Forum: Mystical Realm BBS

New Defects reported by Coverity Scan for Synchronet

From scan-admin@coverity.com@1:103/705 to All on Sun Dec 14 13:48:36 2025

----==_mimepart_693ec0347df67_815e22c07a52839ac105f0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

89 new defect(s) introduced to Synchronet found with Coverity Scan.
88 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 20 of 89 defect(s)

** CID 639949: Error handling issues (CHECKED_RETURN)
/websrvr.cpp: 2047 in check_ars(http_session_t *)()

_____________________________________________________________________________________________
*** CID 639949: Error handling issues (CHECKED_RETURN)
/websrvr.cpp: 2047 in check_ars(http_session_t *)()
2041 else
2042 lprintf(LOG_NOTICE, "%04d !UNKNOWN USER: '%s'" 2043 , session->socket, session->req.auth.username);
2044 return false;
2045 }
2046 thisuser.number = i;

CID 639949: Error handling issues (CHECKED_RETURN)
Calling "getuserdat" without checking return value (as is done elsewhere 90 out of 103 times).

2047 getuserdat(&scfg, &thisuser);
2048 switch (session->req.auth.type) {
2049 case AUTHENTICATION_TLS_PSK:
2050 if ((auth_allowed & (1 << AUTHENTICATION_TLS_PSK)) == 0)
2051 return false;
2052 if (session->last_user_num != 0) {

** CID 639948: Program hangs (SLEEP)
/services.cpp: 1619 in native_service_thread(void *)()

_____________________________________________________________________________________________
*** CID 639948: Program hangs (SLEEP)
/services.cpp: 1619 in native_service_thread(void *)()
1613 client_on(socket, &client, false /* update */);
1614
1615 if (startup->login_attempt.throttle
1616 && (login_attempts = loginAttempts(startup->login_attempt_list, &service_client.addr)) > 1) {
1617 lprintf(LOG_DEBUG, "%04d %s Throttling suspicious connection from: %s (%lu login attempts)"
1618 , socket, service->protocol, client.addr, login_attempts);

CID 639948: Program hangs (SLEEP)
Call to "nanosleep" might sleep while holding lock "startup->login_attempt_list->mutex".

1619 mswait(login_attempts * startup->login_attempt.throttle);
1620 }
1621
1622 /* RUN SCRIPT */
1623 if (strpbrk(service->cmd, "/\\") == NULL)
1624 SAFEPRINTF2(cmd, "%s%s", scfg.exec_dir, service->cmd);

** CID 639947: Control flow issues (DEADCODE)
/websrvr.cpp: 6533 in read_post_data(http_session_t *)()

_____________________________________________________________________________________________
*** CID 639947: Control flow issues (DEADCODE)
/websrvr.cpp: 6533 in read_post_data(http_session_t *)()
6527 if (ch_len == 0)
6528 break;
6529 /* Check size */
6530 s += ch_len;
6531 if (s > MAX_POST_LEN) {
6532 if (s > SIZE_MAX) {

CID 639947: Control flow issues (DEADCODE)
Execution cannot reach this statement: "send_error(session, 6533U, ...".

6533 send_error(session, __LINE__, "413 Request entity too large");
6534 FCLOSE_OPEN_FILE(fp); 6535 return false;
6536 }
6537 if (fp == NULL) {
6538 fp = open_post_file(session);

** CID 639946: (CHECKED_RETURN)
/js_socket.cpp: 1412 in js_recv(JSContext *, unsigned int, unsigned long *)()
/js_socket.cpp: 1415 in js_recv(JSContext *, unsigned int, unsigned long *)()

_____________________________________________________________________________________________
*** CID 639946: (CHECKED_RETURN)
/js_socket.cpp: 1412 in js_recv(JSContext *, unsigned int, unsigned long *)()
1406
1407 if ((p = (js_socket_private_t*)js_GetClassPrivate(cx, obj, &js_socket_class)) == NULL) {
1408 return JS_FALSE;
1409 }
1410
1411 if (argc && argv[0] != JSVAL_VOID) {

CID 639946: (CHECKED_RETURN)
Calling "JS_ValueToInt32" without checking return value (as is done elsewhere 236 out of 268 times).

1412 JS_ValueToInt32(cx, argv[0], &len);
1413
1414 if (argc > 1 && argv[1] != JSVAL_VOID) {
1415 JS_ValueToInt32(cx, argv[1], &timeout);
1416 }
1417 }
/js_socket.cpp: 1415 in js_recv(JSContext *, unsigned int, unsigned long *)()
1409 }
1410
1411 if (argc && argv[0] != JSVAL_VOID) {
1412 JS_ValueToInt32(cx, argv[0], &len);
1413
1414 if (argc > 1 && argv[1] != JSVAL_VOID) {

CID 639946: (CHECKED_RETURN)
Calling "JS_ValueToInt32" without checking return value (as is done elsewhere 236 out of 268 times).

1415 JS_ValueToInt32(cx, argv[1], &timeout);
1416 }
1417 }
1418
1419 if ((buf = (char*)malloc(len + 1)) == NULL) {
1420 JS_ReportError(cx, "Error allocating %u bytes", len + 1);

** CID 639945: (CHECKED_RETURN)
/js_system.cpp: 1002 in js_matchuserdata(JSContext *, unsigned int, unsigned long *)()
/js_system.cpp: 987 in js_matchuserdata(JSContext *, unsigned int, unsigned long *)()

_____________________________________________________________________________________________
*** CID 639945: (CHECKED_RETURN)
/js_system.cpp: 1002 in js_matchuserdata(JSContext *, unsigned int, unsigned long *)()
996 if ((js_str = JS_ValueToString(cx, argv[1])) == NULL)
997 return JS_FALSE;
998
999 if (argnum < argc && JSVAL_IS_BOOLEAN(argv[argnum]))
1000 JS_ValueToBoolean(cx, argv[argnum++], &match_del);
1001 if (argnum < argc && JSVAL_IS_NUMBER(argv[argnum]))

CID 639945: (CHECKED_RETURN)
Calling "JS_ValueToInt32" without checking return value (as is done elsewhere 236 out of 268 times).

1002 JS_ValueToInt32(cx, argv[argnum++], &usernumber);
1003 if (argnum < argc && JSVAL_IS_BOOLEAN(argv[argnum]))
1004 JS_ValueToBoolean(cx, argv[argnum++], &match_next); 1005
1006 JSSTRING_TO_ASTRING(cx, js_str, p, 128, NULL);
1007 if (p == NULL)
/js_system.cpp: 987 in js_matchuserdata(JSContext *, unsigned int, unsigned long *)()
981 return JS_TRUE;
982 }
983 js_system_private_t* sys;
984 if ((sys = (js_system_private_t*)js_GetClassPrivate(cx, obj, &js_system_class)) == NULL)
985 return JS_FALSE;
986

CID 639945: (CHECKED_RETURN)
Calling "JS_ValueToInt32" without checking return value (as is done elsewhere 236 out of 268 times).

987 JS_ValueToInt32(cx, argv[0], &field);
988 rc = JS_SUSPENDREQUEST(cx);
989 len = user_field_len(static_cast<user_field>(field));
990 JS_RESUMEREQUEST(cx, rc);
991 if (len < 1) {
992 JS_ReportError(cx, "Invalid user field: %d", field);

** CID 639944: Uninitialized variables (UNINIT)

_____________________________________________________________________________________________
*** CID 639944: Uninitialized variables (UNINIT)
/js_system.cpp: 2108 in js_chkpassword(JSContext *, unsigned int, unsigned long *)()
2102
2103 js_system_private_t* sys;
2104 if ((sys = (js_system_private_t*)js_GetClassPrivate(cx, obj, &js_system_class)) == NULL)
2105 return JS_FALSE;
2106
2107 rc = JS_SUSPENDREQUEST(cx);

CID 639944: Uninitialized variables (UNINIT)
Using uninitialized value "*str" when calling "check_pass".

2108 bool result = check_pass(sys->cfg, str, /* user: */NULL, /* unique: */false, /* reason: */NULL);
2109 JS_SET_RVAL(cx, arglist, BOOLEAN_TO_JSVAL(result));
2110 JS_RESUMEREQUEST(cx, rc);
2111
2112 return JS_TRUE;
2113 }

** CID 639943: (Y2K38_SAFETY)
/js_filebase.cpp: 1591 in js_filebase_get(JSContext *, JSObject *, long, unsigned long *)()
/js_filebase.cpp: 1581 in js_filebase_get(JSContext *, JSObject *, long, unsigned long *)()

_____________________________________________________________________________________________
*** CID 639943: (Y2K38_SAFETY)
/js_filebase.cpp: 1591 in js_filebase_get(JSContext *, JSObject *, long, unsigned long *)()
1585 rc = JS_SUSPENDREQUEST(cx);
1586 smb_getstatus(&(p->smb));
1587 JS_RESUMEREQUEST(cx, rc);
1588 *vp = UINT_TO_JSVAL(p->smb.status.total_files); 1589 break;
1590 case FB_PROP_UPDATE_TIME:

CID 639943: (Y2K38_SAFETY)
A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "newfiletime(&p->smb)" is cast to "uint32_t".

1591 *vp = UINT_TO_JSVAL((uint32_t)newfiletime(&p->smb));
1592 break;
1593 case FB_PROP_MAX_FILES:
1594 *vp = UINT_TO_JSVAL(p->smb.status.max_files); 1595 break;
1596 case FB_PROP_MAX_AGE:
/js_filebase.cpp: 1581 in js_filebase_get(JSContext *, JSObject *, long, unsigned long *)()
1575 smb_getstatus(&(p->smb));
1576 JS_RESUMEREQUEST(cx, rc);
1577 *vp = UINT_TO_JSVAL(p->smb.status.last_file); 1578 break;
1579 case FB_PROP_LAST_FILE_TIME:
1580 rc = JS_SUSPENDREQUEST(cx);

CID 639943: (Y2K38_SAFETY)
A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "lastfiletime(&p->smb)" is cast to "uint32_t".

1581 *vp = UINT_TO_JSVAL((uint32_t)lastfiletime(&p->smb));
1582 JS_RESUMEREQUEST(cx, rc);
1583 break;
1584 case FB_PROP_FILES:
1585 rc = JS_SUSPENDREQUEST(cx);
1586 smb_getstatus(&(p->smb));

** CID 639942: Error handling issues (CHECKED_RETURN)
/js_socket.cpp: 3624 in js_socket_constructor(JSContext *, unsigned int, unsigned long *)()

_____________________________________________________________________________________________
*** CID 639942: Error handling issues (CHECKED_RETURN)
/js_socket.cpp: 3624 in js_socket_constructor(JSContext *, unsigned int, unsigned long *)()
3618 return JS_TRUE;
3619 }
3620 }
3621
3622 for (; i < argc; i++) {
3623 if (JSVAL_IS_NUMBER(argv[i])) {

CID 639942: Error handling issues (CHECKED_RETURN)
Calling "JS_ValueToInt32" without checking return value (as is done elsewhere 236 out of 268 times).

3624 JS_ValueToInt32(cx, argv[i], &type);
3625 }
3626 else if (JSVAL_IS_BOOLEAN(argv[i])) {
3627 if (argv[i] == JSVAL_TRUE)
3628 domain = AF_INET6;
3629 }

** CID 639941: Error handling issues (CHECKED_RETURN)
/websrvr.cpp: 6856 in http_session_thread(void *)()

_____________________________________________________________________________________________
*** CID 639941: Error handling issues (CHECKED_RETURN)
/websrvr.cpp: 6856 in http_session_thread(void *)()
6850 session.tls_sess = -1;
6851 close_session_no_rb(&session);
6852 thread_down();
6853 return;
6854 }
6855 bool nodelay = true;

CID 639941: Error handling issues (CHECKED_RETURN)
Calling "setsockopt(session.socket, IPPROTO_TCP, 1, (char *)&nodelay, 1U)" without checking return value. This library function may fail and return an error code.

6856 setsockopt(session.socket, IPPROTO_TCP, TCP_NODELAY, (char*)&nodelay, sizeof(nodelay));
6857
6858 if (looking_good)
6859 looking_good = HANDLE_CRYPT_CALL(cryptSetAttribute(session.tls_sess, CRYPT_SESSINFO_TLS_OPTIONS, CRYPT_TLSOPTION_MINVER_TLS12), &session, "setting TLS minver to 1.2");
6860 if (looking_good)
6861 looking_good = HANDLE_CRYPT_CALL(cryptSetAttribute(session.tls_sess, CRYPT_SESSINFO_NETWORKSOCKET, session.socket), &session, "setting network socket");

** CID 639940: High impact quality (Y2K38_SAFETY)
/js_filebase.cpp: 701 in js_hash_file(JSContext *, unsigned int, unsigned long *)()

_____________________________________________________________________________________________
*** CID 639940: High impact quality (Y2K38_SAFETY)
/js_filebase.cpp: 701 in js_hash_file(JSContext *, unsigned int, unsigned long *)()
695 if (size == -1)
696 JS_ReportError(cx, "File does not exist: %s", path); 697 else {
698 smb_setfilesize(&file.idx, size);
699 if ((p->smb_result = smb_hashfile(path, size, &file.file_idx.hash.data)) > 0) {
700 file.file_idx.hash.flags = p->smb_result;

CID 639940: High impact quality (Y2K38_SAFETY)
A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "fdate(path)" is cast to "uint32_t".

701 file.hdr.when_written.time = (uint32_t)fdate(path);
702 JSObject* fobj;
703 if ((fobj = JS_NewObject(cx, NULL, NULL, obj)) == NULL)
704 JS_ReportError(cx, "object allocation failure, line %d", __LINE__);
705 else {
706 set_file_properties(cx, fobj, &file, detail);

** CID 639939: Memory - corruptions (REVERSE_NEGATIVE)
/websrvr.cpp: 7033 in http_session_thread(void *)()

_____________________________________________________________________________________________
*** CID 639939: Memory - corruptions (REVERSE_NEGATIVE)
/websrvr.cpp: 7033 in http_session_thread(void *)()
7027 memset(session.req.ld, 0, sizeof(struct log_data));
7028 /* FREE()d in http_logging_thread */
7029 session.req.ld->hostname = strdup(session.host_name);
7030 }
7031 while ((redirp == NULL || session.req.send_location >= MOVED_TEMP)
7032 && !session.finished && !session.req.finished >>> CID 639939: Memory - corruptions (REVERSE_NEGATIVE)

You might be using variable "session.socket" before verifying that it is >= 0.

7033 && session.socket != INVALID_SOCKET) {
7034 SAFECOPY(session.req.status, "200 OK");
7035 session.req.send_location = NO_LOCATION;
7036 if (session.req.headers == NULL) {
7037 /* FREE()d in close_request() */
7038 if ((session.req.headers = strListInit()) == NULL) {

** CID 639938: (CHECKED_RETURN)
/js_msgbase.cpp: 3037 in js_msgbase_get(JSContext *, JSObject *, long, unsigned long *)()
/js_msgbase.cpp: 3031 in js_msgbase_get(JSContext *, JSObject *, long, unsigned long *)()

_____________________________________________________________________________________________
*** CID 639938: (CHECKED_RETURN)
/js_msgbase.cpp: 3037 in js_msgbase_get(JSContext *, JSObject *, long, unsigned long *)()
3031 smb_getstatus(&(p->smb));
3032 JS_RESUMEREQUEST(cx, rc);
3033 *vp = UINT_TO_JSVAL(p->smb.status.last_msg); 3034 break;
3035 case SMB_PROP_TOTAL_MSGS:
3036 rc = JS_SUSPENDREQUEST(cx);

CID 639938: (CHECKED_RETURN)
Calling "smb_getstatus" without checking return value (as is done elsewhere 32 out of 36 times).

3037 smb_getstatus(&(p->smb));
3038 JS_RESUMEREQUEST(cx, rc);
3039 *vp = UINT_TO_JSVAL(p->smb.status.total_msgs); 3040 break;
3041 case SMB_PROP_MAX_CRCS:
3042 *vp = UINT_TO_JSVAL(p->smb.status.max_crcs); /js_msgbase.cpp: 3031 in js_msgbase_get(JSContext *, JSObject *, long, unsigned long *)()
3025 } else {
3026 *vp = UINT_TO_JSVAL(p->first_msg);
3027 }
3028 break;
3029 case SMB_PROP_LAST_MSG:
3030 rc = JS_SUSPENDREQUEST(cx);

CID 639938: (CHECKED_RETURN)
Calling "smb_getstatus" without checking return value (as is done elsewhere 32 out of 36 times).

3031 smb_getstatus(&(p->smb));
3032 JS_RESUMEREQUEST(cx, rc);
3033 *vp = UINT_TO_JSVAL(p->smb.status.last_msg); 3034 break;
3035 case SMB_PROP_TOTAL_MSGS:
3036 rc = JS_SUSPENDREQUEST(cx);

** CID 639937: Incorrect expression (PRECEDENCE_ERROR)
/js_socket.cpp: 1254 in js_sendto(JSContext *, unsigned int, unsigned long *)()

_____________________________________________________________________________________________
*** CID 639937: Incorrect expression (PRECEDENCE_ERROR) /js_socket.cpp: 1254 in js_sendto(JSContext *, unsigned int, unsigned long *)()
1248
1249 memset(&hints, 0, sizeof(hints));
1250 hints.ai_socktype = p->type;
1251 hints.ai_flags = AI_ADDRCONFIG;
1252 dbprintf(false, p, "resolving hostname: %s", p->hostname);
1253

CID 639937: Incorrect expression (PRECEDENCE_ERROR)
Evaluates as: "result = (getaddrinfo(p->hostname, NULL, &hints, &res) != 0)", because "!=" has higher operator precedence than "=". The context suggests that this might be in error.

1254 if ((result = getaddrinfo(p->hostname, NULL, &hints, &res) != 0)) {
1255 store_socket_error(p, result, gai_strerror(result)); 1256 dbprintf(TRUE, p, "getaddrinfo(%s) failed with error %d", p->hostname, result);
1257 JS_SET_RVAL(cx, arglist, JSVAL_FALSE);
1258 free(cp);
1259 JS_RESUMEREQUEST(cx, rc);

** CID 639936: Error handling issues (CHECKED_RETURN)
/js_socket.cpp: 2363 in js_socket_set(JSContext *, JSObject *, long, int, unsigned long *)()

_____________________________________________________________________________________________
*** CID 639936: Error handling issues (CHECKED_RETURN)
/js_socket.cpp: 2363 in js_socket_set(JSContext *, JSObject *, long, int, unsigned long *)()
2357
2358 if (ssl_sync(scfg, lprintf)) { 2359 if ((ret = cryptCreateSession(&p->session, CRYPT_UNUSED, tiny == SOCK_PROP_SSL_SESSION ? CRYPT_SESSION_TLS: CRYPT_SESSION_TLS_SERVER)) == CRYPT_OK) {
2360 ulong nb = 0; 2361 ioctlsocket(p->sock, FIONBIO, &nb);
2362 nb = 1;

CID 639936: Error handling issues (CHECKED_RETURN)
Calling "setsockopt(p->sock, IPPROTO_TCP, 1, (char *)&nb, 8U)" without checking return value. This library function may fail and return an error code.

2363 setsockopt(p->sock, IPPROTO_TCP, TCP_NODELAY, (char*)&nb, sizeof(nb));
2364 if ((ret = do_cryptAttribute(p->session, CRYPT_SESSINFO_NETWORKSOCKET, p->sock)) == CRYPT_OK) {
2365 int minver = CRYPT_TLSOPTION_MINVER_TLS12;
2366 if (p->tls_minver == 100)
2367 minver = CRYPT_TLSOPTION_MINVER_TLS10;
2368 else if (p->tls_minver == 101)

** CID 639935: (INTEGER_OVERFLOW)
/websrvr.cpp: 725 in sess_sendbuf(http_session_t *, const char *, unsigned long, volatile bool *)()
/websrvr.cpp: 712 in sess_sendbuf(http_session_t *, const char *, unsigned long, volatile bool *)()

_____________________________________________________________________________________________
*** CID 639935: (INTEGER_OVERFLOW)
/websrvr.cpp: 725 in sess_sendbuf(http_session_t *, const char *, unsigned long, volatile bool *)()
719 else if (SOCKET_ERRNO == EPIPE) 720 lprintf(LOG_NOTICE, "%04d %-5s [%s] Unable to send to peer", session->socket, session->client.protocol, session->host_ip);
721 #endif
722 else if (session->socket != INVALID_SOCKET)
723 lprintf(LOG_WARNING, "%04d %-5s [%s] !ERROR %d sending on socket", session->socket, session->client.protocol, session->host_ip, SOCKET_ERRNO);
724 *failed = true;

CID 639935: (INTEGER_OVERFLOW)
"sent", which might have underflowed, is returned from the function. 725 return sent;

726 }
727 }
728 }
729 else {
730 lprintf(LOG_WARNING, "%04d %-5s [%s] Timeout waiting for socket to become writable", session->socket, session->client.protocol, session->host_ip);
/websrvr.cpp: 712 in sess_sendbuf(http_session_t *, const char *, unsigned long, volatile bool *)()
706 }
707 else
708 *failed = true;
709 result = tls_sent;
710 }
711 else {

CID 639935: (INTEGER_OVERFLOW)
"len - sent", which might have underflowed, is passed to "send(session->socket, buf + sent, len - sent, 0)".

712 result = sendsocket(session->socket, buf + sent, len - sent);
713 if (result == SOCKET_ERROR) {
714 if (SOCKET_ERRNO == ECONNRESET) 715 lprintf(LOG_NOTICE, "%04d %-5s [%s] Connection reset by peer on send", session->socket, session->client.protocol, session->host_ip);
716 else if (SOCKET_ERRNO == ECONNABORTED)
717 lprintf(LOG_NOTICE, "%04d %-5s [%s] Connection aborted by peer on send", session->socket, session->client.protocol, session->host_ip);

** CID 639934: Uninitialized variables (UNINIT)
/js_user.cpp: 1279 in js_downloaded_file(JSContext *, unsigned int, unsigned long *)()

_____________________________________________________________________________________________
*** CID 639934: Uninitialized variables (UNINIT)
/js_user.cpp: 1279 in js_downloaded_file(JSContext *, unsigned int, unsigned long *)()
1273
1274 uintN argn = 0;
1275 if (argc > argn && JSVAL_IS_STRING(argv[argn])) {
1276 char *p;
1277 JSSTRING_TO_ASTRING(cx, JSVAL_TO_STRING(argv[argn]), p, LEN_EXTCODE + 2, NULL);
1278 for (dirnum = 0; dirnum < scfg->total_dirs; dirnum++) >>> CID 639934: Uninitialized variables (UNINIT)

Using uninitialized value "*p" when calling "strcasecmp".

1279 if (!stricmp(scfg->dir[dirnum]->code, p))
1280 break;
1281 argn++;
1282 }
1283 if (argc > argn && JSVAL_IS_STRING(argv[argn])) {
1284 JSSTRING_TO_ASTRING(cx, JSVAL_TO_STRING(argv[argn]), fname, MAX_PATH + 1, NULL);

** CID 639933: Error handling issues (CHECKED_RETURN)
/js_system.cpp: 1481 in js_filter_ip(JSContext *, unsigned int, unsigned long *)()

_____________________________________________________________________________________________
*** CID 639933: Error handling issues (CHECKED_RETURN)
/js_system.cpp: 1481 in js_filter_ip(JSContext *, unsigned int, unsigned long *)()
1475 js_system_private_t* sys;
1476 if ((sys = (js_system_private_t*)js_GetClassPrivate(cx, obj, &js_system_class)) == NULL)
1477 return JS_FALSE;
1478
1479 for (i = 0; i < argc && fname == NULL; i++) {
1480 if (JSVAL_IS_NUMBER(argv[i])) {

CID 639933: Error handling issues (CHECKED_RETURN)
Calling "JS_ValueToInt32" without checking return value (as is done elsewhere 236 out of 268 times).

1481 JS_ValueToInt32(cx, argv[i], &duration);
1482 continue;
1483 }
1484 if (!JSVAL_IS_STRING(argv[i]))
1485 continue;
1486 JSVALUE_TO_MSTRING(cx, argv[i], p, NULL);

** CID 639932: Error handling issues (CHECKED_RETURN)
/websrvr.cpp: 1188 in close_request(http_session_t *)()

_____________________________________________________________________________________________
*** CID 639932: Error handling issues (CHECKED_RETURN)
/websrvr.cpp: 1188 in close_request(http_session_t *)()
1182 FCLOSE_OPEN_FILE(session->req.fp);
1183
1184 for (i = 0; i < MAX_CLEANUPS; i++) {
1185 if (session->req.cleanup_file[i] != NULL) {
1186 if (i != CLEANUP_SSJS_TMP_FILE
1187 || !(startup->options & WEB_OPT_DEBUG_SSJS))

CID 639932: Error handling issues (CHECKED_RETURN)
Calling "remove(session->req.cleanup_file[i])" without checking return value. This library function may fail and return an error code.

1188 remove(session->req.cleanup_file[i]); 1189 free(session->req.cleanup_file[i]);
1190 }
1191 }
1192
1193 smb_freefilemem(&session->file);

** CID 639931: Memory - illegal accesses (OVERRUN)
/mailsrvr.cpp: 901 in sockmimetext(int, const char *, int, smbmsg_t *, char *, unsigned long, char **, char *)()

_____________________________________________________________________________________________
*** CID 639931: Memory - illegal accesses (OVERRUN)
/mailsrvr.cpp: 901 in sockmimetext(int, const char *, int, smbmsg_t *, char *, unsigned long, char **, char *)()
895 np = "\r\n"; // Send at least one line of message text (issue #822)
896 else
897 np = msgtxt;
898 long bytes = 0;
899 while (*np && lines < maxlines) {
900 len = 0;

CID 639931: Memory - illegal accesses (OVERRUN)
Overrunning array of 3 bytes at byte offset 997 by dereferencing pointer "np + len".

