Forum: Midnight-Club

New Defects reported by Coverity Scan for Synchronet

From [email protected]@VERT to All on Sunday, March 30, 2025 13:06:10

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

5 new defect(s) introduced to Synchronet found with Coverity Scan.
6 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 5 of 5 defect(s)

** CID 548252: Error handling issues (NEGATIVE_RETURNS)
/writemsg.cpp: 709 in sbbs_t::writemsg(const char *, const char *, char *, int, int, const char *, const char *, const char **, const char **)()

________________________________________________________________________________________________________
*** CID 548252: Error handling issues (NEGATIVE_RETURNS)
/writemsg.cpp: 709 in sbbs_t::writemsg(const char *, const char *, char *, int, int, const char *, const char *, const char **, const char **)()
703 buf[0] = 0;
704 if (linesquoted || draft_restored) {
705 if ((file = nopen(msgtmp, O_RDONLY)) != -1) { 706 length = (long)filelength(file);
707 l = length > (int)(cfg.level_linespermsg[useron_level] * MAX_LINE_LEN) - 1
708 ? (cfg.level_linespermsg[useron_level] * MAX_LINE_LEN) - 1 : length;

CID 548252: Error handling issues (NEGATIVE_RETURNS)
"l" is passed to a parameter that cannot be negative. [Note: The source code implementation of the function has been overridden by a builtin model.]

709 if (read(file, buf, l) != l)
710 l = 0;
711 buf[l] = 0;
712 close(file);
713 // remove(msgtmp);
714 }

** CID 548251: Incorrect expression (SIZEOF_MISMATCH)
/xtrn.cpp: 1621 in sbbs_t::external(const char *, int, const char *)()

________________________________________________________________________________________________________
*** CID 548251: Incorrect expression (SIZEOF_MISMATCH)
/xtrn.cpp: 1621 in sbbs_t::external(const char *, int, const char *)()
1615 return -1;
1616 }
1617
1618 if ((mode & EX_STDIO) == EX_STDIO) {
1619 struct winsize winsize;
1620 struct termios termio;

CID 548251: Incorrect expression (SIZEOF_MISMATCH)
Passing argument "&termio" of type "termios *" and argument "8UL" ("sizeof (this->term)") to function "memset" is suspicious because "sizeof (termios) /*60*/" is expected.

1621 memset(&termio, 0, sizeof(term));
1622 cfsetispeed(&termio, B19200);
1623 cfsetospeed(&termio, B19200);
1624 if (mode & EX_BIN)
1625 cfmakeraw(&termio);
1626 else {

** CID 548250: Control flow issues (NO_EFFECT)
/terminal.cpp: 31 in Terminal::scroll_hotspots(unsigned int)()

________________________________________________________________________________________________________
*** CID 548250: Control flow issues (NO_EFFECT)
/terminal.cpp: 31 in Terminal::scroll_hotspots(unsigned int)()
25 unsigned spots = 0;
26 unsigned remain = 0;
27 for (list_node_t* node = mouse_hotspots->first; node != NULL; node = node->next) {
28 struct mouse_hotspot* spot = (struct mouse_hotspot*)node->data; 29 spot->y -= count;
30 spots++;

CID 548250: Control flow issues (NO_EFFECT)
This greater-than-or-equal-to-zero comparison of an unsigned value is always true. "spot->y >= 0U".

31 if (spot->y >= 0)
32 remain++;
33 }
34 #ifdef _DEBUG
35 if (spots)
36 sbbs->lprintf(LOG_DEBUG, "Scrolled %u mouse hot-spots %u rows (%u remain)", spots, count, remain);

** CID 548249: (DEADCODE)
/useredit.cpp: 89 in sbbs_t::useredit(int)()
/useredit.cpp: 89 in sbbs_t::useredit(int)()

________________________________________________________________________________________________________
*** CID 548249: (DEADCODE)
/useredit.cpp: 89 in sbbs_t::useredit(int)()
83 SAFEPRINTF2(user_pass, "%.*s..", (int)(max_len - 2), user.pass);
84 bprintf(text[UeditAliasPassword]
85 , user.alias
86 , datestr(user.pwmod, tmp)
87 , (user.level > useron.level || !(cfg.sys_misc & SM_ECHO_PW)) ? "<hidden>" : user_pass
88 );

CID 548249: (DEADCODE)
Execution cannot reach the expression ""XXXXXXXX"" inside this statement: "this->bprintf(this->text[Ue...".

89 bprintf(text[UeditRealNamePhone]
90 , user.level > useron.level && console & CON_R_ECHO
91 ? "XXXXXXXX" : user.name
92 , user.level > useron.level && console & CON_R_ECHO
93 ? "XXX-XXX-XXXX" : user.phone);
94 bprintf(text[UeditAddressBirthday]
/useredit.cpp: 89 in sbbs_t::useredit(int)()
83 SAFEPRINTF2(user_pass, "%.*s..", (int)(max_len - 2), user.pass);
84 bprintf(text[UeditAliasPassword]
85 , user.alias
86 , datestr(user.pwmod, tmp)
87 , (user.level > useron.level || !(cfg.sys_misc & SM_ECHO_PW)) ? "<hidden>" : user_pass
88 );

CID 548249: (DEADCODE)
Execution cannot reach the expression ""XXX-XXX-XXXX"" inside this statement: "this->bprintf(this->text[Ue...".

