    1357 else
    1358 lprintf(LOG_ERR, "File Transfer %s"
    1359 , zm.local_abort ? "Aborted": zm.cancelled ? "Cancelled":"Failure");
    1360
    1361 if (!(mode & XMODEM) && ftime)

    ** CID 582442: (Y2K38_SAFETY)
    /sexyz.c: 994 in send_files()
    /sexyz.c: 1069 in send_files()


    _____________________________________________________________________________________________
    *** CID 582442: (Y2K38_SAFETY)
    /sexyz.c: 994 in send_files()
    988 xm.sent_files++;
    989 xm.sent_bytes += fsize;
    990 if (zm.file_skipped)
    991 lprintf(LOG_WARNING, "File Skipped");
    992 else
    993 lprintf(LOG_INFO, "Successful - Time: %s CPS: %u"
    CID 582442: (Y2K38_SAFETY)
    A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "t" is cast to "uint".
    994 , seconds_to_str((uint)t, tmp)
    995 , cps);
    996
    997 if (xm.total_files - xm.sent_files)
    998 lprintf(LOG_INFO, "Remaining - Time: %s Files: %lu KBytes: %" PRId64
    999 , seconds_to_str((uint)((xm.total_bytes - xm.sent_bytes) / cps), tmp)
    /sexyz.c: 1069 in send_files()
    1063 }
    1064 if (xm.total_files > 1) {
    1065 t = time(NULL) - startall;
    1066 if (!t)
    1067 t = 1;
    1068 lprintf(LOG_INFO, "Overall - Time %s KBytes: %" PRId64 " CPS: %lu"
    CID 582442: (Y2K38_SAFETY)
    A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "t" is cast to "uint".
    1069 , seconds_to_str((uint)t, tmp)
    1070 , total_bytes / 1024, total_bytes / t); 1071 }
    1072 return 0; /* success */
    1073 }
    1074


    ________________________________________________________________________________________________________
    To view the defects in Coverity Scan visit, https://scan.coverity.com/projects/synchronet?tab=overview


    ----==_mimepart_687ce502ba0a3_2748642bf92199999045dc
    Content-Type: text/html; charset=us-ascii
    Content-Transfer-Encoding: 7bit

    <!DOCTYPE html>
    <html>
    <head>
    <meta charset="UTF-8">
    <title>New Defects Reported - Synchronet</title>
    <style>
    body { font-family: Arial, sans-serif; color: #222; line-height: 1.6; }
    .button {
    display: inline-block;
    padding: 10px 20px;
    margin: 20px 0;
    font-size: 16px;
    color: #fff !important;
    background-color: #0056b3;
    text-decoration: none;
    border-radius: 5px;
    }
    pre {
    background: #f8f9fa;
    padding: 10px;
    border-radius: 5px;
    font-size: 14px;
    overflow-x: auto;
    }
    </style>
    </head>
    <body>
    <p>Hi,</p>

    <p>
    Please find the latest report on new defect(s) introduced to <strong>Synchronet</strong>
    found with Coverity Scan.
    </p>

    <ul>
    <li><strong>New Defects Found:</strong> 2</li>
    <li><strong>Defects Shown:</strong> Showing 2 of 2 defect(s)</li>
    </ul>

    <h3>Defect Details</h3>
    <pre>
    ** CID 582443: High impact quality (Y2K38_SAFETY)
    /sexyz.c: 1356 in receive_files()


    _____________________________________________________________________________________________
    *** CID 582443: High impact quality (Y2K38_SAFETY)
    /sexyz.c: 1356 in receive_files()
    1350 if (!t)
    1351 t = 1;
    1352 if (zm.file_skipped)
    1353 lprintf(LOG_WARNING, &quot;File Skipped&quot;); 1354 else if (success)
    1355 lprintf(LOG_INFO, &quot;Successful - Time: %s CPS: %lu&quot;
    &gt;&gt;&gt; CID 582443: High impact quality (Y2K38_SAFETY) &gt;&gt;&gt; A &quot;time_t&quot; value is stored in an integer with too few bits to accommodate it. The expression &quot;t&quot; is cast to &quot;uint&quot;.
    1356 , seconds_to_str((uint)t, tmp), (ulong)(file_bytes / t));
    1357 else
    1358 lprintf(LOG_ERR, &quot;File Transfer %s&quot; 1359 , zm.local_abort ? &quot;Aborted&quot;: zm.cancelled ? &quot;Cancelled&quot;:&quot;Failure&quot;);
    1360
    1361 if (!(mode &amp; XMODEM) &amp;&amp; ftime)

    ** CID 582442: (Y2K38_SAFETY)
    /sexyz.c: 994 in send_files()
    /sexyz.c: 1069 in send_files()


    _____________________________________________________________________________________________
    *** CID 582442: (Y2K38_SAFETY)
    /sexyz.c: 994 in send_files()
    988 xm.sent_files++;
    989 xm.sent_bytes += fsize;
    990 if (zm.file_skipped)
    991 lprintf(LOG_WARNING, &quot;File Skipped&quot;);
    992 else
    993 lprintf(LOG_INFO, &quot;Successful - Time: %s CPS: %u&quot;
    &gt;&gt;&gt; CID 582442: (Y2K38_SAFETY)
    &gt;&gt;&gt; A &quot;time_t&quot; value is stored in an integer with too few bits to accommodate it. The expression &quot;t&quot; is cast to &quot;uint&quot;.
    994 , seconds_to_str((uint)t, tmp)
    995 , cps);
    996
    997 if (xm.total_files - xm.sent_files)
    998 lprintf(LOG_INFO, &quot;Remaining - Time: %s Files: %lu KBytes: %&quot; PRId64
    999 , seconds_to_str((uint)((xm.total_bytes - xm.sent_bytes) / cps), tmp)
    /sexyz.c: 1069 in send_files()
    1063 }
    1064 if (xm.total_files &gt; 1) {
    1065 t = time(NULL) - startall;
    1066 if (!t)
    1067 t = 1;
    1068 lprintf(LOG_INFO, &quot;Overall - Time %s KBytes: %&quot; PRId64 &quot; CPS: %lu&quot;
    &gt;&gt;&gt; CID 582442: (Y2K38_SAFETY)
    &gt;&gt;&gt; A &quot;time_t&quot; value is stored in an integer with too few bits to accommodate it. The expression &quot;t&quot; is cast to &quot;uint&quot;.
    1069 , seconds_to_str((uint)t, tmp)
    1070 , total_bytes / 1024, total_bytes / t); 1071 }
    1072 return 0; /* success */
    1073 }
    1074

    </pre>

    <p>
    <a href="https://scan.coverity.com/projects/synchronet?tab=overview" class="button">View Defects in Coverity Scan</a>
    </p>

    <p>Best regards,</p>
    <p>The Coverity Scan Admin Team</p>
    <img class="logo" width="140" src="https://scan.coverity.com/assets/BlackDuckLogo-6697adc63e07340464201a2ad534d3d3e44f95d36edda20b140440d34f05372f.svg" />
    </body>
    </html>
    ----==_mimepart_687ce502ba0a3_2748642bf92199999045dc--

    --- SBBSecho 3.29-Linux
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From scan-admin@coverity.com@1:103/705 to All on Sun Aug 10 14:15:47 2025

    ----==_mimepart_6898a9938c063_f22012b538a7b399c12567
    Content-Type: text/plain; charset=us-ascii
    Content-Transfer-Encoding: 7bit

    Hi,

    Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

    1 new defect(s) introduced to Synchronet found with Coverity Scan.
    3 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

    New defect(s) Reported-by: Coverity Scan
    Showing 1 of 1 defect(s)


    ** CID 583942: High impact quality (Y2K38_SAFETY)
    /userdat.c: 3171 in loginuserdat()


    _____________________________________________________________________________________________
    *** CID 583942: High impact quality (Y2K38_SAFETY)
    /userdat.c: 3171 in loginuserdat()
    3165 if (protocol != NULL)
    3166 SAFECOPY(user->connection, protocol);
    3167 if (hostname != NULL)
    3168 SAFECOPY(user->comp, hostname);
    3169 if (ipaddr != NULL)
    3170 SAFECOPY(user->ipaddr, ipaddr);
    CID 583942: High impact quality (Y2K38_SAFETY)
    A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "logontime" is cast to "time32_t".
    3171 user->logontime = logontime;
    3172
    3173 return putuserdat(cfg, user);
    3174 }
    3175
    3176 /****************************************************************************/


    ________________________________________________________________________________________________________
    To view the defects in Coverity Scan visit, https://scan.coverity.com/projects/synchronet?tab=overview


    ----==_mimepart_6898a9938c063_f22012b538a7b399c12567
    Content-Type: text/html; charset=us-ascii
    Content-Transfer-Encoding: 7bit

    <!DOCTYPE html>
    <html>
    <head>
    <meta charset="UTF-8">
    <title>New Defects Reported - Synchronet</title>
    <style>
    body { font-family: Arial, sans-serif; color: #222; line-height: 1.6; }
    .button {
    display: inline-block;
    padding: 10px 20px;
    margin: 20px 0;
    font-size: 16px;
    color: #fff !important;
    background-color: #0056b3;
    text-decoration: none;
    border-radius: 5px;
    }
    pre {
    background: #f8f9fa;
    padding: 10px;
    border-radius: 5px;
    font-size: 14px;
    overflow-x: auto;
    }
    </style>
    </head>
    <body>
    <p>Hi,</p>

    <p>
    Please find the latest report on new defect(s) introduced to <strong>Synchronet</strong>
    found with Coverity Scan.
    </p>

    <ul>
    <li><strong>New Defects Found:</strong> 1</li>
    <li>
    3 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.
    </li>
    <li><strong>Defects Shown:</strong> Showing 1 of 1 defect(s)</li>
    </ul>

    <h3>Defect Details</h3>
    <pre>
    ** CID 583942: High impact quality (Y2K38_SAFETY)
    /userdat.c: 3171 in loginuserdat()


    _____________________________________________________________________________________________
    *** CID 583942: High impact quality (Y2K38_SAFETY)
    /userdat.c: 3171 in loginuserdat()
    3165 if (protocol != NULL)
    3166 SAFECOPY(user-&gt;connection, protocol);
    3167 if (hostname != NULL)
    3168 SAFECOPY(user-&gt;comp, hostname);
    3169 if (ipaddr != NULL)
    3170 SAFECOPY(user-&gt;ipaddr, ipaddr);
    &gt;&gt;&gt; CID 583942: High impact quality (Y2K38_SAFETY) &gt;&gt;&gt; A &quot;time_t&quot; value is stored in an integer with too few bits to accommodate it. The expression &quot;logontime&quot; is cast to &quot;time32_t&quot;.
    3171 user-&gt;logontime = logontime;
    3172
    3173 return putuserdat(cfg, user);
    3174 }
    3175
    3176 /****************************************************************************/

    </pre>

    <p>
    <a href="https://scan.coverity.com/projects/synchronet?tab=overview" class="button">View Defects in Coverity Scan</a>
    </p>

    <p>Best regards,</p>
    <p>The Coverity Scan Admin Team</p>
    <img class="logo" width="140" src="https://scan.coverity.com/assets/BlackDuckLogo-6697adc63e07340464201a2ad534d3d3e44f95d36edda20b140440d34f05372f.svg" />
    </body>
    </html>
    ----==_mimepart_6898a9938c063_f22012b538a7b399c12567--

    --- SBBSecho 3.29-Linux
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From scan-admin@coverity.com@1:103/705 to All on Mon Aug 11 13:57:59 2025

    ----==_mimepart_6899f6e6bbda6_101b942b538a7b399c1257b
    Content-Type: text/plain; charset=us-ascii
    Content-Transfer-Encoding: 7bit

    Hi,

    Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

    1 new defect(s) introduced to Synchronet found with Coverity Scan.