901 while (len < RFC822_MAX_LINE_LEN && *(np + len) != 0 && *(np + len) != '\n')
902 len++;
903
904 tlen = len;
905 while (tlen && *(np + (tlen - 1)) <= ' ') /* Takes care of '\r' or spaces */
906 tlen--;

** CID 639930: Error handling issues (CHECKED_RETURN)
/js_system.cpp: 1640 in js_put_node_message(JSContext *, unsigned int, unsigned long *)()

_____________________________________________________________________________________________
*** CID 639930: Error handling issues (CHECKED_RETURN)
/js_system.cpp: 1640 in js_put_node_message(JSContext *, unsigned int, unsigned long *)()
1634 return JS_FALSE;
1635
1636 js_system_private_t* sys;
1637 if ((sys = (js_system_private_t*)js_GetClassPrivate(cx, obj, &js_system_class)) == NULL)
1638 return JS_FALSE;
1639

CID 639930: Error handling issues (CHECKED_RETURN)
Calling "JS_ValueToInt32" without checking return value (as is done elsewhere 236 out of 268 times).

1640 JS_ValueToInt32(cx, argv[0], &node);
1641 if (node < 1)
1642 node = 1;
1643
1644 if ((js_msg = JS_ValueToString(cx, argv[1])) == NULL)
1645 return JS_FALSE;

________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://scan.coverity.com/projects/synchronet?tab=overview

----==_mimepart_693ec0347df67_815e22c07a52839ac105f0
Content-Type: text/html; charset=us-ascii
Content-Transfer-Encoding: 7bit

<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<title>New Defects Reported - Synchronet</title>
<style>
body { font-family: Arial, sans-serif; color: #222; line-height: 1.6; }
.button {
display: inline-block;
padding: 10px 20px;
margin: 20px 0;
font-size: 16px;
color: #fff !important;
background-color: #0056b3;
text-decoration: none;
border-radius: 5px;
}
pre {
background: #f8f9fa;
padding: 10px;
border-radius: 5px;
font-size: 14px;
overflow-x: auto;
}
</style>
</head>
<body>
<p>Hi,</p>

<p>
Please find the latest report on new defect(s) introduced to <strong>Synchronet</strong>
found with Coverity Scan.
</p>

<ul>
<li><strong>New Defects Found:</strong> 89</li>
<li>
88 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.
</li>
<li><strong>Defects Shown:</strong> Showing 20 of 89 defect(s)</li>
</ul>

<h3>Defect Details</h3>
<pre>
** CID 639949: Error handling issues (CHECKED_RETURN)
/websrvr.cpp: 2047 in check_ars(http_session_t *)()

_____________________________________________________________________________________________
*** CID 639949: Error handling issues (CHECKED_RETURN)
/websrvr.cpp: 2047 in check_ars(http_session_t *)()
2041 else
2042 lprintf(LOG_NOTICE, "%04d !UNKNOWN USER: '%s'"
2043 , session->socket, session->req.auth.username);
2044 return false;
2045 }
2046 thisuser.number = i;
>>> CID 639949: Error handling issues (CHECKED_RETURN) >>> Calling "getuserdat" without checking return value (as is done elsewhere 90 out of 103 times).
2047 getuserdat(&scfg, &thisuser);
2048 switch (session->req.auth.type) {
2049 case AUTHENTICATION_TLS_PSK:
2050 if ((auth_allowed & (1 << AUTHENTICATION_TLS_PSK)) == 0)
2051 return false;
2052 if (session->last_user_num != 0) {

** CID 639948: Program hangs (SLEEP)
/services.cpp: 1619 in native_service_thread(void *)()

_____________________________________________________________________________________________
*** CID 639948: Program hangs (SLEEP)
/services.cpp: 1619 in native_service_thread(void *)()
1613 client_on(socket, &client, false /* update */);
1614
1615 if (startup->login_attempt.throttle
1616 && (login_attempts = loginAttempts(startup->login_attempt_list, &service_client.addr)) > 1) {
1617 lprintf(LOG_DEBUG, "%04d %s Throttling suspicious connection from: %s (%lu login attempts)"
1618 , socket, service->protocol, client.addr, login_attempts);
>>> CID 639948: Program hangs (SLEEP)
>>> Call to "nanosleep" might sleep while holding lock "startup->login_attempt_list->mutex".
1619 mswait(login_attempts * startup->login_attempt.throttle);
1620 }
1621
1622 /* RUN SCRIPT */
1623 if (strpbrk(service->cmd, "/\\") == NULL)
1624 SAFEPRINTF2(cmd, "%s%s", scfg.exec_dir, service->cmd);

** CID 639947: Control flow issues (DEADCODE)
/websrvr.cpp: 6533 in read_post_data(http_session_t *)()

_____________________________________________________________________________________________
*** CID 639947: Control flow issues (DEADCODE)
/websrvr.cpp: 6533 in read_post_data(http_session_t *)()
6527 if (ch_len == 0)
6528 break;
6529 /* Check size */
6530 s += ch_len;
6531 if (s > MAX_POST_LEN) {
6532 if (s > SIZE_MAX) { >>> CID 639947: Control flow issues (DEADCODE) >>> Execution cannot reach this statement: "send_error(session, 6533U, ...".
6533 send_error(session, __LINE__, "413 Request entity too large");
6534 FCLOSE_OPEN_FILE(fp); 6535 return false;
6536 }
6537 if (fp == NULL) {
6538 fp = open_post_file(session);

** CID 639946: (CHECKED_RETURN)
/js_socket.cpp: 1412 in js_recv(JSContext *, unsigned int, unsigned long *)()
/js_socket.cpp: 1415 in js_recv(JSContext *, unsigned int, unsigned long *)()

_____________________________________________________________________________________________
*** CID 639946: (CHECKED_RETURN)
/js_socket.cpp: 1412 in js_recv(JSContext *, unsigned int, unsigned long *)()
1406
1407 if ((p = (js_socket_private_t*)js_GetClassPrivate(cx, obj, &js_socket_class)) == NULL) {
1408 return JS_FALSE;
1409 }
1410
1411 if (argc && argv[0] != JSVAL_VOID) {
>>> CID 639946: (CHECKED_RETURN)
>>> Calling "JS_ValueToInt32" without checking return value (as is done elsewhere 236 out of 268 times).
1412 JS_ValueToInt32(cx, argv[0], &len);
1413
1414 if (argc > 1 && argv[1] != JSVAL_VOID) { 1415 JS_ValueToInt32(cx, argv[1], &timeout); 1416 }
1417 }
/js_socket.cpp: 1415 in js_recv(JSContext *, unsigned int, unsigned long *)()
1409 }
1410
1411 if (argc && argv[0] != JSVAL_VOID) {
1412 JS_ValueToInt32(cx, argv[0], &len);
1413
1414 if (argc > 1 && argv[1] != JSVAL_VOID) { >>> CID 639946: (CHECKED_RETURN)
>>> Calling "JS_ValueToInt32" without checking return value (as is done elsewhere 236 out of 268 times).
1415 JS_ValueToInt32(cx, argv[1], &timeout); 1416 }
1417 }
1418
1419 if ((buf = (char*)malloc(len + 1)) == NULL) {
1420 JS_ReportError(cx, "Error allocating %u bytes", len + 1);

** CID 639945: (CHECKED_RETURN)
/js_system.cpp: 1002 in js_matchuserdata(JSContext *, unsigned int, unsigned long *)()
/js_system.cpp: 987 in js_matchuserdata(JSContext *, unsigned int, unsigned long *)()

_____________________________________________________________________________________________
*** CID 639945: (CHECKED_RETURN)
/js_system.cpp: 1002 in js_matchuserdata(JSContext *, unsigned int, unsigned long *)()
996 if ((js_str = JS_ValueToString(cx, argv[1])) == NULL)
997 return JS_FALSE;
998
999 if (argnum < argc && JSVAL_IS_BOOLEAN(argv[argnum])) 1000 JS_ValueToBoolean(cx, argv[argnum++], &match_del); 1001 if (argnum < argc && JSVAL_IS_NUMBER(argv[argnum])) >>> CID 639945: (CHECKED_RETURN)
>>> Calling "JS_ValueToInt32" without checking return value (as is done elsewhere 236 out of 268 times).
1002 JS_ValueToInt32(cx, argv[argnum++], &usernumber); 1003 if (argnum < argc && JSVAL_IS_BOOLEAN(argv[argnum])) 1004 JS_ValueToBoolean(cx, argv[argnum++], &match_next); 1005
1006 JSSTRING_TO_ASTRING(cx, js_str, p, 128, NULL);
1007 if (p == NULL)
/js_system.cpp: 987 in js_matchuserdata(JSContext *, unsigned int, unsigned long *)()
981 return JS_TRUE;
982 }
983 js_system_private_t* sys;
984 if ((sys = (js_system_private_t*)js_GetClassPrivate(cx, obj, &js_system_class)) == NULL)
985 return JS_FALSE;
986
>>> CID 639945: (CHECKED_RETURN)
>>> Calling "JS_ValueToInt32" without checking return value (as is done elsewhere 236 out of 268 times).
987 JS_ValueToInt32(cx, argv[0], &field);
988 rc = JS_SUSPENDREQUEST(cx);
989 len = user_field_len(static_cast<user_field>(field));
990 JS_RESUMEREQUEST(cx, rc);
991 if (len < 1) {
992 JS_ReportError(cx, "Invalid user field: %d", field);

** CID 639944: Uninitialized variables (UNINIT)

_____________________________________________________________________________________________
*** CID 639944: Uninitialized variables (UNINIT)
/js_system.cpp: 2108 in js_chkpassword(JSContext *, unsigned int, unsigned long *)()
2102
2103 js_system_private_t* sys;
2104 if ((sys = (js_system_private_t*)js_GetClassPrivate(cx, obj, &js_system_class)) == NULL)
2105 return JS_FALSE;
2106
2107 rc = JS_SUSPENDREQUEST(cx);
>>> CID 639944: Uninitialized variables (UNINIT) >>> Using uninitialized value "*str" when calling "check_pass".
2108 bool result = check_pass(sys->cfg, str, /* user: */NULL, /* unique: */false, /* reason: */NULL);
2109 JS_SET_RVAL(cx, arglist, BOOLEAN_TO_JSVAL(result));
2110 JS_RESUMEREQUEST(cx, rc);
2111
2112 return JS_TRUE;
2113 }

** CID 639943: (Y2K38_SAFETY)
/js_filebase.cpp: 1591 in js_filebase_get(JSContext *, JSObject *, long, unsigned long *)()
/js_filebase.cpp: 1581 in js_filebase_get(JSContext *, JSObject *, long, unsigned long *)()

_____________________________________________________________________________________________
*** CID 639943: (Y2K38_SAFETY)
/js_filebase.cpp: 1591 in js_filebase_get(JSContext *, JSObject *, long, unsigned long *)()
1585 rc = JS_SUSPENDREQUEST(cx);
1586 smb_getstatus(&(p->smb));
1587 JS_RESUMEREQUEST(cx, rc);
1588 *vp = UINT_TO_JSVAL(p->smb.status.total_files);
1589 break;
1590 case FB_PROP_UPDATE_TIME:
>>> CID 639943: (Y2K38_SAFETY)
>>> A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "newfiletime(&p->smb)" is cast to "uint32_t".
1591 *vp = UINT_TO_JSVAL((uint32_t)newfiletime(&p->smb));
1592 break;
1593 case FB_PROP_MAX_FILES:
1594 *vp = UINT_TO_JSVAL(p->smb.status.max_files);
1595 break;
1596 case FB_PROP_MAX_AGE:
/js_filebase.cpp: 1581 in js_filebase_get(JSContext *, JSObject *, long, unsigned long *)()
1575 smb_getstatus(&(p->smb));
1576 JS_RESUMEREQUEST(cx, rc);
1577 *vp = UINT_TO_JSVAL(p->smb.status.last_file);
1578 break;
1579 case FB_PROP_LAST_FILE_TIME:
1580 rc = JS_SUSPENDREQUEST(cx);
>>> CID 639943: (Y2K38_SAFETY)
>>> A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "lastfiletime(&p->smb)" is cast to "uint32_t".
1581 *vp = UINT_TO_JSVAL((uint32_t)lastfiletime(&p->smb));
1582 JS_RESUMEREQUEST(cx, rc);
1583 break;
1584 case FB_PROP_FILES:
1585 rc = JS_SUSPENDREQUEST(cx);
1586 smb_getstatus(&(p->smb));

** CID 639942: Error handling issues (CHECKED_RETURN)
/js_socket.cpp: 3624 in js_socket_constructor(JSContext *, unsigned int, unsigned long *)()

_____________________________________________________________________________________________
*** CID 639942: Error handling issues (CHECKED_RETURN)
/js_socket.cpp: 3624 in js_socket_constructor(JSContext *, unsigned int, unsigned long *)()
3618 return JS_TRUE;
3619 }
3620 }
3621
3622 for (; i < argc; i++) {
3623 if (JSVAL_IS_NUMBER(argv[i])) {
>>> CID 639942: Error handling issues (CHECKED_RETURN) >>> Calling "JS_ValueToInt32" without checking return value (as is done elsewhere 236 out of 268 times).
3624 JS_ValueToInt32(cx, argv[i], &type);
3625 }
3626 else if (JSVAL_IS_BOOLEAN(argv[i])) {
3627 if (argv[i] == JSVAL_TRUE)
3628 domain = AF_INET6;
3629 }

** CID 639941: Error handling issues (CHECKED_RETURN)
/websrvr.cpp: 6856 in http_session_thread(void *)()

_____________________________________________________________________________________________
*** CID 639941: Error handling issues (CHECKED_RETURN)
/websrvr.cpp: 6856 in http_session_thread(void *)()
6850 session.tls_sess = -1;
6851 close_session_no_rb(&session);
6852 thread_down();
6853 return;
6854 }
6855 bool nodelay = true;
>>> CID 639941: Error handling issues (CHECKED_RETURN) >>> Calling "setsockopt(session.socket, IPPROTO_TCP, 1, (char *)&nodelay, 1U)" without checking return value. This library function may fail and return an error code.
6856 setsockopt(session.socket, IPPROTO_TCP, TCP_NODELAY, (char*)&nodelay, sizeof(nodelay));
6857
6858 if (looking_good)
6859 looking_good = HANDLE_CRYPT_CALL(cryptSetAttribute(session.tls_sess, CRYPT_SESSINFO_TLS_OPTIONS, CRYPT_TLSOPTION_MINVER_TLS12), &session, "setting TLS minver to 1.2");
6860 if (looking_good)
6861 looking_good = HANDLE_CRYPT_CALL(cryptSetAttribute(session.tls_sess, CRYPT_SESSINFO_NETWORKSOCKET, session.socket), &session, "setting network socket");

** CID 639940: High impact quality (Y2K38_SAFETY)
/js_filebase.cpp: 701 in js_hash_file(JSContext *, unsigned int, unsigned long *)()

_____________________________________________________________________________________________
*** CID 639940: High impact quality (Y2K38_SAFETY)
/js_filebase.cpp: 701 in js_hash_file(JSContext *, unsigned int, unsigned long *)()
695 if (size == -1)
696 JS_ReportError(cx, "File does not exist: %s", path);
697 else {
698 smb_setfilesize(&file.idx, size);
699 if ((p->smb_result = smb_hashfile(path, size, &file.file_idx.hash.data)) > 0) {
700 file.file_idx.hash.flags = p->smb_result; >>> CID 639940: High impact quality (Y2K38_SAFETY) >>> A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "fdate(path)" is cast to "uint32_t".
701 file.hdr.when_written.time = (uint32_t)fdate(path);
702 JSObject* fobj;
703 if ((fobj = JS_NewObject(cx, NULL, NULL, obj)) == NULL)
704 JS_ReportError(cx, "object allocation failure, line %d", __LINE__);
705 else {
706 set_file_properties(cx, fobj, &file, detail);

** CID 639939: Memory - corruptions (REVERSE_NEGATIVE)
/websrvr.cpp: 7033 in http_session_thread(void *)()

_____________________________________________________________________________________________
*** CID 639939: Memory - corruptions (REVERSE_NEGATIVE)
/websrvr.cpp: 7033 in http_session_thread(void *)()
7027 memset(session.req.ld, 0, sizeof(struct log_data));
7028 /* FREE()d in http_logging_thread */
7029 session.req.ld->hostname = strdup(session.host_name);
7030 }
7031 while ((redirp == NULL || session.req.send_location >= MOVED_TEMP)
7032 && !session.finished && !session.req.finished
>>> CID 639939: Memory - corruptions (REVERSE_NEGATIVE) >>> You might be using variable "session.socket" before verifying that it is >= 0.
7033 && session.socket != INVALID_SOCKET) { 7034 SAFECOPY(session.req.status, "200 OK");
7035 session.req.send_location = NO_LOCATION;
7036 if (session.req.headers == NULL) {
7037 /* FREE()d in close_request() */
7038 if ((session.req.headers = strListInit()) == NULL) {

** CID 639938: (CHECKED_RETURN)
/js_msgbase.cpp: 3037 in js_msgbase_get(JSContext *, JSObject *, long, unsigned long *)()
/js_msgbase.cpp: 3031 in js_msgbase_get(JSContext *, JSObject *, long, unsigned long *)()

_____________________________________________________________________________________________
*** CID 639938: (CHECKED_RETURN)
/js_msgbase.cpp: 3037 in js_msgbase_get(JSContext *, JSObject *, long, unsigned long *)()
3031 smb_getstatus(&(p->smb));
3032 JS_RESUMEREQUEST(cx, rc);
3033 *vp = UINT_TO_JSVAL(p->smb.status.last_msg); 3034 break;
3035 case SMB_PROP_TOTAL_MSGS:
3036 rc = JS_SUSPENDREQUEST(cx);
>>> CID 639938: (CHECKED_RETURN)
>>> Calling "smb_getstatus" without checking return value (as is done elsewhere 32 out of 36 times).
3037 smb_getstatus(&(p->smb));
3038 JS_RESUMEREQUEST(cx, rc);
3039 *vp = UINT_TO_JSVAL(p->smb.status.total_msgs);
3040 break;
3041 case SMB_PROP_MAX_CRCS:
3042 *vp = UINT_TO_JSVAL(p->smb.status.max_crcs); /js_msgbase.cpp: 3031 in js_msgbase_get(JSContext *, JSObject *, long, unsigned long *)()
3025 } else {
3026 *vp = UINT_TO_JSVAL(p->first_msg); 3027 }
3028 break;
3029 case SMB_PROP_LAST_MSG:
3030 rc = JS_SUSPENDREQUEST(cx);
>>> CID 639938: (CHECKED_RETURN)
>>> Calling "smb_getstatus" without checking return value (as is done elsewhere 32 out of 36 times).
3031 smb_getstatus(&(p->smb));
3032 JS_RESUMEREQUEST(cx, rc);
3033 *vp = UINT_TO_JSVAL(p->smb.status.last_msg); 3034 break;
3035 case SMB_PROP_TOTAL_MSGS:
3036 rc = JS_SUSPENDREQUEST(cx);

** CID 639937: Incorrect expression (PRECEDENCE_ERROR)
/js_socket.cpp: 1254 in js_sendto(JSContext *, unsigned int, unsigned long *)()

_____________________________________________________________________________________________
*** CID 639937: Incorrect expression (PRECEDENCE_ERROR) /js_socket.cpp: 1254 in js_sendto(JSContext *, unsigned int, unsigned long *)()
1248
1249 memset(&hints, 0, sizeof(hints));
1250 hints.ai_socktype = p->type;
1251 hints.ai_flags = AI_ADDRCONFIG;
1252 dbprintf(false, p, "resolving hostname: %s", p->hostname);
1253
>>> CID 639937: Incorrect expression (PRECEDENCE_ERROR) >>> Evaluates as: "result = (getaddrinfo(p->hostname, NULL, &hints, &res) != 0)", because "!=" has higher operator precedence than "=". The context suggests that this might be in error.
1254 if ((result = getaddrinfo(p->hostname, NULL, &hints, &res) != 0)) {
1255 store_socket_error(p, result, gai_strerror(result)); 1256 dbprintf(TRUE, p, "getaddrinfo(%s) failed with error %d", p->hostname, result);
1257 JS_SET_RVAL(cx, arglist, JSVAL_FALSE);
1258 free(cp);
1259 JS_RESUMEREQUEST(cx, rc);

** CID 639936: Error handling issues (CHECKED_RETURN)
/js_socket.cpp: 2363 in js_socket_set(JSContext *, JSObject *, long, int, unsigned long *)()

_____________________________________________________________________________________________
*** CID 639936: Error handling issues (CHECKED_RETURN)
/js_socket.cpp: 2363 in js_socket_set(JSContext *, JSObject *, long, int, unsigned long *)()
2357
2358 if (ssl_sync(scfg, lprintf)) { 2359 if ((ret = cryptCreateSession(&p->session, CRYPT_UNUSED, tiny == SOCK_PROP_SSL_SESSION ? CRYPT_SESSION_TLS: CRYPT_SESSION_TLS_SERVER)) == CRYPT_OK) {
2360 ulong nb = 0; 2361 ioctlsocket(p->sock, FIONBIO, &nb);
2362 nb = 1; >>> CID 639936: Error handling issues (CHECKED_RETURN) >>> Calling "setsockopt(p->sock, IPPROTO_TCP, 1, (char *)&nb, 8U)" without checking return value. This library function may fail and return an error code.
2363 setsockopt(p->sock, IPPROTO_TCP, TCP_NODELAY, (char*)&nb, sizeof(nb));
2364 if ((ret = do_cryptAttribute(p->session, CRYPT_SESSINFO_NETWORKSOCKET, p->sock)) == CRYPT_OK) {
2365 int minver = CRYPT_TLSOPTION_MINVER_TLS12;
2366 if (p->tls_minver == 100)
2367 minver = CRYPT_TLSOPTION_MINVER_TLS10;
2368 else if (p->tls_minver == 101)

** CID 639935: (INTEGER_OVERFLOW)
/websrvr.cpp: 725 in sess_sendbuf(http_session_t *, const char *, unsigned long, volatile bool *)()
/websrvr.cpp: 712 in sess_sendbuf(http_session_t *, const char *, unsigned long, volatile bool *)()

_____________________________________________________________________________________________
*** CID 639935: (INTEGER_OVERFLOW)
/websrvr.cpp: 725 in sess_sendbuf(http_session_t *, const char *, unsigned long, volatile bool *)()
719 else if (SOCKET_ERRNO == EPIPE) 720 lprintf(LOG_NOTICE, "%04d %-5s [%s] Unable to send to peer", session->socket, session->client.protocol, session->host_ip);
721 #endif
722 else if (session->socket != INVALID_SOCKET)
723 lprintf(LOG_WARNING, "%04d %-5s [%s] !ERROR %d sending on socket", session->socket, session->client.protocol, session->host_ip, SOCKET_ERRNO);
724 *failed = true;
>>> CID 639935: (INTEGER_OVERFLOW)
>>> "sent", which might have underflowed, is returned from the function.
725 return sent;
726 }
727 }
728 }
729 else {
730 lprintf(LOG_WARNING, "%04d %-5s [%s] Timeout waiting for socket to become writable", session->socket, session->client.protocol, session->host_ip);
/websrvr.cpp: 712 in sess_sendbuf(http_session_t *, const char *, unsigned long, volatile bool *)()
706 }
707 else
708 *failed = true;
709 result = tls_sent;
710 }
711 else {
>>> CID 639935: (INTEGER_OVERFLOW)
>>> "len - sent", which might have underflowed, is passed to "send(session->socket, buf + sent, len - sent, 0)".
712 result = sendsocket(session->socket, buf + sent, len - sent);
713 if (result == SOCKET_ERROR) {
714 if (SOCKET_ERRNO == ECONNRESET) 715 lprintf(LOG_NOTICE, "%04d %-5s [%s] Connection reset by peer on send", session->socket, session->client.protocol, session->host_ip);
716 else if (SOCKET_ERRNO == ECONNABORTED)
717 lprintf(LOG_NOTICE, "%04d %-5s [%s] Connection aborted by peer on send", session->socket, session->client.protocol, session->host_ip);

** CID 639934: Uninitialized variables (UNINIT)
/js_user.cpp: 1279 in js_downloaded_file(JSContext *, unsigned int, unsigned long *)()

_____________________________________________________________________________________________
*** CID 639934: Uninitialized variables (UNINIT)
/js_user.cpp: 1279 in js_downloaded_file(JSContext *, unsigned int, unsigned long *)()
1273
1274 uintN argn = 0;
1275 if (argc > argn && JSVAL_IS_STRING(argv[argn])) { 1276 char *p;
1277 JSSTRING_TO_ASTRING(cx, JSVAL_TO_STRING(argv[argn]), p, LEN_EXTCODE + 2, NULL);
1278 for (dirnum = 0; dirnum < scfg->total_dirs; dirnum++)
>>> CID 639934: Uninitialized variables (UNINIT) >>> Using uninitialized value "*p" when calling "strcasecmp".
1279 if (!stricmp(scfg->dir[dirnum]->code, p)) 1280 break;
1281 argn++;
1282 }
1283 if (argc > argn && JSVAL_IS_STRING(argv[argn])) { 1284 JSSTRING_TO_ASTRING(cx, JSVAL_TO_STRING(argv[argn]), fname, MAX_PATH + 1, NULL);

** CID 639933: Error handling issues (CHECKED_RETURN)
/js_system.cpp: 1481 in js_filter_ip(JSContext *, unsigned int, unsigned long *)()

_____________________________________________________________________________________________
*** CID 639933: Error handling issues (CHECKED_RETURN)
/js_system.cpp: 1481 in js_filter_ip(JSContext *, unsigned int, unsigned long *)()
1475 js_system_private_t* sys;
1476 if ((sys = (js_system_private_t*)js_GetClassPrivate(cx, obj, &js_system_class)) == NULL)
1477 return JS_FALSE;
1478
1479 for (i = 0; i < argc && fname == NULL; i++) {
1480 if (JSVAL_IS_NUMBER(argv[i])) {
>>> CID 639933: Error handling issues (CHECKED_RETURN) >>> Calling "JS_ValueToInt32" without checking return value (as is done elsewhere 236 out of 268 times).
1481 JS_ValueToInt32(cx, argv[i], &duration); 1482 continue;
1483 }
1484 if (!JSVAL_IS_STRING(argv[i]))
1485 continue;
1486 JSVALUE_TO_MSTRING(cx, argv[i], p, NULL);