89 bprintf(text[UeditRealNamePhone]
90 , user.level > useron.level && console & CON_R_ECHO
91 ? "XXXXXXXX" : user.name
92 , user.level > useron.level && console & CON_R_ECHO
93 ? "XXX-XXX-XXXX" : user.phone);
94 bprintf(text[UeditAddressBirthday]

** CID 548248: Error handling issues (CHECKED_RETURN)
/writemsg.cpp: 1836 in sbbs_t::movemsg(smbmsg_t *, int)()

________________________________________________________________________________________________________
*** CID 548248: Error handling issues (CHECKED_RETURN)
/writemsg.cpp: 1836 in sbbs_t::movemsg(smbmsg_t *, int)()
1830 length = smb_getmsgdatlen(msg);
1831 if ((buf = (char *)malloc(length)) == NULL) {
1832 errormsg(WHERE, ERR_ALLOC, smb.file, length);
1833 return false;
1834 }
1835

CID 548248: Error handling issues (CHECKED_RETURN)
Calling "fseek(this->smb.sdt_fp, msg->hdr.offset, 0)" without checking return value. This library function may fail and return an error code.

1836 fseek(smb.sdt_fp, msg->hdr.offset, SEEK_SET);
1837 if (fread(buf, length, 1, smb.sdt_fp) != 1) {
1838 free(buf);
1839 errormsg(WHERE, ERR_READ, smb.file, length);
1840 return false;
1841 }

________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://scan.coverity.com/projects/synchronet?tab=overview

---
� Synchronet � Vertrauen � Home of Synchronet � [vert/cvs/bbs].synchro.net

From [email protected]@VERT to All on Saturday, April 05, 2025 12:46:11

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

1 new defect(s) introduced to Synchronet found with Coverity Scan.
3 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 1 of 1 defect(s)

** CID 548912: Data race undermines locking (LOCK_EVASION)
/answer.cpp: 437 in sbbs_t::answer(bool *)()

________________________________________________________________________________________________________
*** CID 548912: Data race undermines locking (LOCK_EVASION)
/answer.cpp: 437 in sbbs_t::answer(bool *)()
431 activate_ssh = init_sftp(cid);
432 term->cols = 0;
433 term->rows = 0;
434 SAFECOPY(terminal, "sftp");
435 mouse_mode = MOUSE_MODE_OFF;
436 autoterm = 0;

CID 548912: Data race undermines locking (LOCK_EVASION)
Thread1 sets "sys_status" to a new value. Now the two threads have an inconsistent view of "sys_status" and updates to fields correlated with "sys_status" may be lost.

437 sys_status |= SS_USERON;
438 SAFECOPY(client.protocol, "SFTP");
439 SAFECOPY(client.user, useron.alias);
440 client.usernum = useron.number;
441 client_on(client_socket, &client, /* update: */ TRUE);
442 SAFECOPY(connection, client.protocol);

________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://scan.coverity.com/projects/synchronet?tab=overview

---
� Synchronet � Vertrauen � Home of Synchronet � [vert/cvs/bbs].synchro.net

From [email protected]@VERT to All on Friday, April 11, 2025 15:36:53

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

2 new defect(s) introduced to Synchronet found with Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 2 of 2 defect(s)

** CID 549016: Integer handling issues (INTEGER_OVERFLOW)
/str.cpp: 1194 in sbbs_t::spy(unsigned int)()

________________________________________________________________________________________________________
*** CID 549016: Integer handling issues (INTEGER_OVERFLOW)
/str.cpp: 1194 in sbbs_t::spy(unsigned int)()
1188 && !msgabort()) {
1189 in = incom(1000);
1190 if (in == NOINP) {
1191 gettimeleft();
1192 continue;
1193 }

CID 549016: Integer handling issues (INTEGER_OVERFLOW)
Expression "ch", where "in" is known to be equal to 256, overflows the type of "ch", which is type "char".

1194 ch = in;
1195 if (ch == ESC) {
1196 if (ansi_len)
1197 ansi_len = 0;
1198 else {
1199 if ((in = incom(500)) != NOINP) {

** CID 549015: Uninitialized variables (UNINIT)

________________________________________________________________________________________________________
*** CID 549015: Uninitialized variables (UNINIT)
/js_system.c: 2089 in js_chkpassword()
2083
2084 js_system_private_t* sys;
2085 if ((sys = (js_system_private_t*)js_GetClassPrivate(cx, obj, &js_system_class)) == NULL)
2086 return JS_FALSE;
2087
2088 rc = JS_SUSPENDREQUEST(cx);

CID 549015: Uninitialized variables (UNINIT)
Using uninitialized value "*str" when calling "check_pass".

2089 bool result = check_pass(sys->cfg, str, /* user: */NULL, /* unique: */false, /* reason: */NULL)
2090 && !trashcan(sys->cfg, str, "password"); 2091 JS_SET_RVAL(cx, arglist, BOOLEAN_TO_JSVAL(result));
2092 JS_RESUMEREQUEST(cx, rc);
2093
2094 return JS_TRUE;

________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://scan.coverity.com/projects/synchronet?tab=overview

---
� Synchronet � Vertrauen � Home of Synchronet � [vert/cvs/bbs].synchro.net

From [email protected]@VERT to All on Tuesday, May 20, 2025 12:44:44

<!DOCTYPE html>
<html>
<head>
<style>
body {
font-family: Arial, sans-serif;
line-height: 1.6;
}
.button {
display: inline-block;
padding: 10px 20px;
margin: 20px 0;
font-size: 16px;
color: #fff;
background-color: #007bff;
text-decoration: none;
border-radius: 5px;
}
.button:hover {
background-color: #0056b3;
}
</style>
</head>
<body>
<p>Hi,</p>