    New defect(s) Reported-by: Coverity Scan
    Showing 1 of 1 defect(s)


    ** CID 583999: (UNINIT)


    _____________________________________________________________________________________________
    *** CID 583999: (UNINIT)
    /file.cpp: 182 in sbbs_t::removefcdt(smbmsg_t *)()
    176 if (cfg.dir[f->dir]->misc & DIR_CDTUL)
    177 cdt = ((ulong)(f->cost * (cfg.dir[f->dir]->up_pct / 100.0)) / cur_cps) / 60;
    178 if (cfg.dir[f->dir]->misc & DIR_CDTDL
    179 && f->hdr.times_downloaded) /* all downloads */ 180 cdt += ((ulong)((long)f->hdr.times_downloaded 181 * f->cost * (cfg.dir[f->dir]->dn_pct / 100.0)) / cur_cps) / 60;
    CID 583999: (UNINIT)
    Using uninitialized value "user.level" when calling "adjustuserval". 182 adjustuserval(&cfg, &user, USER_MIN, -cdt);
    183 snprintf(str, sizeof str, "%lu minute", cdt);
    184 snprintf(tmp, sizeof tmp, text[FileRemovedUserMsg]
    185 , f->name, cdt ? str : text[No]);
    186 putsmsg(user.number, tmp);
    187 }
    /file.cpp: 203 in sbbs_t::removefcdt(smbmsg_t *)()
    197 bprintf(text[CreditsToRemove], f->from);
    198 getstr(str, 10, K_NUMBER | K_LINE | K_EDIT | K_AUTODEL);
    199 if (msgabort(true))
    200 return false;
    201 cdt = atol(str);
    202 }
    CID 583999: (UNINIT)
    Using uninitialized value "user.level" when calling "adjustuserval". 203 adjustuserval(&cfg, &user, USER_CDT, -cdt);
    204 snprintf(tmp, sizeof tmp, text[FileRemovedUserMsg]
    205 , f->name, cdt > 0 ? ultoac(cdt, str) : text[No]);
    206 putsmsg(user.number, tmp);
    207 }
    208
    /file.cpp: 209 in sbbs_t::removefcdt(smbmsg_t *)()
    203 adjustuserval(&cfg, &user, USER_CDT, -cdt);
    204 snprintf(tmp, sizeof tmp, text[FileRemovedUserMsg]
    205 , f->name, cdt > 0 ? ultoac(cdt, str) : text[No]);
    206 putsmsg(user.number, tmp);
    207 }
    208
    CID 583999: (UNINIT)
    Using uninitialized value "user.level" when calling "adjustuserval". 209 adjustuserval(&cfg, &user, USER_ULB, -f->size);
    210 adjustuserval(&cfg, &user, USER_ULS, -1);
    211 return true;
    212 }
    213
    214 /****************************************************************************/
    /file.cpp: 210 in sbbs_t::removefcdt(smbmsg_t *)()
    204 snprintf(tmp, sizeof tmp, text[FileRemovedUserMsg]
    205 , f->name, cdt > 0 ? ultoac(cdt, str) : text[No]);
    206 putsmsg(user.number, tmp);
    207 }
    208
    209 adjustuserval(&cfg, &user, USER_ULB, -f->size);
    CID 583999: (UNINIT)
    Using uninitialized value "user.level" when calling "adjustuserval". 210 adjustuserval(&cfg, &user, USER_ULS, -1);
    211 return true;
    212 }
    213
    214 /****************************************************************************/
    215 /****************************************************************************/


    ________________________________________________________________________________________________________
    To view the defects in Coverity Scan visit, https://scan.coverity.com/projects/synchronet?tab=overview


    ----==_mimepart_6899f6e6bbda6_101b942b538a7b399c1257b
    Content-Type: text/html; charset=us-ascii
    Content-Transfer-Encoding: 7bit

    <!DOCTYPE html>
    <html>
    <head>
    <meta charset="UTF-8">
    <title>New Defects Reported - Synchronet</title>
    <style>
    body { font-family: Arial, sans-serif; color: #222; line-height: 1.6; }
    .button {
    display: inline-block;
    padding: 10px 20px;
    margin: 20px 0;
    font-size: 16px;
    color: #fff !important;
    background-color: #0056b3;
    text-decoration: none;
    border-radius: 5px;
    }
    pre {
    background: #f8f9fa;
    padding: 10px;
    border-radius: 5px;
    font-size: 14px;
    overflow-x: auto;
    }
    </style>
    </head>
    <body>
    <p>Hi,</p>

    <p>
    Please find the latest report on new defect(s) introduced to <strong>Synchronet</strong>
    found with Coverity Scan.
    </p>

    <ul>
    <li><strong>New Defects Found:</strong> 1</li>
    <li><strong>Defects Shown:</strong> Showing 1 of 1 defect(s)</li>
    </ul>

    <h3>Defect Details</h3>
    <pre>
    ** CID 583999: (UNINIT)


    _____________________________________________________________________________________________
    *** CID 583999: (UNINIT)
    /file.cpp: 182 in sbbs_t::removefcdt(smbmsg_t *)()
    176 if (cfg.dir[f-&gt;dir]-&gt;misc &amp; DIR_CDTUL)
    177 cdt = ((ulong)(f-&gt;cost * (cfg.dir[f-&gt;dir]-&gt;up_pct / 100.0)) / cur_cps) / 60;
    178 if (cfg.dir[f-&gt;dir]-&gt;misc &amp; DIR_CDTDL
    179 &amp;&amp; f-&gt;hdr.times_downloaded) /* all downloads */
    180 cdt += ((ulong)((long)f-&gt;hdr.times_downloaded
    181 * f-&gt;cost * (cfg.dir[f-&gt;dir]-&gt;dn_pct / 100.0)) / cur_cps) / 60;
    &gt;&gt;&gt; CID 583999: (UNINIT)
    &gt;&gt;&gt; Using uninitialized value &quot;user.level&quot; when calling &quot;adjustuserval&quot;.
    182 adjustuserval(&amp;cfg, &amp;user, USER_MIN, -cdt);
    183 snprintf(str, sizeof str, &quot;%lu minute&quot;, cdt); 184 snprintf(tmp, sizeof tmp, text[FileRemovedUserMsg]
    185 , f-&gt;name, cdt ? str : text[No]);
    186 putsmsg(user.number, tmp);
    187 }
    /file.cpp: 203 in sbbs_t::removefcdt(smbmsg_t *)()
    197 bprintf(text[CreditsToRemove], f-&gt;from);
    198 getstr(str, 10, K_NUMBER | K_LINE | K_EDIT | K_AUTODEL);
    199 if (msgabort(true))
    200 return false;
    201 cdt = atol(str);
    202 }
    &gt;&gt;&gt; CID 583999: (UNINIT)
    &gt;&gt;&gt; Using uninitialized value &quot;user.level&quot; when calling &quot;adjustuserval&quot;.
    203 adjustuserval(&amp;cfg, &amp;user, USER_CDT, -cdt);
    204 snprintf(tmp, sizeof tmp, text[FileRemovedUserMsg]
    205 , f-&gt;name, cdt &gt; 0 ? ultoac(cdt, str) : text[No]);
    206 putsmsg(user.number, tmp);
    207 }
    208
    /file.cpp: 209 in sbbs_t::removefcdt(smbmsg_t *)()
    203 adjustuserval(&amp;cfg, &amp;user, USER_CDT, -cdt);
    204 snprintf(tmp, sizeof tmp, text[FileRemovedUserMsg]
    205 , f-&gt;name, cdt &gt; 0 ? ultoac(cdt, str) : text[No]);
    206 putsmsg(user.number, tmp);
    207 }
    208
    &gt;&gt;&gt; CID 583999: (UNINIT)
    &gt;&gt;&gt; Using uninitialized value &quot;user.level&quot; when calling &quot;adjustuserval&quot;.
    209 adjustuserval(&amp;cfg, &amp;user, USER_ULB, -f-&gt;size);
    210 adjustuserval(&amp;cfg, &amp;user, USER_ULS, -1);
    211 return true;
    212 }
    213
    214 /****************************************************************************/
    /file.cpp: 210 in sbbs_t::removefcdt(smbmsg_t *)()
    204 snprintf(tmp, sizeof tmp, text[FileRemovedUserMsg]
    205 , f-&gt;name, cdt &gt; 0 ? ultoac(cdt, str) : text[No]);
    206 putsmsg(user.number, tmp);
    207 }
    208
    209 adjustuserval(&amp;cfg, &amp;user, USER_ULB, -f-&gt;size); &gt;&gt;&gt; CID 583999: (UNINIT)
    &gt;&gt;&gt; Using uninitialized value &quot;user.level&quot; when calling &quot;adjustuserval&quot;.
    210 adjustuserval(&amp;cfg, &amp;user, USER_ULS, -1);
    211 return true;
    212 }
    213
    214 /****************************************************************************/
    215 /****************************************************************************/

    </pre>

    <p>
    <a href="https://scan.coverity.com/projects/synchronet?tab=overview" class="button">View Defects in Coverity Scan</a>
    </p>

    <p>Best regards,</p>
    <p>The Coverity Scan Admin Team</p>
    <img class="logo" width="140" src="https://scan.coverity.com/assets/BlackDuckLogo-6697adc63e07340464201a2ad534d3d3e44f95d36edda20b140440d34f05372f.svg" />
    </body>
    </html>
    ----==_mimepart_6899f6e6bbda6_101b942b538a7b399c1257b--

    --- SBBSecho 3.29-Linux
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From scan-admin@coverity.com@1:103/705 to All on Mon Aug 18 13:37:12 2025

    ----==_mimepart_68a32c876d3fd_16fcff2e2b69fdf990236c2
    Content-Type: text/plain; charset=us-ascii
    Content-Transfer-Encoding: 7bit

    Hi,

    Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

    1 new defect(s) introduced to Synchronet found with Coverity Scan.


    New defect(s) Reported-by: Coverity Scan
    Showing 1 of 1 defect(s)


    ** CID 584091: (Y2K38_SAFETY)
    /logon.cpp: 631 in sbbs_t::logonstats()()
    /logon.cpp: 642 in sbbs_t::logonstats()()
    /logon.cpp: 638 in sbbs_t::logonstats()()


    _____________________________________________________________________________________________
    *** CID 584091: (Y2K38_SAFETY)
    /logon.cpp: 631 in sbbs_t::logonstats()()
    625 errormsg(WHERE, ERR_READ, "system stats");
    626 return 0;
    627 }
    628
    629 now = time(NULL);
    630 if (stats.date > now + (24L * 60L * 60L)) /* More than a day in the future? */
    CID 584091: (Y2K38_SAFETY)
    A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "stats.date" is cast to "int".
    631 errormsg(WHERE, ERR_CHK, "Daily stats date/time stamp", (int)stats.date);
    632
    633 if (!dates_are_same(now, stats.date)) {
    634
    635 struct tm tm{};
    636 struct tm update_tm{};
    /logon.cpp: 642 in sbbs_t::logonstats()()
    636 struct tm update_tm{};
    637 if (localtime_r(&stats.date, &update_tm) == NULL) {
    638 errormsg(WHERE, ERR_CHK, "Daily stats date/time break down", (int)stats.date);
    639 return 0;
    640 }
    641 if (localtime_r(&now, &tm) == NULL) {
    CID 584091: (Y2K38_SAFETY)
    A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "stats.date" is cast to "int".
    642 errormsg(WHERE, ERR_CHK, "Current date/time break down", (int)stats.date);
    643 return 0;
    644 }
    645
    646 sys_status |= SS_NEW_DAY;
    647 if (tm.tm_mon != update_tm.tm_mon)
    /logon.cpp: 638 in sbbs_t::logonstats()()
    632
    633 if (!dates_are_same(now, stats.date)) {
    634
    635 struct tm tm{};
    636 struct tm update_tm{};
    637 if (localtime_r(&stats.date, &update_tm) == NULL) {
    CID 584091: (Y2K38_SAFETY)
    A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "stats.date" is cast to "int".
    638 errormsg(WHERE, ERR_CHK, "Daily stats date/time break down", (int)stats.date);
    639 return 0;
    640 }
    641 if (localtime_r(&now, &tm) == NULL) {
    642 errormsg(WHERE, ERR_CHK, "Current date/time break down", (int)stats.date);
    643 return 0;


