TZUTC: 0000
MSGID: 53994.syncprog@1:103/705 2dc1c996
PID: Synchronet 3.21b-Linux master/5ccae58ca Jan 05 2026 GCC 12.2.0
TID: SBBSecho 3.34-Linux master/5ccae58ca Jan 05 2026 GCC 12.2.0
BBSID: VERT
CHRS: ASCII 1
FORMAT: flowed

----==_mimepart_695bc0a9c87c5_1d5c082c2daae1599845356
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found
with Coverity Scan.

4 new defect(s) introduced to Synchronet found with Coverity Scan.
1 defect(s), reported by Coverity Scan earlier, were marked fixed in the
recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 4 of 4 defect(s)


** CID 640406:       High impact quality  (Y2K38_SAFETY)
/getstats.c: 127           in fread_dstats()


________________________________________________________________
____________________________
*** CID 640406:         High impact quality  (Y2K38_SAFETY)
/getstats.c: 127             in fread_dstats()
121     	if (fp == NULL)
122     		return false;
123
124     	memset(stats, 0, sizeof(*stats));
125     	if ((ini = iniReadFile(fp)) == NULL)
126     		return false;
>>>     CID 640406:         High impact quality  (Y2K38_SAFETY)
>>>     A "time_t" value is stored in an integer with too few bits to
accommodate it.  The expression "iniGetDateTime(ini, NULL, "Date", 0L)" is
cast to "time32_t".
127     	stats->date    = (time32_t)iniGetDateTime(ini, NULL, strStatsDate, 0);
128     	gettotals(ini, strStatsToday, &stats->today);
129     	gettotals(ini, strStatsTotal, &stats->total);
130     	iniFreeStringList(ini);
131     	stats->last = time32(NULL);
132

** CID 640405:       API usage errors  (PW.PRINTF_ARG_MISMATCH)
/atcodes.cpp: 844           in ()


________________________________________________________________
____________________________
*** CID 640405:         API usage errors  (PW.PRINTF_ARG_MISMATCH)
/atcodes.cpp: 844             in ()
838     	if (strcmp(sp, "CLOCK") == 0) {
839     		snprintf(str, maxlen, "%" PRIu64, xp_timer64());
840     		return str;
841     	}
842
843     	if (strcmp(sp, "TIMER") == 0) {
>>>     CID 640405:         API usage errors  (PW.PRINTF_ARG_MISMATCH)
>>>     argument is incompatible with corresponding format string conversion
(expected type "double" but argument has type "long double")
844     		snprintf(str, maxlen, "%f", xp_timer());
845     		return str;
846     	}
847
848     	if (strcmp(sp, "GENDERS") == 0)
849     		return cfg.new_genders;

** CID 640404:       API usage errors  (PRINTF_ARGS)
/atcodes.cpp: 844           in sbbs_t::atcode(const char *, char *, unsigned
long, int *, bool, JSObject *)()


________________________________________________________________
____________________________
*** CID 640404:         API usage errors  (PRINTF_ARGS)
/atcodes.cpp: 844             in sbbs_t::atcode(const char *, char *, unsigned
long, int *, bool, JSObject *)()
838     	if (strcmp(sp, "CLOCK") == 0) {
839     		snprintf(str, maxlen, "%" PRIu64, xp_timer64());
840     		return str;
841     	}
842
843     	if (strcmp(sp, "TIMER") == 0) {
>>>     CID 640404:         API usage errors  (PRINTF_ARGS)
>>>     Argument "xp_timer()" to format specifier "%f" was expected to have
type "double" but has type "long double". [Note: The source code
implementation of the function has been overridden by a builtin model.]
844     		snprintf(str, maxlen, "%f", xp_timer());
845     		return str;
846     	}
847
848     	if (strcmp(sp, "GENDERS") == 0)
849     		return cfg.new_genders;

** CID 640403:       Error handling issues  (CHECKED_RETURN)
/js_system.cpp: 1351           in js_minutestr(JSContext *, unsigned int,
unsigned long *)()


________________________________________________________________
____________________________
*** CID 640403:         Error handling issues  (CHECKED_RETURN)
/js_system.cpp: 1351             in js_minutestr(JSContext *, unsigned int,
unsigned long *)()
1345     	if (js_argvIsNullOrVoid(cx, argv, 0))
1346     		return JS_FALSE;
1347
1348     	if (argc > 1 && JSVAL_IS_BOOLEAN(argv[1]))
1349     		estimate = JSVAL_TO_BOOLEAN(argv[1]);
1350
>>>     CID 640403:         Error handling issues  (CHECKED_RETURN)
>>>     Calling "JS_ValueToECMAUint32" without checking return value (as is
done elsewhere 96 out of 102 times).
1351     	JS_ValueToECMAUint32(cx, argv[0], &t);
1352     	if ((js_str = JS_NewStringCopyZ(cx, minutes_to_str(t, str, sizeof
str, estimate))) == NULL)
1353     		return JS_FALSE;
1354
1355     	JS_SET_RVAL(cx, arglist, STRING_TO_JSVAL(js_str));
1356     	return JS_TRUE;


________________________________________________________________
_______________________________________
To view the defects in Coverity Scan visit, https://scan.coverit
.com/projects/synchronet?tab=overview


----==_mimepart_695bc0a9c87c5_1d5c082c2daae1599845356
Content-Type: text/html; charset=us-ascii
Content-Transfer-Encoding: 7bit




  
  
  


  
Hi,

  

    Please find the latest report on new defect(s) introduced to
Synchronet
     found with Coverity Scan.
  