<p>
Coverity Scan has identified new defect(s) in the project <strong>Synchronet</strong>.
</p>

<h3>Defect Summary:</h3>
<ul>
<li><strong>New Defects Found:</strong> 2</li>
<li><strong>Defects Fixed:</strong> 1</li>
<li><strong>Defects Displayed:</strong> Showing 2 of 2</li>
</ul>

<p>
To view the full list of defects and take action, click the button below:
</p>

<p>
<a href="https://scan.coverity.com/projects/synchronet?tab=overview" class="button">View Defects</a>
</p>

<p>
If you have any questions or need assistance, feel free to contact our support team.
</p>

<p>Best regards,</p>
<p>The Coverity Scan Admin Team</p>
<img class="logo" width="140" src="/assets/BlackDuckLogo-6697adc63e07340464201a2ad534d3d3e44f95d36edda20b140440d34f05372f.svg" />
</body>
</html>

---
* Synchronet * Vertrauen � Home of Synchronet � [vert/cvs/bbs].synchro.net

From [email protected]@VERT to All on Sunday, July 06, 2025 12:47:03

----==_mimepart_686a7047ce71_192e802d9f7544199c8471c
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

2 new defect(s) introduced to Synchronet found with Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 2 of 2 defect(s)

** CID 569480: Resource leaks (RESOURCE_LEAK)
/js_system.c: 1781 in js_notify()

_____________________________________________________________________________________________
*** CID 569480: Resource leaks (RESOURCE_LEAK)
/js_system.c: 1781 in js_notify()
1775 if (msg == NULL)
1776 return JS_TRUE;
1777 }
1778
1779 if (argc > 3 && !JSVAL_NULL_OR_VOID(argv[3])) {
1780 if ((js_str = JS_ValueToString(cx, argv[3])) == NULL) >>> CID 569480: Resource leaks (RESOURCE_LEAK)

Variable "msg" going out of scope leaks the storage it points to.

1781 return JS_FALSE;
1782
1783 JSSTRING_TO_MSTRING(cx, js_str, replyto, NULL);
1784 HANDLE_PENDING(cx, replyto);
1785 if (replyto == NULL)
1786 return JS_TRUE;

** CID 569479: Resource leaks (RESOURCE_LEAK)
/js_system.c: 1793 in js_notify()

_____________________________________________________________________________________________
*** CID 569479: Resource leaks (RESOURCE_LEAK)
/js_system.c: 1793 in js_notify()
1787 }
1788
1789 JSSTRING_TO_MSTRING(cx, js_subj, subj, NULL);
1790 HANDLE_PENDING(cx, subj);
1791 if (subj == NULL) {
1792 free(msg);

CID 569479: Resource leaks (RESOURCE_LEAK)
Variable "replyto" going out of scope leaks the storage it points to. 1793 return JS_TRUE;

1794 }
1795
1796 rc = JS_SUSPENDREQUEST(cx);
1797 ret = notify(sys->cfg, usernumber, subj, msg, replyto) == 0; 1798 free(subj);

________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://scan.coverity.com/projects/synchronet?tab=overview

----==_mimepart_686a7047ce71_192e802d9f7544199c8471c
Content-Type: text/html; charset=us-ascii
Content-Transfer-Encoding: 7bit

<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<title>New Defects Reported - Synchronet</title>
<style>
body { font-family: Arial, sans-serif; color: #222; line-height: 1.6; }
.button {
display: inline-block;
padding: 10px 20px;
margin: 20px 0;
font-size: 16px;
color: #fff !important;
background-color: #0056b3;
text-decoration: none;
border-radius: 5px;
}
pre {
background: #f8f9fa;
padding: 10px;
border-radius: 5px;
font-size: 14px;
overflow-x: auto;
}
</style>
</head>
<body>
<p>Hi,</p>

<p>
Please find the latest report on new defect(s) introduced to <strong>Synchronet</strong>
found with Coverity Scan.
</p>

<ul>
<li><strong>New Defects Found:</strong> 2</li>
<li><strong>Defects Shown:</strong> Showing 2 of 2 defect(s)</li>
</ul>

<h3>Defect Details</h3>
<pre>
** CID 569480: Resource leaks (RESOURCE_LEAK)
/js_system.c: 1781 in js_notify()

_____________________________________________________________________________________________
*** CID 569480: Resource leaks (RESOURCE_LEAK)
/js_system.c: 1781 in js_notify()
1775 if (msg == NULL)
1776 return JS_TRUE;
1777 }
1778
1779 if (argc > 3 && !JSVAL_NULL_OR_VOID(argv[3])) {
1780 if ((js_str = JS_ValueToString(cx, argv[3])) == NULL) >>> CID 569480: Resource leaks (RESOURCE_LEAK) >>> Variable "msg" going out of scope leaks the storage it points to.
1781 return JS_FALSE;
1782
1783 JSSTRING_TO_MSTRING(cx, js_str, replyto, NULL);
1784 HANDLE_PENDING(cx, replyto);
1785 if (replyto == NULL)
1786 return JS_TRUE;

