Just a sample of the Echomail archive
[ << oldest | < older | list | newer > | newest >> ]
| Message 48687 |
| scan-admin@coverity.com to All |
| New Defects reported by Coverity Scan fo |
| 12 Jan 26 13:47:57 |
TZUTC: 0000
MSGID: 54118.syncprog@1:103/705 2dcb04f7
PID: Synchronet 3.21b-Linux master/f717faea9 Jan 12 2026 GCC 12.2.0
TID: SBBSecho 3.34-Linux master/f717faea9 Jan 12 2026 GCC 12.2.0
BBSID: VERT
CHRS: ASCII 1
FORMAT: flowed
----==_mimepart_6964fb8d1cdba_2460bc2afbc97ad9ac59882
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Hi,
Please find the latest report on new defect(s) introduced to Synchronet found
with Coverity Scan.
2 new defect(s) introduced to Synchronet found with Coverity Scan.
6 defect(s), reported by Coverity Scan earlier, were marked fixed in the
recent build analyzed by Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 2 of 2 defect(s)
** CID 640971: High impact quality (Y2K38_SAFETY)
/atcodes.cpp: 620 in sbbs_t::atcode(const char *, char *, unsigned
long, int *, bool, unsigned int, JSObject *)()
________________________________________________________________
____________________________
*** CID 640971: High impact quality (Y2K38_SAFETY)
/atcodes.cpp: 620 in sbbs_t::atcode(const char *, char *, unsigned
long, int *, bool, unsigned int, JSObject *)()
614
615 if (code_match(sp, "UPTIME", ¶m)) {
616 extern volatile time_t uptime;
617 time_t up = 0;
618 if (uptime != 0 && time(&now) >= uptime)
619 up = now - uptime;
>>> CID 640971: High impact quality (Y2K38_SAFETY)
>>> A "time_t" value is stored in an integer with too few bits to
accommodate it. The expression "up" is cast to "uint".
620 return duration((uint)up, str, maxlen, param, DURATION
MINIMAL_VERBAL);
621 }
622
623 if (!strcmp(sp, "SERVED")) {
624 extern volatile uint served;
625 safe_snprintf(str, maxlen, "%u", served);
** CID 640970: Insecure data handling (INTEGER_OVERFLOW)
/atcodes.cpp: 1695 in sbbs_t::atcode(const char *, char *, unsigned
long, int *, bool, unsigned int, JSObject *)()
________________________________________________________________
____________________________
*** CID 640970: Insecure data handling (INTEGER_OVERFLOW)
/atcodes.cpp: 1695 in sbbs_t::atcode(const char *, char *,
unsigned long, int *, bool, unsigned int, JSObject *)()
1689 if (!strcmp(sp, "BYTESLEFT")) {
1690 safe_snprintf(str, maxlen, "%" PRIu64, user_available
credits(&useron));
1691 return str;
1692 }
1693
1694 if (code_match(sp, "CDTLEFT", ¶m))
>>> CID 640970: Insecure data handling (INTEGER_OVERFLOW)
>>> The cast of "user_available_credits(&this->useron)" to a signed type
could result in a negative number.
1695 return byte_count(static_cast
|
[ << oldest | < older | list | newer > | newest >> ]
----==_mimepart_6964fb8d1cdba_2460bc2afbc97ad9ac59882--
--- SBBSecho 3.34-Linux
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
SEEN-BY: 1/19 100 16/0 19/37 103/705 105/81 106/201 123/130 124/5016
SEEN-BY: 128/187 129/14 142/104 153/757 7715 154/10 30 110 203/0 218/700
SEEN-BY: 221/0 1 6 226/30 227/114 229/110 134 206 317 400 426 428
SEEN-BY: 229/470 700 705 240/1120 5832 263/1 266/512 280/464 5003
SEEN-BY: 280/5006 291/111 292/8125 301/1 320/119 219 319 2119 322/757
SEEN-BY: 322/762 341/66 234 342/200 396/45 423/81 120 460/58 633/280
SEEN-BY: 712/848 770/1 902/26 5020/400 5075/35
PATH: 103/705 280/464 221/1 320/219 229/426