    ________________________________________________________________________________________________________
    To view the defects in Coverity Scan visit, https://scan.coverity.com/projects/synchronet?tab=overview


    ----==_mimepart_68a32c876d3fd_16fcff2e2b69fdf990236c2
    Content-Type: text/html; charset=us-ascii
    Content-Transfer-Encoding: 7bit

    <!DOCTYPE html>
    <html>
    <head>
    <meta charset="UTF-8">
    <title>New Defects Reported - Synchronet</title>
    <style>
    body { font-family: Arial, sans-serif; color: #222; line-height: 1.6; }
    .button {
    display: inline-block;
    padding: 10px 20px;
    margin: 20px 0;
    font-size: 16px;
    color: #fff !important;
    background-color: #0056b3;
    text-decoration: none;
    border-radius: 5px;
    }
    pre {
    background: #f8f9fa;
    padding: 10px;
    border-radius: 5px;
    font-size: 14px;
    overflow-x: auto;
    }
    </style>
    </head>
    <body>
    <p>Hi,</p>

    <p>
    Please find the latest report on new defect(s) introduced to <strong>Synchronet</strong>
    found with Coverity Scan.
    </p>

    <ul>
    <li><strong>New Defects Found:</strong> 1</li>
    <li><strong>Defects Shown:</strong> Showing 1 of 1 defect(s)</li>
    </ul>

    <h3>Defect Details</h3>
    <pre>
    ** CID 584091: (Y2K38_SAFETY)
    /logon.cpp: 631 in sbbs_t::logonstats()()
    /logon.cpp: 642 in sbbs_t::logonstats()()
    /logon.cpp: 638 in sbbs_t::logonstats()()


    _____________________________________________________________________________________________
    *** CID 584091: (Y2K38_SAFETY)
    /logon.cpp: 631 in sbbs_t::logonstats()()
    625 errormsg(WHERE, ERR_READ, &quot;system stats&quot;); 626 return 0;
    627 }
    628
    629 now = time(NULL);
    630 if (stats.date &gt; now + (24L * 60L * 60L)) /* More than a day in the future? */
    &gt;&gt;&gt; CID 584091: (Y2K38_SAFETY)
    &gt;&gt;&gt; A &quot;time_t&quot; value is stored in an integer with too few bits to accommodate it. The expression &quot;stats.date&quot; is cast to &quot;int&quot;.
    631 errormsg(WHERE, ERR_CHK, &quot;Daily stats date/time stamp&quot;, (int)stats.date);
    632
    633 if (!dates_are_same(now, stats.date)) {
    634
    635 struct tm tm{};
    636 struct tm update_tm{};
    /logon.cpp: 642 in sbbs_t::logonstats()()
    636 struct tm update_tm{};
    637 if (localtime_r(&amp;stats.date, &amp;update_tm) == NULL) {
    638 errormsg(WHERE, ERR_CHK, &quot;Daily stats date/time break down&quot;, (int)stats.date);
    639 return 0;
    640 }
    641 if (localtime_r(&amp;now, &amp;tm) == NULL) { &gt;&gt;&gt; CID 584091: (Y2K38_SAFETY)
    &gt;&gt;&gt; A &quot;time_t&quot; value is stored in an integer with too few bits to accommodate it. The expression &quot;stats.date&quot; is cast to &quot;int&quot;.
    642 errormsg(WHERE, ERR_CHK, &quot;Current date/time break down&quot;, (int)stats.date);
    643 return 0;
    644 }
    645
    646 sys_status |= SS_NEW_DAY;
    647 if (tm.tm_mon != update_tm.tm_mon)
    /logon.cpp: 638 in sbbs_t::logonstats()()
    632
    633 if (!dates_are_same(now, stats.date)) {
    634
    635 struct tm tm{};
    636 struct tm update_tm{};
    637 if (localtime_r(&amp;stats.date, &amp;update_tm) == NULL) {
    &gt;&gt;&gt; CID 584091: (Y2K38_SAFETY)
    &gt;&gt;&gt; A &quot;time_t&quot; value is stored in an integer with too few bits to accommodate it. The expression &quot;stats.date&quot; is cast to &quot;int&quot;.
    638 errormsg(WHERE, ERR_CHK, &quot;Daily stats date/time break down&quot;, (int)stats.date);
    639 return 0;
    640 }
    641 if (localtime_r(&amp;now, &amp;tm) == NULL) {
    642 errormsg(WHERE, ERR_CHK, &quot;Current date/time break down&quot;, (int)stats.date);
    643 return 0;

    </pre>

    <p>
    <a href="https://scan.coverity.com/projects/synchronet?tab=overview" class="button">View Defects in Coverity Scan</a>
    </p>

    <p>Best regards,</p>
    <p>The Coverity Scan Admin Team</p>
    <img class="logo" width="140" src="https://scan.coverity.com/assets/BlackDuckLogo-6697adc63e07340464201a2ad534d3d3e44f95d36edda20b140440d34f05372f.svg" />
    </body>
    </html>
    ----==_mimepart_68a32c876d3fd_16fcff2e2b69fdf990236c2--

    --- SBBSecho 3.29-Linux
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From scan-admin@coverity.com@1:103/705 to All on Mon Sep 1 03:04:51 2025

    ----==_mimepart_68b50d534c480_2468dc2e83776d99ac35483
    Content-Type: text/plain; charset=us-ascii
    Content-Transfer-Encoding: 7bit

    Hi,

    Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

    1 new defect(s) introduced to Synchronet found with Coverity Scan.


    New defect(s) Reported-by: Coverity Scan
    Showing 1 of 1 defect(s)


    ** CID 584833: Error handling issues (CHECKED_RETURN)


    _____________________________________________________________________________________________
    *** CID 584833: Error handling issues (CHECKED_RETURN)
    /mailsrvr.c: 2877 in archive_mail()
    2871 bool archive_mail(const char* fname, int usernumber, const char* subdir, const char* session_id)
    2872 {
    2873 char tmp[128];
    2874 char path[MAX_PATH + 1];
    2875
    2876 snprintf(path, sizeof path, "%suser/%04u/%s/", scfg.data_dir, usernumber, subdir);
    CID 584833: Error handling issues (CHECKED_RETURN)
    Calling "mkpath(path)" without checking return value. It wraps a library function that may fail and return an error code.
    2877 mkpath(path);
    2878 SAFECAT(path, gmtime_to_isoDateTimeStr(time(NULL), tmp, sizeof tmp));
    2879 SAFECAT(path, "-");
    2880 SAFECAT(path, session_id);
    2881 SAFECAT(path, ".eml");
    2882 return CopyFile(fname, path, /* fail-if-exists: */true);


    ________________________________________________________________________________________________________
    To view the defects in Coverity Scan visit, https://scan.coverity.com/projects/synchronet?tab=overview


    ----==_mimepart_68b50d534c480_2468dc2e83776d99ac35483
    Content-Type: text/html; charset=us-ascii
    Content-Transfer-Encoding: 7bit

    <!DOCTYPE html>
    <html>
    <head>
    <meta charset="UTF-8">
    <title>New Defects Reported - Synchronet</title>
    <style>
    body { font-family: Arial, sans-serif; color: #222; line-height: 1.6; }
    .button {
    display: inline-block;
    padding: 10px 20px;
    margin: 20px 0;
    font-size: 16px;
    color: #fff !important;
    background-color: #0056b3;
    text-decoration: none;
    border-radius: 5px;
    }
    pre {
    background: #f8f9fa;
    padding: 10px;
    border-radius: 5px;
    font-size: 14px;
    overflow-x: auto;
    }
    </style>
    </head>
    <body>
    <p>Hi,</p>

    <p>
    Please find the latest report on new defect(s) introduced to <strong>Synchronet</strong>
    found with Coverity Scan.
    </p>

    <ul>
    <li><strong>New Defects Found:</strong> 1</li>
    <li><strong>Defects Shown:</strong> Showing 1 of 1 defect(s)</li>
    </ul>

    <h3>Defect Details</h3>
    <pre>
    ** CID 584833: Error handling issues (CHECKED_RETURN)


    _____________________________________________________________________________________________
    *** CID 584833: Error handling issues (CHECKED_RETURN)
    /mailsrvr.c: 2877 in archive_mail()
    2871 bool archive_mail(const char* fname, int usernumber, const char* subdir, const char* session_id)
    2872 {
    2873 char tmp[128];
    2874 char path[MAX_PATH + 1];
    2875
    2876 snprintf(path, sizeof path, &quot;%suser/%04u/%s/&quot;, scfg.data_dir, usernumber, subdir);
    &gt;&gt;&gt; CID 584833: Error handling issues (CHECKED_RETURN) &gt;&gt;&gt; Calling &quot;mkpath(path)&quot; without checking return value. It wraps a library function that may fail and return an error code.
    2877 mkpath(path);
    2878 SAFECAT(path, gmtime_to_isoDateTimeStr(time(NULL), tmp, sizeof tmp));
    2879 SAFECAT(path, &quot;-&quot;);
    2880 SAFECAT(path, session_id);
    2881 SAFECAT(path, &quot;.eml&quot;);
    2882 return CopyFile(fname, path, /* fail-if-exists: */true);

    </pre>

    <p>
    <a href="https://scan.coverity.com/projects/synchronet?tab=overview" class="button">View Defects in Coverity Scan</a>
    </p>

    <p>Best regards,</p>
    <p>The Coverity Scan Admin Team</p>
    <img class="logo" width="140" src="https://scan.coverity.com/assets/BlackDuckLogo-6697adc63e07340464201a2ad534d3d3e44f95d36edda20b140440d34f05372f.svg" />
    </body>
    </html>
    ----==_mimepart_68b50d534c480_2468dc2e83776d99ac35483--

    --- SBBSecho 3.29-Linux
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From scan-admin@coverity.com@1:103/705 to All on Wed Sep 24 12:45:25 2025

    ----==_mimepart_68d3e7e5d7b6_b44382cc43c0b59a0513eb
    Content-Type: text/plain; charset=us-ascii
    Content-Transfer-Encoding: 7bit

    Hi,

    Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

    1 new defect(s) introduced to Synchronet found with Coverity Scan.
    2 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

    New defect(s) Reported-by: Coverity Scan
    Showing 1 of 1 defect(s)


    ** CID 630343: (ATOMICITY) /tmp/sbbs-Sep-24-2025/src/conio/bitmap_con.c: 1581 in bitmap_setfont()
    /tmp/sbbs-Sep-24-2025/src/conio/bitmap_con.c: 1577 in bitmap_setfont()


    _____________________________________________________________________________________________
    *** CID 630343: (ATOMICITY) /tmp/sbbs-Sep-24-2025/src/conio/bitmap_con.c: 1581 in bitmap_setfont()
    1575 new=malloc(ti.screenwidth*ti.screenheight*sizeof(*new));
    1576 if(!new) {
    1577 free(old);
    1578 assert_rwlock_unlock(&vstatlock);
    1579 return 0;
    1580 }
    CID 630343: (ATOMICITY)
    Using an unreliable value of "old" inside the second locked section. If the data that "old" depends on was changed by another thread, this use might be incorrect.
    1581 pold=old;
    1582 pnew=new;
    1583 for(row=0; row<ti.screenheight; row++) {
    1584 for(col=0; col<ti.screenwidth; col++) { 1585 if(row < oh) {
    1586 if(col < ow) { /tmp/sbbs-Sep-24-2025/src/conio/bitmap_con.c: 1577 in bitmap_setfont()
    1571 bitmap_vmem_gettext_locked(1,1,ow,oh,old);
    1572 assert_rwlock_unlock(&vstatlock);
    1573 textmode(newmode);
    1574 assert_rwlock_wrlock(&vstatlock);
    1575 new=malloc(ti.screenwidth*ti.screenheight*sizeof(*new));
    1576 if(!new) {
    CID 630343: (ATOMICITY)
    Using an unreliable value of "old" inside the second locked section. If the data that "old" depends on was changed by another thread, this use might be incorrect.
    1577 free(old);
    1578 assert_rwlock_unlock(&vstatlock);
    1579 return 0;
    1580 }
    1581 pold=old;
    1582 pnew=new;