** CID 569479: Resource leaks (RESOURCE_LEAK)
/js_system.c: 1793 in js_notify()

_____________________________________________________________________________________________
*** CID 569479: Resource leaks (RESOURCE_LEAK)
/js_system.c: 1793 in js_notify()
1787 }
1788
1789 JSSTRING_TO_MSTRING(cx, js_subj, subj, NULL);
1790 HANDLE_PENDING(cx, subj);
1791 if (subj == NULL) {
1792 free(msg);
>>> CID 569479: Resource leaks (RESOURCE_LEAK) >>> Variable "replyto" going out of scope leaks the storage it points to.
1793 return JS_TRUE;
1794 }
1795
1796 rc = JS_SUSPENDREQUEST(cx);
1797 ret = notify(sys->cfg, usernumber, subj, msg, replyto) == 0; 1798 free(subj);

</pre>

<p>
<a href="https://scan.coverity.com/projects/synchronet?tab=overview" class="button">View Defects in Coverity Scan</a>
</p>

<p>Best regards,</p>
<p>The Coverity Scan Admin Team</p>
<img class="logo" width="140" src="https://scan.coverity.com/assets/BlackDuckLogo-6697adc63e07340464201a2ad534d3d3e44f95d36edda20b140440d34f05372f.svg" />
</body>
</html>
----==_mimepart_686a7047ce71_192e802d9f7544199c8471c--

---
� Synchronet � Vertrauen � Home of Synchronet � [vert/cvs/bbs].synchro.net

From [email protected]@VERT to All on Sunday, July 20, 2025 12:45:55

----==_mimepart_687ce502ba0a3_2748642bf92199999045dc
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

2 new defect(s) introduced to Synchronet found with Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 2 of 2 defect(s)

** CID 582443: High impact quality (Y2K38_SAFETY)
/sexyz.c: 1356 in receive_files()

_____________________________________________________________________________________________
*** CID 582443: High impact quality (Y2K38_SAFETY)
/sexyz.c: 1356 in receive_files()
1350 if (!t)
1351 t = 1;
1352 if (zm.file_skipped)
1353 lprintf(LOG_WARNING, "File Skipped");
1354 else if (success)
1355 lprintf(LOG_INFO, "Successful - Time: %s CPS: %lu"

CID 582443: High impact quality (Y2K38_SAFETY)
A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "t" is cast to "uint".

1356 , seconds_to_str((uint)t, tmp), (ulong)(file_bytes / t));
1357 else
1358 lprintf(LOG_ERR, "File Transfer %s"
1359 , zm.local_abort ? "Aborted": zm.cancelled ? "Cancelled":"Failure");
1360
1361 if (!(mode & XMODEM) && ftime)

** CID 582442: (Y2K38_SAFETY)
/sexyz.c: 994 in send_files()
/sexyz.c: 1069 in send_files()

_____________________________________________________________________________________________
*** CID 582442: (Y2K38_SAFETY)
/sexyz.c: 994 in send_files()
988 xm.sent_files++;
989 xm.sent_bytes += fsize;
990 if (zm.file_skipped)
991 lprintf(LOG_WARNING, "File Skipped");
992 else
993 lprintf(LOG_INFO, "Successful - Time: %s CPS: %u"

CID 582442: (Y2K38_SAFETY)
A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "t" is cast to "uint".

994 , seconds_to_str((uint)t, tmp)
995 , cps);
996
997 if (xm.total_files - xm.sent_files)
998 lprintf(LOG_INFO, "Remaining - Time: %s Files: %lu KBytes: %" PRId64
999 , seconds_to_str((uint)((xm.total_bytes - xm.sent_bytes) / cps), tmp)
/sexyz.c: 1069 in send_files()
1063 }
1064 if (xm.total_files > 1) {
1065 t = time(NULL) - startall;
1066 if (!t)
1067 t = 1;
1068 lprintf(LOG_INFO, "Overall - Time %s KBytes: %" PRId64 " CPS: %lu"

CID 582442: (Y2K38_SAFETY)
A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "t" is cast to "uint".

1069 , seconds_to_str((uint)t, tmp)
1070 , total_bytes / 1024, total_bytes / t); 1071 }
1072 return 0; /* success */
1073 }
1074

________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://scan.coverity.com/projects/synchronet?tab=overview

----==_mimepart_687ce502ba0a3_2748642bf92199999045dc
Content-Type: text/html; charset=us-ascii
Content-Transfer-Encoding: 7bit

<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<title>New Defects Reported - Synchronet</title>
<style>
body { font-family: Arial, sans-serif; color: #222; line-height: 1.6; }
.button {
display: inline-block;
padding: 10px 20px;
margin: 20px 0;
font-size: 16px;
color: #fff !important;
background-color: #0056b3;
text-decoration: none;
border-radius: 5px;
}
pre {
background: #f8f9fa;
padding: 10px;
border-radius: 5px;
font-size: 14px;
overflow-x: auto;
}
</style>
</head>
<body>
<p>Hi,</p>

<p>
Please find the latest report on new defect(s) introduced to <strong>Synchronet</strong>
found with Coverity Scan.
</p>

<ul>
<li><strong>New Defects Found:</strong> 2</li>
<li><strong>Defects Shown:</strong> Showing 2 of 2 defect(s)</li>
</ul>

<h3>Defect Details</h3>
<pre>
** CID 582443: High impact quality (Y2K38_SAFETY)
/sexyz.c: 1356 in receive_files()