** CID 639932: Error handling issues (CHECKED_RETURN)
/websrvr.cpp: 1188 in close_request(http_session_t *)()

_____________________________________________________________________________________________
*** CID 639932: Error handling issues (CHECKED_RETURN)
/websrvr.cpp: 1188 in close_request(http_session_t *)()
1182 FCLOSE_OPEN_FILE(session->req.fp);
1183
1184 for (i = 0; i < MAX_CLEANUPS; i++) {
1185 if (session->req.cleanup_file[i] != NULL) {
1186 if (i != CLEANUP_SSJS_TMP_FILE
1187 || !(startup->options & WEB_OPT_DEBUG_SSJS))
>>> CID 639932: Error handling issues (CHECKED_RETURN) >>> Calling "remove(session->req.cleanup_file[i])" without checking return value. This library function may fail and return an error code.
1188 remove(session->req.cleanup_file[i]);
1189 free(session->req.cleanup_file[i]);
1190 }
1191 }
1192
1193 smb_freefilemem(&session->file);

** CID 639931: Memory - illegal accesses (OVERRUN)
/mailsrvr.cpp: 901 in sockmimetext(int, const char *, int, smbmsg_t *, char *, unsigned long, char **, char *)()

_____________________________________________________________________________________________
*** CID 639931: Memory - illegal accesses (OVERRUN)
/mailsrvr.cpp: 901 in sockmimetext(int, const char *, int, smbmsg_t *, char *, unsigned long, char **, char *)()
895 np = "\r\n"; // Send at least one line of message text (issue #822)
896 else
897 np = msgtxt;
898 long bytes = 0;
899 while (*np && lines < maxlines) {
900 len = 0;
>>> CID 639931: Memory - illegal accesses (OVERRUN) >>> Overrunning array of 3 bytes at byte offset 997 by dereferencing pointer "np + len".
901 while (len < RFC822_MAX_LINE_LEN && *(np + len) != 0 && *(np + len) != '\n')
902 len++;
903
904 tlen = len;
905 while (tlen && *(np + (tlen - 1)) <= ' ') /* Takes care of '\r' or spaces */
906 tlen--;

** CID 639930: Error handling issues (CHECKED_RETURN)
/js_system.cpp: 1640 in js_put_node_message(JSContext *, unsigned int, unsigned long *)()

_____________________________________________________________________________________________
*** CID 639930: Error handling issues (CHECKED_RETURN)
/js_system.cpp: 1640 in js_put_node_message(JSContext *, unsigned int, unsigned long *)()
1634 return JS_FALSE;
1635
1636 js_system_private_t* sys;
1637 if ((sys = (js_system_private_t*)js_GetClassPrivate(cx, obj, &js_system_class)) == NULL)
1638 return JS_FALSE;
1639
>>> CID 639930: Error handling issues (CHECKED_RETURN) >>> Calling "JS_ValueToInt32" without checking return value (as is done elsewhere 236 out of 268 times).
1640 JS_ValueToInt32(cx, argv[0], &node);
1641 if (node < 1)
1642 node = 1;
1643
1644 if ((js_msg = JS_ValueToString(cx, argv[1])) == NULL)
1645 return JS_FALSE;

</pre>

<p>
<a href="https://scan.coverity.com/projects/synchronet?tab=overview" class="button">View Defects in Coverity Scan</a>
</p>

<p>Best regards,</p>
<p>The Coverity Scan Admin Team</p>
<img class="logo" width="140" src="https://scan.coverity.com/assets/BlackDuckLogo-6697adc63e07340464201a2ad534d3d3e44f95d36edda20b140440d34f05372f.svg" />
</body>
</html>
----==_mimepart_693ec0347df67_815e22c07a52839ac105f0--

--- SBBSecho 3.33-Linux
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

From scan-admin@coverity.com@1:103/705 to All on Fri Dec 19 13:45:09 2025

----==_mimepart_694556e537c80_cf6232c07a52839ac1056
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

1 new defect(s) introduced to Synchronet found with Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 1 of 1 defect(s)

** CID 640043: (USE_AFTER_FREE)
/js_socket.cpp: 3566 in js_listening_socket_constructor(JSContext *, unsigned int, unsigned long *)()
/js_socket.cpp: 3540 in js_listening_socket_constructor(JSContext *, unsigned int, unsigned long *)()
/js_socket.cpp: 3593 in js_listening_socket_constructor(JSContext *, unsigned int, unsigned long *)()

_____________________________________________________________________________________________
*** CID 640043: (USE_AFTER_FREE)
/js_socket.cpp: 3566 in js_listening_socket_constructor(JSContext *, unsigned int, unsigned long *)()
3560 }
3561
3562 if (!js_DefineSocketOptionsArray(cx, obj, type)) {
3563 JS_ReportError(cx, "js_DefineSocketOptionsArray failed");
3564 xpms_destroy(set, sock_close_cb, nullptr);
3565 free(p);

CID 640043: (USE_AFTER_FREE)
Calling "free" frees pointer "set" which has already been freed.

3566 free(set);
3567 return JS_FALSE;
3568 }
3569
3570 #ifdef BUILD_JSDOCS
3571 js_DescribeSyncObject(cx, obj, "Class used for incoming TCP/IP socket communications", 317);
/js_socket.cpp: 3540 in js_listening_socket_constructor(JSContext *, unsigned int, unsigned long *)()
3534 JS_SET_RVAL(cx, arglist, OBJECT_TO_JSVAL(obj));
3535
3536 if ((p = (js_socket_private_t*)malloc(sizeof(js_socket_private_t))) == NULL) {
3537 JS_ReportError(cx, "malloc failed");
3538 free(protocol);
3539 xpms_destroy(set, sock_close_cb, nullptr);

CID 640043: (USE_AFTER_FREE)
Calling "free" frees pointer "set" which has already been freed.

3540 free(set);
3541 return JS_FALSE;
3542 }
3543 memset(p, 0, sizeof(js_socket_private_t));
3544 p->type = type;
3545 p->set = set;
/js_socket.cpp: 3593 in js_listening_socket_constructor(JSContext *, unsigned int, unsigned long *)()
3587
3588 return JS_TRUE;
3589
3590 fail:
3591 xpms_destroy(set, sock_close_cb, nullptr);
3592 free(protocol);

CID 640043: (USE_AFTER_FREE)
Calling "free" frees pointer "set" which has already been freed.

3593 free(set);
3594 return JS_FALSE;
3595 }
3596
3597 static JSBool
3598 js_socket_constructor(JSContext *cx, uintN argc, jsval *arglist)

________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://scan.coverity.com/projects/synchronet?tab=overview

----==_mimepart_694556e537c80_cf6232c07a52839ac1056
Content-Type: text/html; charset=us-ascii
Content-Transfer-Encoding: 7bit

<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<title>New Defects Reported - Synchronet</title>
<style>
body { font-family: Arial, sans-serif; color: #222; line-height: 1.6; }
.button {
display: inline-block;
padding: 10px 20px;
margin: 20px 0;
font-size: 16px;
color: #fff !important;
background-color: #0056b3;
text-decoration: none;
border-radius: 5px;
}
pre {
background: #f8f9fa;
padding: 10px;
border-radius: 5px;
font-size: 14px;
overflow-x: auto;
}
</style>
</head>
<body>
<p>Hi,</p>

<p>
Please find the latest report on new defect(s) introduced to <strong>Synchronet</strong>
found with Coverity Scan.
</p>

<ul>
<li><strong>New Defects Found:</strong> 1</li>
<li><strong>Defects Shown:</strong> Showing 1 of 1 defect(s)</li>
</ul>

<h3>Defect Details</h3>
<pre>
** CID 640043: (USE_AFTER_FREE)
/js_socket.cpp: 3566 in js_listening_socket_constructor(JSContext *, unsigned int, unsigned long *)()
/js_socket.cpp: 3540 in js_listening_socket_constructor(JSContext *, unsigned int, unsigned long *)()
/js_socket.cpp: 3593 in js_listening_socket_constructor(JSContext *, unsigned int, unsigned long *)()

_____________________________________________________________________________________________
*** CID 640043: (USE_AFTER_FREE)
/js_socket.cpp: 3566 in js_listening_socket_constructor(JSContext *, unsigned int, unsigned long *)()
3560 }
3561
3562 if (!js_DefineSocketOptionsArray(cx, obj, type)) {
3563 JS_ReportError(cx, "js_DefineSocketOptionsArray failed");
3564 xpms_destroy(set, sock_close_cb, nullptr);
3565 free(p);
>>> CID 640043: (USE_AFTER_FREE)
>>> Calling "free" frees pointer "set" which has already been freed.
3566 free(set);
3567 return JS_FALSE;
3568 }
3569
3570 #ifdef BUILD_JSDOCS
3571 js_DescribeSyncObject(cx, obj, "Class used for incoming TCP/IP socket communications", 317);
/js_socket.cpp: 3540 in js_listening_socket_constructor(JSContext *, unsigned int, unsigned long *)()
3534 JS_SET_RVAL(cx, arglist, OBJECT_TO_JSVAL(obj));
3535
3536 if ((p = (js_socket_private_t*)malloc(sizeof(js_socket_private_t))) == NULL) {
3537 JS_ReportError(cx, "malloc failed");
3538 free(protocol);
3539 xpms_destroy(set, sock_close_cb, nullptr);
>>> CID 640043: (USE_AFTER_FREE)
>>> Calling "free" frees pointer "set" which has already been freed.
3540 free(set);
3541 return JS_FALSE;
3542 }
3543 memset(p, 0, sizeof(js_socket_private_t));
3544 p->type = type;
3545 p->set = set;
/js_socket.cpp: 3593 in js_listening_socket_constructor(JSContext *, unsigned int, unsigned long *)()
3587
3588 return JS_TRUE;
3589
3590 fail:
3591 xpms_destroy(set, sock_close_cb, nullptr);
3592 free(protocol);
>>> CID 640043: (USE_AFTER_FREE)
>>> Calling "free" frees pointer "set" which has already been freed.
3593 free(set);
3594 return JS_FALSE;
3595 }
3596
3597 static JSBool
3598 js_socket_constructor(JSContext *cx, uintN argc, jsval *arglist)

</pre>

<p>
<a href="https://scan.coverity.com/projects/synchronet?tab=overview" class="button">View Defects in Coverity Scan</a>
</p>

<p>Best regards,</p>
<p>The Coverity Scan Admin Team</p>
<img class="logo" width="140" src="https://scan.coverity.com/assets/BlackDuckLogo-6697adc63e07340464201a2ad534d3d3e44f95d36edda20b140440d34f05372f.svg" />
</body>
</html>
----==_mimepart_694556e537c80_cf6232c07a52839ac1056--

--- SBBSecho 3.33-Linux
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

From scan-admin@coverity.com@1:103/705 to All on Sat Dec 27 13:44:41 2025

----==_mimepart_694fe2c8bcbb0_14b1952c2daae15998453b2
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

1 new defect(s) introduced to Synchronet found with Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 1 of 1 defect(s)

** CID 640112: (RESOURCE_LEAK)
/js_bbs.cpp: 1875 in js_logline(JSContext *, unsigned int, unsigned long *)()
/js_bbs.cpp: 1880 in js_logline(JSContext *, unsigned int, unsigned long *)()

_____________________________________________________________________________________________
*** CID 640112: (RESOURCE_LEAK)
/js_bbs.cpp: 1875 in js_logline(JSContext *, unsigned int, unsigned long *)()
1869
1870 JSSTRING_TO_MSTRING(cx, js_str, code, NULL);
1871 if (code == NULL)
1872 return JS_FALSE;
1873
1874 if ((js_str = JS_ValueToString(cx, argv[argn])) == NULL)

CID 640112: (RESOURCE_LEAK)
Variable "code" going out of scope leaks the storage it points to.

1875 return JS_FALSE;
1876 argn++;
1877
1878 JSSTRING_TO_MSTRING(cx, js_str, str, NULL);
1879 if (str == NULL)
1880 return JS_FALSE;
/js_bbs.cpp: 1880 in js_logline(JSContext *, unsigned int, unsigned long *)()
1874 if ((js_str = JS_ValueToString(cx, argv[argn])) == NULL)
1875 return JS_FALSE;
1876 argn++;
1877
1878 JSSTRING_TO_MSTRING(cx, js_str, str, NULL);
1879 if (str == NULL)

CID 640112: (RESOURCE_LEAK)
Variable "code" going out of scope leaks the storage it points to.

1880 return JS_FALSE;
1881
1882 rc = JS_SUSPENDREQUEST(cx);
1883 sbbs->logline(level, code, str);
1884 free(code);
1885 free(str);

________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://scan.coverity.com/projects/synchronet?tab=overview

----==_mimepart_694fe2c8bcbb0_14b1952c2daae15998453b2
Content-Type: text/html; charset=us-ascii
Content-Transfer-Encoding: 7bit

<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<title>New Defects Reported - Synchronet</title>
<style>
body { font-family: Arial, sans-serif; color: #222; line-height: 1.6; }
.button {
display: inline-block;
padding: 10px 20px;
margin: 20px 0;
font-size: 16px;
color: #fff !important;
background-color: #0056b3;
text-decoration: none;
border-radius: 5px;
}
pre {
background: #f8f9fa;
padding: 10px;
border-radius: 5px;
font-size: 14px;
overflow-x: auto;
}
</style>
</head>
<body>
<p>Hi,</p>

<p>
Please find the latest report on new defect(s) introduced to <strong>Synchronet</strong>
found with Coverity Scan.
</p>

<ul>
<li><strong>New Defects Found:</strong> 1</li>
<li><strong>Defects Shown:</strong> Showing 1 of 1 defect(s)</li>
</ul>

<h3>Defect Details</h3>
<pre>
** CID 640112: (RESOURCE_LEAK)
/js_bbs.cpp: 1875 in js_logline(JSContext *, unsigned int, unsigned long *)()
/js_bbs.cpp: 1880 in js_logline(JSContext *, unsigned int, unsigned long *)()

_____________________________________________________________________________________________
*** CID 640112: (RESOURCE_LEAK)
/js_bbs.cpp: 1875 in js_logline(JSContext *, unsigned int, unsigned long *)()
1869
1870 JSSTRING_TO_MSTRING(cx, js_str, code, NULL);
1871 if (code == NULL)
1872 return JS_FALSE;
1873
1874 if ((js_str = JS_ValueToString(cx, argv[argn])) == NULL) >>> CID 640112: (RESOURCE_LEAK)
>>> Variable "code" going out of scope leaks the storage it points to.
1875 return JS_FALSE;
1876 argn++;
1877
1878 JSSTRING_TO_MSTRING(cx, js_str, str, NULL);
1879 if (str == NULL)
1880 return JS_FALSE;
/js_bbs.cpp: 1880 in js_logline(JSContext *, unsigned int, unsigned long *)()
1874 if ((js_str = JS_ValueToString(cx, argv[argn])) == NULL)
1875 return JS_FALSE;
1876 argn++;
1877
1878 JSSTRING_TO_MSTRING(cx, js_str, str, NULL);
1879 if (str == NULL)
>>> CID 640112: (RESOURCE_LEAK)
>>> Variable "code" going out of scope leaks the storage it points to.
1880 return JS_FALSE;
1881
1882 rc = JS_SUSPENDREQUEST(cx);
1883 sbbs->logline(level, code, str);
1884 free(code);
1885 free(str);

</pre>

<p>
<a href="https://scan.coverity.com/projects/synchronet?tab=overview" class="button">View Defects in Coverity Scan</a>
</p>

<p>Best regards,</p>
<p>The Coverity Scan Admin Team</p>
<img class="logo" width="140" src="https://scan.coverity.com/assets/BlackDuckLogo-6697adc63e07340464201a2ad534d3d3e44f95d36edda20b140440d34f05372f.svg" />
</body>
</html>
----==_mimepart_694fe2c8bcbb0_14b1952c2daae15998453b2--

--- SBBSecho 3.34-Linux
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

From scan-admin@coverity.com@1:103/705 to All on Wed Dec 31 13:45:24 2025

----==_mimepart_695528f458f41_188c5a2c2daae1599845314
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

1 new defect(s) introduced to Synchronet found with Coverity Scan.
4 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 1 of 1 defect(s)

** CID 640333: (NEGATIVE_RETURNS)
/writemsg.cpp: 463 in sbbs_t::writemsg(const char *, const char *, char *, int, int, const char *, const char *, const char **, const char **)()
/writemsg.cpp: 428 in sbbs_t::writemsg(const char *, const char *, char *, int, int, const char *, const char *, const char **, const char **)()
/writemsg.cpp: 440 in sbbs_t::writemsg(const char *, const char *, char *, int, int, const char *, const char *, const char **, const char **)()

_____________________________________________________________________________________________
*** CID 640333: (NEGATIVE_RETURNS)
/writemsg.cpp: 463 in sbbs_t::writemsg(const char *, const char *, char *, int, int, const char *, const char *, const char **, const char **)()
457 while (p) {
458 if (*p == ',' || *p == ' ')
459 p++;
460 i = atoi(p);
461 if (!i)
462 break;

CID 640333: (NEGATIVE_RETURNS)
"l" is passed to a parameter that cannot be negative.

463 fseek(stream, l, SEEK_SET);
464 j = 1;
465 while (!feof(stream) && !ferror(stream) && j < i) {
466 if (!fgets(tmp, sizeof(tmp), stream))
467 break;
468 j++; /* skip beginning */
/writemsg.cpp: 428 in sbbs_t::writemsg(const char *, const char *, char *, int, int, const char *, const char *, const char **, const char **)()
422 free(buf);
423 return false;
424 }
425 if (!i && linesquoted)
426 break;
427 if (!i || quote[0] == all_key()) { /* Quote all */

CID 640333: (NEGATIVE_RETURNS)
"l" is passed to a parameter that cannot be negative.

428 fseek(stream, l, SEEK_SET);
429 while (!feof(stream) && !ferror(stream)) {
430 if (!fgets(str, sizeof(str), stream))
431 break;
432 quotestr(str);
433 SAFEPRINTF2(tmp, quote_fmt, term->cols - 4, str);
/writemsg.cpp: 440 in sbbs_t::writemsg(const char *, const char *, char *, int, int, const char *, const char *, const char **, const char **)()
434 if (write(file, tmp, strlen(tmp)) > 0)
435 linesquoted++; 436 }
437 break;
438 }
439 if (quote[0] == list_key()) {

CID 640333: (NEGATIVE_RETURNS)
"l" is passed to a parameter that cannot be negative.

440 fseek(stream, l, SEEK_SET);
441 i = 1;
442 term->newline();
443 attr(LIGHTGRAY);
444 while (!feof(stream) && !ferror(stream) && !msgabort()) {
445 if (!fgets(str, sizeof(str), stream))

________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://scan.coverity.com/projects/synchronet?tab=overview

----==_mimepart_695528f458f41_188c5a2c2daae1599845314
Content-Type: text/html; charset=us-ascii
Content-Transfer-Encoding: 7bit

<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<title>New Defects Reported - Synchronet</title>
<style>
body { font-family: Arial, sans-serif; color: #222; line-height: 1.6; }
.button {
display: inline-block;
padding: 10px 20px;
margin: 20px 0;
font-size: 16px;
color: #fff !important;
background-color: #0056b3;
text-decoration: none;
border-radius: 5px;
}
pre {
background: #f8f9fa;
padding: 10px;
border-radius: 5px;
font-size: 14px;
overflow-x: auto;
}
</style>
</head>
<body>
<p>Hi,</p>

<p>
Please find the latest report on new defect(s) introduced to <strong>Synchronet</strong>
found with Coverity Scan.
</p>

<ul>
<li><strong>New Defects Found:</strong> 1</li>
<li>
4 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.
</li>
<li><strong>Defects Shown:</strong> Showing 1 of 1 defect(s)</li>
</ul>

<h3>Defect Details</h3>
<pre>
** CID 640333: (NEGATIVE_RETURNS)
/writemsg.cpp: 463 in sbbs_t::writemsg(const char *, const char *, char *, int, int, const char *, const char *, const char **, const char **)()
/writemsg.cpp: 428 in sbbs_t::writemsg(const char *, const char *, char *, int, int, const char *, const char *, const char **, const char **)()
/writemsg.cpp: 440 in sbbs_t::writemsg(const char *, const char *, char *, int, int, const char *, const char *, const char **, const char **)()

_____________________________________________________________________________________________
*** CID 640333: (NEGATIVE_RETURNS)
/writemsg.cpp: 463 in sbbs_t::writemsg(const char *, const char *, char *, int, int, const char *, const char *, const char **, const char **)()
457 while (p) {
458 if (*p == ',' || *p == ' ')
459 p++;
460 i = atoi(p);
461 if (!i)
462 break;
>>> CID 640333: (NEGATIVE_RETURNS)
>>> "l" is passed to a parameter that cannot be negative.
463 fseek(stream, l, SEEK_SET);
464 j = 1;
465 while (!feof(stream) && !ferror(stream) && j < i) {
466 if (!fgets(tmp, sizeof(tmp), stream))
467 break;
468 j++; /* skip beginning */
/writemsg.cpp: 428 in sbbs_t::writemsg(const char *, const char *, char *, int, int, const char *, const char *, const char **, const char **)()
422 free(buf);
423 return false;
424 }
425 if (!i && linesquoted)
426 break;
427 if (!i || quote[0] == all_key()) { /* Quote all */
>>> CID 640333: (NEGATIVE_RETURNS)
>>> "l" is passed to a parameter that cannot be negative.
428 fseek(stream, l, SEEK_SET);
429 while (!feof(stream) && !ferror(stream)) {
430 if (!fgets(str, sizeof(str), stream))
431 break;
432 quotestr(str);
433 SAFEPRINTF2(tmp, quote_fmt, term->cols - 4, str);
/writemsg.cpp: 440 in sbbs_t::writemsg(const char *, const char *, char *, int, int, const char *, const char *, const char **, const char **)()
434 if (write(file, tmp, strlen(tmp)) > 0)
435 linesquoted++; 436 }
437 break;
438 }
439 if (quote[0] == list_key()) { >>> CID 640333: (NEGATIVE_RETURNS)
>>> "l" is passed to a parameter that cannot be negative.
440 fseek(stream, l, SEEK_SET);
441 i = 1;
442 term->newline();
443 attr(LIGHTGRAY);
444 while (!feof(stream) && !ferror(stream) && !msgabort()) {
445 if (!fgets(str, sizeof(str), stream))

</pre>

<p>
<a href="https://scan.coverity.com/projects/synchronet?tab=overview" class="button">View Defects in Coverity Scan</a>
</p>

<p>Best regards,</p>
<p>The Coverity Scan Admin Team</p>
<img class="logo" width="140" src="https://scan.coverity.com/assets/BlackDuckLogo-6697adc63e07340464201a2ad534d3d3e44f95d36edda20b140440d34f05372f.svg" />
</body>
</html>
----==_mimepart_695528f458f41_188c5a2c2daae1599845314--

--- SBBSecho 3.34-Linux
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

From scan-admin@coverity.com@1:103/705 to All on Sun Jan 4 13:50:57 2026

----==_mimepart_695a7040d64d9_1c5eff2c2daae1599845367
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

1 new defect(s) introduced to Synchronet found with Coverity Scan.
1 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 1 of 1 defect(s)

** CID 640376: (SLEEP)

_____________________________________________________________________________________________
*** CID 640376: (SLEEP)
/tmp/sbbs-Jan-04-2026/src/conio/ciolib.c: 575 in initciolib()
569 try_x_init(mode);
570 #endif
571 break;
572 #endif
573 case CIOLIB_MODE_ANSI:
574 try_ansi_init(mode);

CID 640376: (SLEEP)
Call to "try_ansi_init" might sleep while holding lock "init_mutex". 575 break;

576
577 #if defined(WITH_SDL)
578 case CIOLIB_MODE_SDL:
579 case CIOLIB_MODE_SDL_FULLSCREEN:
580 try_sdl_init(mode); /tmp/sbbs-Jan-04-2026/src/conio/ciolib.c: 548 in initciolib()
542 if(!try_sdl_init(CIOLIB_MODE_SDL))
543 #endif
544 #ifndef _WIN32
545 if(!try_curses_init(mode))
546 #endif
547 if (!try_ansi_init(mode))

CID 640376: (SLEEP)
Call to "try_ansi_init" might sleep while holding lock "init_mutex". 548 #ifdef _WIN32

549 if(!try_conio_init(mode));
550 #else
551 ;
552 #endif
553 break; /tmp/sbbs-Jan-04-2026/src/conio/ciolib.c: 543 in initciolib()
537 #endif
538 #if defined(WITH_GDI)
539 if (!try_gdi_init(mode))
540 #endif
541 #if defined(WITH_SDL)
542 if(!try_sdl_init(CIOLIB_MODE_SDL))

CID 640376: (SLEEP)
Call to "try_sdl_init" might sleep while holding lock "init_mutex".

543 #endif
544 #ifndef _WIN32
545 if(!try_curses_init(mode))
546 #endif
547 if (!try_ansi_init(mode))
548 #ifdef _WIN32
/tmp/sbbs-Jan-04-2026/src/conio/ciolib.c: 581 in initciolib()
575 break;
576
577 #if defined(WITH_SDL)
578 case CIOLIB_MODE_SDL:
579 case CIOLIB_MODE_SDL_FULLSCREEN:
580 try_sdl_init(mode);

CID 640376: (SLEEP)
Call to "try_sdl_init" might sleep while holding lock "init_mutex".