    ________________________________________________________________________________________________________
    To view the defects in Coverity Scan visit, https://scan.coverity.com/projects/synchronet?tab=overview


    ----==_mimepart_68d3e7e5d7b6_b44382cc43c0b59a0513eb
    Content-Type: text/html; charset=us-ascii
    Content-Transfer-Encoding: 7bit

    <!DOCTYPE html>
    <html>
    <head>
    <meta charset="UTF-8">
    <title>New Defects Reported - Synchronet</title>
    <style>
    body { font-family: Arial, sans-serif; color: #222; line-height: 1.6; }
    .button {
    display: inline-block;
    padding: 10px 20px;
    margin: 20px 0;
    font-size: 16px;
    color: #fff !important;
    background-color: #0056b3;
    text-decoration: none;
    border-radius: 5px;
    }
    pre {
    background: #f8f9fa;
    padding: 10px;
    border-radius: 5px;
    font-size: 14px;
    overflow-x: auto;
    }
    </style>
    </head>
    <body>
    <p>Hi,</p>

    <p>
    Please find the latest report on new defect(s) introduced to <strong>Synchronet</strong>
    found with Coverity Scan.
    </p>

    <ul>
    <li><strong>New Defects Found:</strong> 1</li>
    <li>
    2 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.
    </li>
    <li><strong>Defects Shown:</strong> Showing 1 of 1 defect(s)</li>
    </ul>

    <h3>Defect Details</h3>
    <pre>
    ** CID 630343: (ATOMICITY) /tmp/sbbs-Sep-24-2025/src/conio/bitmap_con.c: 1581 in bitmap_setfont()
    /tmp/sbbs-Sep-24-2025/src/conio/bitmap_con.c: 1577 in bitmap_setfont()


    _____________________________________________________________________________________________
    *** CID 630343: (ATOMICITY) /tmp/sbbs-Sep-24-2025/src/conio/bitmap_con.c: 1581 in bitmap_setfont()
    1575 new=malloc(ti.screenwidth*ti.screenheight*sizeof(*new));
    1576 if(!new) {
    1577 free(old);
    1578 assert_rwlock_unlock(&amp;vstatlock); 1579 return 0;
    1580 }
    &gt;&gt;&gt; CID 630343: (ATOMICITY)
    &gt;&gt;&gt; Using an unreliable value of &quot;old&quot; inside the second locked section. If the data that &quot;old&quot; depends on was changed by another thread, this use might be incorrect.
    1581 pold=old;
    1582 pnew=new;
    1583 for(row=0; row&lt;ti.screenheight; row++) { 1584 for(col=0; col&lt;ti.screenwidth; col++) {
    1585 if(row &lt; oh) {
    1586 if(col &lt; ow) { /tmp/sbbs-Sep-24-2025/src/conio/bitmap_con.c: 1577 in bitmap_setfont()
    1571 bitmap_vmem_gettext_locked(1,1,ow,oh,old);
    1572 assert_rwlock_unlock(&amp;vstatlock);
    1573 textmode(newmode);
    1574 assert_rwlock_wrlock(&amp;vstatlock);
    1575 new=malloc(ti.screenwidth*ti.screenheight*sizeof(*new));
    1576 if(!new) {
    &gt;&gt;&gt; CID 630343: (ATOMICITY)
    &gt;&gt;&gt; Using an unreliable value of &quot;old&quot; inside the second locked section. If the data that &quot;old&quot; depends on was changed by another thread, this use might be incorrect.
    1577 free(old);
    1578 assert_rwlock_unlock(&amp;vstatlock); 1579 return 0;
    1580 }
    1581 pold=old;
    1582 pnew=new;

    </pre>

    <p>
    <a href="https://scan.coverity.com/projects/synchronet?tab=overview" class="button">View Defects in Coverity Scan</a>
    </p>

    <p>Best regards,</p>
    <p>The Coverity Scan Admin Team</p>
    <img class="logo" width="140" src="https://scan.coverity.com/assets/BlackDuckLogo-6697adc63e07340464201a2ad534d3d3e44f95d36edda20b140440d34f05372f.svg" />
    </body>
    </html>
    ----==_mimepart_68d3e7e5d7b6_b44382cc43c0b59a0513eb--

    --- SBBSecho 3.29-Linux
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From scan-admin@coverity.com@1:103/705 to All on Sat Sep 27 12:45:34 2025

    ----==_mimepart_68d7dc6e205cb_1d74a2b4f2a4a99a449ab
    Content-Type: text/plain; charset=us-ascii
    Content-Transfer-Encoding: 7bit

    Hi,

    Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

    1 new defect(s) introduced to Synchronet found with Coverity Scan.


    New defect(s) Reported-by: Coverity Scan
    Showing 1 of 1 defect(s)


    ** CID 630956: Control flow issues (UNREACHABLE)
    /sexyz.c: 439 in recv_buffer()


    _____________________________________________________________________________________________
    *** CID 630956: Control flow issues (UNREACHABLE)
    /sexyz.c: 439 in recv_buffer()
    433 #else
    434 fd_set socket_set;
    435 struct timeval tv;
    436 #endif
    437 int magic_errno;
    438
    CID 630956: Control flow issues (UNREACHABLE)
    Since the loop increment is unreachable, the loop body will never execute more than once.
    439 for (;;) {
    440 if (inbuf_len > inbuf_pos)
    441 return inbuf_len - inbuf_pos;
    442 #ifdef __unix__
    443 if (stdio) {
    444 i = read(STDIN_FILENO, inbuf, sizeof(inbuf));


    ________________________________________________________________________________________________________
    To view the defects in Coverity Scan visit, https://scan.coverity.com/projects/synchronet?tab=overview


    ----==_mimepart_68d7dc6e205cb_1d74a2b4f2a4a99a449ab
    Content-Type: text/html; charset=us-ascii
    Content-Transfer-Encoding: 7bit

    <!DOCTYPE html>
    <html>
    <head>
    <meta charset="UTF-8">
    <title>New Defects Reported - Synchronet</title>
    <style>
    body { font-family: Arial, sans-serif; color: #222; line-height: 1.6; }
    .button {
    display: inline-block;
    padding: 10px 20px;
    margin: 20px 0;
    font-size: 16px;
    color: #fff !important;
    background-color: #0056b3;
    text-decoration: none;
    border-radius: 5px;
    }
    pre {
    background: #f8f9fa;
    padding: 10px;
    border-radius: 5px;
    font-size: 14px;
    overflow-x: auto;
    }
    </style>
    </head>
    <body>
    <p>Hi,</p>

    <p>
    Please find the latest report on new defect(s) introduced to <strong>Synchronet</strong>
    found with Coverity Scan.
    </p>

    <ul>
    <li><strong>New Defects Found:</strong> 1</li>
    <li><strong>Defects Shown:</strong> Showing 1 of 1 defect(s)</li>
    </ul>

    <h3>Defect Details</h3>
    <pre>
    ** CID 630956: Control flow issues (UNREACHABLE)
    /sexyz.c: 439 in recv_buffer()


    _____________________________________________________________________________________________
    *** CID 630956: Control flow issues (UNREACHABLE)
    /sexyz.c: 439 in recv_buffer()
    433 #else
    434 fd_set socket_set;
    435 struct timeval tv;
    436 #endif
    437 int magic_errno;
    438
    &gt;&gt;&gt; CID 630956: Control flow issues (UNREACHABLE) &gt;&gt;&gt; Since the loop increment is unreachable, the loop body will never execute more than once.
    439 for (;;) {
    440 if (inbuf_len &gt; inbuf_pos)
    441 return inbuf_len - inbuf_pos;
    442 #ifdef __unix__
    443 if (stdio) {
    444 i = read(STDIN_FILENO, inbuf, sizeof(inbuf));

    </pre>

    <p>
    <a href="https://scan.coverity.com/projects/synchronet?tab=overview" class="button">View Defects in Coverity Scan</a>
    </p>

    <p>Best regards,</p>
    <p>The Coverity Scan Admin Team</p>
    <img class="logo" width="140" src="https://scan.coverity.com/assets/BlackDuckLogo-6697adc63e07340464201a2ad534d3d3e44f95d36edda20b140440d34f05372f.svg" />
    </body>
    </html>
    ----==_mimepart_68d7dc6e205cb_1d74a2b4f2a4a99a449ab--

    --- SBBSecho 3.29-Linux
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From scan-admin@coverity.com@1:103/705 to All on Mon Sep 29 14:35:08 2025

    ----==_mimepart_68da991cc30d_3dac62b4f2a4a99a44987
    Content-Type: text/plain; charset=us-ascii
    Content-Transfer-Encoding: 7bit

    Hi,

    Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

    1 new defect(s) introduced to Synchronet found with Coverity Scan.


    New defect(s) Reported-by: Coverity Scan
    Showing 1 of 1 defect(s)


    ** CID 631019: Memory - corruptions (ARRAY_VS_SINGLETON)


    _____________________________________________________________________________________________
    *** CID 631019: Memory - corruptions (ARRAY_VS_SINGLETON) /tmp/sbbs-Sep-29-2025/src/xpdev/ini_file.c: 1658 in iniParseSections()
    1652 break;
    1653 }
    1654
    1655 if (list[i] != NULL) {
    1656 // TODO: A comment will create a zero-length root section, which kinda sucks...
    1657 if (*p != INI_OPEN_SECTION_CHAR) {
    CID 631019: Memory - corruptions (ARRAY_VS_SINGLETON)
    Passing "&iniParsedRootValue" to function "addParsedSection" which uses it as an array. This might corrupt or misinterpret adjacent memory locations.
    1658 if (!addParsedSection(&lp, &sections, &iniParsedRootValue))
    1659 goto error_return;
    1660 keys = 0;
    1661 for (; list[i] != NULL; ++i) {
    1662 p = list[i];
    1663 SKIP_WHITESPACE(p);


    ________________________________________________________________________________________________________
    To view the defects in Coverity Scan visit, https://scan.coverity.com/projects/synchronet?tab=overview


    ----==_mimepart_68da991cc30d_3dac62b4f2a4a99a44987
    Content-Type: text/html; charset=us-ascii
    Content-Transfer-Encoding: 7bit

    <!DOCTYPE html>
    <html>
    <head>
    <meta charset="UTF-8">
    <title>New Defects Reported - Synchronet</title>
    <style>
    body { font-family: Arial, sans-serif; color: #222; line-height: 1.6; }
    .button {
    display: inline-block;
    padding: 10px 20px;
    margin: 20px 0;
    font-size: 16px;
    color: #fff !important;
    background-color: #0056b3;
    text-decoration: none;
    border-radius: 5px;
    }
    pre {
    background: #f8f9fa;
    padding: 10px;
    border-radius: 5px;
    font-size: 14px;
    overflow-x: auto;
    }
    </style>
    </head>
    <body>
    <p>Hi,</p>

    <p>
    Please find the latest report on new defect(s) introduced to <strong>Synchronet</strong>
    found with Coverity Scan.
    </p>

    <ul>
    <li><strong>New Defects Found:</strong> 1</li>
    <li><strong>Defects Shown:</strong> Showing 1 of 1 defect(s)</li>
    </ul>

    <h3>Defect Details</h3>
    <pre>
    ** CID 631019: Memory - corruptions (ARRAY_VS_SINGLETON)