  

    
New Defects Found: 4
      

        1 defect(s), reported by Coverity Scan earlier, were marked fixed in
the recent build analyzed by Coverity Scan.
      
    
Defects Shown: Showing 4 of 4 defect(s)
  

  
Defect Details
  
** CID 640406:       High impact quality  (Y2K38_SAFETY)
/getstats.c: 127           in fread_dstats()


________________________________________________________________
____________________________
*** CID 640406:         High impact quality  (Y2K38_SAFETY)
/getstats.c: 127             in fread_dstats()
121     	if (fp == NULL)
122     		return false;
123
124     	memset(stats, 0, sizeof(*stats));
125     	if ((ini = iniReadFile(fp)) == NULL)
126     		return false;
>>>     CID 640406:         High impact quality  (Y2K38_SAFETY)
>>>     A "time_t" value is stored in an integer with too
few bits to accommodate it.  The expression "iniGetDateTime(ini, NULL,
"Date", 0L)" is cast to "time32_t".
127     	stats->date    = (time32_t)iniGetDateTime(ini, NULL, strStatsDate,
0);
128     	gettotals(ini, strStatsToday, &stats->today);
129     	gettotals(ini, strStatsTotal, &stats->total);
130     	iniFreeStringList(ini);
131     	stats->last = time32(NULL);
132

** CID 640405:       API usage errors  (PW.PRINTF_ARG_MISMATCH)
/atcodes.cpp: 844           in ()


________________________________________________________________
____________________________
*** CID 640405:         API usage errors  (PW.PRINTF_ARG_MISMATCH)
/atcodes.cpp: 844             in ()
838     	if (strcmp(sp, "CLOCK") == 0) {
839     		snprintf(str, maxlen, "%" PRIu64, xp_timer64());
840     		return str;
841     	}
842
843     	if (strcmp(sp, "TIMER") == 0) {
>>>     CID 640405:         API usage errors  (PW.PRINTF_ARG_MISMATCH)
>>>     argument is incompatible with corresponding format string
conversion (expected type "double" but argument has type "long
double")
844     		snprintf(str, maxlen, "%f", xp_timer());
845     		return str;
846     	}
847
848     	if (strcmp(sp, "GENDERS") == 0)
849     		return cfg.new_genders;

** CID 640404:       API usage errors  (PRINTF_ARGS)
/atcodes.cpp: 844           in sbbs_t::atcode(const char *, char *, unsigned
long, int *, bool, JSObject *)()


________________________________________________________________
____________________________
*** CID 640404:         API usage errors  (PRINTF_ARGS)
/atcodes.cpp: 844             in sbbs_t::atcode(const char *, char *, unsigned
long, int *, bool, JSObject *)()
838     	if (strcmp(sp, "CLOCK") == 0) {
839     		snprintf(str, maxlen, "%" PRIu64, xp_timer64());
840     		return str;
841     	}
842
843     	if (strcmp(sp, "TIMER") == 0) {
>>>     CID 640404:         API usage errors  (PRINTF_ARGS)
>>>     Argument "xp_timer()" to format specifier
"%f" was expected to have type "double" but has type
"long double". [Note: The source code implementation of the function
has been overridden by a builtin model.]
844     		snprintf(str, maxlen, "%f", xp_timer());
845     		return str;
846     	}
847
848     	if (strcmp(sp, "GENDERS") == 0)
849     		return cfg.new_genders;

** CID 640403:       Error handling issues  (CHECKED_RETURN)
/js_system.cpp: 1351           in js_minutestr(JSContext *, unsigned int,
unsigned long *)()


________________________________________________________________
____________________________
*** CID 640403:         Error handling issues  (CHECKED_RETURN)
/js_system.cpp: 1351             in js_minutestr(JSContext *, unsigned int,
unsigned long *)()
1345     	if (js_argvIsNullOrVoid(cx, argv, 0))
1346     		return JS_FALSE;
1347
1348     	if (argc > 1 && JSVAL_IS_BOOLEAN(argv[1]))
1349     		estimate = JSVAL_TO_BOOLEAN(argv[1]);
1350
>>>     CID 640403:         Error handling issues  (CHECKED_RETURN)
>>>     Calling "JS_ValueToECMAUint32" without checking
return value (as is done elsewhere 96 out of 102 times).
1351     	JS_ValueToECMAUint32(cx, argv[0], &t);
1352     	if ((js_str = JS_NewStringCopyZ(cx, minutes_to_str(t, str, sizeof
str, estimate))) == NULL)
1353     		return JS_FALSE;
1354
1355     	JS_SET_RVAL(cx, arglist, STRING_TO_JSVAL(js_str));
1356     	return JS_TRUE;

  

  

    View Defects in Coverity Scan
  

  
Best regards,
  
The Coverity Scan Admin Team
  


----==_mimepart_695bc0a9c87c5_1d5c082c2daae1599845356--

--- SBBSecho 3.34-Linux
 * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
SEEN-BY: 10/0 1 102/401 103/705 105/81 106/201 124/5016 128/187 129/14
SEEN-BY: 153/7715 154/110 214/22 218/0 1 215 700 810 226/30 227/114
SEEN-BY: 229/110 134 206 275 317 400 426 428 470 700 705 266/512 280/464
SEEN-BY: 291/111 301/1 320/219 322/757 342/200 396/45 460/58 633/280
SEEN-BY: 712/848 902/26 5075/35
PATH: 103/705 218/700 229/426