581 break;
582 #endif
583
584 #if defined(WITH_GDI)
585 case CIOLIB_MODE_GDI:
586 case CIOLIB_MODE_GDI_FULLSCREEN:

________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://scan.coverity.com/projects/synchronet?tab=overview

----==_mimepart_695a7040d64d9_1c5eff2c2daae1599845367
Content-Type: text/html; charset=us-ascii
Content-Transfer-Encoding: 7bit

<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<title>New Defects Reported - Synchronet</title>
<style>
body { font-family: Arial, sans-serif; color: #222; line-height: 1.6; }
.button {
display: inline-block;
padding: 10px 20px;
margin: 20px 0;
font-size: 16px;
color: #fff !important;
background-color: #0056b3;
text-decoration: none;
border-radius: 5px;
}
pre {
background: #f8f9fa;
padding: 10px;
border-radius: 5px;
font-size: 14px;
overflow-x: auto;
}
</style>
</head>
<body>
<p>Hi,</p>

<p>
Please find the latest report on new defect(s) introduced to <strong>Synchronet</strong>
found with Coverity Scan.
</p>

<ul>
<li><strong>New Defects Found:</strong> 1</li>
<li>
1 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.
</li>
<li><strong>Defects Shown:</strong> Showing 1 of 1 defect(s)</li>
</ul>

<h3>Defect Details</h3>
<pre>
** CID 640376: (SLEEP)

_____________________________________________________________________________________________
*** CID 640376: (SLEEP)
/tmp/sbbs-Jan-04-2026/src/conio/ciolib.c: 575 in initciolib()
569 try_x_init(mode);
570 #endif
571 break;
572 #endif
573 case CIOLIB_MODE_ANSI:
574 try_ansi_init(mode);
>>> CID 640376: (SLEEP)
>>> Call to "try_ansi_init" might sleep while holding lock "init_mutex".
575 break;
576
577 #if defined(WITH_SDL)
578 case CIOLIB_MODE_SDL:
579 case CIOLIB_MODE_SDL_FULLSCREEN:
580 try_sdl_init(mode); /tmp/sbbs-Jan-04-2026/src/conio/ciolib.c: 548 in initciolib()
542 if(!try_sdl_init(CIOLIB_MODE_SDL))
543 #endif
544 #ifndef _WIN32
545 if(!try_curses_init(mode))
546 #endif
547 if (!try_ansi_init(mode))
>>> CID 640376: (SLEEP)
>>> Call to "try_ansi_init" might sleep while holding lock "init_mutex".
548 #ifdef _WIN32
549 if(!try_conio_init(mode));
550 #else
551 ;
552 #endif
553 break; /tmp/sbbs-Jan-04-2026/src/conio/ciolib.c: 543 in initciolib()
537 #endif
538 #if defined(WITH_GDI)
539 if (!try_gdi_init(mode))
540 #endif
541 #if defined(WITH_SDL)
542 if(!try_sdl_init(CIOLIB_MODE_SDL))
>>> CID 640376: (SLEEP)
>>> Call to "try_sdl_init" might sleep while holding lock "init_mutex".
543 #endif
544 #ifndef _WIN32
545 if(!try_curses_init(mode))
546 #endif
547 if (!try_ansi_init(mode))
548 #ifdef _WIN32
/tmp/sbbs-Jan-04-2026/src/conio/ciolib.c: 581 in initciolib()
575 break;
576
577 #if defined(WITH_SDL)
578 case CIOLIB_MODE_SDL:
579 case CIOLIB_MODE_SDL_FULLSCREEN:
580 try_sdl_init(mode);
>>> CID 640376: (SLEEP)
>>> Call to "try_sdl_init" might sleep while holding lock "init_mutex".
581 break;
582 #endif
583
584 #if defined(WITH_GDI)
585 case CIOLIB_MODE_GDI:
586 case CIOLIB_MODE_GDI_FULLSCREEN:

</pre>

<p>
<a href="https://scan.coverity.com/projects/synchronet?tab=overview" class="button">View Defects in Coverity Scan</a>
</p>

<p>Best regards,</p>
<p>The Coverity Scan Admin Team</p>
<img class="logo" width="140" src="https://scan.coverity.com/assets/BlackDuckLogo-6697adc63e07340464201a2ad534d3d3e44f95d36edda20b140440d34f05372f.svg" />
</body>
</html>
----==_mimepart_695a7040d64d9_1c5eff2c2daae1599845367--

--- SBBSecho 3.34-Linux
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

From scan-admin@coverity.com@1:103/705 to All on Mon Jan 5 13:46:18 2026

----==_mimepart_695bc0a9c87c5_1d5c082c2daae1599845356
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

4 new defect(s) introduced to Synchronet found with Coverity Scan.
1 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 4 of 4 defect(s)

** CID 640406: High impact quality (Y2K38_SAFETY)
/getstats.c: 127 in fread_dstats()

_____________________________________________________________________________________________
*** CID 640406: High impact quality (Y2K38_SAFETY)
/getstats.c: 127 in fread_dstats()
121 if (fp == NULL)
122 return false;
123
124 memset(stats, 0, sizeof(*stats));
125 if ((ini = iniReadFile(fp)) == NULL)
126 return false;

CID 640406: High impact quality (Y2K38_SAFETY)
A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "iniGetDateTime(ini, NULL, "Date", 0L)" is cast to "time32_t".

127 stats->date = (time32_t)iniGetDateTime(ini, NULL, strStatsDate, 0);
128 gettotals(ini, strStatsToday, &stats->today);
129 gettotals(ini, strStatsTotal, &stats->total);
130 iniFreeStringList(ini);
131 stats->last = time32(NULL);
132

** CID 640405: API usage errors (PW.PRINTF_ARG_MISMATCH)
/atcodes.cpp: 844 in ()

_____________________________________________________________________________________________
*** CID 640405: API usage errors (PW.PRINTF_ARG_MISMATCH) /atcodes.cpp: 844 in ()
838 if (strcmp(sp, "CLOCK") == 0) {
839 snprintf(str, maxlen, "%" PRIu64, xp_timer64());
840 return str;
841 }
842
843 if (strcmp(sp, "TIMER") == 0) {

CID 640405: API usage errors (PW.PRINTF_ARG_MISMATCH)
argument is incompatible with corresponding format string conversion (expected type "double" but argument has type "long double")

844 snprintf(str, maxlen, "%f", xp_timer());
845 return str;
846 }
847
848 if (strcmp(sp, "GENDERS") == 0)
849 return cfg.new_genders;

** CID 640404: API usage errors (PRINTF_ARGS)
/atcodes.cpp: 844 in sbbs_t::atcode(const char *, char *, unsigned long, int *, bool, JSObject *)()

_____________________________________________________________________________________________
*** CID 640404: API usage errors (PRINTF_ARGS)
/atcodes.cpp: 844 in sbbs_t::atcode(const char *, char *, unsigned long, int *, bool, JSObject *)()
838 if (strcmp(sp, "CLOCK") == 0) {
839 snprintf(str, maxlen, "%" PRIu64, xp_timer64());
840 return str;
841 }
842
843 if (strcmp(sp, "TIMER") == 0) {

CID 640404: API usage errors (PRINTF_ARGS)
Argument "xp_timer()" to format specifier "%f" was expected to have type "double" but has type "long double". [Note: The source code implementation of the function has been overridden by a builtin model.]

844 snprintf(str, maxlen, "%f", xp_timer());
845 return str;
846 }
847
848 if (strcmp(sp, "GENDERS") == 0)
849 return cfg.new_genders;

** CID 640403: Error handling issues (CHECKED_RETURN)
/js_system.cpp: 1351 in js_minutestr(JSContext *, unsigned int, unsigned long *)()

_____________________________________________________________________________________________
*** CID 640403: Error handling issues (CHECKED_RETURN)
/js_system.cpp: 1351 in js_minutestr(JSContext *, unsigned int, unsigned long *)()
1345 if (js_argvIsNullOrVoid(cx, argv, 0))
1346 return JS_FALSE;
1347
1348 if (argc > 1 && JSVAL_IS_BOOLEAN(argv[1]))
1349 estimate = JSVAL_TO_BOOLEAN(argv[1]);
1350

CID 640403: Error handling issues (CHECKED_RETURN)
Calling "JS_ValueToECMAUint32" without checking return value (as is done elsewhere 96 out of 102 times).

1351 JS_ValueToECMAUint32(cx, argv[0], &t);
1352 if ((js_str = JS_NewStringCopyZ(cx, minutes_to_str(t, str, sizeof str, estimate))) == NULL)
1353 return JS_FALSE;
1354
1355 JS_SET_RVAL(cx, arglist, STRING_TO_JSVAL(js_str));
1356 return JS_TRUE;

________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://scan.coverity.com/projects/synchronet?tab=overview

----==_mimepart_695bc0a9c87c5_1d5c082c2daae1599845356
Content-Type: text/html; charset=us-ascii
Content-Transfer-Encoding: 7bit

<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<title>New Defects Reported - Synchronet</title>
<style>
body { font-family: Arial, sans-serif; color: #222; line-height: 1.6; }
.button {
display: inline-block;
padding: 10px 20px;
margin: 20px 0;
font-size: 16px;
color: #fff !important;
background-color: #0056b3;
text-decoration: none;
border-radius: 5px;
}
pre {
background: #f8f9fa;
padding: 10px;
border-radius: 5px;
font-size: 14px;
overflow-x: auto;
}
</style>
</head>
<body>
<p>Hi,</p>

<p>
Please find the latest report on new defect(s) introduced to <strong>Synchronet</strong>
found with Coverity Scan.
</p>

<ul>
<li><strong>New Defects Found:</strong> 4</li>
<li>
1 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.
</li>
<li><strong>Defects Shown:</strong> Showing 4 of 4 defect(s)</li>
</ul>

<h3>Defect Details</h3>
<pre>
** CID 640406: High impact quality (Y2K38_SAFETY)
/getstats.c: 127 in fread_dstats()

_____________________________________________________________________________________________
*** CID 640406: High impact quality (Y2K38_SAFETY)
/getstats.c: 127 in fread_dstats()
121 if (fp == NULL)
122 return false;
123
124 memset(stats, 0, sizeof(*stats));
125 if ((ini = iniReadFile(fp)) == NULL)
126 return false;
>>> CID 640406: High impact quality (Y2K38_SAFETY) >>> A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "iniGetDateTime(ini, NULL, "Date", 0L)" is cast to "time32_t".
127 stats->date = (time32_t)iniGetDateTime(ini, NULL, strStatsDate, 0);
128 gettotals(ini, strStatsToday, &stats->today);
129 gettotals(ini, strStatsTotal, &stats->total);
130 iniFreeStringList(ini);
131 stats->last = time32(NULL);
132

** CID 640405: API usage errors (PW.PRINTF_ARG_MISMATCH)
/atcodes.cpp: 844 in ()

_____________________________________________________________________________________________
*** CID 640405: API usage errors (PW.PRINTF_ARG_MISMATCH) /atcodes.cpp: 844 in ()
838 if (strcmp(sp, "CLOCK") == 0) {
839 snprintf(str, maxlen, "%" PRIu64, xp_timer64());
840 return str;
841 }
842
843 if (strcmp(sp, "TIMER") == 0) {
>>> CID 640405: API usage errors (PW.PRINTF_ARG_MISMATCH) >>> argument is incompatible with corresponding format string conversion (expected type "double" but argument has type "long double")
844 snprintf(str, maxlen, "%f", xp_timer());
845 return str;
846 }
847
848 if (strcmp(sp, "GENDERS") == 0)
849 return cfg.new_genders;

** CID 640404: API usage errors (PRINTF_ARGS)
/atcodes.cpp: 844 in sbbs_t::atcode(const char *, char *, unsigned long, int *, bool, JSObject *)()

_____________________________________________________________________________________________
*** CID 640404: API usage errors (PRINTF_ARGS)
/atcodes.cpp: 844 in sbbs_t::atcode(const char *, char *, unsigned long, int *, bool, JSObject *)()
838 if (strcmp(sp, "CLOCK") == 0) {
839 snprintf(str, maxlen, "%" PRIu64, xp_timer64());
840 return str;
841 }
842
843 if (strcmp(sp, "TIMER") == 0) {
>>> CID 640404: API usage errors (PRINTF_ARGS) >>> Argument "xp_timer()" to format specifier "%f" was expected to have type "double" but has type "long double". [Note: The source code implementation of the function has been overridden by a builtin model.]
844 snprintf(str, maxlen, "%f", xp_timer());
845 return str;
846 }
847
848 if (strcmp(sp, "GENDERS") == 0)
849 return cfg.new_genders;

** CID 640403: Error handling issues (CHECKED_RETURN)
/js_system.cpp: 1351 in js_minutestr(JSContext *, unsigned int, unsigned long *)()

_____________________________________________________________________________________________
*** CID 640403: Error handling issues (CHECKED_RETURN)
/js_system.cpp: 1351 in js_minutestr(JSContext *, unsigned int, unsigned long *)()
1345 if (js_argvIsNullOrVoid(cx, argv, 0))
1346 return JS_FALSE;
1347
1348 if (argc > 1 && JSVAL_IS_BOOLEAN(argv[1]))
1349 estimate = JSVAL_TO_BOOLEAN(argv[1]);
1350
>>> CID 640403: Error handling issues (CHECKED_RETURN) >>> Calling "JS_ValueToECMAUint32" without checking return value (as is done elsewhere 96 out of 102 times).
1351 JS_ValueToECMAUint32(cx, argv[0], &t);
1352 if ((js_str = JS_NewStringCopyZ(cx, minutes_to_str(t, str, sizeof str, estimate))) == NULL)
1353 return JS_FALSE;
1354
1355 JS_SET_RVAL(cx, arglist, STRING_TO_JSVAL(js_str));
1356 return JS_TRUE;

</pre>

<p>
<a href="https://scan.coverity.com/projects/synchronet?tab=overview" class="button">View Defects in Coverity Scan</a>
</p>

<p>Best regards,</p>
<p>The Coverity Scan Admin Team</p>
<img class="logo" width="140" src="https://scan.coverity.com/assets/BlackDuckLogo-6697adc63e07340464201a2ad534d3d3e44f95d36edda20b140440d34f05372f.svg" />
</body>
</html>
----==_mimepart_695bc0a9c87c5_1d5c082c2daae1599845356--

--- SBBSecho 3.34-Linux
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

From scan-admin@coverity.com@1:103/705 to All on Wed Jan 7 13:48:08 2026

----==_mimepart_695e6417e6a62_1f55b62c2daae1599845373
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

3 new defect(s) introduced to Synchronet found with Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 3 of 3 defect(s)

** CID 640928: Performance inefficiencies (PASS_BY_VALUE)
/js_user.cpp: 60 in user_private_t::user_private_t(scfg_t *, user_t)()

_____________________________________________________________________________________________
*** CID 640928: Performance inefficiencies (PASS_BY_VALUE) /js_user.cpp: 60 in user_private_t::user_private_t(scfg_t *, user_t)()
54 cached_mail_count mail_pending{cfg, user, true, 0};
55 cached_mail_count spam_waiting{cfg, user, false, MSG_SPAM};
56
57 user_private_t(scfg_t* cfg)
58 : cfg(cfg)
59 {}

CID 640928: Performance inefficiencies (PASS_BY_VALUE)
Passing parameter user of type "user_t" (size 784 bytes) by value, which exceeds the high threshold of 512 bytes.

60 user_private_t(scfg_t* cfg, user_t user)
61 : storage(user)
62 , cached(user.number == 0 ? false : true)
63 , cfg(cfg)
64 {}
65 };

** CID 640927: API usage errors (PRINTF_ARGS)

_____________________________________________________________________________________________
*** CID 640927: API usage errors (PRINTF_ARGS)
/date_str.c: 301 in tm_as_hhmmss()
295 /* Returns 8 character string (e.g. hh:mm:ss or hh:mm am/pm) */
296 /****************************************************************************/
297 char* tm_as_hhmmss(scfg_t* cfg, struct tm* tm, char* str, size_t size) 298 {
299 if (cfg != NULL && (cfg->sys_misc & SM_MILITARY))
300 snprintf(str, size, "%02d:%02d:02d"

CID 640927: API usage errors (PRINTF_ARGS)
This argument was not used by the format string: "tm->tm_sec".

301 , tm->tm_hour, tm->tm_min, tm->tm_sec);
302 else
303 snprintf(str, size, "%02d:%02d %cm"
304 , tm->tm_hour > 12 ? tm->tm_hour - 12 : tm->tm_hour == 0 ? 12 : tm->tm_hour
305 , tm->tm_min, tm->tm_hour >= 12 ? 'p' : 'a'); 306 return str;

** CID 640926: API usage errors (PW.TOO_MANY_PRINTF_ARGS)
/date_str.c: 301 in ()

_____________________________________________________________________________________________
*** CID 640926: API usage errors (PW.TOO_MANY_PRINTF_ARGS) /date_str.c: 301 in ()
295 /* Returns 8 character string (e.g. hh:mm:ss or hh:mm am/pm) */
296 /****************************************************************************/
297 char* tm_as_hhmmss(scfg_t* cfg, struct tm* tm, char* str, size_t size) 298 {
299 if (cfg != NULL && (cfg->sys_misc & SM_MILITARY))
300 snprintf(str, size, "%02d:%02d:02d"

CID 640926: API usage errors (PW.TOO_MANY_PRINTF_ARGS)
the format string ends before this argument

301 , tm->tm_hour, tm->tm_min, tm->tm_sec);
302 else
303 snprintf(str, size, "%02d:%02d %cm"
304 , tm->tm_hour > 12 ? tm->tm_hour - 12 : tm->tm_hour == 0 ? 12 : tm->tm_hour
305 , tm->tm_min, tm->tm_hour >= 12 ? 'p' : 'a'); 306 return str;

________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://scan.coverity.com/projects/synchronet?tab=overview

----==_mimepart_695e6417e6a62_1f55b62c2daae1599845373
Content-Type: text/html; charset=us-ascii
Content-Transfer-Encoding: 7bit

<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<title>New Defects Reported - Synchronet</title>
<style>
body { font-family: Arial, sans-serif; color: #222; line-height: 1.6; }
.button {
display: inline-block;
padding: 10px 20px;
margin: 20px 0;
font-size: 16px;
color: #fff !important;
background-color: #0056b3;
text-decoration: none;
border-radius: 5px;
}
pre {
background: #f8f9fa;
padding: 10px;
border-radius: 5px;
font-size: 14px;
overflow-x: auto;
}
</style>
</head>
<body>
<p>Hi,</p>

<p>
Please find the latest report on new defect(s) introduced to <strong>Synchronet</strong>
found with Coverity Scan.
</p>

<ul>
<li><strong>New Defects Found:</strong> 3</li>
<li><strong>Defects Shown:</strong> Showing 3 of 3 defect(s)</li>
</ul>

<h3>Defect Details</h3>
<pre>
** CID 640928: Performance inefficiencies (PASS_BY_VALUE)
/js_user.cpp: 60 in user_private_t::user_private_t(scfg_t *, user_t)()

_____________________________________________________________________________________________
*** CID 640928: Performance inefficiencies (PASS_BY_VALUE) /js_user.cpp: 60 in user_private_t::user_private_t(scfg_t *, user_t)()
54 cached_mail_count mail_pending{cfg, user, true, 0};
55 cached_mail_count spam_waiting{cfg, user, false, MSG_SPAM};
56
57 user_private_t(scfg_t* cfg)
58 : cfg(cfg)
59 {}
>>> CID 640928: Performance inefficiencies (PASS_BY_VALUE)
>>> Passing parameter user of type "user_t" (size 784 bytes) by value, which exceeds the high threshold of 512 bytes.
60 user_private_t(scfg_t* cfg, user_t user)
61 : storage(user)
62 , cached(user.number == 0 ? false : true)
63 , cfg(cfg)
64 {}
65 };

** CID 640927: API usage errors (PRINTF_ARGS)

_____________________________________________________________________________________________
*** CID 640927: API usage errors (PRINTF_ARGS)
/date_str.c: 301 in tm_as_hhmmss()
295 /* Returns 8 character string (e.g. hh:mm:ss or hh:mm am/pm) */
296 /****************************************************************************/
297 char* tm_as_hhmmss(scfg_t* cfg, struct tm* tm, char* str, size_t size) 298 {
299 if (cfg != NULL && (cfg->sys_misc & SM_MILITARY))
300 snprintf(str, size, "%02d:%02d:02d" >>> CID 640927: API usage errors (PRINTF_ARGS) >>> This argument was not used by the format string: "tm->tm_sec".
301 , tm->tm_hour, tm->tm_min, tm->tm_sec);
302 else
303 snprintf(str, size, "%02d:%02d %cm"
304 , tm->tm_hour > 12 ? tm->tm_hour - 12 : tm->tm_hour == 0 ? 12 : tm->tm_hour
305 , tm->tm_min, tm->tm_hour >= 12 ? 'p' : 'a');
306 return str;

** CID 640926: API usage errors (PW.TOO_MANY_PRINTF_ARGS)
/date_str.c: 301 in ()

_____________________________________________________________________________________________
*** CID 640926: API usage errors (PW.TOO_MANY_PRINTF_ARGS) /date_str.c: 301 in ()
295 /* Returns 8 character string (e.g. hh:mm:ss or hh:mm am/pm) */
296 /****************************************************************************/
297 char* tm_as_hhmmss(scfg_t* cfg, struct tm* tm, char* str, size_t size) 298 {
299 if (cfg != NULL && (cfg->sys_misc & SM_MILITARY))
300 snprintf(str, size, "%02d:%02d:02d" >>> CID 640926: API usage errors (PW.TOO_MANY_PRINTF_ARGS)
>>> the format string ends before this argument
301 , tm->tm_hour, tm->tm_min, tm->tm_sec);
302 else
303 snprintf(str, size, "%02d:%02d %cm"
304 , tm->tm_hour > 12 ? tm->tm_hour - 12 : tm->tm_hour == 0 ? 12 : tm->tm_hour
305 , tm->tm_min, tm->tm_hour >= 12 ? 'p' : 'a');
306 return str;

</pre>

<p>
<a href="https://scan.coverity.com/projects/synchronet?tab=overview" class="button">View Defects in Coverity Scan</a>
</p>

<p>Best regards,</p>
<p>The Coverity Scan Admin Team</p>
<img class="logo" width="140" src="https://scan.coverity.com/assets/BlackDuckLogo-6697adc63e07340464201a2ad534d3d3e44f95d36edda20b140440d34f05372f.svg" />
</body>
</html>
----==_mimepart_695e6417e6a62_1f55b62c2daae1599845373--

--- SBBSecho 3.34-Linux
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

From scan-admin@coverity.com@1:103/705 to All on Thu Jan 8 13:44:45 2026

----==_mimepart_695fb4cd3c9f7_2053bf2c2daae15998453fd
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

1 new defect(s) introduced to Synchronet found with Coverity Scan.
2 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 1 of 1 defect(s)

** CID 640932: Insecure data handling (INTEGER_OVERFLOW)
/atcodes.cpp: 1664 in sbbs_t::atcode(const char *, char *, unsigned long, int *, bool, JSObject *)()

_____________________________________________________________________________________________
*** CID 640932: Insecure data handling (INTEGER_OVERFLOW) /atcodes.cpp: 1664 in sbbs_t::atcode(const char *, char *, unsigned long, int *, bool, JSObject *)()
1658 if (!strcmp(sp, "BYTESLEFT")) {
1659 safe_snprintf(str, maxlen, "%" PRIu64, user_available_credits(&useron));
1660 return str;
1661 }
1662
1663 if (code_match(sp, "CDTLEFT", &param))

CID 640932: Insecure data handling (INTEGER_OVERFLOW)
The cast of "user_available_credits(&this->useron)" to a signed type could result in a negative number.

1664 return byte_count(user_available_credits(&useron), str, maxlen, param, BYTE_COUNT_VERBAL);
1665
1666 if (code_match(sp, "CREDITS", &param))
1667 return byte_count(useron.cdt, str, maxlen, param, BYTE_COUNT_BYTES);
1668
1669 if (code_match(sp, "FREECDT", &param))

________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://scan.coverity.com/projects/synchronet?tab=overview

----==_mimepart_695fb4cd3c9f7_2053bf2c2daae15998453fd
Content-Type: text/html; charset=us-ascii
Content-Transfer-Encoding: 7bit

<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<title>New Defects Reported - Synchronet</title>
<style>
body { font-family: Arial, sans-serif; color: #222; line-height: 1.6; }
.button {
display: inline-block;
padding: 10px 20px;
margin: 20px 0;
font-size: 16px;
color: #fff !important;
background-color: #0056b3;
text-decoration: none;
border-radius: 5px;
}
pre {
background: #f8f9fa;
padding: 10px;
border-radius: 5px;
font-size: 14px;
overflow-x: auto;
}
</style>
</head>
<body>
<p>Hi,</p>

<p>
Please find the latest report on new defect(s) introduced to <strong>Synchronet</strong>
found with Coverity Scan.
</p>

<ul>
<li><strong>New Defects Found:</strong> 1</li>
<li>
2 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.
</li>
<li><strong>Defects Shown:</strong> Showing 1 of 1 defect(s)</li>
</ul>

<h3>Defect Details</h3>
<pre>
** CID 640932: Insecure data handling (INTEGER_OVERFLOW)
/atcodes.cpp: 1664 in sbbs_t::atcode(const char *, char *, unsigned long, int *, bool, JSObject *)()

_____________________________________________________________________________________________
*** CID 640932: Insecure data handling (INTEGER_OVERFLOW) /atcodes.cpp: 1664 in sbbs_t::atcode(const char *, char *, unsigned long, int *, bool, JSObject *)()
1658 if (!strcmp(sp, "BYTESLEFT")) {
1659 safe_snprintf(str, maxlen, "%" PRIu64, user_available_credits(&useron));
1660 return str;
1661 }
1662
1663 if (code_match(sp, "CDTLEFT", &param)) >>> CID 640932: Insecure data handling (INTEGER_OVERFLOW) >>> The cast of "user_available_credits(&this->useron)" to a signed type could result in a negative number.
1664 return byte_count(user_available_credits(&useron), str, maxlen, param, BYTE_COUNT_VERBAL);
1665
1666 if (code_match(sp, "CREDITS", &param))
1667 return byte_count(useron.cdt, str, maxlen, param, BYTE_COUNT_BYTES);
1668
1669 if (code_match(sp, "FREECDT", &param))

</pre>

<p>
<a href="https://scan.coverity.com/projects/synchronet?tab=overview" class="button">View Defects in Coverity Scan</a>
</p>

<p>Best regards,</p>
<p>The Coverity Scan Admin Team</p>
<img class="logo" width="140" src="https://scan.coverity.com/assets/BlackDuckLogo-6697adc63e07340464201a2ad534d3d3e44f95d36edda20b140440d34f05372f.svg" />
</body>
</html>
----==_mimepart_695fb4cd3c9f7_2053bf2c2daae15998453fd--

--- SBBSecho 3.34-Linux
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

From scan-admin@coverity.com@1:103/705 to All on Sat Jan 10 13:44:53 2026

----==_mimepart_696257d4e4005_22599f2afbc97ad9ac59824
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

1 new defect(s) introduced to Synchronet found with Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 1 of 1 defect(s)

** CID 640959: (CHECKED_RETURN) /tmp/sbbs-Jan-10-2026/src/xpdev/genwrap.c: 479 in add_suffix() /tmp/sbbs-Jan-10-2026/src/xpdev/genwrap.c: 481 in add_suffix() /tmp/sbbs-Jan-10-2026/src/xpdev/genwrap.c: 483 in add_suffix() /tmp/sbbs-Jan-10-2026/src/xpdev/genwrap.c: 480 in add_suffix()

_____________________________________________________________________________________________
*** CID 640959: (CHECKED_RETURN) /tmp/sbbs-Jan-10-2026/src/xpdev/genwrap.c: 479 in add_suffix()
473 char* p = strstr(str, ".0");
474 if (p != NULL && *(p + 2) == '\0') // remove trailing ".0"
475 *p = '\0';
476 if (strcmp(str, "1") == 0)
477 plural = "";
478 if (is_word) {

CID 640959: (CHECKED_RETURN)
Calling "strlcat" without checking return value (as is done elsewhere 29 out of 33 times).

