Just a sample of the Echomail archive
[ << oldest | < older | list | newer > | newest >> ]
| Message 48589 |
| scan-admin@coverity.com to All |
| New Defects reported by Coverity Scan fo |
| 08 Jan 26 13:44:45 |
TZUTC: 0000
MSGID: 54020.syncprog@1:103/705 2dc5bdd6
PID: Synchronet 3.21b-Linux master/7ed899d1c Jan 06 2026 GCC 12.2.0
TID: SBBSecho 3.34-Linux master/7ed899d1c Jan 06 2026 GCC 12.2.0
BBSID: VERT
CHRS: ASCII 1
FORMAT: flowed
----==_mimepart_695fb4cd3c9f7_2053bf2c2daae15998453fd
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Hi,
Please find the latest report on new defect(s) introduced to Synchronet found
with Coverity Scan.
1 new defect(s) introduced to Synchronet found with Coverity Scan.
2 defect(s), reported by Coverity Scan earlier, were marked fixed in the
recent build analyzed by Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 1 of 1 defect(s)
** CID 640932: Insecure data handling (INTEGER_OVERFLOW)
/atcodes.cpp: 1664 in sbbs_t::atcode(const char *, char *, unsigned
long, int *, bool, JSObject *)()
________________________________________________________________
____________________________
*** CID 640932: Insecure data handling (INTEGER_OVERFLOW)
/atcodes.cpp: 1664 in sbbs_t::atcode(const char *, char *,
unsigned long, int *, bool, JSObject *)()
1658 if (!strcmp(sp, "BYTESLEFT")) {
1659 safe_snprintf(str, maxlen, "%" PRIu64, user_available
credits(&useron));
1660 return str;
1661 }
1662
1663 if (code_match(sp, "CDTLEFT", ¶m))
>>> CID 640932: Insecure data handling (INTEGER_OVERFLOW)
>>> The cast of "user_available_credits(&this->useron)" to a signed type
could result in a negative number.
1664 return byte_count(user_available_credits(&useron), str, maxlen,
param, BYTE_COUNT_VERBAL);
1665
1666 if (code_match(sp, "CREDITS", ¶m))
1667 return byte_count(useron.cdt, str, maxlen, param, BYTE_COUNT_BYTES);
1668
1669 if (code_match(sp, "FREECDT", ¶m))
________________________________________________________________
_______________________________________
To view the defects in Coverity Scan visit, https://scan.coverit
.com/projects/synchronet?tab=overview
----==_mimepart_695fb4cd3c9f7_2053bf2c2daae15998453fd
Content-Type: text/html; charset=us-ascii
Content-Transfer-Encoding: 7bit
Defect Details
** CID 640932: Insecure data handling (INTEGER_OVERFLOW)
/atcodes.cpp: 1664 in sbbs_t::atcode(const char *, char *, unsigned
long, int *, bool, JSObject *)()
________________________________________________________________
____________________________
*** CID 640932: Insecure data handling (INTEGER_OVERFLOW)
/atcodes.cpp: 1664 in sbbs_t::atcode(const char *, char *,
unsigned long, int *, bool, JSObject *)()
1658 if (!strcmp(sp, "BYTESLEFT")) {
1659 safe_snprintf(str, maxlen, "%" PRIu64, user
available_credits(&useron));
1660 return str;
1661 }
1662
1663 if (code_match(sp, "CDTLEFT", ¶m))
>>> CID 640932: Insecure data handling (INTEGER_OVERFLOW)
>>> The cast of "user_available_credits(&t
is->useron)" to a signed type could result in a negative number.
1664 return byte_count(user_available_credits(&useron), str, maxlen,
param, BYTE_COUNT_VERBAL);
1665
1666 if (code_match(sp, "CREDITS", ¶m))
1667 return byte_count(useron.cdt, str, maxlen, param, BYTE_COUNT_BYTES);
1668
1669 if (code_match(sp, "FREECDT", ¶m))
Best regards, The Coverity Scan Admin Team 
----==_mimepart_695fb4cd3c9f7_2053bf2c2daae15998453fd--
--- SBBSecho 3.34-Linux
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
SEEN-BY: 103/705 105/81 106/201 124/5016 128/187 129/14 153/757 7715
SEEN-BY: 154/10 30 110 203/0 218/700 221/0 226/30 227/114 229/110
SEEN-BY: 229/134 206 275 317 400 426 428 470 700 705 240/1120 5832
SEEN-BY: 263/1 266/512 280/464 5003 5006 291/111 292/8125 301/1 320/219
SEEN-BY: 322/757 341/66 234 342/200 396/45 423/120 460/58 633/267
SEEN-BY: 633/280 384 414 418 420 422 2744 712/848 770/1 902/26 5020/400
SEEN-BY: 5075/35
PATH: 103/705 280/464 633/280 229/426
|
[ << oldest | < older | list | newer > | newest >> ]