    _____________________________________________________________________________________________
    *** CID 631019: Memory - corruptions (ARRAY_VS_SINGLETON) /tmp/sbbs-Sep-29-2025/src/xpdev/ini_file.c: 1658 in iniParseSections()
    1652 break;
    1653 }
    1654
    1655 if (list[i] != NULL) {
    1656 // TODO: A comment will create a zero-length root section, which kinda sucks...
    1657 if (*p != INI_OPEN_SECTION_CHAR) {
    &gt;&gt;&gt; CID 631019: Memory - corruptions (ARRAY_VS_SINGLETON) &gt;&gt;&gt; Passing &quot;&amp;iniParsedRootValue&quot; to function &quot;addParsedSection&quot; which uses it as an array. This might corrupt or misinterpret adjacent memory locations.
    1658 if (!addParsedSection(&amp;lp, &amp;sections, &amp;iniParsedRootValue))
    1659 goto error_return;
    1660 keys = 0;
    1661 for (; list[i] != NULL; ++i) {
    1662 p = list[i];
    1663 SKIP_WHITESPACE(p);

    </pre>

    <p>
    <a href="https://scan.coverity.com/projects/synchronet?tab=overview" class="button">View Defects in Coverity Scan</a>
    </p>

    <p>Best regards,</p>
    <p>The Coverity Scan Admin Team</p>
    <img class="logo" width="140" src="https://scan.coverity.com/assets/BlackDuckLogo-6697adc63e07340464201a2ad534d3d3e44f95d36edda20b140440d34f05372f.svg" />
    </body>
    </html>
    ----==_mimepart_68da991cc30d_3dac62b4f2a4a99a44987--

    --- SBBSecho 3.29-Linux
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From scan-admin@coverity.com@1:103/705 to All on Tue Sep 30 14:17:12 2025

    ----==_mimepart_68dbe667f0fba_4d6e62b4f2a4a99a44915
    Content-Type: text/plain; charset=us-ascii
    Content-Transfer-Encoding: 7bit

    Hi,

    Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

    3 new defect(s) introduced to Synchronet found with Coverity Scan.


    New defect(s) Reported-by: Coverity Scan
    Showing 3 of 3 defect(s)


    ** CID 631052: Null pointer dereferences (FORWARD_NULL) /tmp/sbbs-Sep-30-2025/src/xpdev/ini_file.c: 3367 in iniGetFastParsedSectionCmp()


    _____________________________________________________________________________________________
    *** CID 631052: Null pointer dereferences (FORWARD_NULL) /tmp/sbbs-Sep-30-2025/src/xpdev/ini_file.c: 3367 in iniGetFastParsedSectionCmp()
    3361 return 0;
    3362 }
    3363 if (name == NULL || name->str == NULL)
    3364 return -1;
    3365 entShorter = fp->name.len < name->len;
    3366 cmplen = entShorter ? fp->name.len : name->len;
    CID 631052: Null pointer dereferences (FORWARD_NULL)
    Passing null pointer "fp->name.str" to "strncasecmp", which dereferences it.
    3367 cmp = strnicmp(name->str, fp->name.str, cmplen);
    3368 if (cmp == 0) {
    3369 if (fp->name.len == name->len)
    3370 return 0;
    3371 if (entShorter)
    3372 return 1;

    ** CID 631051: Integer handling issues (INTEGER_OVERFLOW) /tmp/sbbs-Sep-30-2025/src/xpdev/ini_file.c: 3159 in iniFastParseSections()


    _____________________________________________________________________________________________
    *** CID 631051: Integer handling issues (INTEGER_OVERFLOW) /tmp/sbbs-Sep-30-2025/src/xpdev/ini_file.c: 3159 in iniFastParseSections()
    3153 struct fp_section *sect;
    3154 size_t slen;
    3155 str++;
    3156 slen = strlen(str);
    3157 while (slen && (IS_WHITESPACE(str[slen - 1]))) 3158 slen--;
    CID 631051: Integer handling issues (INTEGER_OVERFLOW)
    Expression "slen - 1UL", where "slen" is known to be equal to 0, underflows the type of "slen - 1UL", which is type "unsigned long".
    3159 if (str[slen - 1] == INI_CLOSE_SECTION_CHAR) 3160 slen--;
    3161 else // Discard line
    3162 continue;
    3163 ret->totalSections++;
    3164 if ((ret->totalSections) >= arraySz) {

    ** CID 631050: Integer handling issues (INTEGER_OVERFLOW) /tmp/sbbs-Sep-30-2025/src/xpdev/ini_file.c: 3331 in iniGetFastParsedSectionList()


    _____________________________________________________________________________________________
    *** CID 631050: Integer handling issues (INTEGER_OVERFLOW) /tmp/sbbs-Sep-30-2025/src/xpdev/ini_file.c: 3331 in iniGetFastParsedSectionList()
    3325 if (sz)
    3326 *sz = 0;
    3327 return ret;
    3328 }
    3329 if (prefix)
    3330 prefixLen = strlen(prefix);
    CID 631050: Integer handling issues (INTEGER_OVERFLOW)
    Expression "i++", where "i" is known to be equal to 18446744073709551615, overflows the type of "i++", which is type "size_t".
    3331 for (i = iniGetFastPrefixStart(fp, prefix); i <= fp->lastUncut; i++) {
    3332 if (fp->sections[i].name.str == NULL)
    3333 continue;
    3334 if (fp->sections[i].cut)
    3335 continue;
    3336 if (fp->sections[i].name.len < prefixLen)


    ________________________________________________________________________________________________________
    To view the defects in Coverity Scan visit, https://scan.coverity.com/projects/synchronet?tab=overview


    ----==_mimepart_68dbe667f0fba_4d6e62b4f2a4a99a44915
    Content-Type: text/html; charset=us-ascii
    Content-Transfer-Encoding: 7bit

    <!DOCTYPE html>
    <html>
    <head>
    <meta charset="UTF-8">
    <title>New Defects Reported - Synchronet</title>
    <style>
    body { font-family: Arial, sans-serif; color: #222; line-height: 1.6; }
    .button {
    display: inline-block;
    padding: 10px 20px;
    margin: 20px 0;
    font-size: 16px;
    color: #fff !important;
    background-color: #0056b3;
    text-decoration: none;
    border-radius: 5px;
    }
    pre {
    background: #f8f9fa;
    padding: 10px;
    border-radius: 5px;
    font-size: 14px;
    overflow-x: auto;
    }
    </style>
    </head>
    <body>
    <p>Hi,</p>

    <p>
    Please find the latest report on new defect(s) introduced to <strong>Synchronet</strong>
    found with Coverity Scan.
    </p>

    <ul>
    <li><strong>New Defects Found:</strong> 3</li>
    <li><strong>Defects Shown:</strong> Showing 3 of 3 defect(s)</li>
    </ul>

    <h3>Defect Details</h3>
    <pre>
    ** CID 631052: Null pointer dereferences (FORWARD_NULL) /tmp/sbbs-Sep-30-2025/src/xpdev/ini_file.c: 3367 in iniGetFastParsedSectionCmp()


    _____________________________________________________________________________________________
    *** CID 631052: Null pointer dereferences (FORWARD_NULL) /tmp/sbbs-Sep-30-2025/src/xpdev/ini_file.c: 3367 in iniGetFastParsedSectionCmp()
    3361 return 0;
    3362 }
    3363 if (name == NULL || name-&gt;str == NULL)
    3364 return -1;
    3365 entShorter = fp-&gt;name.len &lt; name-&gt;len;
    3366 cmplen = entShorter ? fp-&gt;name.len : name-&gt;len; &gt;&gt;&gt; CID 631052: Null pointer dereferences (FORWARD_NULL) &gt;&gt;&gt; Passing null pointer &quot;fp-&gt;name.str&quot; to &quot;strncasecmp&quot;, which dereferences it.
    3367 cmp = strnicmp(name-&gt;str, fp-&gt;name.str, cmplen);
    3368 if (cmp == 0) {
    3369 if (fp-&gt;name.len == name-&gt;len)
    3370 return 0;
    3371 if (entShorter)
    3372 return 1;

    ** CID 631051: Integer handling issues (INTEGER_OVERFLOW) /tmp/sbbs-Sep-30-2025/src/xpdev/ini_file.c: 3159 in iniFastParseSections()


    _____________________________________________________________________________________________
    *** CID 631051: Integer handling issues (INTEGER_OVERFLOW) /tmp/sbbs-Sep-30-2025/src/xpdev/ini_file.c: 3159 in iniFastParseSections()
    3153 struct fp_section *sect;
    3154 size_t slen;
    3155 str++;
    3156 slen = strlen(str);
    3157 while (slen &amp;&amp; (IS_WHITESPACE(str[slen - 1])))
    3158 slen--;
    &gt;&gt;&gt; CID 631051: Integer handling issues (INTEGER_OVERFLOW)
    &gt;&gt;&gt; Expression &quot;slen - 1UL&quot;, where &quot;slen&quot; is known to be equal to 0, underflows the type of &quot;slen - 1UL&quot;, which is type &quot;unsigned long&quot;.
    3159 if (str[slen - 1] == INI_CLOSE_SECTION_CHAR) 3160 slen--;
    3161 else // Discard line
    3162 continue;
    3163 ret-&gt;totalSections++;
    3164 if ((ret-&gt;totalSections) &gt;= arraySz) {

    ** CID 631050: Integer handling issues (INTEGER_OVERFLOW) /tmp/sbbs-Sep-30-2025/src/xpdev/ini_file.c: 3331 in iniGetFastParsedSectionList()


    _____________________________________________________________________________________________
    *** CID 631050: Integer handling issues (INTEGER_OVERFLOW) /tmp/sbbs-Sep-30-2025/src/xpdev/ini_file.c: 3331 in iniGetFastParsedSectionList()
    3325 if (sz)
    3326 *sz = 0;
    3327 return ret;
    3328 }
    3329 if (prefix)
    3330 prefixLen = strlen(prefix);
    &gt;&gt;&gt; CID 631050: Integer handling issues (INTEGER_OVERFLOW)
    &gt;&gt;&gt; Expression &quot;i++&quot;, where &quot;i&quot; is known to be equal to 18446744073709551615, overflows the type of &quot;i++&quot;, which is type &quot;size_t&quot;.
    3331 for (i = iniGetFastPrefixStart(fp, prefix); i &lt;= fp-&gt;lastUncut; i++) {
    3332 if (fp-&gt;sections[i].name.str == NULL)
    3333 continue;
    3334 if (fp-&gt;sections[i].cut)
    3335 continue;
    3336 if (fp-&gt;sections[i].name.len &lt; prefixLen)

    </pre>

    <p>
    <a href="https://scan.coverity.com/projects/synchronet?tab=overview" class="button">View Defects in Coverity Scan</a>
    </p>

    <p>Best regards,</p>
    <p>The Coverity Scan Admin Team</p>
    <img class="logo" width="140" src="https://scan.coverity.com/assets/BlackDuckLogo-6697adc63e07340464201a2ad534d3d3e44f95d36edda20b140440d34f05372f.svg" />
    </body>
    </html>
    ----==_mimepart_68dbe667f0fba_4d6e62b4f2a4a99a44915--

    --- SBBSecho 3.30-Linux
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From scan-admin@coverity.com@1:103/705 to All on Wed Oct 1 16:08:39 2025

    ----==_mimepart_68dd52075cd65_5ee032b4f2a4a99a44999
    Content-Type: text/plain; charset=us-ascii
    Content-Transfer-Encoding: 7bit

    Hi,

    Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

    9 new defect(s) introduced to Synchronet found with Coverity Scan.
    3 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

    New defect(s) Reported-by: Coverity Scan
    Showing 9 of 9 defect(s)