479 strlcat(str, " ", size);
480 strlcat(str, suffix, size);
481 strlcat(str, plural, size);
482 } else
483 strlcat(str, suffix, size);
484 }
/tmp/sbbs-Jan-10-2026/src/xpdev/genwrap.c: 481 in add_suffix()
475 *p = '\0';
476 if (strcmp(str, "1") == 0)
477 plural = "";
478 if (is_word) {
479 strlcat(str, " ", size);
480 strlcat(str, suffix, size);

CID 640959: (CHECKED_RETURN)
Calling "strlcat" without checking return value (as is done elsewhere 29 out of 33 times).

481 strlcat(str, plural, size);
482 } else
483 strlcat(str, suffix, size);
484 }
485
486 /* Convert a duration estimate (in seconds) to a string /tmp/sbbs-Jan-10-2026/src/xpdev/genwrap.c: 483 in add_suffix()
477 plural = "";
478 if (is_word) {
479 strlcat(str, " ", size);
480 strlcat(str, suffix, size);
481 strlcat(str, plural, size);
482 } else

CID 640959: (CHECKED_RETURN)
Calling "strlcat" without checking return value (as is done elsewhere 29 out of 33 times).

483 strlcat(str, suffix, size);
484 }
485
486 /* Convert a duration estimate (in seconds) to a string
487 * with a single letter multiplier/suffix:
488 * (y)ears, (w)eeks, (d)ays, (h)ours, (m)inutes, or (s)econds /tmp/sbbs-Jan-10-2026/src/xpdev/genwrap.c: 480 in add_suffix()
474 if (p != NULL && *(p + 2) == '\0') // remove trailing ".0"
475 *p = '\0';
476 if (strcmp(str, "1") == 0)
477 plural = "";
478 if (is_word) {
479 strlcat(str, " ", size);

CID 640959: (CHECKED_RETURN)
Calling "strlcat" without checking return value (as is done elsewhere 29 out of 33 times).

480 strlcat(str, suffix, size);
481 strlcat(str, plural, size);
482 } else
483 strlcat(str, suffix, size);
484 }
485

________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://scan.coverity.com/projects/synchronet?tab=overview

----==_mimepart_696257d4e4005_22599f2afbc97ad9ac59824
Content-Type: text/html; charset=us-ascii
Content-Transfer-Encoding: 7bit

<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<title>New Defects Reported - Synchronet</title>
<style>
body { font-family: Arial, sans-serif; color: #222; line-height: 1.6; }
.button {
display: inline-block;
padding: 10px 20px;
margin: 20px 0;
font-size: 16px;
color: #fff !important;
background-color: #0056b3;
text-decoration: none;
border-radius: 5px;
}
pre {
background: #f8f9fa;
padding: 10px;
border-radius: 5px;
font-size: 14px;
overflow-x: auto;
}
</style>
</head>
<body>
<p>Hi,</p>

<p>
Please find the latest report on new defect(s) introduced to <strong>Synchronet</strong>
found with Coverity Scan.
</p>

<ul>
<li><strong>New Defects Found:</strong> 1</li>
<li><strong>Defects Shown:</strong> Showing 1 of 1 defect(s)</li>
</ul>

<h3>Defect Details</h3>
<pre>
** CID 640959: (CHECKED_RETURN) /tmp/sbbs-Jan-10-2026/src/xpdev/genwrap.c: 479 in add_suffix() /tmp/sbbs-Jan-10-2026/src/xpdev/genwrap.c: 481 in add_suffix() /tmp/sbbs-Jan-10-2026/src/xpdev/genwrap.c: 483 in add_suffix() /tmp/sbbs-Jan-10-2026/src/xpdev/genwrap.c: 480 in add_suffix()

_____________________________________________________________________________________________
*** CID 640959: (CHECKED_RETURN) /tmp/sbbs-Jan-10-2026/src/xpdev/genwrap.c: 479 in add_suffix()
473 char* p = strstr(str, ".0");
474 if (p != NULL && *(p + 2) == '\0') // remove trailing ".0"
475 *p = '\0';
476 if (strcmp(str, "1") == 0)
477 plural = "";
478 if (is_word) {
>>> CID 640959: (CHECKED_RETURN)
>>> Calling "strlcat" without checking return value (as is done elsewhere 29 out of 33 times).
479 strlcat(str, " ", size);
480 strlcat(str, suffix, size);
481 strlcat(str, plural, size);
482 } else
483 strlcat(str, suffix, size);
484 }
/tmp/sbbs-Jan-10-2026/src/xpdev/genwrap.c: 481 in add_suffix()
475 *p = '\0';
476 if (strcmp(str, "1") == 0)
477 plural = "";
478 if (is_word) {
479 strlcat(str, " ", size);
480 strlcat(str, suffix, size);
>>> CID 640959: (CHECKED_RETURN)
>>> Calling "strlcat" without checking return value (as is done elsewhere 29 out of 33 times).
481 strlcat(str, plural, size);
482 } else
483 strlcat(str, suffix, size);
484 }
485
486 /* Convert a duration estimate (in seconds) to a string /tmp/sbbs-Jan-10-2026/src/xpdev/genwrap.c: 483 in add_suffix()
477 plural = "";
478 if (is_word) {
479 strlcat(str, " ", size);
480 strlcat(str, suffix, size);
481 strlcat(str, plural, size);
482 } else
>>> CID 640959: (CHECKED_RETURN)
>>> Calling "strlcat" without checking return value (as is done elsewhere 29 out of 33 times).
483 strlcat(str, suffix, size);
484 }
485
486 /* Convert a duration estimate (in seconds) to a string
487 * with a single letter multiplier/suffix:
488 * (y)ears, (w)eeks, (d)ays, (h)ours, (m)inutes, or (s)econds /tmp/sbbs-Jan-10-2026/src/xpdev/genwrap.c: 480 in add_suffix()
474 if (p != NULL && *(p + 2) == '\0') // remove trailing ".0"
475 *p = '\0';
476 if (strcmp(str, "1") == 0)
477 plural = "";
478 if (is_word) {
479 strlcat(str, " ", size);
>>> CID 640959: (CHECKED_RETURN)
>>> Calling "strlcat" without checking return value (as is done elsewhere 29 out of 33 times).
480 strlcat(str, suffix, size);
481 strlcat(str, plural, size);
482 } else
483 strlcat(str, suffix, size);
484 }
485

</pre>

<p>
<a href="https://scan.coverity.com/projects/synchronet?tab=overview" class="button">View Defects in Coverity Scan</a>
</p>

<p>Best regards,</p>
<p>The Coverity Scan Admin Team</p>
<img class="logo" width="140" src="https://scan.coverity.com/assets/BlackDuckLogo-6697adc63e07340464201a2ad534d3d3e44f95d36edda20b140440d34f05372f.svg" />
</body>
</html>
----==_mimepart_696257d4e4005_22599f2afbc97ad9ac59824--

--- SBBSecho 3.34-Linux
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

From scan-admin@coverity.com@1:103/705 to All on Sun Jan 11 13:48:17 2026

----==_mimepart_6963aa20b22c3_235b0c2afbc97ad9ac59882
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

2 new defect(s) introduced to Synchronet found with Coverity Scan.
1 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 2 of 2 defect(s)

** CID 640963: Resource leaks (RESOURCE_LEAK)
/sbbs_ini.c: 401 in sbbs_read_ini()

_____________________________________________________________________________________________
*** CID 640963: Resource leaks (RESOURCE_LEAK)
/sbbs_ini.c: 401 in sbbs_read_ini()
395 , services
396 );
397
398 list = iniReadFile(fp);
399
400 if (!get_ini_globals(list, global))

CID 640963: Resource leaks (RESOURCE_LEAK)
Variable "list" going out of scope leaks the storage it points to.

401 return false;
402
403 if (global->ctrl_dir[0]) {
404 if (bbs != NULL)
405 SAFECOPY(bbs->ctrl_dir, global->ctrl_dir);
406 if (ftp != NULL)

** CID 640962: Resource leaks (RESOURCE_LEAK)
/sbbs_ini.c: 442 in sbbs_read_ini()

_____________________________________________________________________________________________
*** CID 640962: Resource leaks (RESOURCE_LEAK)
/sbbs_ini.c: 442 in sbbs_read_ini()
436 if (run_bbs != NULL)
437 *run_bbs = iniGetBool(list, section, strAutoStart, true);
438
439 if (bbs != NULL) {
440
441 if (bbs->size != sizeof *bbs)

CID 640962: Resource leaks (RESOURCE_LEAK)
Variable "global_interfaces" going out of scope leaks the storage it points to.

442 return false;
443
444 bbs->outgoing4.s_addr
445 = iniGetIpAddress(list, section, strOutgoing4, global->outgoing4.s_addr);
446 bbs->outgoing6
447 = iniGetIp6Address(list, section, strOutgoing6, global->outgoing6);

________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://scan.coverity.com/projects/synchronet?tab=overview

----==_mimepart_6963aa20b22c3_235b0c2afbc97ad9ac59882
Content-Type: text/html; charset=us-ascii
Content-Transfer-Encoding: 7bit

<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<title>New Defects Reported - Synchronet</title>
<style>
body { font-family: Arial, sans-serif; color: #222; line-height: 1.6; }
.button {
display: inline-block;
padding: 10px 20px;
margin: 20px 0;
font-size: 16px;
color: #fff !important;
background-color: #0056b3;
text-decoration: none;
border-radius: 5px;
}
pre {
background: #f8f9fa;
padding: 10px;
border-radius: 5px;
font-size: 14px;
overflow-x: auto;
}
</style>
</head>
<body>
<p>Hi,</p>

<p>
Please find the latest report on new defect(s) introduced to <strong>Synchronet</strong>
found with Coverity Scan.
</p>

<ul>
<li><strong>New Defects Found:</strong> 2</li>
<li>
1 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.
</li>
<li><strong>Defects Shown:</strong> Showing 2 of 2 defect(s)</li>
</ul>

<h3>Defect Details</h3>
<pre>
** CID 640963: Resource leaks (RESOURCE_LEAK)
/sbbs_ini.c: 401 in sbbs_read_ini()

_____________________________________________________________________________________________
*** CID 640963: Resource leaks (RESOURCE_LEAK)
/sbbs_ini.c: 401 in sbbs_read_ini()
395 , services
396 );
397
398 list = iniReadFile(fp);
399
400 if (!get_ini_globals(list, global))
>>> CID 640963: Resource leaks (RESOURCE_LEAK) >>> Variable "list" going out of scope leaks the storage it points to.
401 return false;
402
403 if (global->ctrl_dir[0]) {
404 if (bbs != NULL)
405 SAFECOPY(bbs->ctrl_dir, global->ctrl_dir);
406 if (ftp != NULL)

** CID 640962: Resource leaks (RESOURCE_LEAK)
/sbbs_ini.c: 442 in sbbs_read_ini()

_____________________________________________________________________________________________
*** CID 640962: Resource leaks (RESOURCE_LEAK)
/sbbs_ini.c: 442 in sbbs_read_ini()
436 if (run_bbs != NULL)
437 *run_bbs = iniGetBool(list, section, strAutoStart, true);
438
439 if (bbs != NULL) {
440
441 if (bbs->size != sizeof *bbs)
>>> CID 640962: Resource leaks (RESOURCE_LEAK) >>> Variable "global_interfaces" going out of scope leaks the storage it points to.
442 return false;
443
444 bbs->outgoing4.s_addr
445 = iniGetIpAddress(list, section, strOutgoing4, global->outgoing4.s_addr);
446 bbs->outgoing6
447 = iniGetIp6Address(list, section, strOutgoing6, global->outgoing6);

</pre>

<p>
<a href="https://scan.coverity.com/projects/synchronet?tab=overview" class="button">View Defects in Coverity Scan</a>
</p>

<p>Best regards,</p>
<p>The Coverity Scan Admin Team</p>
<img class="logo" width="140" src="https://scan.coverity.com/assets/BlackDuckLogo-6697adc63e07340464201a2ad534d3d3e44f95d36edda20b140440d34f05372f.svg" />
</body>
</html>
----==_mimepart_6963aa20b22c3_235b0c2afbc97ad9ac59882--

--- SBBSecho 3.34-Linux
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

From scan-admin@coverity.com@1:103/705 to All on Mon Jan 12 13:47:57 2026

----==_mimepart_6964fb8d1cdba_2460bc2afbc97ad9ac59882
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

2 new defect(s) introduced to Synchronet found with Coverity Scan.
6 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 2 of 2 defect(s)

** CID 640971: High impact quality (Y2K38_SAFETY)
/atcodes.cpp: 620 in sbbs_t::atcode(const char *, char *, unsigned long, int *, bool, unsigned int, JSObject *)()

_____________________________________________________________________________________________
*** CID 640971: High impact quality (Y2K38_SAFETY)
/atcodes.cpp: 620 in sbbs_t::atcode(const char *, char *, unsigned long, int *, bool, unsigned int, JSObject *)()
614
615 if (code_match(sp, "UPTIME", &param)) {
616 extern volatile time_t uptime;
617 time_t up = 0;
618 if (uptime != 0 && time(&now) >= uptime)
619 up = now - uptime;

CID 640971: High impact quality (Y2K38_SAFETY)
A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "up" is cast to "uint".

620 return duration((uint)up, str, maxlen, param, DURATION_MINIMAL_VERBAL);
621 }
622
623 if (!strcmp(sp, "SERVED")) {
624 extern volatile uint served;
625 safe_snprintf(str, maxlen, "%u", served);

** CID 640970: Insecure data handling (INTEGER_OVERFLOW)
/atcodes.cpp: 1695 in sbbs_t::atcode(const char *, char *, unsigned long, int *, bool, unsigned int, JSObject *)()

_____________________________________________________________________________________________
*** CID 640970: Insecure data handling (INTEGER_OVERFLOW) /atcodes.cpp: 1695 in sbbs_t::atcode(const char *, char *, unsigned long, int *, bool, unsigned int, JSObject *)()
1689 if (!strcmp(sp, "BYTESLEFT")) {
1690 safe_snprintf(str, maxlen, "%" PRIu64, user_available_credits(&useron));
1691 return str;
1692 }
1693
1694 if (code_match(sp, "CDTLEFT", &param))

CID 640970: Insecure data handling (INTEGER_OVERFLOW)
The cast of "user_available_credits(&this->useron)" to a signed type could result in a negative number.

1695 return byte_count(static_cast<int64_t>(user_available_credits(&useron)), str, maxlen, param, BYTE_COUNT_VERBAL);
1696
1697 if (code_match(sp, "CREDITS", &param))
1698 return byte_count(useron.cdt, str, maxlen, param, BYTE_COUNT_BYTES);
1699
1700 if (code_match(sp, "FREECDT", &param))

________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://scan.coverity.com/projects/synchronet?tab=overview

----==_mimepart_6964fb8d1cdba_2460bc2afbc97ad9ac59882
Content-Type: text/html; charset=us-ascii
Content-Transfer-Encoding: 7bit

<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<title>New Defects Reported - Synchronet</title>
<style>
body { font-family: Arial, sans-serif; color: #222; line-height: 1.6; }
.button {
display: inline-block;
padding: 10px 20px;
margin: 20px 0;
font-size: 16px;
color: #fff !important;
background-color: #0056b3;
text-decoration: none;
border-radius: 5px;
}
pre {
background: #f8f9fa;
padding: 10px;
border-radius: 5px;
font-size: 14px;
overflow-x: auto;
}
</style>
</head>
<body>
<p>Hi,</p>

<p>
Please find the latest report on new defect(s) introduced to <strong>Synchronet</strong>
found with Coverity Scan.
</p>

<ul>
<li><strong>New Defects Found:</strong> 2</li>
<li>
6 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.
</li>
<li><strong>Defects Shown:</strong> Showing 2 of 2 defect(s)</li>
</ul>

<h3>Defect Details</h3>
<pre>
** CID 640971: High impact quality (Y2K38_SAFETY)
/atcodes.cpp: 620 in sbbs_t::atcode(const char *, char *, unsigned long, int *, bool, unsigned int, JSObject *)()

_____________________________________________________________________________________________
*** CID 640971: High impact quality (Y2K38_SAFETY)
/atcodes.cpp: 620 in sbbs_t::atcode(const char *, char *, unsigned long, int *, bool, unsigned int, JSObject *)()
614
615 if (code_match(sp, "UPTIME", &param)) {
616 extern volatile time_t uptime;
617 time_t up = 0;
618 if (uptime != 0 && time(&now) >= uptime) 619 up = now - uptime;
>>> CID 640971: High impact quality (Y2K38_SAFETY) >>> A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "up" is cast to "uint".
620 return duration((uint)up, str, maxlen, param, DURATION_MINIMAL_VERBAL);
621 }
622
623 if (!strcmp(sp, "SERVED")) {
624 extern volatile uint served;
625 safe_snprintf(str, maxlen, "%u", served);

** CID 640970: Insecure data handling (INTEGER_OVERFLOW)
/atcodes.cpp: 1695 in sbbs_t::atcode(const char *, char *, unsigned long, int *, bool, unsigned int, JSObject *)()

_____________________________________________________________________________________________
*** CID 640970: Insecure data handling (INTEGER_OVERFLOW) /atcodes.cpp: 1695 in sbbs_t::atcode(const char *, char *, unsigned long, int *, bool, unsigned int, JSObject *)()
1689 if (!strcmp(sp, "BYTESLEFT")) {
1690 safe_snprintf(str, maxlen, "%" PRIu64, user_available_credits(&useron));
1691 return str;
1692 }
1693
1694 if (code_match(sp, "CDTLEFT", &param)) >>> CID 640970: Insecure data handling (INTEGER_OVERFLOW) >>> The cast of "user_available_credits(&this->useron)" to a signed type could result in a negative number.
1695 return byte_count(static_cast<int64_t>(user_available_credits(&useron)), str, maxlen, param, BYTE_COUNT_VERBAL);
1696
1697 if (code_match(sp, "CREDITS", &param))
1698 return byte_count(useron.cdt, str, maxlen, param, BYTE_COUNT_BYTES);
1699
1700 if (code_match(sp, "FREECDT", &param))

</pre>

<p>
<a href="https://scan.coverity.com/projects/synchronet?tab=overview" class="button">View Defects in Coverity Scan</a>
</p>

<p>Best regards,</p>
<p>The Coverity Scan Admin Team</p>
<img class="logo" width="140" src="https://scan.coverity.com/assets/BlackDuckLogo-6697adc63e07340464201a2ad534d3d3e44f95d36edda20b140440d34f05372f.svg" />
</body>
</html>
----==_mimepart_6964fb8d1cdba_2460bc2afbc97ad9ac59882--

--- SBBSecho 3.34-Linux
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

From scan-admin@coverity.com@1:103/705 to All on Tue Jan 13 13:45:40 2026

----==_mimepart_69664c8455017_2561de2afbc97ad9ac598df
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

3 new defect(s) introduced to Synchronet found with Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 3 of 3 defect(s)

** CID 640989: (CONSTANT_EXPRESSION_RESULT)
/chk_ar.cpp: 752 in sbbs_t::ar_exp(const unsigned char **, user_t *, client_t *)()
/chk_ar.cpp: 763 in sbbs_t::ar_exp(const unsigned char **, user_t *, client_t *)()

_____________________________________________________________________________________________
*** CID 640989: (CONSTANT_EXPRESSION_RESULT)
/chk_ar.cpp: 752 in sbbs_t::ar_exp(const unsigned char **, user_t *, client_t *)()
746 while (**ptrptr != '\0' && **ptrptr != ']' && i < sizeof(tmp) - 1)
747 tmp[i++] = *(*ptrptr)++;
748 tmp[i] = '\0';
749 if (**ptrptr == ']') {
750 (*ptrptr)++;
751 section = tmp;

CID 640989: (CONSTANT_EXPRESSION_RESULT)
"**ptrptr == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".

752 SKIP_WHITESPACE(*ptrptr);
753 }
754 }
755 else if (strchr((char *)(*ptrptr), ':') != nullptr) { // [section:]key
756 i = 0;
757 while (**ptrptr != '\0' && **ptrptr != ':' && i < sizeof(tmp) - 1)
/chk_ar.cpp: 763 in sbbs_t::ar_exp(const unsigned char **, user_t *, client_t *)()
757 while (**ptrptr != '\0' && **ptrptr != ':' && i < sizeof(tmp) - 1)
758 tmp[i++] = *(*ptrptr)++;
759 tmp[i] = '\0';
760 if (**ptrptr != '\0') {
761 (*ptrptr)++;
762 section = tmp;

CID 640989: (CONSTANT_EXPRESSION_RESULT)
"**ptrptr == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".

763 SKIP_WHITESPACE(*ptrptr);
764 }
765 }
766 SKIP_CHAR((*ptrptr), ':');
767 if (!user_get_bool_property(&cfg, user->number, section, (char*)*ptrptr, false))
768 result = _not;

** CID 640988: Null pointer dereferences (FORWARD_NULL)

_____________________________________________________________________________________________
*** CID 640988: Null pointer dereferences (FORWARD_NULL)
/userdat.c: 4877 in user_get_bool_property()
4871 c_unescape_printable((char*)section);
4872 }
4873 if (key != NULL) {
4874 key = strdup(key);
4875 c_unescape_printable((char*)key);
4876 }

CID 640988: Null pointer dereferences (FORWARD_NULL)
Passing null pointer "key" to "iniReadBool", which dereferences it. 4877 bool result = iniReadBool(fp, section, key, deflt);

4878 iniCloseFile(fp);
4879 free((char*)section);
4880 free((char*)key);
4881 return result;
4882 }

** CID 640987: (CONSTANT_EXPRESSION_RESULT)
/userdat.c: 2740 in ar_exp()
/userdat.c: 2729 in ar_exp()

_____________________________________________________________________________________________
*** CID 640987: (CONSTANT_EXPRESSION_RESULT)
/userdat.c: 2740 in ar_exp()
2734 while (**ptrptr != '\0' && **ptrptr != ':' && i < sizeof(tmp) - 1)
2735 tmp[i++] = *(*ptrptr)++;
2736 tmp[i] = '\0';
2737 if (**ptrptr != '\0') {
2738 (*ptrptr)++;
2739 section = tmp;

CID 640987: (CONSTANT_EXPRESSION_RESULT)
"**ptrptr == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".

2740 SKIP_WHITESPACE(*ptrptr);
2741 }
2742 }
2743 SKIP_CHAR((*ptrptr), ':');
2744 if (!user_get_bool_property(cfg, user->number, section, (char*)*ptrptr, false))
2745 result = not;
/userdat.c: 2729 in ar_exp()
2723 while (**ptrptr != '\0' && **ptrptr != ']' && i < sizeof(tmp) - 1)
2724 tmp[i++] = *(*ptrptr)++;
2725 tmp[i] = '\0';
2726 if (**ptrptr == ']') {
2727 (*ptrptr)++;
2728 section = tmp;

CID 640987: (CONSTANT_EXPRESSION_RESULT)
"**ptrptr == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".