_____________________________________________________________________________________________
*** CID 582443: High impact quality (Y2K38_SAFETY)
/sexyz.c: 1356 in receive_files()
1350 if (!t)
1351 t = 1;
1352 if (zm.file_skipped)
1353 lprintf(LOG_WARNING, "File Skipped"); 1354 else if (success)
1355 lprintf(LOG_INFO, "Successful - Time: %s CPS: %lu"
>>> CID 582443: High impact quality (Y2K38_SAFETY) >>> A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "t" is cast to "uint".
1356 , seconds_to_str((uint)t, tmp), (ulong)(file_bytes / t));
1357 else
1358 lprintf(LOG_ERR, "File Transfer %s" 1359 , zm.local_abort ? "Aborted": zm.cancelled ? "Cancelled":"Failure");
1360
1361 if (!(mode & XMODEM) && ftime)

** CID 582442: (Y2K38_SAFETY)
/sexyz.c: 994 in send_files()
/sexyz.c: 1069 in send_files()

_____________________________________________________________________________________________
*** CID 582442: (Y2K38_SAFETY)
/sexyz.c: 994 in send_files()
988 xm.sent_files++;
989 xm.sent_bytes += fsize;
990 if (zm.file_skipped)
991 lprintf(LOG_WARNING, "File Skipped");
992 else
993 lprintf(LOG_INFO, "Successful - Time: %s CPS: %u"
>>> CID 582442: (Y2K38_SAFETY)
>>> A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "t" is cast to "uint".
994 , seconds_to_str((uint)t, tmp)
995 , cps);
996
997 if (xm.total_files - xm.sent_files)
998 lprintf(LOG_INFO, "Remaining - Time: %s Files: %lu KBytes: %" PRId64
999 , seconds_to_str((uint)((xm.total_bytes - xm.sent_bytes) / cps), tmp)
/sexyz.c: 1069 in send_files()
1063 }
1064 if (xm.total_files > 1) {
1065 t = time(NULL) - startall;
1066 if (!t)
1067 t = 1;
1068 lprintf(LOG_INFO, "Overall - Time %s KBytes: %" PRId64 " CPS: %lu"
>>> CID 582442: (Y2K38_SAFETY)
>>> A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "t" is cast to "uint".
1069 , seconds_to_str((uint)t, tmp)
1070 , total_bytes / 1024, total_bytes / t); 1071 }
1072 return 0; /* success */
1073 }
1074

</pre>

<p>
<a href="https://scan.coverity.com/projects/synchronet?tab=overview" class="button">View Defects in Coverity Scan</a>
</p>

<p>Best regards,</p>
<p>The Coverity Scan Admin Team</p>
<img class="logo" width="140" src="https://scan.coverity.com/assets/BlackDuckLogo-6697adc63e07340464201a2ad534d3d3e44f95d36edda20b140440d34f05372f.svg" />
</body>
</html>
----==_mimepart_687ce502ba0a3_2748642bf92199999045dc--

---
� Synchronet � Vertrauen � Home of Synchronet � [vert/cvs/bbs].synchro.net

From [email protected]@VERT to All on Sunday, August 10, 2025 14:15:47

----==_mimepart_6898a9938c063_f22012b538a7b399c12567
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

1 new defect(s) introduced to Synchronet found with Coverity Scan.
3 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 1 of 1 defect(s)

** CID 583942: High impact quality (Y2K38_SAFETY)
/userdat.c: 3171 in loginuserdat()

_____________________________________________________________________________________________
*** CID 583942: High impact quality (Y2K38_SAFETY)
/userdat.c: 3171 in loginuserdat()
3165 if (protocol != NULL)
3166 SAFECOPY(user->connection, protocol);
3167 if (hostname != NULL)
3168 SAFECOPY(user->comp, hostname);
3169 if (ipaddr != NULL)
3170 SAFECOPY(user->ipaddr, ipaddr);

CID 583942: High impact quality (Y2K38_SAFETY)
A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "logontime" is cast to "time32_t".

3171 user->logontime = logontime;
3172
3173 return putuserdat(cfg, user);
3174 }
3175
3176 /****************************************************************************/

________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://scan.coverity.com/projects/synchronet?tab=overview

----==_mimepart_6898a9938c063_f22012b538a7b399c12567
Content-Type: text/html; charset=us-ascii
Content-Transfer-Encoding: 7bit

<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<title>New Defects Reported - Synchronet</title>
<style>
body { font-family: Arial, sans-serif; color: #222; line-height: 1.6; }
.button {
display: inline-block;
padding: 10px 20px;
margin: 20px 0;
font-size: 16px;
color: #fff !important;
background-color: #0056b3;
text-decoration: none;
border-radius: 5px;
}
pre {
background: #f8f9fa;
padding: 10px;
border-radius: 5px;
font-size: 14px;
overflow-x: auto;
}
</style>
</head>
<body>
<p>Hi,</p>

<p>
Please find the latest report on new defect(s) introduced to <strong>Synchronet</strong>
found with Coverity Scan.
</p>

<ul>
<li><strong>New Defects Found:</strong> 1</li>
<li>
3 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.
</li>
<li><strong>Defects Shown:</strong> Showing 1 of 1 defect(s)</li>
</ul>

<h3>Defect Details</h3>
<pre>
** CID 583942: High impact quality (Y2K38_SAFETY)
/userdat.c: 3171 in loginuserdat()

_____________________________________________________________________________________________
*** CID 583942: High impact quality (Y2K38_SAFETY)
/userdat.c: 3171 in loginuserdat()
3165 if (protocol != NULL)
3166 SAFECOPY(user->connection, protocol);
3167 if (hostname != NULL)
3168 SAFECOPY(user->comp, hostname);
3169 if (ipaddr != NULL)
3170 SAFECOPY(user->ipaddr, ipaddr);
>>> CID 583942: High impact quality (Y2K38_SAFETY) >>> A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "logontime" is cast to "time32_t".
3171 user->logontime = logontime;
3172
3173 return putuserdat(cfg, user);
3174 }
3175
3176 /****************************************************************************/