    ** CID 631076: Memory - corruptions (OVERRUN)


    _____________________________________________________________________________________________
    *** CID 631076: Memory - corruptions (OVERRUN)
    /sbbsecho.c: 314 in parse_echostat_msg()
    308 {
    309 char str[128];
    310 char key[128];
    311 echostat_msg_t msg = {{0}};
    312
    313 snprintf(key, sizeof key, "%s.to", prefix), iniGetString(ini, section, key, NULL, msg.to);
    CID 631076: Memory - corruptions (OVERRUN)
    Overrunning array "msg.from" of 36 bytes by passing it to a function which accesses it at byte offset 1023.
    314 snprintf(key, sizeof key, "%s.from", prefix), iniGetString(ini, section, key, NULL, msg.from);
    315 snprintf(key, sizeof key, "%s.subj", prefix), iniGetString(ini, section, key, NULL, msg.subj);
    316 snprintf(key, sizeof key, "%s.msg_id", prefix), iniGetString(ini, section, key, NULL, msg.msg_id);
    317 snprintf(key, sizeof key, "%s.reply_id", prefix), iniGetString(ini, section, key, NULL, msg.reply_id);
    318 snprintf(key, sizeof key, "%s.pid", prefix), iniGetString(ini, section, key, NULL, msg.pid);
    319 snprintf(key, sizeof key, "%s.tid", prefix), iniGetString(ini, section, key, NULL, msg.tid);

    ** CID 631075: Memory - corruptions (OVERRUN)


    _____________________________________________________________________________________________
    *** CID 631075: Memory - corruptions (OVERRUN)
    /sbbsecho.c: 319 in parse_echostat_msg()
    313 snprintf(key, sizeof key, "%s.to", prefix), iniGetString(ini, section, key, NULL, msg.to);
    314 snprintf(key, sizeof key, "%s.from", prefix), iniGetString(ini, section, key, NULL, msg.from);
    315 snprintf(key, sizeof key, "%s.subj", prefix), iniGetString(ini, section, key, NULL, msg.subj);
    316 snprintf(key, sizeof key, "%s.msg_id", prefix), iniGetString(ini, section, key, NULL, msg.msg_id);
    317 snprintf(key, sizeof key, "%s.reply_id", prefix), iniGetString(ini, section, key, NULL, msg.reply_id);
    318 snprintf(key, sizeof key, "%s.pid", prefix), iniGetString(ini, section, key, NULL, msg.pid);
    CID 631075: Memory - corruptions (OVERRUN)
    Overrunning array "msg.tid" of 128 bytes by passing it to a function which accesses it at byte offset 1023.
    319 snprintf(key, sizeof key, "%s.tid", prefix), iniGetString(ini, section, key, NULL, msg.tid);
    320 snprintf(key, sizeof key, "%s.msg_tz", prefix), iniGetString(ini, section, key, NULL, msg.msg_tz);
    321 snprintf(key, sizeof key, "%s.msg_time", prefix), msg.msg_time = iniGetDateTime(ini, section, key, 0);
    322 snprintf(key, sizeof key, "%s.localtime", prefix), msg.localtime = iniGetDateTime(ini, section, key, 0);
    323 snprintf(key, sizeof key, "%s.length", prefix), msg.length = (size_t)iniGetBytes(ini, section, key, 1, 0);
    324 snprintf(key, sizeof key, "%s.origaddr", prefix), iniGetString(ini, section, key, NULL, str);

    ** CID 631074: Memory - corruptions (OVERRUN)


    _____________________________________________________________________________________________
    *** CID 631074: Memory - corruptions (OVERRUN)
    /sbbsecho.c: 317 in parse_echostat_msg()
    311 echostat_msg_t msg = {{0}};
    312
    313 snprintf(key, sizeof key, "%s.to", prefix), iniGetString(ini, section, key, NULL, msg.to);
    314 snprintf(key, sizeof key, "%s.from", prefix), iniGetString(ini, section, key, NULL, msg.from);
    315 snprintf(key, sizeof key, "%s.subj", prefix), iniGetString(ini, section, key, NULL, msg.subj);
    316 snprintf(key, sizeof key, "%s.msg_id", prefix), iniGetString(ini, section, key, NULL, msg.msg_id);
    CID 631074: Memory - corruptions (OVERRUN)
    Overrunning array "msg.reply_id" of 128 bytes by passing it to a function which accesses it at byte offset 1023.
    317 snprintf(key, sizeof key, "%s.reply_id", prefix), iniGetString(ini, section, key, NULL, msg.reply_id);
    318 snprintf(key, sizeof key, "%s.pid", prefix), iniGetString(ini, section, key, NULL, msg.pid);
    319 snprintf(key, sizeof key, "%s.tid", prefix), iniGetString(ini, section, key, NULL, msg.tid);
    320 snprintf(key, sizeof key, "%s.msg_tz", prefix), iniGetString(ini, section, key, NULL, msg.msg_tz);
    321 snprintf(key, sizeof key, "%s.msg_time", prefix), msg.msg_time = iniGetDateTime(ini, section, key, 0);
    322 snprintf(key, sizeof key, "%s.localtime", prefix), msg.localtime = iniGetDateTime(ini, section, key, 0);

    ** CID 631073: Memory - corruptions (OVERRUN)


    _____________________________________________________________________________________________
    *** CID 631073: Memory - corruptions (OVERRUN)
    /sbbsecho.c: 316 in parse_echostat_msg()
    310 char key[128];
    311 echostat_msg_t msg = {{0}};
    312
    313 snprintf(key, sizeof key, "%s.to", prefix), iniGetString(ini, section, key, NULL, msg.to);
    314 snprintf(key, sizeof key, "%s.from", prefix), iniGetString(ini, section, key, NULL, msg.from);
    315 snprintf(key, sizeof key, "%s.subj", prefix), iniGetString(ini, section, key, NULL, msg.subj);
    CID 631073: Memory - corruptions (OVERRUN)
    Overrunning array "msg.msg_id" of 128 bytes by passing it to a function which accesses it at byte offset 1023.
    316 snprintf(key, sizeof key, "%s.msg_id", prefix), iniGetString(ini, section, key, NULL, msg.msg_id);
    317 snprintf(key, sizeof key, "%s.reply_id", prefix), iniGetString(ini, section, key, NULL, msg.reply_id);
    318 snprintf(key, sizeof key, "%s.pid", prefix), iniGetString(ini, section, key, NULL, msg.pid);
    319 snprintf(key, sizeof key, "%s.tid", prefix), iniGetString(ini, section, key, NULL, msg.tid);
    320 snprintf(key, sizeof key, "%s.msg_tz", prefix), iniGetString(ini, section, key, NULL, msg.msg_tz);
    321 snprintf(key, sizeof key, "%s.msg_time", prefix), msg.msg_time = iniGetDateTime(ini, section, key, 0);

    ** CID 631072: Memory - corruptions (OVERRUN)


    _____________________________________________________________________________________________
    *** CID 631072: Memory - corruptions (OVERRUN)
    /sbbsecho.c: 313 in parse_echostat_msg()
    307 echostat_msg_t parse_echostat_msg(str_list_t ini, const char* section, const char* prefix)
    308 {
    309 char str[128];
    310 char key[128];
    311 echostat_msg_t msg = {{0}};
    312
    CID 631072: Memory - corruptions (OVERRUN)
    Overrunning array "msg.to" of 36 bytes by passing it to a function which accesses it at byte offset 1023.
    313 snprintf(key, sizeof key, "%s.to", prefix), iniGetString(ini, section, key, NULL, msg.to);
    314 snprintf(key, sizeof key, "%s.from", prefix), iniGetString(ini, section, key, NULL, msg.from);
    315 snprintf(key, sizeof key, "%s.subj", prefix), iniGetString(ini, section, key, NULL, msg.subj);
    316 snprintf(key, sizeof key, "%s.msg_id", prefix), iniGetString(ini, section, key, NULL, msg.msg_id);
    317 snprintf(key, sizeof key, "%s.reply_id", prefix), iniGetString(ini, section, key, NULL, msg.reply_id);
    318 snprintf(key, sizeof key, "%s.pid", prefix), iniGetString(ini, section, key, NULL, msg.pid);

    ** CID 631071: (OVERRUN)


    _____________________________________________________________________________________________
    *** CID 631071: (OVERRUN)
    /sbbsecho.c: 327 in parse_echostat_msg()
    321 snprintf(key, sizeof key, "%s.msg_time", prefix), msg.msg_time = iniGetDateTime(ini, section, key, 0);
    322 snprintf(key, sizeof key, "%s.localtime", prefix), msg.localtime = iniGetDateTime(ini, section, key, 0);
    323 snprintf(key, sizeof key, "%s.length", prefix), msg.length = (size_t)iniGetBytes(ini, section, key, 1, 0);
    324 snprintf(key, sizeof key, "%s.origaddr", prefix), iniGetString(ini, section, key, NULL, str);
    325 if (str[0])
    326 msg.origaddr = atofaddr(str);
    CID 631071: (OVERRUN)
    Overrunning array "str" of 128 bytes by passing it to a function which accesses it at byte offset 1023.
    327 snprintf(key, sizeof key, "%s.pkt_orig", prefix), iniGetString(ini, section, key, NULL, str);
    328 if (str[0])
    329 msg.pkt_orig = atofaddr(str);
    330
    331 return msg;
    332 }
    /sbbsecho.c: 324 in parse_echostat_msg()
    318 snprintf(key, sizeof key, "%s.pid", prefix), iniGetString(ini, section, key, NULL, msg.pid);
    319 snprintf(key, sizeof key, "%s.tid", prefix), iniGetString(ini, section, key, NULL, msg.tid);
    320 snprintf(key, sizeof key, "%s.msg_tz", prefix), iniGetString(ini, section, key, NULL, msg.msg_tz);
    321 snprintf(key, sizeof key, "%s.msg_time", prefix), msg.msg_time = iniGetDateTime(ini, section, key, 0);
    322 snprintf(key, sizeof key, "%s.localtime", prefix), msg.localtime = iniGetDateTime(ini, section, key, 0);
    323 snprintf(key, sizeof key, "%s.length", prefix), msg.length = (size_t)iniGetBytes(ini, section, key, 1, 0);
    CID 631071: (OVERRUN)
    Overrunning array "str" of 128 bytes by passing it to a function which accesses it at byte offset 1023.
    324 snprintf(key, sizeof key, "%s.origaddr", prefix), iniGetString(ini, section, key, NULL, str);
    325 if (str[0])
    326 msg.origaddr = atofaddr(str);
    327 snprintf(key, sizeof key, "%s.pkt_orig", prefix), iniGetString(ini, section, key, NULL, str);
    328 if (str[0])
    329 msg.pkt_orig = atofaddr(str);

    ** CID 631070: Memory - corruptions (OVERRUN)


    _____________________________________________________________________________________________
    *** CID 631070: Memory - corruptions (OVERRUN)
    /sbbsecho.c: 315 in parse_echostat_msg()
    309 char str[128];
    310 char key[128];
    311 echostat_msg_t msg = {{0}};
    312
    313 snprintf(key, sizeof key, "%s.to", prefix), iniGetString(ini, section, key, NULL, msg.to);
    314 snprintf(key, sizeof key, "%s.from", prefix), iniGetString(ini, section, key, NULL, msg.from);
    CID 631070: Memory - corruptions (OVERRUN)
    Overrunning array "msg.subj" of 72 bytes by passing it to a function which accesses it at byte offset 1023.
    315 snprintf(key, sizeof key, "%s.subj", prefix), iniGetString(ini, section, key, NULL, msg.subj);
    316 snprintf(key, sizeof key, "%s.msg_id", prefix), iniGetString(ini, section, key, NULL, msg.msg_id);
    317 snprintf(key, sizeof key, "%s.reply_id", prefix), iniGetString(ini, section, key, NULL, msg.reply_id);
    318 snprintf(key, sizeof key, "%s.pid", prefix), iniGetString(ini, section, key, NULL, msg.pid);
    319 snprintf(key, sizeof key, "%s.tid", prefix), iniGetString(ini, section, key, NULL, msg.tid);
    320 snprintf(key, sizeof key, "%s.msg_tz", prefix), iniGetString(ini, section, key, NULL, msg.msg_tz);