2729 SKIP_WHITESPACE(*ptrptr);
2730 }
2731 }
2732 else if (strchr((char *)(*ptrptr), ':') != NULL) { // [section:]key
2733 i = 0;
2734 while (**ptrptr != '\0' && **ptrptr != ':' && i < sizeof(tmp) - 1)

________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://scan.coverity.com/projects/synchronet?tab=overview

----==_mimepart_69664c8455017_2561de2afbc97ad9ac598df
Content-Type: text/html; charset=us-ascii
Content-Transfer-Encoding: 7bit

<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<title>New Defects Reported - Synchronet</title>
<style>
body { font-family: Arial, sans-serif; color: #222; line-height: 1.6; }
.button {
display: inline-block;
padding: 10px 20px;
margin: 20px 0;
font-size: 16px;
color: #fff !important;
background-color: #0056b3;
text-decoration: none;
border-radius: 5px;
}
pre {
background: #f8f9fa;
padding: 10px;
border-radius: 5px;
font-size: 14px;
overflow-x: auto;
}
</style>
</head>
<body>
<p>Hi,</p>

<p>
Please find the latest report on new defect(s) introduced to <strong>Synchronet</strong>
found with Coverity Scan.
</p>

<ul>
<li><strong>New Defects Found:</strong> 3</li>
<li><strong>Defects Shown:</strong> Showing 3 of 3 defect(s)</li>
</ul>

<h3>Defect Details</h3>
<pre>
** CID 640989: (CONSTANT_EXPRESSION_RESULT)
/chk_ar.cpp: 752 in sbbs_t::ar_exp(const unsigned char **, user_t *, client_t *)()
/chk_ar.cpp: 763 in sbbs_t::ar_exp(const unsigned char **, user_t *, client_t *)()

_____________________________________________________________________________________________
*** CID 640989: (CONSTANT_EXPRESSION_RESULT)
/chk_ar.cpp: 752 in sbbs_t::ar_exp(const unsigned char **, user_t *, client_t *)()
746 while (**ptrptr != '\0' && **ptrptr != ']' && i < sizeof(tmp) - 1)
747 tmp[i++] = *(*ptrptr)++;
748 tmp[i] = '\0';
749 if (**ptrptr == ']') { 750 (*ptrptr)++;
751 section = tmp; >>> CID 640989: (CONSTANT_EXPRESSION_RESULT) >>> "**ptrptr == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
752 SKIP_WHITESPACE(*ptrptr);
753 }
754 }
755 else if (strchr((char *)(*ptrptr), ':') != nullptr) { // [section:]key
756 i = 0;
757 while (**ptrptr != '\0' && **ptrptr != ':' && i < sizeof(tmp) - 1)
/chk_ar.cpp: 763 in sbbs_t::ar_exp(const unsigned char **, user_t *, client_t *)()
757 while (**ptrptr != '\0' && **ptrptr != ':' && i < sizeof(tmp) - 1)
758 tmp[i++] = *(*ptrptr)++;
759 tmp[i] = '\0';
760 if (**ptrptr != '\0') { 761 (*ptrptr)++;
762 section = tmp; >>> CID 640989: (CONSTANT_EXPRESSION_RESULT) >>> "**ptrptr == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
763 SKIP_WHITESPACE(*ptrptr);
764 }
765 }
766 SKIP_CHAR((*ptrptr), ':');
767 if (!user_get_bool_property(&cfg, user->number, section, (char*)*ptrptr, false))
768 result = _not;

** CID 640988: Null pointer dereferences (FORWARD_NULL)

_____________________________________________________________________________________________
*** CID 640988: Null pointer dereferences (FORWARD_NULL)
/userdat.c: 4877 in user_get_bool_property()
4871 c_unescape_printable((char*)section);
4872 }
4873 if (key != NULL) {
4874 key = strdup(key);
4875 c_unescape_printable((char*)key);
4876 }
>>> CID 640988: Null pointer dereferences (FORWARD_NULL) >>> Passing null pointer "key" to "iniReadBool", which dereferences it.
4877 bool result = iniReadBool(fp, section, key, deflt);
4878 iniCloseFile(fp);
4879 free((char*)section);
4880 free((char*)key);
4881 return result;
4882 }

** CID 640987: (CONSTANT_EXPRESSION_RESULT)
/userdat.c: 2740 in ar_exp()
/userdat.c: 2729 in ar_exp()

_____________________________________________________________________________________________
*** CID 640987: (CONSTANT_EXPRESSION_RESULT)
/userdat.c: 2740 in ar_exp()
2734 while (**ptrptr != '\0' && **ptrptr != ':' && i < sizeof(tmp) - 1)
2735 tmp[i++] = *(*ptrptr)++;
2736 tmp[i] = '\0';
2737 if (**ptrptr != '\0') { 2738 (*ptrptr)++;
2739 section = tmp; >>> CID 640987: (CONSTANT_EXPRESSION_RESULT) >>> "**ptrptr == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
2740 SKIP_WHITESPACE(*ptrptr);
2741 }
2742 }
2743 SKIP_CHAR((*ptrptr), ':');
2744 if (!user_get_bool_property(cfg, user->number, section, (char*)*ptrptr, false))
2745 result = not;
/userdat.c: 2729 in ar_exp()
2723 while (**ptrptr != '\0' && **ptrptr != ']' && i < sizeof(tmp) - 1)
2724 tmp[i++] = *(*ptrptr)++;
2725 tmp[i] = '\0';
2726 if (**ptrptr == ']') { 2727 (*ptrptr)++;
2728 section = tmp; >>> CID 640987: (CONSTANT_EXPRESSION_RESULT) >>> "**ptrptr == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
2729 SKIP_WHITESPACE(*ptrptr);
2730 }
2731 }
2732 else if (strchr((char *)(*ptrptr), ':') != NULL) { // [section:]key
2733 i = 0;
2734 while (**ptrptr != '\0' && **ptrptr != ':' && i < sizeof(tmp) - 1)

</pre>

<p>
<a href="https://scan.coverity.com/projects/synchronet?tab=overview" class="button">View Defects in Coverity Scan</a>
</p>

<p>Best regards,</p>
<p>The Coverity Scan Admin Team</p>
<img class="logo" width="140" src="https://scan.coverity.com/assets/BlackDuckLogo-6697adc63e07340464201a2ad534d3d3e44f95d36edda20b140440d34f05372f.svg" />
</body>
</html>
----==_mimepart_69664c8455017_2561de2afbc97ad9ac598df--

--- SBBSecho 3.34-Linux
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

From scan-admin@coverity.com@1:103/705 to All on Wed Jan 14 13:46:35 2026

----==_mimepart_69679e3a9f33a_26617a2afbc97ad9ac59811
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

113 new defect(s) introduced to Synchronet found with Coverity Scan.
7 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 20 of 113 defect(s)

** CID 641219: Integer handling issues (CONSTANT_EXPRESSION_RESULT) /userdat.c: 3499 in alias()

_____________________________________________________________________________________________
*** CID 641219: Integer handling issues (CONSTANT_EXPRESSION_RESULT) /userdat.c: 3499 in alias()
3493
3494 if (*tp == 0) /* no alias value */
3495 continue;
3496 *tp = 0;
3497
3498 vp = tp + 1;

CID 641219: Integer handling issues (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*vp == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".

3499 SKIP_WHITESPACE(vp);
3500 truncsp(vp);
3501 if (*vp == 0) /* no value */
3502 continue;
3503
3504 if (*np == '*') {

** CID 641218: (CONSTANT_EXPRESSION_RESULT)
/ftpsrvr.c: 3761 in ctrl_thread()
/ftpsrvr.c: 4084 in ctrl_thread()

_____________________________________________________________________________________________
*** CID 641218: (CONSTANT_EXPRESSION_RESULT)
/ftpsrvr.c: 3761 in ctrl_thread()
3755 tp = np; /* terminator pointer */
3756 FIND_WHITESPACE(tp);
3757 if (*tp)
3758 *tp = 0;
3759
3760 dp = tp + 1; /* description pointer */

CID 641218: (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*dp == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".

3761 SKIP_WHITESPACE(dp);
3762 truncsp(dp);
3763
3764 if (stricmp(dp, BBS_HIDDEN_ALIAS) == 0)
3765 continue;
3766
/ftpsrvr.c: 4084 in ctrl_thread()
4078 tp = np; /* terminator pointer */
4079 FIND_WHITESPACE(tp); 4080 if (*tp)
4081 *tp = 0;
4082
4083 dp = tp + 1; /* description pointer */

CID 641218: (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*dp == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".

4084 SKIP_WHITESPACE(dp); 4085 truncsp(dp);
4086
4087 if (stricmp(dp, BBS_HIDDEN_ALIAS) == 0)
4088 continue;
4089

** CID 641217: (CONSTANT_EXPRESSION_RESULT) /tmp/sbbs-Jan-14-2026/src/smblib/smbstr.c: 353 in smb_netaddr_type() /tmp/sbbs-Jan-14-2026/src/smblib/smbstr.c: 343 in smb_netaddr_type()

_____________________________________________________________________________________________
*** CID 641217: (CONSTANT_EXPRESSION_RESULT) /tmp/sbbs-Jan-14-2026/src/smblib/smbstr.c: 353 in smb_netaddr_type()
347 return NET_FIDO;
348 return NET_NONE;
349 }
350 if (p == str)
351 return NET_UNKNOWN;
352 p++;

CID 641217: (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".

353 SKIP_WHITESPACE(p);
354 if (*p == 0)
355 return NET_UNKNOWN;
356
357 type = smb_get_net_type_by_addr(p);
358 if (type == NET_INTERNET && strchr(str, ' ') != NULL) /tmp/sbbs-Jan-14-2026/src/smblib/smbstr.c: 343 in smb_netaddr_type()
337 const char* p;
338
339 if (str == NULL || IS_WHITESPACE(*str))
340 return NET_NONE;
341 if ((p = strchr(str, '@')) == NULL) {
342 p = str;

CID 641217: (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".

343 SKIP_WHITESPACE(p);
344 if (*p == 0)
345 return NET_NONE;
346 if (smb_get_net_type_by_addr(p) == NET_FIDO)
347 return NET_FIDO;
348 return NET_NONE;

** CID 641216: Integer handling issues (CONSTANT_EXPRESSION_RESULT) /sbbsecho.c: 6561 in read_areafile_bbs()

_____________________________________________________________________________________________
*** CID 641216: Integer handling issues (CONSTANT_EXPRESSION_RESULT) /sbbsecho.c: 6561 in read_areafile_bbs()
6555 lprintf(LOG_ERR, "ERROR allocating memory for area #%u.", cfg.areas + 1);
6556 bail(1);
6557 return;
6558 }
6559 sprintf(tmp_code, "%-.*s", LEN_EXTCODE, p);
6560 tp = tmp_code;

CID 641216: Integer handling issues (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*tp == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".

6561 FIND_WHITESPACE(tp);
6562 *tp = '\0';
6563 for (i = 0; i < scfg.total_subs; i++)
6564 if (!stricmp(tmp_code, scfg.sub[i]->code))
6565 break;
6566 if (i < scfg.total_subs)

** CID 641215: (CONSTANT_EXPRESSION_RESULT)
/un_rep.cpp: 567 in sbbs_t::unpack_rep(char *)()
/un_rep.cpp: 554 in sbbs_t::unpack_rep(char *)()
/un_rep.cpp: 570 in sbbs_t::unpack_rep(char *)()
/un_rep.cpp: 569 in sbbs_t::unpack_rep(char *)()
/un_rep.cpp: 552 in sbbs_t::unpack_rep(char *)()
/un_rep.cpp: 555 in sbbs_t::unpack_rep(char *)()

_____________________________________________________________________________________________
*** CID 641215: (CONSTANT_EXPRESSION_RESULT)
/un_rep.cpp: 567 in sbbs_t::unpack_rep(char *)()
561 subscan[n].cfg |= SUB_CFG_NSCAN | SUB_CFG_YSCAN;
562 }
563 continue;
564 }
565 if (strnicmp(str, "RESET ", 6) == 0) { 566 p = str + 6;

CID 641215: (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".

567 SKIP_WHITESPACE(p);
568 if ((n = resolve_qwkconf(atoi(p))) != INVALID_SUB) {
569 FIND_WHITESPACE(p);
570 SKIP_WHITESPACE(p);
571 /* If the [#ofmessages] is blank then the pointer should be set back to the start of the message base */
572 if (*p == 0) /un_rep.cpp: 554 in sbbs_t::unpack_rep(char *)()
548 if (!fgets(str, sizeof(str) - 1, fp)) 549 break;
550 if (strnicmp(str, "AREA ", 5) == 0) { 551 p = str + 5;
552 SKIP_WHITESPACE(p);
553 if ((n = resolve_qwkconf(atoi(p))) != INVALID_SUB) {

CID 641215: (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".

554 FIND_WHITESPACE(p);
555 SKIP_WHITESPACE(p);
556 if (strchr(p, 'D'))
557 subscan[n].cfg &= ~SUB_CFG_NSCAN;
558 else if (strchr(p, 'a') || strchr(p, 'g'))
559 subscan[n].cfg |= SUB_CFG_NSCAN;
/un_rep.cpp: 570 in sbbs_t::unpack_rep(char *)()
564 }
565 if (strnicmp(str, "RESET ", 6) == 0) { 566 p = str + 6;
567 SKIP_WHITESPACE(p);
568 if ((n = resolve_qwkconf(atoi(p))) != INVALID_SUB) {
569 FIND_WHITESPACE(p);

CID 641215: (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".

570 SKIP_WHITESPACE(p);
571 /* If the [#ofmessages] is blank then the pointer should be set back to the start of the message base */
572 if (*p == 0)
573 subscan[n].ptr = 0;
574 else {
575 /* otherwise it should be set back [#ofmessages] back from the end of the message base. */
/un_rep.cpp: 569 in sbbs_t::unpack_rep(char *)()
563 continue;
564 }
565 if (strnicmp(str, "RESET ", 6) == 0) { 566 p = str + 6;
567 SKIP_WHITESPACE(p);
568 if ((n = resolve_qwkconf(atoi(p))) != INVALID_SUB) {

CID 641215: (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".

569 FIND_WHITESPACE(p);
570 SKIP_WHITESPACE(p);
571 /* If the [#ofmessages] is blank then the pointer should be set back to the start of the message base */
572 if (*p == 0)
573 subscan[n].ptr = 0;
574 else {
/un_rep.cpp: 552 in sbbs_t::unpack_rep(char *)()
546 if (fp != NULL) {
547 while (!feof(fp)) {
548 if (!fgets(str, sizeof(str) - 1, fp)) 549 break;
550 if (strnicmp(str, "AREA ", 5) == 0) { 551 p = str + 5;

CID 641215: (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".

552 SKIP_WHITESPACE(p);
553 if ((n = resolve_qwkconf(atoi(p))) != INVALID_SUB) {
554 FIND_WHITESPACE(p);
555 SKIP_WHITESPACE(p);
556 if (strchr(p, 'D'))
557 subscan[n].cfg &= ~SUB_CFG_NSCAN;
/un_rep.cpp: 555 in sbbs_t::unpack_rep(char *)()
549 break;
550 if (strnicmp(str, "AREA ", 5) == 0) { 551 p = str + 5;
552 SKIP_WHITESPACE(p);
553 if ((n = resolve_qwkconf(atoi(p))) != INVALID_SUB) {
554 FIND_WHITESPACE(p);

CID 641215: (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".

555 SKIP_WHITESPACE(p);
556 if (strchr(p, 'D'))
557 subscan[n].cfg &= ~SUB_CFG_NSCAN;
558 else if (strchr(p, 'a') || strchr(p, 'g'))
559 subscan[n].cfg |= SUB_CFG_NSCAN;
560 else if (strchr(p, 'p'))

** CID 641214: Integer handling issues (CONSTANT_EXPRESSION_RESULT) /sbbsecho.c: 1603 in check_elists()

_____________________________________________________________________________________________
*** CID 641214: Integer handling issues (CONSTANT_EXPRESSION_RESULT) /sbbsecho.c: 1603 in check_elists()
1597 break;
1598 p = str;
1599 SKIP_WHITESPACE(p); 1600 if (*p == ';') /* Ignore Comment Lines */
1601 continue;
1602 tp = p;

CID 641214: Integer handling issues (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*tp == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".

1603 FIND_WHITESPACE(tp); 1604 *tp = '\0';
1605 if (!stricmp(areatag, p)) {
1606 match = true; 1607 break;
1608 }

** CID 641213: Integer handling issues (CONSTANT_EXPRESSION_RESULT) /userdat.c: 3492 in alias()

_____________________________________________________________________________________________
*** CID 641213: Integer handling issues (CONSTANT_EXPRESSION_RESULT) /userdat.c: 3492 in alias()
3486 break;
3487 np = line;
3488 SKIP_WHITESPACE(np);
3489 if (*np == ';' || *np == 0) /* no name value, or comment */
3490 continue;
3491 tp = np;

CID 641213: Integer handling issues (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*tp == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".

3492 FIND_WHITESPACE(tp);
3493
3494 if (*tp == 0) /* no alias value */
3495 continue;
3496 *tp = 0;
3497

** CID 641212: Integer handling issues (CONSTANT_EXPRESSION_RESULT) /sbbsecho.c: 1531 in netmail_arealist()

_____________________________________________________________________________________________
*** CID 641212: Integer handling issues (CONSTANT_EXPRESSION_RESULT) /sbbsecho.c: 1531 in netmail_arealist()
1525 truncsp(str);
1526 p = str;
1527 SKIP_WHITESPACE(p);
1528 if (*p == 0 || *p == ';') /* Ignore Blank and Comment Lines */
1529 continue;
1530 tp = p; >>> CID 641212: Integer handling issues (CONSTANT_EXPRESSION_RESULT)

"(unsigned char)*tp == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".

1531 FIND_WHITESPACE(tp);
1532 *tp = '\0';
1533 if (find_linked_area(p, addr) == SUB_NOT_FOUND) {
1534 if (strListFind(area_list, p, /* case_sensitive */ false) < 0)
1535 strListPush(&area_list, p);
1536 }

** CID 641211: Integer handling issues (CONSTANT_EXPRESSION_RESULT) /tmp/sbbs-Jan-14-2026/src/xpdev/ini_file.c: 232 in key_name()

_____________________________________________________________________________________________
*** CID 641211: Integer handling issues (CONSTANT_EXPRESSION_RESULT) /tmp/sbbs-Jan-14-2026/src/xpdev/ini_file.c: 232 in key_name()
226 *vp = NULL;
227
228 if (p == NULL)
229 return NULL;
230
231 /* Parse value name */

CID 641211: Integer handling issues (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".

232 SKIP_WHITESPACE(p);
233 if (*p == INI_COMMENT_CHAR)
234 return NULL;
235 if (*p == INI_OPEN_SECTION_CHAR)
236 return INI_NEW_SECTION;
237 equal = strchr(p, '=');

** CID 641210: Integer handling issues (CONSTANT_EXPRESSION_RESULT) /wordwrap.c: 211 in get_ws_len()

_____________________________________________________________________________________________
*** CID 641210: Integer handling issues (CONSTANT_EXPRESSION_RESULT) /wordwrap.c: 211 in get_ws_len()
205 {
206 struct section_len ret = {0, 0};
207
208 for (ret.bytes = 0; ; ret.bytes++) {
209 if (!buf[ret.bytes])
210 break;

CID 641210: Integer handling issues (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)buf[ret.bytes] == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".

211 if (!IS_WHITESPACE(buf[ret.bytes]))
212 break;
213 if (buf[ret.bytes] == '\t') {
214 ret.len++;
215 while ((ret.len + col) % 8)
216 ret.len++;

** CID 641209: (CONSTANT_EXPRESSION_RESULT) /tmp/sbbs-Jan-14-2026/src/xpdev/ini_file.c: 83 in section_name() /tmp/sbbs-Jan-14-2026/src/xpdev/ini_file.c: 87 in section_name()

_____________________________________________________________________________________________
*** CID 641209: (CONSTANT_EXPRESSION_RESULT) /tmp/sbbs-Jan-14-2026/src/xpdev/ini_file.c: 83 in section_name()
77 }
78
79 static char* section_name(char* p)
80 {
81 char* tp;
82

CID 641209: (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".

83 SKIP_WHITESPACE(p);
84 if (*p != INI_OPEN_SECTION_CHAR)
85 return NULL;
86 p++;
87 SKIP_WHITESPACE(p);
88 tp = strrchr(p, INI_CLOSE_SECTION_CHAR); /tmp/sbbs-Jan-14-2026/src/xpdev/ini_file.c: 87 in section_name()
81 char* tp;
82
83 SKIP_WHITESPACE(p);
84 if (*p != INI_OPEN_SECTION_CHAR)
85 return NULL;
86 p++;

CID 641209: (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".

87 SKIP_WHITESPACE(p);
88 tp = strrchr(p, INI_CLOSE_SECTION_CHAR);
89 if (tp == NULL)
90 return NULL;
91 *tp = 0;
92 truncsp(p);

** CID 641208: Integer handling issues (CONSTANT_EXPRESSION_RESULT) /mailsrvr.cpp: 1989 in parse_mail_address(const char *, char *, unsigned long, char *, unsigned long)()

_____________________________________________________________________________________________
*** CID 641208: Integer handling issues (CONSTANT_EXPRESSION_RESULT) /mailsrvr.cpp: 1989 in parse_mail_address(const char *, char *, unsigned long, char *, unsigned long)()
1983
1984 /* Get the address */
1985 if ((tp = (char*)strchr(p, '<')) != NULL)
1986 tp++;
1987 else
1988 tp = (char*)p;

CID 641208: Integer handling issues (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*tp == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".

1989 SKIP_WHITESPACE(tp);
1990 sprintf(addr, "%.*s", (int)addr_len, tp);
1991 truncstr(addr, ">( ");
1992
1993 if (name != NULL) {
1994 SAFECOPY(tmp, p);

** CID 641207: Integer handling issues (CONSTANT_EXPRESSION_RESULT) /sbbsecho.c: 2496 in process_areamgr()

_____________________________________________________________________________________________
*** CID 641207: Integer handling issues (CONSTANT_EXPRESSION_RESULT) /sbbsecho.c: 2496 in process_areamgr()
2490 }
2491
2492 m = strlen(p);
2493 add_area = strListInit();
2494 del_area = strListInit();
2495 for (l = 0; l < m; l++) {

CID 641207: Integer handling issues (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)p[l] == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".

2496 while (*(p + l) && IS_WHITESPACE(*(p + l))) l++;
2497 while (*(p + l) == CTRL_A) { /* Ignore kludge lines June-13-2004 */
2498 while (*(p + l) && *(p + l) != '\r') l++;
2499 continue;
2500 }
2501 if (!(*(p + l)))

** CID 641206: Integer handling issues (CONSTANT_EXPRESSION_RESULT) /tmp/sbbs-Jan-14-2026/src/xpdev/ini_file.c: 118 in section_match()

_____________________________________________________________________________________________
*** CID 641206: Integer handling issues (CONSTANT_EXPRESSION_RESULT) /tmp/sbbs-Jan-14-2026/src/xpdev/ini_file.c: 118 in section_match() 112 /* Search for matches */
113 for (i = 0; names[i] != NULL && !found; i++)
114 for (j = 0; comps[j] != NULL && !found; j++) {
115 n = names[i];
116 SKIP_WHITESPACE(n);
117 c = comps[j];

CID 641206: Integer handling issues (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*c == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".

118 SKIP_WHITESPACE(c);
119 if (case_sensitive)
120 found = strcmp(n, c) == 0;
121 else
122 found = stricmp(n, c) == 0;
123 }

** CID 641205: (CONSTANT_EXPRESSION_RESULT)
/sbbsecho.c: 2225 in areamgr_command()
/sbbsecho.c: 2191 in areamgr_command()
/sbbsecho.c: 2224 in areamgr_command()
/sbbsecho.c: 2335 in areamgr_command()
/sbbsecho.c: 2156 in areamgr_command()
/sbbsecho.c: 2273 in areamgr_command()
/sbbsecho.c: 2192 in areamgr_command()
/sbbsecho.c: 2336 in areamgr_command()
/sbbsecho.c: 2250 in areamgr_command()
/sbbsecho.c: 2155 in areamgr_command()
/sbbsecho.c: 2274 in areamgr_command()
/sbbsecho.c: 2306 in areamgr_command()
/sbbsecho.c: 2249 in areamgr_command()

_____________________________________________________________________________________________
*** CID 641205: (CONSTANT_EXPRESSION_RESULT)
/sbbsecho.c: 2225 in areamgr_command()
2219 }
2220
2221 if (strnicmp(instr, "PKTPWD ", 7) == 0) {
2222 char pktpwd[FIDO_PASS_LEN + 1]; /* Packet password for this node */
2223 char* p = instr;
2224 FIND_WHITESPACE(p);

CID 641205: (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".

2225 SKIP_WHITESPACE(p);
2226 SAFECOPY(pktpwd, p);
2227 if (!stricmp(pktpwd, nodecfg->pktpwd)) {
2228 snprintf(str, sizeof str, "Your packet password was already set to '%s'."
2229 , nodecfg->pktpwd);
2230 lprintf(LOG_INFO, "AreaMgr (for %s) %s", faddrtoa(&addr), str);
/sbbsecho.c: 2191 in areamgr_command()
2185 return true;
2186 }
2187
2188 if (strnicmp(instr, "PASSWORD ", 9) == 0 || strnicmp(instr, "PWD ", 4) == 0) {
2189 char password[FIDO_SUBJ_LEN]; /* AreaMgr password for this node */
2190 char* p = instr;

CID 641205: (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".

2191 FIND_WHITESPACE(p);
2192 SKIP_WHITESPACE(p);
2193 SAFECOPY(password, p);
2194 if (strchr(password, ' ') != NULL) {
2195 snprintf(str, sizeof str, "Your AreaMgr password cannot contain spaces.");
2196 lprintf(LOG_INFO, "AreaMgr (for %s) %s", faddrtoa(&addr), str);
/sbbsecho.c: 2224 in areamgr_command()
2218 return true;
2219 }
2220
2221 if (strnicmp(instr, "PKTPWD ", 7) == 0) {
2222 char pktpwd[FIDO_PASS_LEN + 1]; /* Packet password for this node */
2223 char* p = instr;

CID 641205: (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".

2224 FIND_WHITESPACE(p);
2225 SKIP_WHITESPACE(p);
2226 SAFECOPY(pktpwd, p);
2227 if (!stricmp(pktpwd, nodecfg->pktpwd)) {
2228 snprintf(str, sizeof str, "Your packet password was already set to '%s'."
2229 , nodecfg->pktpwd);
/sbbsecho.c: 2335 in areamgr_command()
2329 , str, /* dest: */ addr, /* src: */ NULL);
2330 return true;
2331 }
2332
2333 if (strnicmp(instr, "ECHOSTATS ", 10) == 0) {
2334 char* p = instr;

CID 641205: (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".

2335 FIND_WHITESPACE(p);
2336 SKIP_WHITESPACE(p);
2337 echostat_t* stat = get_echostat(p, /* create: */ false);
2338 if (stat == NULL) {
2339 lprintf(LOG_INFO, "AreaMgr (for %s) EchoStats request for unknown echo: %s", faddrtoa(&addr), p);
2340 } else {
/sbbsecho.c: 2156 in areamgr_command()
2150 alter_config(nodecfg, "Name", to);
2151 }
2152
2153 if (strnicmp(instr, "COMPRESSION ", 12) == 0 || strnicmp(instr, "COMPRESS ", 9) == 0) {
2154 char* p = instr;
2155 FIND_WHITESPACE(p);

CID 641205: (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".

2156 SKIP_WHITESPACE(p);
2157 if (!stricmp(p, "NONE"))
2158 nodecfg->archive = SBBSECHO_ARCHIVE_NONE;
2159 else {
2160 for (u = 0; u < cfg.arcdefs; u++)
2161 if (stricmp(p, cfg.arcdef[u].name) == 0)
/sbbsecho.c: 2273 in areamgr_command()
2267 create_netmail(to, /* msg: */ NULL, "TIC File Password Change Request", str, /* dest: */ addr, /* src: */ NULL);
2268 return true;
2269 }
2270
2271 if (strnicmp(instr, "NOTIFY ", 7) == 0) {
2272 char* p = instr;

CID 641205: (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".