</pre>

<p>
<a href="https://scan.coverity.com/projects/synchronet?tab=overview" class="button">View Defects in Coverity Scan</a>
</p>

<p>Best regards,</p>
<p>The Coverity Scan Admin Team</p>
<img class="logo" width="140" src="https://scan.coverity.com/assets/BlackDuckLogo-6697adc63e07340464201a2ad534d3d3e44f95d36edda20b140440d34f05372f.svg" />
</body>
</html>
----==_mimepart_6898a9938c063_f22012b538a7b399c12567--

---
� Synchronet � Vertrauen � Home of Synchronet � [vert/cvs/bbs].synchro.net

From [email protected]@VERT to All on Monday, August 11, 2025 13:57:59

----==_mimepart_6899f6e6bbda6_101b942b538a7b399c1257b
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

1 new defect(s) introduced to Synchronet found with Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 1 of 1 defect(s)

** CID 583999: (UNINIT)

_____________________________________________________________________________________________
*** CID 583999: (UNINIT)
/file.cpp: 182 in sbbs_t::removefcdt(smbmsg_t *)()
176 if (cfg.dir[f->dir]->misc & DIR_CDTUL)
177 cdt = ((ulong)(f->cost * (cfg.dir[f->dir]->up_pct / 100.0)) / cur_cps) / 60;
178 if (cfg.dir[f->dir]->misc & DIR_CDTDL
179 && f->hdr.times_downloaded) /* all downloads */ 180 cdt += ((ulong)((long)f->hdr.times_downloaded 181 * f->cost * (cfg.dir[f->dir]->dn_pct / 100.0)) / cur_cps) / 60;

CID 583999: (UNINIT)
Using uninitialized value "user.level" when calling "adjustuserval". 182 adjustuserval(&cfg, &user, USER_MIN, -cdt);

183 snprintf(str, sizeof str, "%lu minute", cdt);
184 snprintf(tmp, sizeof tmp, text[FileRemovedUserMsg]
185 , f->name, cdt ? str : text[No]);
186 putsmsg(user.number, tmp);
187 }
/file.cpp: 203 in sbbs_t::removefcdt(smbmsg_t *)()
197 bprintf(text[CreditsToRemove], f->from);
198 getstr(str, 10, K_NUMBER | K_LINE | K_EDIT | K_AUTODEL);
199 if (msgabort(true))
200 return false;
201 cdt = atol(str);
202 }

CID 583999: (UNINIT)
Using uninitialized value "user.level" when calling "adjustuserval". 203 adjustuserval(&cfg, &user, USER_CDT, -cdt);

204 snprintf(tmp, sizeof tmp, text[FileRemovedUserMsg]
205 , f->name, cdt > 0 ? ultoac(cdt, str) : text[No]);
206 putsmsg(user.number, tmp);
207 }
208
/file.cpp: 209 in sbbs_t::removefcdt(smbmsg_t *)()
203 adjustuserval(&cfg, &user, USER_CDT, -cdt);
204 snprintf(tmp, sizeof tmp, text[FileRemovedUserMsg]
205 , f->name, cdt > 0 ? ultoac(cdt, str) : text[No]);
206 putsmsg(user.number, tmp);
207 }
208

CID 583999: (UNINIT)
Using uninitialized value "user.level" when calling "adjustuserval". 209 adjustuserval(&cfg, &user, USER_ULB, -f->size);

210 adjustuserval(&cfg, &user, USER_ULS, -1);
211 return true;
212 }
213
214 /****************************************************************************/
/file.cpp: 210 in sbbs_t::removefcdt(smbmsg_t *)()
204 snprintf(tmp, sizeof tmp, text[FileRemovedUserMsg]
205 , f->name, cdt > 0 ? ultoac(cdt, str) : text[No]);
206 putsmsg(user.number, tmp);
207 }
208
209 adjustuserval(&cfg, &user, USER_ULB, -f->size);

CID 583999: (UNINIT)
Using uninitialized value "user.level" when calling "adjustuserval". 210 adjustuserval(&cfg, &user, USER_ULS, -1);

211 return true;
212 }
213
214 /****************************************************************************/
215 /****************************************************************************/

________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://scan.coverity.com/projects/synchronet?tab=overview

----==_mimepart_6899f6e6bbda6_101b942b538a7b399c1257b
Content-Type: text/html; charset=us-ascii
Content-Transfer-Encoding: 7bit

<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<title>New Defects Reported - Synchronet</title>
<style>
body { font-family: Arial, sans-serif; color: #222; line-height: 1.6; }
.button {
display: inline-block;
padding: 10px 20px;
margin: 20px 0;
font-size: 16px;
color: #fff !important;
background-color: #0056b3;
text-decoration: none;
border-radius: 5px;
}
pre {
background: #f8f9fa;
padding: 10px;
border-radius: 5px;
font-size: 14px;
overflow-x: auto;
}
</style>
</head>
<body>
<p>Hi,</p>

<p>
Please find the latest report on new defect(s) introduced to <strong>Synchronet</strong>
found with Coverity Scan.
</p>

<ul>
<li><strong>New Defects Found:</strong> 1</li>
<li><strong>Defects Shown:</strong> Showing 1 of 1 defect(s)</li>
</ul>

<h3>Defect Details</h3>
<pre>
** CID 583999: (UNINIT)