    ** CID 631069: Memory - corruptions (OVERRUN)


    _____________________________________________________________________________________________
    *** CID 631069: Memory - corruptions (OVERRUN)
    /sbbsecho.c: 318 in parse_echostat_msg()
    312
    313 snprintf(key, sizeof key, "%s.to", prefix), iniGetString(ini, section, key, NULL, msg.to);
    314 snprintf(key, sizeof key, "%s.from", prefix), iniGetString(ini, section, key, NULL, msg.from);
    315 snprintf(key, sizeof key, "%s.subj", prefix), iniGetString(ini, section, key, NULL, msg.subj);
    316 snprintf(key, sizeof key, "%s.msg_id", prefix), iniGetString(ini, section, key, NULL, msg.msg_id);
    317 snprintf(key, sizeof key, "%s.reply_id", prefix), iniGetString(ini, section, key, NULL, msg.reply_id);
    CID 631069: Memory - corruptions (OVERRUN)
    Overrunning array "msg.pid" of 128 bytes by passing it to a function which accesses it at byte offset 1023.
    318 snprintf(key, sizeof key, "%s.pid", prefix), iniGetString(ini, section, key, NULL, msg.pid);
    319 snprintf(key, sizeof key, "%s.tid", prefix), iniGetString(ini, section, key, NULL, msg.tid);
    320 snprintf(key, sizeof key, "%s.msg_tz", prefix), iniGetString(ini, section, key, NULL, msg.msg_tz);
    321 snprintf(key, sizeof key, "%s.msg_time", prefix), msg.msg_time = iniGetDateTime(ini, section, key, 0);
    322 snprintf(key, sizeof key, "%s.localtime", prefix), msg.localtime = iniGetDateTime(ini, section, key, 0);
    323 snprintf(key, sizeof key, "%s.length", prefix), msg.length = (size_t)iniGetBytes(ini, section, key, 1, 0);

    ** CID 631068: Memory - corruptions (OVERRUN)


    _____________________________________________________________________________________________
    *** CID 631068: Memory - corruptions (OVERRUN)
    /sbbsecho.c: 320 in parse_echostat_msg()
    314 snprintf(key, sizeof key, "%s.from", prefix), iniGetString(ini, section, key, NULL, msg.from);
    315 snprintf(key, sizeof key, "%s.subj", prefix), iniGetString(ini, section, key, NULL, msg.subj);
    316 snprintf(key, sizeof key, "%s.msg_id", prefix), iniGetString(ini, section, key, NULL, msg.msg_id);
    317 snprintf(key, sizeof key, "%s.reply_id", prefix), iniGetString(ini, section, key, NULL, msg.reply_id);
    318 snprintf(key, sizeof key, "%s.pid", prefix), iniGetString(ini, section, key, NULL, msg.pid);
    319 snprintf(key, sizeof key, "%s.tid", prefix), iniGetString(ini, section, key, NULL, msg.tid);
    CID 631068: Memory - corruptions (OVERRUN)
    Overrunning array "msg.msg_tz" of 128 bytes by passing it to a function which accesses it at byte offset 1023.
    320 snprintf(key, sizeof key, "%s.msg_tz", prefix), iniGetString(ini, section, key, NULL, msg.msg_tz);
    321 snprintf(key, sizeof key, "%s.msg_time", prefix), msg.msg_time = iniGetDateTime(ini, section, key, 0);
    322 snprintf(key, sizeof key, "%s.localtime", prefix), msg.localtime = iniGetDateTime(ini, section, key, 0);
    323 snprintf(key, sizeof key, "%s.length", prefix), msg.length = (size_t)iniGetBytes(ini, section, key, 1, 0);
    324 snprintf(key, sizeof key, "%s.origaddr", prefix), iniGetString(ini, section, key, NULL, str);
    325 if (str[0])


    ________________________________________________________________________________________________________
    To view the defects in Coverity Scan visit, https://scan.coverity.com/projects/synchronet?tab=overview


    ----==_mimepart_68dd52075cd65_5ee032b4f2a4a99a44999
    Content-Type: text/html; charset=us-ascii
    Content-Transfer-Encoding: 7bit

    <!DOCTYPE html>
    <html>
    <head>
    <meta charset="UTF-8">
    <title>New Defects Reported - Synchronet</title>
    <style>
    body { font-family: Arial, sans-serif; color: #222; line-height: 1.6; }
    .button {
    display: inline-block;
    padding: 10px 20px;
    margin: 20px 0;
    font-size: 16px;
    color: #fff !important;
    background-color: #0056b3;
    text-decoration: none;
    border-radius: 5px;
    }
    pre {
    background: #f8f9fa;
    padding: 10px;
    border-radius: 5px;
    font-size: 14px;
    overflow-x: auto;
    }
    </style>
    </head>
    <body>
    <p>Hi,</p>

    <p>
    Please find the latest report on new defect(s) introduced to <strong>Synchronet</strong>
    found with Coverity Scan.
    </p>

    <ul>
    <li><strong>New Defects Found:</strong> 9</li>
    <li>
    3 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.
    </li>
    <li><strong>Defects Shown:</strong> Showing 9 of 9 defect(s)</li>
    </ul>

    <h3>Defect Details</h3>
    <pre>
    ** CID 631076: Memory - corruptions (OVERRUN)


    _____________________________________________________________________________________________
    *** CID 631076: Memory - corruptions (OVERRUN)
    /sbbsecho.c: 314 in parse_echostat_msg()
    308 {
    309 char str[128];
    310 char key[128];
    311 echostat_msg_t msg = {{0}};
    312
    313 snprintf(key, sizeof key, &quot;%s.to&quot;, prefix), iniGetString(ini, section, key, NULL, msg.to);
    &gt;&gt;&gt; CID 631076: Memory - corruptions (OVERRUN) &gt;&gt;&gt; Overrunning array &quot;msg.from&quot; of 36 bytes by passing it to a function which accesses it at byte offset 1023.
    314 snprintf(key, sizeof key, &quot;%s.from&quot;, prefix), iniGetString(ini, section, key, NULL, msg.from);
    315 snprintf(key, sizeof key, &quot;%s.subj&quot;, prefix), iniGetString(ini, section, key, NULL, msg.subj);
    316 snprintf(key, sizeof key, &quot;%s.msg_id&quot;, prefix), iniGetString(ini, section, key, NULL, msg.msg_id);
    317 snprintf(key, sizeof key, &quot;%s.reply_id&quot;, prefix), iniGetString(ini, section, key, NULL, msg.reply_id);
    318 snprintf(key, sizeof key, &quot;%s.pid&quot;, prefix), iniGetString(ini, section, key, NULL, msg.pid);
    319 snprintf(key, sizeof key, &quot;%s.tid&quot;, prefix), iniGetString(ini, section, key, NULL, msg.tid);

    ** CID 631075: Memory - corruptions (OVERRUN)


    _____________________________________________________________________________________________
    *** CID 631075: Memory - corruptions (OVERRUN)
    /sbbsecho.c: 319 in parse_echostat_msg()
    313 snprintf(key, sizeof key, &quot;%s.to&quot;, prefix), iniGetString(ini, section, key, NULL, msg.to);
    314 snprintf(key, sizeof key, &quot;%s.from&quot;, prefix), iniGetString(ini, section, key, NULL, msg.from);
    315 snprintf(key, sizeof key, &quot;%s.subj&quot;, prefix), iniGetString(ini, section, key, NULL, msg.subj);
    316 snprintf(key, sizeof key, &quot;%s.msg_id&quot;, prefix), iniGetString(ini, section, key, NULL, msg.msg_id);
    317 snprintf(key, sizeof key, &quot;%s.reply_id&quot;, prefix), iniGetString(ini, section, key, NULL, msg.reply_id);
    318 snprintf(key, sizeof key, &quot;%s.pid&quot;, prefix), iniGetString(ini, section, key, NULL, msg.pid);
    &gt;&gt;&gt; CID 631075: Memory - corruptions (OVERRUN) &gt;&gt;&gt; Overrunning array &quot;msg.tid&quot; of 128 bytes by passing it to a function which accesses it at byte offset 1023.
    319 snprintf(key, sizeof key, &quot;%s.tid&quot;, prefix), iniGetString(ini, section, key, NULL, msg.tid);
    320 snprintf(key, sizeof key, &quot;%s.msg_tz&quot;, prefix), iniGetString(ini, section, key, NULL, msg.msg_tz);
    321 snprintf(key, sizeof key, &quot;%s.msg_time&quot;, prefix), msg.msg_time = iniGetDateTime(ini, section, key, 0);
    322 snprintf(key, sizeof key, &quot;%s.localtime&quot;, prefix), msg.localtime = iniGetDateTime(ini, section, key, 0);
    323 snprintf(key, sizeof key, &quot;%s.length&quot;, prefix), msg.length = (size_t)iniGetBytes(ini, section, key, 1, 0);
    324 snprintf(key, sizeof key, &quot;%s.origaddr&quot;, prefix), iniGetString(ini, section, key, NULL, str);

    ** CID 631074: Memory - corruptions (OVERRUN)


    _____________________________________________________________________________________________
    *** CID 631074: Memory - corruptions (OVERRUN)
    /sbbsecho.c: 317 in parse_echostat_msg()
    311 echostat_msg_t msg = {{0}};
    312
    313 snprintf(key, sizeof key, &quot;%s.to&quot;, prefix), iniGetString(ini, section, key, NULL, msg.to);
    314 snprintf(key, sizeof key, &quot;%s.from&quot;, prefix), iniGetString(ini, section, key, NULL, msg.from);
    315 snprintf(key, sizeof key, &quot;%s.subj&quot;, prefix), iniGetString(ini, section, key, NULL, msg.subj);
    316 snprintf(key, sizeof key, &quot;%s.msg_id&quot;, prefix), iniGetString(ini, section, key, NULL, msg.msg_id);
    &gt;&gt;&gt; CID 631074: Memory - corruptions (OVERRUN) &gt;&gt;&gt; Overrunning array &quot;msg.reply_id&quot; of 128 bytes by passing it to a function which accesses it at byte offset 1023.
    317 snprintf(key, sizeof key, &quot;%s.reply_id&quot;, prefix), iniGetString(ini, section, key, NULL, msg.reply_id);
    318 snprintf(key, sizeof key, &quot;%s.pid&quot;, prefix), iniGetString(ini, section, key, NULL, msg.pid);
    319 snprintf(key, sizeof key, &quot;%s.tid&quot;, prefix), iniGetString(ini, section, key, NULL, msg.tid);
    320 snprintf(key, sizeof key, &quot;%s.msg_tz&quot;, prefix), iniGetString(ini, section, key, NULL, msg.msg_tz);
    321 snprintf(key, sizeof key, &quot;%s.msg_time&quot;, prefix), msg.msg_time = iniGetDateTime(ini, section, key, 0);
    322 snprintf(key, sizeof key, &quot;%s.localtime&quot;, prefix), msg.localtime = iniGetDateTime(ini, section, key, 0);

    ** CID 631073: Memory - corruptions (OVERRUN)


    _____________________________________________________________________________________________
    *** CID 631073: Memory - corruptions (OVERRUN)
    /sbbsecho.c: 316 in parse_echostat_msg()
    310 char key[128];
    311 echostat_msg_t msg = {{0}};
    312
    313 snprintf(key, sizeof key, &quot;%s.to&quot;, prefix), iniGetString(ini, section, key, NULL, msg.to);
    314 snprintf(key, sizeof key, &quot;%s.from&quot;, prefix), iniGetString(ini, section, key, NULL, msg.from);
    315 snprintf(key, sizeof key, &quot;%s.subj&quot;, prefix), iniGetString(ini, section, key, NULL, msg.subj);
    &gt;&gt;&gt; CID 631073: Memory - corruptions (OVERRUN) &gt;&gt;&gt; Overrunning array &quot;msg.msg_id&quot; of 128 bytes by passing it to a function which accesses it at byte offset 1023.
    316 snprintf(key, sizeof key, &quot;%s.msg_id&quot;, prefix), iniGetString(ini, section, key, NULL, msg.msg_id);
    317 snprintf(key, sizeof key, &quot;%s.reply_id&quot;, prefix), iniGetString(ini, section, key, NULL, msg.reply_id);
    318 snprintf(key, sizeof key, &quot;%s.pid&quot;, prefix), iniGetString(ini, section, key, NULL, msg.pid);
    319 snprintf(key, sizeof key, &quot;%s.tid&quot;, prefix), iniGetString(ini, section, key, NULL, msg.tid);
    320 snprintf(key, sizeof key, &quot;%s.msg_tz&quot;, prefix), iniGetString(ini, section, key, NULL, msg.msg_tz);
    321 snprintf(key, sizeof key, &quot;%s.msg_time&quot;, prefix), msg.msg_time = iniGetDateTime(ini, section, key, 0);