2273 FIND_WHITESPACE(p);
2274 SKIP_WHITESPACE(p);
2275 if (alter_config(nodecfg, "Notify", p)) {
2276 SAFEPRINTF2(str, "Your Notification Messages have been changed from '%s' to '%s'."
2277 , nodecfg->send_notify ? "ON" : "OFF", p);
2278 } else {
/sbbsecho.c: 2192 in areamgr_command()
2186 }
2187
2188 if (strnicmp(instr, "PASSWORD ", 9) == 0 || strnicmp(instr, "PWD ", 4) == 0) {
2189 char password[FIDO_SUBJ_LEN]; /* AreaMgr password for this node */
2190 char* p = instr;
2191 FIND_WHITESPACE(p);

CID 641205: (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".

2192 SKIP_WHITESPACE(p);
2193 SAFECOPY(password, p);
2194 if (strchr(password, ' ') != NULL) {
2195 snprintf(str, sizeof str, "Your AreaMgr password cannot contain spaces.");
2196 lprintf(LOG_INFO, "AreaMgr (for %s) %s", faddrtoa(&addr), str);
2197 create_netmail(to, /* msg: */ NULL, "AreaMgr Password Change Request", str
/sbbsecho.c: 2336 in areamgr_command()
2330 return true;
2331 }
2332
2333 if (strnicmp(instr, "ECHOSTATS ", 10) == 0) {
2334 char* p = instr;
2335 FIND_WHITESPACE(p);

CID 641205: (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".

2336 SKIP_WHITESPACE(p);
2337 echostat_t* stat = get_echostat(p, /* create: */ false);
2338 if (stat == NULL) {
2339 lprintf(LOG_INFO, "AreaMgr (for %s) EchoStats request for unknown echo: %s", faddrtoa(&addr), p);
2340 } else {
2341 FILE* fp;
/sbbsecho.c: 2250 in areamgr_command()
2244 }
2245
2246 if (strnicmp(instr, "TICPWD ", 7) == 0) {
2247 char ticpwd[SBBSECHO_MAX_TICPWD_LEN + 1]; /* TIC File password for this node */
2248 char* p = instr;
2249 FIND_WHITESPACE(p);

CID 641205: (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".

2250 SKIP_WHITESPACE(p);
2251 SAFECOPY(ticpwd, p);
2252 if (!stricmp(ticpwd, nodecfg->ticpwd)) {
2253 snprintf(str, sizeof str, "Your TIC File password was already set to '%s'."
2254 , nodecfg->ticpwd);
2255 lprintf(LOG_INFO, "AreaMgr (for %s) %s", faddrtoa(&addr), str);
/sbbsecho.c: 2155 in areamgr_command()
2149 lprintf(LOG_INFO, "AreaMgr (for %s) Changing name to: %s", faddrtoa(&addr), to);
2150 alter_config(nodecfg, "Name", to);
2151 }
2152
2153 if (strnicmp(instr, "COMPRESSION ", 12) == 0 || strnicmp(instr, "COMPRESS ", 9) == 0) {
2154 char* p = instr;

CID 641205: (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".

2155 FIND_WHITESPACE(p);
2156 SKIP_WHITESPACE(p);
2157 if (!stricmp(p, "NONE"))
2158 nodecfg->archive = SBBSECHO_ARCHIVE_NONE;
2159 else {
2160 for (u = 0; u < cfg.arcdefs; u++)
/sbbsecho.c: 2274 in areamgr_command()
2268 return true;
2269 }
2270
2271 if (strnicmp(instr, "NOTIFY ", 7) == 0) {
2272 char* p = instr;
2273 FIND_WHITESPACE(p);

CID 641205: (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".

2274 SKIP_WHITESPACE(p);
2275 if (alter_config(nodecfg, "Notify", p)) {
2276 SAFEPRINTF2(str, "Your Notification Messages have been changed from '%s' to '%s'."
2277 , nodecfg->send_notify ? "ON" : "OFF", p);
2278 } else {
2279 SAFECOPY(str, "Error changing Notify Setting"); /sbbsecho.c: 2306 in areamgr_command()
2300 return true;
2301 }
2302
2303 // %RESCAN <area-tag> [R=<count> || D=<days>]
2304 if (strnicmp(instr, "RESCAN ", 7) == 0) {
2305 char* p = instr + 7;

CID 641205: (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".

2306 SKIP_WHITESPACE(p);
2307 char* tp = p;
2308 FIND_WHITESPACE(tp);
2309 if (*tp != '\0') {
2310 *tp = '\0';
2311 ++tp;
/sbbsecho.c: 2249 in areamgr_command()
2243 return true;
2244 }
2245
2246 if (strnicmp(instr, "TICPWD ", 7) == 0) {
2247 char ticpwd[SBBSECHO_MAX_TICPWD_LEN + 1]; /* TIC File password for this node */
2248 char* p = instr;

CID 641205: (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".

2249 FIND_WHITESPACE(p);
2250 SKIP_WHITESPACE(p);
2251 SAFECOPY(ticpwd, p);
2252 if (!stricmp(ticpwd, nodecfg->ticpwd)) {
2253 snprintf(str, sizeof str, "Your TIC File password was already set to '%s'."
2254 , nodecfg->ticpwd);

** CID 641204: Integer handling issues (CONSTANT_EXPRESSION_RESULT) /main.cpp: 5749 in bbs_thread()

_____________________________________________________________________________________________
*** CID 641204: Integer handling issues (CONSTANT_EXPRESSION_RESULT) /main.cpp: 5749 in bbs_thread()
5743 /* ToDo: Make ident timeout configurable */
5744 if (identify(&client_addr, inet_addrport(&client_addr), str, sizeof(str) - 1, /* timeout: */ 1)) {
5745 lprintf(LOG_DEBUG, "%04d %s [%s] Ident Response: %s", client_socket, client.protocol, host_ip, str);
5746 identity = strrchr(str, ':'); 5747 if (identity != NULL) {
5748 identity++; /* skip colon */

CID 641204: Integer handling issues (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*identity == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".

5749 SKIP_WHITESPACE(identity);
5750 if (*identity)
5751 lprintf(LOG_INFO, "%04d %s [%s] Identity: %s", client_socket, client.protocol, host_ip, identity);
5752 }
5753 }
5754 sbbs->cp437_out(crlf);

** CID 641203: (CONSTANT_EXPRESSION_RESULT)
/netmail.cpp: 432 in sbbs_t::qwktonetmail(_IO_FILE *, char *, char *, unsigned char)()
/netmail.cpp: 422 in sbbs_t::qwktonetmail(_IO_FILE *, char *, char *, unsigned char)()

_____________________________________________________________________________________________
*** CID 641203: (CONSTANT_EXPRESSION_RESULT)
/netmail.cpp: 432 in sbbs_t::qwktonetmail(_IO_FILE *, char *, char *, unsigned char)()
426 SAFECOPY(to, p);
427 p += strlen(p) + 1;
428 continue;
429 }
430 if (strncmp(p, "Subject:", 8) == 0) {
431 p += 8;

CID 641203: (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".

432 SKIP_WHITESPACE(p);
433 char* tp = strchr(p, QWK_NEWLINE); /* chop off at first CR */
434 if (tp != NULL)
435 *tp = 0;
436 subject = p;
437 p += strlen(p) + 1;
/netmail.cpp: 422 in sbbs_t::qwktonetmail(_IO_FILE *, char *, char *, unsigned char)()
416 SAFECOPY(to, into);
417
418 // Parse QWKE Kludge Lines here:
419 while (p < end && *p != QWK_NEWLINE) {
420 if (strncmp(p, "To:", 3) == 0) {
421 p += 3;

CID 641203: (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".

422 SKIP_WHITESPACE(p);
423 char* tp = strchr(p, QWK_NEWLINE); /* chop off at first CR */
424 if (tp != NULL)
425 *tp = 0;
426 SAFECOPY(to, p);
427 p += strlen(p) + 1;

** CID 641202: Integer handling issues (CONSTANT_EXPRESSION_RESULT) /mailsrvr.cpp: 1960 in dns_blacklisted(int, const char *, xp_sockaddr *, char *, char *, char *)()

_____________________________________________________________________________________________
*** CID 641202: Integer handling issues (CONSTANT_EXPRESSION_RESULT) /mailsrvr.cpp: 1960 in dns_blacklisted(int, const char *, xp_sockaddr *, char *, char *, char *)()
1954 continue;
1955
1956 sprintf(list, "%.100s", p);
1957
1958 /* terminate */
1959 tp = p;

CID 641202: Integer handling issues (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*tp == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".

1960 FIND_WHITESPACE(tp);
1961 *tp = 0;
1962
1963 found = rblchk(sock, prot, addr, p);
1964 }
1965 fclose(fp);

** CID 641201: (CONSTANT_EXPRESSION_RESULT)
/netmail.cpp: 1185 in sbbs_t::inetmail(const char *, const char *, int, smb_t *, smbmsg_t *, char **)()
/netmail.cpp: 1195 in sbbs_t::inetmail(const char *, const char *, int, smb_t *, smbmsg_t *, char **)()
/netmail.cpp: 975 in sbbs_t::inetmail(const char *, const char *, int, smb_t *, smbmsg_t *, char **)()
/netmail.cpp: 1202 in sbbs_t::inetmail(const char *, const char *, int, smb_t *, smbmsg_t *, char **)()

_____________________________________________________________________________________________
*** CID 641201: (CONSTANT_EXPRESSION_RESULT)
/netmail.cpp: 1185 in sbbs_t::inetmail(const char *, const char *, int, smb_t *, smbmsg_t *, char **)()
1179 break;
1180 }
1181
1182 /* Get destination user address */
1183 if ((p = strrchr(rcpt_list[rcpt_count], '<')) != NULL) {
1184 p++;

CID 641201: (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".

1185 SKIP_WHITESPACE(p);
1186 SAFECOPY(addr, p);
1187 p = strrchr(addr, '>');
1188 if (p == NULL) {
1189 bprintf(text[InvalidNetMailAddr], rcpt_list[rcpt_count]);
1190 break;
/netmail.cpp: 1195 in sbbs_t::inetmail(const char *, const char *, int, smb_t *, smbmsg_t *, char **)()
1189 bprintf(text[InvalidNetMailAddr], rcpt_list[rcpt_count]);
1190 break;
1191 }
1192 *p = 0;
1193 } else {
1194 p = rcpt_list[rcpt_count];

CID 641201: (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".

1195 SKIP_WHITESPACE(p);
1196 SAFECOPY(addr, p);
1197 }
1198 truncsp(addr);
1199
1200 /* Get destination user name */
/netmail.cpp: 975 in sbbs_t::inetmail(const char *, const char *, int, smb_t *, smbmsg_t *, char **)()
969 bprintf(text[InvalidNetMailAddr], p);
970 continue;
971 }
972 while (at > p && *at > ' ')
973 at--;
974 p = at;

CID 641201: (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".

975 SKIP_WHITESPACE(p);
976 uint16_t net_type = smb_netaddr_type(p);
977 if (net_type != NET_INTERNET) {
978 bprintf(text[InvalidNetMailAddr], p);
979 break;
980 }
/netmail.cpp: 1202 in sbbs_t::inetmail(const char *, const char *, int, smb_t *, smbmsg_t *, char **)()
1196 SAFECOPY(addr, p);
1197 }
1198 truncsp(addr);
1199
1200 /* Get destination user name */
1201 p = rcpt_list[rcpt_count];

CID 641201: (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".

1202 SKIP_WHITESPACE(p);
1203 SAFECOPY(name, p);
1204 p = strrchr(name, '<');
1205 if (!p)
1206 p = strrchr(name, '@');
1207 if (!p)

** CID 641200: (CONSTANT_EXPRESSION_RESULT)
/ftpsrvr.c: 1534 in ftpalias()
/ftpsrvr.c: 1547 in ftpalias()

_____________________________________________________________________________________________
*** CID 641200: (CONSTANT_EXPRESSION_RESULT)
/ftpsrvr.c: 1534 in ftpalias()
1528
1529 while (!feof(fp)) {
1530 if (!fgets(line, sizeof(line), fp))
1531 break;
1532
1533 p = line; /* alias */

CID 641200: (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".

1534 SKIP_WHITESPACE(p);
1535 if (*p == ';') /* comment */
1536 continue;
1537
1538 tp = p; /* terminator */
1539 FIND_WHITESPACE(tp);
/ftpsrvr.c: 1547 in ftpalias()
1541 *tp = 0;
1542
1543 if (stricmp(p, alias)) /* Not a match */
1544 continue;
1545
1546 p = tp + 1; /* filename */

CID 641200: (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".

1547 SKIP_WHITESPACE(p);
1548
1549 tp = p; /* terminator */
1550 FIND_WHITESPACE(tp);
1551 if (*tp)
1552 *tp = 0;

________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://scan.coverity.com/projects/synchronet?tab=overview

----==_mimepart_69679e3a9f33a_26617a2afbc97ad9ac59811
Content-Type: text/html; charset=us-ascii
Content-Transfer-Encoding: 7bit

<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<title>New Defects Reported - Synchronet</title>
<style>
body { font-family: Arial, sans-serif; color: #222; line-height: 1.6; }
.button {
display: inline-block;
padding: 10px 20px;
margin: 20px 0;
font-size: 16px;
color: #fff !important;
background-color: #0056b3;
text-decoration: none;
border-radius: 5px;
}
pre {
background: #f8f9fa;
padding: 10px;
border-radius: 5px;
font-size: 14px;
overflow-x: auto;
}
</style>
</head>
<body>
<p>Hi,</p>

<p>
Please find the latest report on new defect(s) introduced to <strong>Synchronet</strong>
found with Coverity Scan.
</p>

<ul>
<li><strong>New Defects Found:</strong> 113</li>
<li>
7 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.
</li>
<li><strong>Defects Shown:</strong> Showing 20 of 113 defect(s)</li>
</ul>

<h3>Defect Details</h3>
<pre>
** CID 641219: Integer handling issues (CONSTANT_EXPRESSION_RESULT) /userdat.c: 3499 in alias()

_____________________________________________________________________________________________
*** CID 641219: Integer handling issues (CONSTANT_EXPRESSION_RESULT) /userdat.c: 3499 in alias()
3493
3494 if (*tp == 0) /* no alias value */
3495 continue;
3496 *tp = 0;
3497
3498 vp = tp + 1;
>>> CID 641219: Integer handling issues (CONSTANT_EXPRESSION_RESULT)
>>> "(unsigned char)*vp == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
3499 SKIP_WHITESPACE(vp);
3500 truncsp(vp);
3501 if (*vp == 0) /* no value */
3502 continue;
3503
3504 if (*np == '*') {

** CID 641218: (CONSTANT_EXPRESSION_RESULT)
/ftpsrvr.c: 3761 in ctrl_thread()
/ftpsrvr.c: 4084 in ctrl_thread()

_____________________________________________________________________________________________
*** CID 641218: (CONSTANT_EXPRESSION_RESULT)
/ftpsrvr.c: 3761 in ctrl_thread()
3755 tp = np; /* terminator pointer */
3756 FIND_WHITESPACE(tp);
3757 if (*tp)
3758 *tp = 0;
3759
3760 dp = tp + 1; /* description pointer */
>>> CID 641218: (CONSTANT_EXPRESSION_RESULT) >>> "(unsigned char)*dp == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
3761 SKIP_WHITESPACE(dp);
3762 truncsp(dp);
3763
3764 if (stricmp(dp, BBS_HIDDEN_ALIAS) == 0)
3765 continue;
3766
/ftpsrvr.c: 4084 in ctrl_thread()
4078 tp = np; /* terminator pointer */
4079 FIND_WHITESPACE(tp); 4080 if (*tp)
4081 *tp = 0;
4082
4083 dp = tp + 1; /* description pointer */
>>> CID 641218: (CONSTANT_EXPRESSION_RESULT) >>> "(unsigned char)*dp == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
4084 SKIP_WHITESPACE(dp); 4085 truncsp(dp);
4086
4087 if (stricmp(dp, BBS_HIDDEN_ALIAS) == 0)
4088 continue;
4089

** CID 641217: (CONSTANT_EXPRESSION_RESULT) /tmp/sbbs-Jan-14-2026/src/smblib/smbstr.c: 353 in smb_netaddr_type() /tmp/sbbs-Jan-14-2026/src/smblib/smbstr.c: 343 in smb_netaddr_type()

_____________________________________________________________________________________________
*** CID 641217: (CONSTANT_EXPRESSION_RESULT) /tmp/sbbs-Jan-14-2026/src/smblib/smbstr.c: 353 in smb_netaddr_type()
347 return NET_FIDO;
348 return NET_NONE;
349 }
350 if (p == str)
351 return NET_UNKNOWN;
352 p++;
>>> CID 641217: (CONSTANT_EXPRESSION_RESULT) >>> "(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
353 SKIP_WHITESPACE(p);
354 if (*p == 0)
355 return NET_UNKNOWN;
356
357 type = smb_get_net_type_by_addr(p);
358 if (type == NET_INTERNET && strchr(str, ' ') != NULL)
/tmp/sbbs-Jan-14-2026/src/smblib/smbstr.c: 343 in smb_netaddr_type()
337 const char* p;
338
339 if (str == NULL || IS_WHITESPACE(*str))
340 return NET_NONE;
341 if ((p = strchr(str, '@')) == NULL) {
342 p = str;
>>> CID 641217: (CONSTANT_EXPRESSION_RESULT) >>> "(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
343 SKIP_WHITESPACE(p);
344 if (*p == 0)
345 return NET_NONE;
346 if (smb_get_net_type_by_addr(p) == NET_FIDO)
347 return NET_FIDO;
348 return NET_NONE;

** CID 641216: Integer handling issues (CONSTANT_EXPRESSION_RESULT) /sbbsecho.c: 6561 in read_areafile_bbs()

_____________________________________________________________________________________________
*** CID 641216: Integer handling issues (CONSTANT_EXPRESSION_RESULT) /sbbsecho.c: 6561 in read_areafile_bbs()
6555 lprintf(LOG_ERR, "ERROR allocating memory for area #%u.", cfg.areas + 1);
6556 bail(1);
6557 return;
6558 }
6559 sprintf(tmp_code, "%-.*s", LEN_EXTCODE, p); 6560 tp = tmp_code;
>>> CID 641216: Integer handling issues (CONSTANT_EXPRESSION_RESULT)
>>> "(unsigned char)*tp == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
6561 FIND_WHITESPACE(tp);
6562 *tp = '\0';
6563 for (i = 0; i < scfg.total_subs; i++)
6564 if (!stricmp(tmp_code, scfg.sub[i]->code)) 6565 break;
6566 if (i < scfg.total_subs)

** CID 641215: (CONSTANT_EXPRESSION_RESULT)
/un_rep.cpp: 567 in sbbs_t::unpack_rep(char *)()
/un_rep.cpp: 554 in sbbs_t::unpack_rep(char *)()
/un_rep.cpp: 570 in sbbs_t::unpack_rep(char *)()
/un_rep.cpp: 569 in sbbs_t::unpack_rep(char *)()
/un_rep.cpp: 552 in sbbs_t::unpack_rep(char *)()
/un_rep.cpp: 555 in sbbs_t::unpack_rep(char *)()

_____________________________________________________________________________________________
*** CID 641215: (CONSTANT_EXPRESSION_RESULT)
/un_rep.cpp: 567 in sbbs_t::unpack_rep(char *)()
561 subscan[n].cfg |= SUB_CFG_NSCAN | SUB_CFG_YSCAN;
562 }
563 continue;
564 }
565 if (strnicmp(str, "RESET ", 6) == 0) {
566 p = str + 6;
>>> CID 641215: (CONSTANT_EXPRESSION_RESULT) >>> "(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
567 SKIP_WHITESPACE(p);
568 if ((n = resolve_qwkconf(atoi(p))) != INVALID_SUB) {
569 FIND_WHITESPACE(p);
570 SKIP_WHITESPACE(p);
571 /* If the [#ofmessages] is blank then the pointer should be set back to the start of the message base */
572 if (*p == 0) /un_rep.cpp: 554 in sbbs_t::unpack_rep(char *)()
548 if (!fgets(str, sizeof(str) - 1, fp)) 549 break;
550 if (strnicmp(str, "AREA ", 5) == 0) {
551 p = str + 5;
552 SKIP_WHITESPACE(p);
553 if ((n = resolve_qwkconf(atoi(p))) != INVALID_SUB) {
>>> CID 641215: (CONSTANT_EXPRESSION_RESULT) >>> "(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
554 FIND_WHITESPACE(p);
555 SKIP_WHITESPACE(p);
556 if (strchr(p, 'D'))
557 subscan[n].cfg &= ~SUB_CFG_NSCAN;
558 else if (strchr(p, 'a') || strchr(p, 'g'))
559 subscan[n].cfg |= SUB_CFG_NSCAN;
/un_rep.cpp: 570 in sbbs_t::unpack_rep(char *)()
564 }
565 if (strnicmp(str, "RESET ", 6) == 0) {
566 p = str + 6;
567 SKIP_WHITESPACE(p);
568 if ((n = resolve_qwkconf(atoi(p))) != INVALID_SUB) {
569 FIND_WHITESPACE(p); >>> CID 641215: (CONSTANT_EXPRESSION_RESULT) >>> "(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
570 SKIP_WHITESPACE(p);
571 /* If the [#ofmessages] is blank then the pointer should be set back to the start of the message base */
572 if (*p == 0)
573 subscan[n].ptr = 0;
574 else {
575 /* otherwise it should be set back [#ofmessages] back from the end of the message base. */
/un_rep.cpp: 569 in sbbs_t::unpack_rep(char *)()
563 continue;
564 }
565 if (strnicmp(str, "RESET ", 6) == 0) {
566 p = str + 6;
567 SKIP_WHITESPACE(p);
568 if ((n = resolve_qwkconf(atoi(p))) != INVALID_SUB) {
>>> CID 641215: (CONSTANT_EXPRESSION_RESULT) >>> "(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
569 FIND_WHITESPACE(p);
570 SKIP_WHITESPACE(p);
571 /* If the [#ofmessages] is blank then the pointer should be set back to the start of the message base */
572 if (*p == 0)
573 subscan[n].ptr = 0;
574 else {
/un_rep.cpp: 552 in sbbs_t::unpack_rep(char *)()
546 if (fp != NULL) {
547 while (!feof(fp)) {
548 if (!fgets(str, sizeof(str) - 1, fp)) 549 break;
550 if (strnicmp(str, "AREA ", 5) == 0) {
551 p = str + 5;
>>> CID 641215: (CONSTANT_EXPRESSION_RESULT) >>> "(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
552 SKIP_WHITESPACE(p);
553 if ((n = resolve_qwkconf(atoi(p))) != INVALID_SUB) {
554 FIND_WHITESPACE(p);
555 SKIP_WHITESPACE(p);
556 if (strchr(p, 'D'))
557 subscan[n].cfg &= ~SUB_CFG_NSCAN;
/un_rep.cpp: 555 in sbbs_t::unpack_rep(char *)()
549 break;
550 if (strnicmp(str, "AREA ", 5) == 0) {
551 p = str + 5;
552 SKIP_WHITESPACE(p);
553 if ((n = resolve_qwkconf(atoi(p))) != INVALID_SUB) {
554 FIND_WHITESPACE(p); >>> CID 641215: (CONSTANT_EXPRESSION_RESULT) >>> "(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
555 SKIP_WHITESPACE(p);
556 if (strchr(p, 'D'))
557 subscan[n].cfg &= ~SUB_CFG_NSCAN;
558 else if (strchr(p, 'a') || strchr(p, 'g'))
559 subscan[n].cfg |= SUB_CFG_NSCAN;
560 else if (strchr(p, 'p'))

** CID 641214: Integer handling issues (CONSTANT_EXPRESSION_RESULT) /sbbsecho.c: 1603 in check_elists()

_____________________________________________________________________________________________
*** CID 641214: Integer handling issues (CONSTANT_EXPRESSION_RESULT) /sbbsecho.c: 1603 in check_elists()
1597 break;
1598 p = str;
1599 SKIP_WHITESPACE(p); 1600 if (*p == ';') /* Ignore Comment Lines */
1601 continue;
1602 tp = p;
>>> CID 641214: Integer handling issues (CONSTANT_EXPRESSION_RESULT)
>>> "(unsigned char)*tp == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
1603 FIND_WHITESPACE(tp); 1604 *tp = '\0'; 1605 if (!stricmp(areatag, p)) {
1606 match = true; 1607 break;
1608 }

** CID 641213: Integer handling issues (CONSTANT_EXPRESSION_RESULT) /userdat.c: 3492 in alias()

_____________________________________________________________________________________________
*** CID 641213: Integer handling issues (CONSTANT_EXPRESSION_RESULT) /userdat.c: 3492 in alias()
3486 break;
3487 np = line;
3488 SKIP_WHITESPACE(np);
3489 if (*np == ';' || *np == 0) /* no name value, or comment */
3490 continue;
3491 tp = np;
>>> CID 641213: Integer handling issues (CONSTANT_EXPRESSION_RESULT)
>>> "(unsigned char)*tp == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
3492 FIND_WHITESPACE(tp);
3493
3494 if (*tp == 0) /* no alias value */
3495 continue;
3496 *tp = 0;
3497

** CID 641212: Integer handling issues (CONSTANT_EXPRESSION_RESULT) /sbbsecho.c: 1531 in netmail_arealist()

_____________________________________________________________________________________________
*** CID 641212: Integer handling issues (CONSTANT_EXPRESSION_RESULT) /sbbsecho.c: 1531 in netmail_arealist()
1525 truncsp(str);
1526 p = str;
1527 SKIP_WHITESPACE(p);
1528 if (*p == 0 || *p == ';') /* Ignore Blank and Comment Lines */
1529 continue;
1530 tp = p; >>> CID 641212: Integer handling issues (CONSTANT_EXPRESSION_RESULT)
>>> "(unsigned char)*tp == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
1531 FIND_WHITESPACE(tp);
1532 *tp = '\0';
1533 if (find_linked_area(p, addr) == SUB_NOT_FOUND) {
1534 if (strListFind(area_list, p, /* case_sensitive */ false) < 0)
1535 strListPush(&area_list, p);
1536 }