_____________________________________________________________________________________________
*** CID 583999: (UNINIT)
/file.cpp: 182 in sbbs_t::removefcdt(smbmsg_t *)()
176 if (cfg.dir[f->dir]->misc & DIR_CDTUL)
177 cdt = ((ulong)(f->cost * (cfg.dir[f->dir]->up_pct / 100.0)) / cur_cps) / 60;
178 if (cfg.dir[f->dir]->misc & DIR_CDTDL
179 && f->hdr.times_downloaded) /* all downloads */
180 cdt += ((ulong)((long)f->hdr.times_downloaded
181 * f->cost * (cfg.dir[f->dir]->dn_pct / 100.0)) / cur_cps) / 60;
>>> CID 583999: (UNINIT)
>>> Using uninitialized value "user.level" when calling "adjustuserval".
182 adjustuserval(&cfg, &user, USER_MIN, -cdt);
183 snprintf(str, sizeof str, "%lu minute", cdt); 184 snprintf(tmp, sizeof tmp, text[FileRemovedUserMsg]
185 , f->name, cdt ? str : text[No]);
186 putsmsg(user.number, tmp);
187 }
/file.cpp: 203 in sbbs_t::removefcdt(smbmsg_t *)()
197 bprintf(text[CreditsToRemove], f->from);
198 getstr(str, 10, K_NUMBER | K_LINE | K_EDIT | K_AUTODEL);
199 if (msgabort(true))
200 return false;
201 cdt = atol(str);
202 }
>>> CID 583999: (UNINIT)
>>> Using uninitialized value "user.level" when calling "adjustuserval".
203 adjustuserval(&cfg, &user, USER_CDT, -cdt);
204 snprintf(tmp, sizeof tmp, text[FileRemovedUserMsg]
205 , f->name, cdt > 0 ? ultoac(cdt, str) : text[No]);
206 putsmsg(user.number, tmp);
207 }
208
/file.cpp: 209 in sbbs_t::removefcdt(smbmsg_t *)()
203 adjustuserval(&cfg, &user, USER_CDT, -cdt);
204 snprintf(tmp, sizeof tmp, text[FileRemovedUserMsg]
205 , f->name, cdt > 0 ? ultoac(cdt, str) : text[No]);
206 putsmsg(user.number, tmp);
207 }
208
>>> CID 583999: (UNINIT)
>>> Using uninitialized value "user.level" when calling "adjustuserval".
209 adjustuserval(&cfg, &user, USER_ULB, -f->size);
210 adjustuserval(&cfg, &user, USER_ULS, -1);
211 return true;
212 }
213
214 /****************************************************************************/
/file.cpp: 210 in sbbs_t::removefcdt(smbmsg_t *)()
204 snprintf(tmp, sizeof tmp, text[FileRemovedUserMsg]
205 , f->name, cdt > 0 ? ultoac(cdt, str) : text[No]);
206 putsmsg(user.number, tmp);
207 }
208
209 adjustuserval(&cfg, &user, USER_ULB, -f->size); >>> CID 583999: (UNINIT)
>>> Using uninitialized value "user.level" when calling "adjustuserval".
210 adjustuserval(&cfg, &user, USER_ULS, -1);
211 return true;
212 }
213
214 /****************************************************************************/
215 /****************************************************************************/

</pre>

<p>
<a href="https://scan.coverity.com/projects/synchronet?tab=overview" class="button">View Defects in Coverity Scan</a>
</p>

<p>Best regards,</p>
<p>The Coverity Scan Admin Team</p>
<img class="logo" width="140" src="https://scan.coverity.com/assets/BlackDuckLogo-6697adc63e07340464201a2ad534d3d3e44f95d36edda20b140440d34f05372f.svg" />
</body>
</html>
----==_mimepart_6899f6e6bbda6_101b942b538a7b399c1257b--

---
� Synchronet � Vertrauen � Home of Synchronet � [vert/cvs/bbs].synchro.net

From [email protected]@VERT to All on Monday, August 18, 2025 13:37:12

----==_mimepart_68a32c876d3fd_16fcff2e2b69fdf990236c2
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

1 new defect(s) introduced to Synchronet found with Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 1 of 1 defect(s)

** CID 584091: (Y2K38_SAFETY)
/logon.cpp: 631 in sbbs_t::logonstats()()
/logon.cpp: 642 in sbbs_t::logonstats()()
/logon.cpp: 638 in sbbs_t::logonstats()()

_____________________________________________________________________________________________
*** CID 584091: (Y2K38_SAFETY)
/logon.cpp: 631 in sbbs_t::logonstats()()
625 errormsg(WHERE, ERR_READ, "system stats");
626 return 0;
627 }
628
629 now = time(NULL);
630 if (stats.date > now + (24L * 60L * 60L)) /* More than a day in the future? */

CID 584091: (Y2K38_SAFETY)
A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "stats.date" is cast to "int".

631 errormsg(WHERE, ERR_CHK, "Daily stats date/time stamp", (int)stats.date);
632
633 if (!dates_are_same(now, stats.date)) {
634
635 struct tm tm{};
636 struct tm update_tm{};
/logon.cpp: 642 in sbbs_t::logonstats()()
636 struct tm update_tm{};
637 if (localtime_r(&stats.date, &update_tm) == NULL) {
638 errormsg(WHERE, ERR_CHK, "Daily stats date/time break down", (int)stats.date);
639 return 0;
640 }
641 if (localtime_r(&now, &tm) == NULL) {

CID 584091: (Y2K38_SAFETY)
A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "stats.date" is cast to "int".