    ** CID 631072: Memory - corruptions (OVERRUN)


    _____________________________________________________________________________________________
    *** CID 631072: Memory - corruptions (OVERRUN)
    /sbbsecho.c: 313 in parse_echostat_msg()
    307 echostat_msg_t parse_echostat_msg(str_list_t ini, const char* section, const char* prefix)
    308 {
    309 char str[128];
    310 char key[128];
    311 echostat_msg_t msg = {{0}};
    312
    &gt;&gt;&gt; CID 631072: Memory - corruptions (OVERRUN) &gt;&gt;&gt; Overrunning array &quot;msg.to&quot; of 36 bytes by passing it to a function which accesses it at byte offset 1023.
    313 snprintf(key, sizeof key, &quot;%s.to&quot;, prefix), iniGetString(ini, section, key, NULL, msg.to);
    314 snprintf(key, sizeof key, &quot;%s.from&quot;, prefix), iniGetString(ini, section, key, NULL, msg.from);
    315 snprintf(key, sizeof key, &quot;%s.subj&quot;, prefix), iniGetString(ini, section, key, NULL, msg.subj);
    316 snprintf(key, sizeof key, &quot;%s.msg_id&quot;, prefix), iniGetString(ini, section, key, NULL, msg.msg_id);
    317 snprintf(key, sizeof key, &quot;%s.reply_id&quot;, prefix), iniGetString(ini, section, key, NULL, msg.reply_id);
    318 snprintf(key, sizeof key, &quot;%s.pid&quot;, prefix), iniGetString(ini, section, key, NULL, msg.pid);

    ** CID 631071: (OVERRUN)


    _____________________________________________________________________________________________
    *** CID 631071: (OVERRUN)
    /sbbsecho.c: 327 in parse_echostat_msg()
    321 snprintf(key, sizeof key, &quot;%s.msg_time&quot;, prefix), msg.msg_time = iniGetDateTime(ini, section, key, 0);
    322 snprintf(key, sizeof key, &quot;%s.localtime&quot;, prefix), msg.localtime = iniGetDateTime(ini, section, key, 0);
    323 snprintf(key, sizeof key, &quot;%s.length&quot;, prefix), msg.length = (size_t)iniGetBytes(ini, section, key, 1, 0);
    324 snprintf(key, sizeof key, &quot;%s.origaddr&quot;, prefix), iniGetString(ini, section, key, NULL, str);
    325 if (str[0])
    326 msg.origaddr = atofaddr(str);
    &gt;&gt;&gt; CID 631071: (OVERRUN)
    &gt;&gt;&gt; Overrunning array &quot;str&quot; of 128 bytes by passing it to a function which accesses it at byte offset 1023.
    327 snprintf(key, sizeof key, &quot;%s.pkt_orig&quot;, prefix), iniGetString(ini, section, key, NULL, str);
    328 if (str[0])
    329 msg.pkt_orig = atofaddr(str);
    330
    331 return msg;
    332 }
    /sbbsecho.c: 324 in parse_echostat_msg()
    318 snprintf(key, sizeof key, &quot;%s.pid&quot;, prefix), iniGetString(ini, section, key, NULL, msg.pid);
    319 snprintf(key, sizeof key, &quot;%s.tid&quot;, prefix), iniGetString(ini, section, key, NULL, msg.tid);
    320 snprintf(key, sizeof key, &quot;%s.msg_tz&quot;, prefix), iniGetString(ini, section, key, NULL, msg.msg_tz);
    321 snprintf(key, sizeof key, &quot;%s.msg_time&quot;, prefix), msg.msg_time = iniGetDateTime(ini, section, key, 0);
    322 snprintf(key, sizeof key, &quot;%s.localtime&quot;, prefix), msg.localtime = iniGetDateTime(ini, section, key, 0);
    323 snprintf(key, sizeof key, &quot;%s.length&quot;, prefix), msg.length = (size_t)iniGetBytes(ini, section, key, 1, 0);
    &gt;&gt;&gt; CID 631071: (OVERRUN)
    &gt;&gt;&gt; Overrunning array &quot;str&quot; of 128 bytes by passing it to a function which accesses it at byte offset 1023.
    324 snprintf(key, sizeof key, &quot;%s.origaddr&quot;, prefix), iniGetString(ini, section, key, NULL, str);
    325 if (str[0])
    326 msg.origaddr = atofaddr(str);
    327 snprintf(key, sizeof key, &quot;%s.pkt_orig&quot;, prefix), iniGetString(ini, section, key, NULL, str);
    328 if (str[0])
    329 msg.pkt_orig = atofaddr(str);

    ** CID 631070: Memory - corruptions (OVERRUN)


    _____________________________________________________________________________________________
    *** CID 631070: Memory - corruptions (OVERRUN)
    /sbbsecho.c: 315 in parse_echostat_msg()
    309 char str[128];
    310 char key[128];
    311 echostat_msg_t msg = {{0}};
    312
    313 snprintf(key, sizeof key, &quot;%s.to&quot;, prefix), iniGetString(ini, section, key, NULL, msg.to);
    314 snprintf(key, sizeof key, &quot;%s.from&quot;, prefix), iniGetString(ini, section, key, NULL, msg.from);
    &gt;&gt;&gt; CID 631070: Memory - corruptions (OVERRUN) &gt;&gt;&gt; Overrunning array &quot;msg.subj&quot; of 72 bytes by passing it to a function which accesses it at byte offset 1023.
    315 snprintf(key, sizeof key, &quot;%s.subj&quot;, prefix), iniGetString(ini, section, key, NULL, msg.subj);
    316 snprintf(key, sizeof key, &quot;%s.msg_id&quot;, prefix), iniGetString(ini, section, key, NULL, msg.msg_id);
    317 snprintf(key, sizeof key, &quot;%s.reply_id&quot;, prefix), iniGetString(ini, section, key, NULL, msg.reply_id);
    318 snprintf(key, sizeof key, &quot;%s.pid&quot;, prefix), iniGetString(ini, section, key, NULL, msg.pid);
    319 snprintf(key, sizeof key, &quot;%s.tid&quot;, prefix), iniGetString(ini, section, key, NULL, msg.tid);
    320 snprintf(key, sizeof key, &quot;%s.msg_tz&quot;, prefix), iniGetString(ini, section, key, NULL, msg.msg_tz);

    ** CID 631069: Memory - corruptions (OVERRUN)


    _____________________________________________________________________________________________
    *** CID 631069: Memory - corruptions (OVERRUN)
    /sbbsecho.c: 318 in parse_echostat_msg()
    312
    313 snprintf(key, sizeof key, &quot;%s.to&quot;, prefix), iniGetString(ini, section, key, NULL, msg.to);
    314 snprintf(key, sizeof key, &quot;%s.from&quot;, prefix), iniGetString(ini, section, key, NULL, msg.from);
    315 snprintf(key, sizeof key, &quot;%s.subj&quot;, prefix), iniGetString(ini, section, key, NULL, msg.subj);
    316 snprintf(key, sizeof key, &quot;%s.msg_id&quot;, prefix), iniGetString(ini, section, key, NULL, msg.msg_id);
    317 snprintf(key, sizeof key, &quot;%s.reply_id&quot;, prefix), iniGetString(ini, section, key, NULL, msg.reply_id);
    &gt;&gt;&gt; CID 631069: Memory - corruptions (OVERRUN) &gt;&gt;&gt; Overrunning array &quot;msg.pid&quot; of 128 bytes by passing it to a function which accesses it at byte offset 1023.
    318 snprintf(key, sizeof key, &quot;%s.pid&quot;, prefix), iniGetString(ini, section, key, NULL, msg.pid);
    319 snprintf(key, sizeof key, &quot;%s.tid&quot;, prefix), iniGetString(ini, section, key, NULL, msg.tid);
    320 snprintf(key, sizeof key, &quot;%s.msg_tz&quot;, prefix), iniGetString(ini, section, key, NULL, msg.msg_tz);
    321 snprintf(key, sizeof key, &quot;%s.msg_time&quot;, prefix), msg.msg_time = iniGetDateTime(ini, section, key, 0);
    322 snprintf(key, sizeof key, &quot;%s.localtime&quot;, prefix), msg.localtime = iniGetDateTime(ini, section, key, 0);
    323 snprintf(key, sizeof key, &quot;%s.length&quot;, prefix), msg.length = (size_t)iniGetBytes(ini, section, key, 1, 0);

    ** CID 631068: Memory - corruptions (OVERRUN)


    _____________________________________________________________________________________________
    *** CID 631068: Memory - corruptions (OVERRUN)
    /sbbsecho.c: 320 in parse_echostat_msg()
    314 snprintf(key, sizeof key, &quot;%s.from&quot;, prefix), iniGetString(ini, section, key, NULL, msg.from);
    315 snprintf(key, sizeof key, &quot;%s.subj&quot;, prefix), iniGetString(ini, section, key, NULL, msg.subj);
    316 snprintf(key, sizeof key, &quot;%s.msg_id&quot;, prefix), iniGetString(ini, section, key, NULL, msg.msg_id);
    317 snprintf(key, sizeof key, &quot;%s.reply_id&quot;, prefix), iniGetString(ini, section, key, NULL, msg.reply_id);
    318 snprintf(key, sizeof key, &quot;%s.pid&quot;, prefix), iniGetString(ini, section, key, NULL, msg.pid);
    319 snprintf(key, sizeof key, &quot;%s.tid&quot;, prefix), iniGetString(ini, section, key, NULL, msg.tid);
    &gt;&gt;&gt; CID 631068: Memory - corruptions (OVERRUN) &gt;&gt;&gt; Overrunning array &quot;msg.msg_tz&quot; of 128 bytes by passing it to a function which accesses it at byte offset 1023.
    320 snprintf(key, sizeof key, &quot;%s.msg_tz&quot;, prefix), iniGetString(ini, section, key, NULL, msg.msg_tz);
    321 snprintf(key, sizeof key, &quot;%s.msg_time&quot;, prefix), msg.msg_time = iniGetDateTime(ini, section, key, 0);
    322 snprintf(key, sizeof key, &quot;%s.localtime&quot;, prefix), msg.localtime = iniGetDateTime(ini, section, key, 0);
    323 snprintf(key, sizeof key, &quot;%s.length&quot;, prefix), msg.length = (size_t)iniGetBytes(ini, section, key, 1, 0);
    324 snprintf(key, sizeof key, &quot;%s.origaddr&quot;, prefix), iniGetString(ini, section, key, NULL, str);
    325 if (str[0])

    </pre>

    <p>
    <a href="https://scan.coverity.com/projects/synchronet?tab=overview" class="button">View Defects in Coverity Scan</a>
    </p>

    <p>Best regards,</p>
    <p>The Coverity Scan Admin Team</p>
    <img class="logo" width="140" src="https://scan.coverity.com/assets/BlackDuckLogo-6697adc63e07340464201a2ad534d3d3e44f95d36edda20b140440d34f05372f.svg" />
    </body>
    </html>
    ----==_mimepart_68dd52075cd65_5ee032b4f2a4a99a44999--

    --- SBBSecho 3.30-Linux
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)