** CID 641211: Integer handling issues (CONSTANT_EXPRESSION_RESULT) /tmp/sbbs-Jan-14-2026/src/xpdev/ini_file.c: 232 in key_name()

_____________________________________________________________________________________________
*** CID 641211: Integer handling issues (CONSTANT_EXPRESSION_RESULT) /tmp/sbbs-Jan-14-2026/src/xpdev/ini_file.c: 232 in key_name()
226 *vp = NULL;
227
228 if (p == NULL)
229 return NULL;
230
231 /* Parse value name */
>>> CID 641211: Integer handling issues (CONSTANT_EXPRESSION_RESULT)
>>> "(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
232 SKIP_WHITESPACE(p);
233 if (*p == INI_COMMENT_CHAR)
234 return NULL;
235 if (*p == INI_OPEN_SECTION_CHAR)
236 return INI_NEW_SECTION;
237 equal = strchr(p, '=');

** CID 641210: Integer handling issues (CONSTANT_EXPRESSION_RESULT) /wordwrap.c: 211 in get_ws_len()

_____________________________________________________________________________________________
*** CID 641210: Integer handling issues (CONSTANT_EXPRESSION_RESULT) /wordwrap.c: 211 in get_ws_len()
205 {
206 struct section_len ret = {0, 0};
207
208 for (ret.bytes = 0; ; ret.bytes++) {
209 if (!buf[ret.bytes])
210 break;
>>> CID 641210: Integer handling issues (CONSTANT_EXPRESSION_RESULT)
>>> "(unsigned char)buf[ret.bytes] == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
211 if (!IS_WHITESPACE(buf[ret.bytes]))
212 break;
213 if (buf[ret.bytes] == '\t') {
214 ret.len++;
215 while ((ret.len + col) % 8)
216 ret.len++;

** CID 641209: (CONSTANT_EXPRESSION_RESULT) /tmp/sbbs-Jan-14-2026/src/xpdev/ini_file.c: 83 in section_name() /tmp/sbbs-Jan-14-2026/src/xpdev/ini_file.c: 87 in section_name()

_____________________________________________________________________________________________
*** CID 641209: (CONSTANT_EXPRESSION_RESULT) /tmp/sbbs-Jan-14-2026/src/xpdev/ini_file.c: 83 in section_name()
77 }
78
79 static char* section_name(char* p)
80 {
81 char* tp;
82
>>> CID 641209: (CONSTANT_EXPRESSION_RESULT) >>> "(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
83 SKIP_WHITESPACE(p);
84 if (*p != INI_OPEN_SECTION_CHAR)
85 return NULL;
86 p++;
87 SKIP_WHITESPACE(p);
88 tp = strrchr(p, INI_CLOSE_SECTION_CHAR); /tmp/sbbs-Jan-14-2026/src/xpdev/ini_file.c: 87 in section_name()
81 char* tp;
82
83 SKIP_WHITESPACE(p);
84 if (*p != INI_OPEN_SECTION_CHAR)
85 return NULL;
86 p++;
>>> CID 641209: (CONSTANT_EXPRESSION_RESULT) >>> "(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
87 SKIP_WHITESPACE(p);
88 tp = strrchr(p, INI_CLOSE_SECTION_CHAR);
89 if (tp == NULL)
90 return NULL;
91 *tp = 0;
92 truncsp(p);

** CID 641208: Integer handling issues (CONSTANT_EXPRESSION_RESULT) /mailsrvr.cpp: 1989 in parse_mail_address(const char *, char *, unsigned long, char *, unsigned long)()

_____________________________________________________________________________________________
*** CID 641208: Integer handling issues (CONSTANT_EXPRESSION_RESULT) /mailsrvr.cpp: 1989 in parse_mail_address(const char *, char *, unsigned long, char *, unsigned long)()
1983
1984 /* Get the address */
1985 if ((tp = (char*)strchr(p, '<')) != NULL)
1986 tp++;
1987 else
1988 tp = (char*)p;
>>> CID 641208: Integer handling issues (CONSTANT_EXPRESSION_RESULT)
>>> "(unsigned char)*tp == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
1989 SKIP_WHITESPACE(tp);
1990 sprintf(addr, "%.*s", (int)addr_len, tp);
1991 truncstr(addr, ">( ");
1992
1993 if (name != NULL) {
1994 SAFECOPY(tmp, p);

** CID 641207: Integer handling issues (CONSTANT_EXPRESSION_RESULT) /sbbsecho.c: 2496 in process_areamgr()

_____________________________________________________________________________________________
*** CID 641207: Integer handling issues (CONSTANT_EXPRESSION_RESULT) /sbbsecho.c: 2496 in process_areamgr()
2490 }
2491
2492 m = strlen(p);
2493 add_area = strListInit();
2494 del_area = strListInit();
2495 for (l = 0; l < m; l++) {
>>> CID 641207: Integer handling issues (CONSTANT_EXPRESSION_RESULT)
>>> "(unsigned char)p[l] == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
2496 while (*(p + l) && IS_WHITESPACE(*(p + l))) l++;
2497 while (*(p + l) == CTRL_A) { /* Ignore kludge lines June-13-2004 */
2498 while (*(p + l) && *(p + l) != '\r') l++;
2499 continue;
2500 }
2501 if (!(*(p + l)))

** CID 641206: Integer handling issues (CONSTANT_EXPRESSION_RESULT) /tmp/sbbs-Jan-14-2026/src/xpdev/ini_file.c: 118 in section_match()

_____________________________________________________________________________________________
*** CID 641206: Integer handling issues (CONSTANT_EXPRESSION_RESULT) /tmp/sbbs-Jan-14-2026/src/xpdev/ini_file.c: 118 in section_match() 112 /* Search for matches */
113 for (i = 0; names[i] != NULL && !found; i++)
114 for (j = 0; comps[j] != NULL && !found; j++) { 115 n = names[i];
116 SKIP_WHITESPACE(n);
117 c = comps[j];
>>> CID 641206: Integer handling issues (CONSTANT_EXPRESSION_RESULT)
>>> "(unsigned char)*c == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
118 SKIP_WHITESPACE(c);
119 if (case_sensitive)
120 found = strcmp(n, c) == 0;
121 else
122 found = stricmp(n, c) == 0;
123 }

** CID 641205: (CONSTANT_EXPRESSION_RESULT)
/sbbsecho.c: 2225 in areamgr_command()
/sbbsecho.c: 2191 in areamgr_command()
/sbbsecho.c: 2224 in areamgr_command()
/sbbsecho.c: 2335 in areamgr_command()
/sbbsecho.c: 2156 in areamgr_command()
/sbbsecho.c: 2273 in areamgr_command()
/sbbsecho.c: 2192 in areamgr_command()
/sbbsecho.c: 2336 in areamgr_command()
/sbbsecho.c: 2250 in areamgr_command()
/sbbsecho.c: 2155 in areamgr_command()
/sbbsecho.c: 2274 in areamgr_command()
/sbbsecho.c: 2306 in areamgr_command()
/sbbsecho.c: 2249 in areamgr_command()

_____________________________________________________________________________________________
*** CID 641205: (CONSTANT_EXPRESSION_RESULT)
/sbbsecho.c: 2225 in areamgr_command()
2219 }
2220
2221 if (strnicmp(instr, "PKTPWD ", 7) == 0) {
2222 char pktpwd[FIDO_PASS_LEN + 1]; /* Packet password for this node */
2223 char* p = instr;
2224 FIND_WHITESPACE(p);
>>> CID 641205: (CONSTANT_EXPRESSION_RESULT) >>> "(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
2225 SKIP_WHITESPACE(p);
2226 SAFECOPY(pktpwd, p);
2227 if (!stricmp(pktpwd, nodecfg->pktpwd)) {
2228 snprintf(str, sizeof str, "Your packet password was already set to '%s'."
2229 , nodecfg->pktpwd);
2230 lprintf(LOG_INFO, "AreaMgr (for %s) %s", faddrtoa(&addr), str);
/sbbsecho.c: 2191 in areamgr_command()
2185 return true;
2186 }
2187
2188 if (strnicmp(instr, "PASSWORD ", 9) == 0 || strnicmp(instr, "PWD ", 4) == 0) {
2189 char password[FIDO_SUBJ_LEN]; /* AreaMgr password for this node */
2190 char* p = instr;
>>> CID 641205: (CONSTANT_EXPRESSION_RESULT) >>> "(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
2191 FIND_WHITESPACE(p);
2192 SKIP_WHITESPACE(p);
2193 SAFECOPY(password, p);
2194 if (strchr(password, ' ') != NULL) {
2195 snprintf(str, sizeof str, "Your AreaMgr password cannot contain spaces.");
2196 lprintf(LOG_INFO, "AreaMgr (for %s) %s", faddrtoa(&addr), str);
/sbbsecho.c: 2224 in areamgr_command()
2218 return true;
2219 }
2220
2221 if (strnicmp(instr, "PKTPWD ", 7) == 0) {
2222 char pktpwd[FIDO_PASS_LEN + 1]; /* Packet password for this node */
2223 char* p = instr;
>>> CID 641205: (CONSTANT_EXPRESSION_RESULT) >>> "(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
2224 FIND_WHITESPACE(p);
2225 SKIP_WHITESPACE(p);
2226 SAFECOPY(pktpwd, p);
2227 if (!stricmp(pktpwd, nodecfg->pktpwd)) {
2228 snprintf(str, sizeof str, "Your packet password was already set to '%s'."
2229 , nodecfg->pktpwd);
/sbbsecho.c: 2335 in areamgr_command()
2329 , str, /* dest: */ addr, /* src: */ NULL);
2330 return true;
2331 }
2332
2333 if (strnicmp(instr, "ECHOSTATS ", 10) == 0) {
2334 char* p = instr;
>>> CID 641205: (CONSTANT_EXPRESSION_RESULT) >>> "(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
2335 FIND_WHITESPACE(p);
2336 SKIP_WHITESPACE(p);
2337 echostat_t* stat = get_echostat(p, /* create: */ false);
2338 if (stat == NULL) {
2339 lprintf(LOG_INFO, "AreaMgr (for %s) EchoStats request for unknown echo: %s", faddrtoa(&addr), p);
2340 } else {
/sbbsecho.c: 2156 in areamgr_command()
2150 alter_config(nodecfg, "Name", to);
2151 }
2152
2153 if (strnicmp(instr, "COMPRESSION ", 12) == 0 || strnicmp(instr, "COMPRESS ", 9) == 0) {
2154 char* p = instr;
2155 FIND_WHITESPACE(p);
>>> CID 641205: (CONSTANT_EXPRESSION_RESULT) >>> "(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
2156 SKIP_WHITESPACE(p);
2157 if (!stricmp(p, "NONE"))
2158 nodecfg->archive = SBBSECHO_ARCHIVE_NONE; 2159 else {
2160 for (u = 0; u < cfg.arcdefs; u++)
2161 if (stricmp(p, cfg.arcdef[u].name) == 0)
/sbbsecho.c: 2273 in areamgr_command()
2267 create_netmail(to, /* msg: */ NULL, "TIC File Password Change Request", str, /* dest: */ addr, /* src: */ NULL);
2268 return true;
2269 }
2270
2271 if (strnicmp(instr, "NOTIFY ", 7) == 0) {
2272 char* p = instr;
>>> CID 641205: (CONSTANT_EXPRESSION_RESULT) >>> "(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
2273 FIND_WHITESPACE(p);
2274 SKIP_WHITESPACE(p);
2275 if (alter_config(nodecfg, "Notify", p)) { 2276 SAFEPRINTF2(str, "Your Notification Messages have been changed from '%s' to '%s'."
2277 , nodecfg->send_notify ? "ON" : "OFF", p);
2278 } else {
/sbbsecho.c: 2192 in areamgr_command()
2186 }
2187
2188 if (strnicmp(instr, "PASSWORD ", 9) == 0 || strnicmp(instr, "PWD ", 4) == 0) {
2189 char password[FIDO_SUBJ_LEN]; /* AreaMgr password for this node */
2190 char* p = instr;
2191 FIND_WHITESPACE(p);
>>> CID 641205: (CONSTANT_EXPRESSION_RESULT) >>> "(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
2192 SKIP_WHITESPACE(p);
2193 SAFECOPY(password, p);
2194 if (strchr(password, ' ') != NULL) {
2195 snprintf(str, sizeof str, "Your AreaMgr password cannot contain spaces.");
2196 lprintf(LOG_INFO, "AreaMgr (for %s) %s", faddrtoa(&addr), str);
2197 create_netmail(to, /* msg: */ NULL, "AreaMgr Password Change Request", str
/sbbsecho.c: 2336 in areamgr_command()
2330 return true;
2331 }
2332
2333 if (strnicmp(instr, "ECHOSTATS ", 10) == 0) {
2334 char* p = instr;
2335 FIND_WHITESPACE(p);
>>> CID 641205: (CONSTANT_EXPRESSION_RESULT) >>> "(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
2336 SKIP_WHITESPACE(p);
2337 echostat_t* stat = get_echostat(p, /* create: */ false);
2338 if (stat == NULL) {
2339 lprintf(LOG_INFO, "AreaMgr (for %s) EchoStats request for unknown echo: %s", faddrtoa(&addr), p);
2340 } else {
2341 FILE* fp;
/sbbsecho.c: 2250 in areamgr_command()
2244 }
2245
2246 if (strnicmp(instr, "TICPWD ", 7) == 0) {
2247 char ticpwd[SBBSECHO_MAX_TICPWD_LEN + 1]; /* TIC File password for this node */
2248 char* p = instr;
2249 FIND_WHITESPACE(p);
>>> CID 641205: (CONSTANT_EXPRESSION_RESULT) >>> "(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
2250 SKIP_WHITESPACE(p);
2251 SAFECOPY(ticpwd, p);
2252 if (!stricmp(ticpwd, nodecfg->ticpwd)) {
2253 snprintf(str, sizeof str, "Your TIC File password was already set to '%s'."
2254 , nodecfg->ticpwd);
2255 lprintf(LOG_INFO, "AreaMgr (for %s) %s", faddrtoa(&addr), str);
/sbbsecho.c: 2155 in areamgr_command()
2149 lprintf(LOG_INFO, "AreaMgr (for %s) Changing name to: %s", faddrtoa(&addr), to);
2150 alter_config(nodecfg, "Name", to);
2151 }
2152
2153 if (strnicmp(instr, "COMPRESSION ", 12) == 0 || strnicmp(instr, "COMPRESS ", 9) == 0) {
2154 char* p = instr;
>>> CID 641205: (CONSTANT_EXPRESSION_RESULT) >>> "(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
2155 FIND_WHITESPACE(p);
2156 SKIP_WHITESPACE(p);
2157 if (!stricmp(p, "NONE"))
2158 nodecfg->archive = SBBSECHO_ARCHIVE_NONE; 2159 else {
2160 for (u = 0; u < cfg.arcdefs; u++) /sbbsecho.c: 2274 in areamgr_command()
2268 return true;
2269 }
2270
2271 if (strnicmp(instr, "NOTIFY ", 7) == 0) {
2272 char* p = instr;
2273 FIND_WHITESPACE(p);
>>> CID 641205: (CONSTANT_EXPRESSION_RESULT) >>> "(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
2274 SKIP_WHITESPACE(p);
2275 if (alter_config(nodecfg, "Notify", p)) { 2276 SAFEPRINTF2(str, "Your Notification Messages have been changed from '%s' to '%s'."
2277 , nodecfg->send_notify ? "ON" : "OFF", p);
2278 } else {
2279 SAFECOPY(str, "Error changing Notify Setting");
/sbbsecho.c: 2306 in areamgr_command()
2300 return true;
2301 }
2302
2303 // %RESCAN <area-tag> [R=<count> || D=<days>] 2304 if (strnicmp(instr, "RESCAN ", 7) == 0) {
2305 char* p = instr + 7;
>>> CID 641205: (CONSTANT_EXPRESSION_RESULT) >>> "(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
2306 SKIP_WHITESPACE(p);
2307 char* tp = p;
2308 FIND_WHITESPACE(tp);
2309 if (*tp != '\0') {
2310 *tp = '\0';
2311 ++tp;
/sbbsecho.c: 2249 in areamgr_command()
2243 return true;
2244 }
2245
2246 if (strnicmp(instr, "TICPWD ", 7) == 0) {
2247 char ticpwd[SBBSECHO_MAX_TICPWD_LEN + 1]; /* TIC File password for this node */
2248 char* p = instr;
>>> CID 641205: (CONSTANT_EXPRESSION_RESULT) >>> "(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
2249 FIND_WHITESPACE(p);
2250 SKIP_WHITESPACE(p);
2251 SAFECOPY(ticpwd, p);
2252 if (!stricmp(ticpwd, nodecfg->ticpwd)) {
2253 snprintf(str, sizeof str, "Your TIC File password was already set to '%s'."
2254 , nodecfg->ticpwd);

** CID 641204: Integer handling issues (CONSTANT_EXPRESSION_RESULT) /main.cpp: 5749 in bbs_thread()

_____________________________________________________________________________________________
*** CID 641204: Integer handling issues (CONSTANT_EXPRESSION_RESULT) /main.cpp: 5749 in bbs_thread()
5743 /* ToDo: Make ident timeout configurable */
5744 if (identify(&client_addr, inet_addrport(&client_addr), str, sizeof(str) - 1, /* timeout: */ 1)) {
5745 lprintf(LOG_DEBUG, "%04d %s [%s] Ident Response: %s", client_socket, client.protocol, host_ip, str);
5746 identity = strrchr(str, ':');
5747 if (identity != NULL) {
5748 identity++; /* skip colon */
>>> CID 641204: Integer handling issues (CONSTANT_EXPRESSION_RESULT)
>>> "(unsigned char)*identity == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
5749 SKIP_WHITESPACE(identity);
5750 if (*identity)
5751 lprintf(LOG_INFO, "%04d %s [%s] Identity: %s", client_socket, client.protocol, host_ip, identity);
5752 }
5753 }
5754 sbbs->cp437_out(crlf);

** CID 641203: (CONSTANT_EXPRESSION_RESULT)
/netmail.cpp: 432 in sbbs_t::qwktonetmail(_IO_FILE *, char *, char *, unsigned char)()
/netmail.cpp: 422 in sbbs_t::qwktonetmail(_IO_FILE *, char *, char *, unsigned char)()

_____________________________________________________________________________________________
*** CID 641203: (CONSTANT_EXPRESSION_RESULT)
/netmail.cpp: 432 in sbbs_t::qwktonetmail(_IO_FILE *, char *, char *, unsigned char)()
426 SAFECOPY(to, p);
427 p += strlen(p) + 1;
428 continue;
429 }
430 if (strncmp(p, "Subject:", 8) == 0) {
431 p += 8;
>>> CID 641203: (CONSTANT_EXPRESSION_RESULT) >>> "(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
432 SKIP_WHITESPACE(p);
433 char* tp = strchr(p, QWK_NEWLINE); /* chop off at first CR */
434 if (tp != NULL)
435 *tp = 0;
436 subject = p;
437 p += strlen(p) + 1;
/netmail.cpp: 422 in sbbs_t::qwktonetmail(_IO_FILE *, char *, char *, unsigned char)()
416 SAFECOPY(to, into);
417
418 // Parse QWKE Kludge Lines here:
419 while (p < end && *p != QWK_NEWLINE) {
420 if (strncmp(p, "To:", 3) == 0) {
421 p += 3;
>>> CID 641203: (CONSTANT_EXPRESSION_RESULT) >>> "(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
422 SKIP_WHITESPACE(p);
423 char* tp = strchr(p, QWK_NEWLINE); /* chop off at first CR */
424 if (tp != NULL)
425 *tp = 0;
426 SAFECOPY(to, p);
427 p += strlen(p) + 1;

** CID 641202: Integer handling issues (CONSTANT_EXPRESSION_RESULT) /mailsrvr.cpp: 1960 in dns_blacklisted(int, const char *, xp_sockaddr *, char *, char *, char *)()

_____________________________________________________________________________________________
*** CID 641202: Integer handling issues (CONSTANT_EXPRESSION_RESULT) /mailsrvr.cpp: 1960 in dns_blacklisted(int, const char *, xp_sockaddr *, char *, char *, char *)()
1954 continue;
1955
1956 sprintf(list, "%.100s", p);
1957
1958 /* terminate */
1959 tp = p;
>>> CID 641202: Integer handling issues (CONSTANT_EXPRESSION_RESULT)
>>> "(unsigned char)*tp == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
1960 FIND_WHITESPACE(tp);
1961 *tp = 0;
1962
1963 found = rblchk(sock, prot, addr, p);
1964 }
1965 fclose(fp);

** CID 641201: (CONSTANT_EXPRESSION_RESULT)
/netmail.cpp: 1185 in sbbs_t::inetmail(const char *, const char *, int, smb_t *, smbmsg_t *, char **)()
/netmail.cpp: 1195 in sbbs_t::inetmail(const char *, const char *, int, smb_t *, smbmsg_t *, char **)()
/netmail.cpp: 975 in sbbs_t::inetmail(const char *, const char *, int, smb_t *, smbmsg_t *, char **)()
/netmail.cpp: 1202 in sbbs_t::inetmail(const char *, const char *, int, smb_t *, smbmsg_t *, char **)()

_____________________________________________________________________________________________
*** CID 641201: (CONSTANT_EXPRESSION_RESULT)
/netmail.cpp: 1185 in sbbs_t::inetmail(const char *, const char *, int, smb_t *, smbmsg_t *, char **)()
1179 break;
1180 }
1181
1182 /* Get destination user address */
1183 if ((p = strrchr(rcpt_list[rcpt_count], '<')) != NULL) {
1184 p++;
>>> CID 641201: (CONSTANT_EXPRESSION_RESULT) >>> "(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
1185 SKIP_WHITESPACE(p);
1186 SAFECOPY(addr, p);
1187 p = strrchr(addr, '>');
1188 if (p == NULL) {
1189 bprintf(text[InvalidNetMailAddr], rcpt_list[rcpt_count]);
1190 break;
/netmail.cpp: 1195 in sbbs_t::inetmail(const char *, const char *, int, smb_t *, smbmsg_t *, char **)()
1189 bprintf(text[InvalidNetMailAddr], rcpt_list[rcpt_count]);
1190 break;
1191 }
1192 *p = 0;
1193 } else {
1194 p = rcpt_list[rcpt_count];
>>> CID 641201: (CONSTANT_EXPRESSION_RESULT) >>> "(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
1195 SKIP_WHITESPACE(p);
1196 SAFECOPY(addr, p);
1197 }
1198 truncsp(addr);
1199
1200 /* Get destination user name */
/netmail.cpp: 975 in sbbs_t::inetmail(const char *, const char *, int, smb_t *, smbmsg_t *, char **)()
969 bprintf(text[InvalidNetMailAddr], p);
970 continue;
971 }
972 while (at > p && *at > ' ')
973 at--;
974 p = at;
>>> CID 641201: (CONSTANT_EXPRESSION_RESULT) >>> "(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
975 SKIP_WHITESPACE(p);
976 uint16_t net_type = smb_netaddr_type(p);
977 if (net_type != NET_INTERNET) {
978 bprintf(text[InvalidNetMailAddr], p);
979 break;
980 }
/netmail.cpp: 1202 in sbbs_t::inetmail(const char *, const char *, int, smb_t *, smbmsg_t *, char **)()
1196 SAFECOPY(addr, p);
1197 }
1198 truncsp(addr);
1199
1200 /* Get destination user name */
1201 p = rcpt_list[rcpt_count];
>>> CID 641201: (CONSTANT_EXPRESSION_RESULT) >>> "(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
1202 SKIP_WHITESPACE(p);
1203 SAFECOPY(name, p);
1204 p = strrchr(name, '<');
1205 if (!p)
1206 p = strrchr(name, '@');
1207 if (!p)

** CID 641200: (CONSTANT_EXPRESSION_RESULT)
/ftpsrvr.c: 1534 in ftpalias()
/ftpsrvr.c: 1547 in ftpalias()

_____________________________________________________________________________________________
*** CID 641200: (CONSTANT_EXPRESSION_RESULT)
/ftpsrvr.c: 1534 in ftpalias()
1528
1529 while (!feof(fp)) {
1530 if (!fgets(line, sizeof(line), fp))
1531 break;
1532
1533 p = line; /* alias */
>>> CID 641200: (CONSTANT_EXPRESSION_RESULT) >>> "(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
1534 SKIP_WHITESPACE(p);
1535 if (*p == ';') /* comment */
1536 continue;
1537
1538 tp = p; /* terminator */
1539 FIND_WHITESPACE(tp);
/ftpsrvr.c: 1547 in ftpalias()
1541 *tp = 0;
1542
1543 if (stricmp(p, alias)) /* Not a match */
1544 continue;
1545
1546 p = tp + 1; /* filename */
>>> CID 641200: (CONSTANT_EXPRESSION_RESULT) >>> "(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
1547 SKIP_WHITESPACE(p);
1548
1549 tp = p; /* terminator */
1550 FIND_WHITESPACE(tp);
1551 if (*tp)
1552 *tp = 0;

</pre>

<p>
<a href="https://scan.coverity.com/projects/synchronet?tab=overview" class="button">View Defects in Coverity Scan</a>
</p>

<p>Best regards,</p>
<p>The Coverity Scan Admin Team</p>
<img class="logo" width="140" src="https://scan.coverity.com/assets/BlackDuckLogo-6697adc63e07340464201a2ad534d3d3e44f95d36edda20b140440d34f05372f.svg" />
</body>
</html>
----==_mimepart_69679e3a9f33a_26617a2afbc97ad9ac59811--

--- SBBSecho 3.34-Linux
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

Sysop:	Darkmage
Location:	Tucson, Arizona
Users:	3
Nodes:	4 (0 / 4)
Uptime:	45:07:51
Calls:	23
Messages:	30,177

New Defects reported by Coverity Scan for Synchronet

Who's Online

Recent Visitors

System Info