642 errormsg(WHERE, ERR_CHK, "Current date/time break down", (int)stats.date);
643 return 0;
644 }
645
646 sys_status |= SS_NEW_DAY;
647 if (tm.tm_mon != update_tm.tm_mon)
/logon.cpp: 638 in sbbs_t::logonstats()()
632
633 if (!dates_are_same(now, stats.date)) {
634
635 struct tm tm{};
636 struct tm update_tm{};
637 if (localtime_r(&stats.date, &update_tm) == NULL) {

CID 584091: (Y2K38_SAFETY)
A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "stats.date" is cast to "int".

638 errormsg(WHERE, ERR_CHK, "Daily stats date/time break down", (int)stats.date);
639 return 0;
640 }
641 if (localtime_r(&now, &tm) == NULL) {
642 errormsg(WHERE, ERR_CHK, "Current date/time break down", (int)stats.date);
643 return 0;

________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://scan.coverity.com/projects/synchronet?tab=overview

----==_mimepart_68a32c876d3fd_16fcff2e2b69fdf990236c2
Content-Type: text/html; charset=us-ascii
Content-Transfer-Encoding: 7bit

<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<title>New Defects Reported - Synchronet</title>
<style>
body { font-family: Arial, sans-serif; color: #222; line-height: 1.6; }
.button {
display: inline-block;
padding: 10px 20px;
margin: 20px 0;
font-size: 16px;
color: #fff !important;
background-color: #0056b3;
text-decoration: none;
border-radius: 5px;
}
pre {
background: #f8f9fa;
padding: 10px;
border-radius: 5px;
font-size: 14px;
overflow-x: auto;
}
</style>
</head>
<body>
<p>Hi,</p>

<p>
Please find the latest report on new defect(s) introduced to <strong>Synchronet</strong>
found with Coverity Scan.
</p>

<ul>
<li><strong>New Defects Found:</strong> 1</li>
<li><strong>Defects Shown:</strong> Showing 1 of 1 defect(s)</li>
</ul>

<h3>Defect Details</h3>
<pre>
** CID 584091: (Y2K38_SAFETY)
/logon.cpp: 631 in sbbs_t::logonstats()()
/logon.cpp: 642 in sbbs_t::logonstats()()
/logon.cpp: 638 in sbbs_t::logonstats()()

_____________________________________________________________________________________________
*** CID 584091: (Y2K38_SAFETY)
/logon.cpp: 631 in sbbs_t::logonstats()()
625 errormsg(WHERE, ERR_READ, "system stats"); 626 return 0;
627 }
628
629 now = time(NULL);
630 if (stats.date > now + (24L * 60L * 60L)) /* More than a day in the future? */
>>> CID 584091: (Y2K38_SAFETY)
>>> A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "stats.date" is cast to "int".
631 errormsg(WHERE, ERR_CHK, "Daily stats date/time stamp", (int)stats.date);
632
633 if (!dates_are_same(now, stats.date)) {
634
635 struct tm tm{};
636 struct tm update_tm{};
/logon.cpp: 642 in sbbs_t::logonstats()()
636 struct tm update_tm{};
637 if (localtime_r(&stats.date, &update_tm) == NULL) {
638 errormsg(WHERE, ERR_CHK, "Daily stats date/time break down", (int)stats.date);
639 return 0;
640 }
641 if (localtime_r(&now, &tm) == NULL) { >>> CID 584091: (Y2K38_SAFETY)
>>> A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "stats.date" is cast to "int".
642 errormsg(WHERE, ERR_CHK, "Current date/time break down", (int)stats.date);
643 return 0;
644 }
645
646 sys_status |= SS_NEW_DAY;
647 if (tm.tm_mon != update_tm.tm_mon)
/logon.cpp: 638 in sbbs_t::logonstats()()
632
633 if (!dates_are_same(now, stats.date)) {
634
635 struct tm tm{};
636 struct tm update_tm{};
637 if (localtime_r(&stats.date, &update_tm) == NULL) {
>>> CID 584091: (Y2K38_SAFETY)
>>> A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "stats.date" is cast to "int".
638 errormsg(WHERE, ERR_CHK, "Daily stats date/time break down", (int)stats.date);
639 return 0;
640 }
641 if (localtime_r(&now, &tm) == NULL) {
642 errormsg(WHERE, ERR_CHK, "Current date/time break down", (int)stats.date);
643 return 0;

</pre>

<p>
<a href="https://scan.coverity.com/projects/synchronet?tab=overview" class="button">View Defects in Coverity Scan</a>
</p>

<p>Best regards,</p>
<p>The Coverity Scan Admin Team</p>
<img class="logo" width="140" src="https://scan.coverity.com/assets/BlackDuckLogo-6697adc63e07340464201a2ad534d3d3e44f95d36edda20b140440d34f05372f.svg" />
</body>
</html>
----==_mimepart_68a32c876d3fd_16fcff2e2b69fdf990236c2--

---
� Synchronet � Vertrauen � Home of Synchronet � [vert/cvs/bbs].synchro.net

Sysop:	Danilo
Location:	Keeling, VA
Users:	3
Nodes:	20 (0 / 20)
Uptime:	204:13:04
Calls:	11
Calls today:	11
Files:	1
U/L today:	3 files (272K bytes)
D/L today:	2 files (240K bytes)
Messages:	10,169
Posted today:	23

New Defects reported by Coverity Scan for Synchronet

Who's Online

Recent Visitors

System Info