Hi,
Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.
37 new defect(s) introduced to Synchronet found with Coverity Scan.
24 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 20 of 37 defect(s)
** CID 433272: Code maintainability issues (UNUSED_VALUE)
/useredit.cpp: 1039 in sbbs_t::maindflts(user_t *)()
________________________________________________________________________________________________________
*** CID 433272: Code maintainability issues (UNUSED_VALUE)
/useredit.cpp: 1039 in sbbs_t::maindflts(user_t *)()
1033 putusermisc(user->number, user->misc); 1034 break;
1035 case 'W':
1036 if(!noyes(text[NewPasswordQ])) {
1037 bputs(text[CurrentPassword]); 1038 console|=CON_R_ECHOX;
CID 433272: Code maintainability issues (UNUSED_VALUE)
Assigning value from "(char)this->getstr(str, 40UL, 1L, NULL)" to "ch" here, but that stored value is overwritten before it can be used.
1039 ch=(char)getstr(str,LEN_PASS,K_UPPER);
1040 console&=~(CON_R_ECHOX|CON_L_ECHOX);
1041 if(sys_status&SS_ABORT)
1042 break;
1043 if(stricmp(str,user->pass)) { 1044 bputs(text[WrongPassword]);
** CID 433271: (RESOURCE_LEAK)
/scfglib2.c: 658 in read_chat_cfg()
/scfglib2.c: 759 in read_chat_cfg()
/scfglib2.c: 679 in read_chat_cfg()
/scfglib2.c: 687 in read_chat_cfg()
/scfglib2.c: 651 in read_chat_cfg()
/scfglib2.c: 718 in read_chat_cfg()
/scfglib2.c: 752 in read_chat_cfg()
/scfglib2.c: 725 in read_chat_cfg()
________________________________________________________________________________________________________
*** CID 433271: (RESOURCE_LEAK)
/scfglib2.c: 658 in read_chat_cfg()
652 } else
653 cfg->guru=NULL;
654
655 for(uint i=0; i<cfg->total_gurus; i++) {
656 const char* name = list[i];
657 if((cfg->guru[i]=(guru_t *)malloc(sizeof(guru_t)))==NULL)
CID 433271: (RESOURCE_LEAK)
Variable "sections" going out of scope leaks the storage it points to. 658 return allocerr(error, maxerrlen, fname, "guru", sizeof(guru_t));
659 str_list_t section = iniGetParsedSection(sections, name, /* cut: */TRUE);
660 memset(cfg->guru[i],0,sizeof(guru_t));
661
662 SAFECOPY(cfg->guru[i]->name, iniGetString(section, NULL, "name", name + 5, value));
663 SAFECOPY(cfg->guru[i]->code, name + 5);
/scfglib2.c: 759 in read_chat_cfg()
753 } else
754 cfg->page=NULL;
755
756 for(uint i=0; i<cfg->total_pages; i++) {
757 const char* name = list[i];
758 if((cfg->page[i]=(page_t *)malloc(sizeof(page_t)))==NULL)
CID 433271: (RESOURCE_LEAK)
Variable "sections" going out of scope leaks the storage it points to. 759 return allocerr(error, maxerrlen, fname, "page", sizeof(page_t));
760 str_list_t section = iniGetParsedSection(sections, name, /* cut: */TRUE);
761 memset(cfg->page[i],0,sizeof(page_t));
762
763 SAFECOPY(cfg->page[i]->cmd, iniGetString(section, NULL, "cmd", "", value));
764
/scfglib2.c: 679 in read_chat_cfg()
673
674 list = iniGetParsedSectionList(sections, "actions:");
675 cfg->total_actsets = (uint16_t)strListCount(list);
676
677 if(cfg->total_actsets) {
678 if((cfg->actset=(actset_t **)malloc(sizeof(actset_t *)*cfg->total_actsets))==NULL)
CID 433271: (RESOURCE_LEAK)
Variable "sections" going out of scope leaks the storage it points to. 679 return allocerr(error, maxerrlen, fname, "actsets", sizeof(actset_t *)*cfg->total_actsets);
680 } else
681 cfg->actset=NULL;
682
683 cfg->total_chatacts = 0;
684 for(uint i=0; i<cfg->total_actsets; i++) {
/scfglib2.c: 687 in read_chat_cfg()
681 cfg->actset=NULL;
682
683 cfg->total_chatacts = 0;
684 for(uint i=0; i<cfg->total_actsets; i++) {
685 const char* name = list[i];
686 if((cfg->actset[i]=(actset_t *)malloc(sizeof(actset_t)))==NULL)
CID 433271: (RESOURCE_LEAK)
Variable "sections" going out of scope leaks the storage it points to. 687 return allocerr(error, maxerrlen, fname, "actset", sizeof(actset_t));
688 str_list_t section = iniGetParsedSection(sections, name, /* cut: */TRUE);
689 SAFECOPY(cfg->actset[i]->name, name + 8);
690 str_list_t act_list = iniGetKeyList(section, NULL);
691 for(uint j = 0; act_list != NULL && act_list[j] != NULL; j++) {
692 chatact_t** np = realloc(cfg->chatact, sizeof(chatact_t *) * (cfg->total_chatacts + 1));
/scfglib2.c: 651 in read_chat_cfg()
645
646 str_list_t list = iniGetParsedSectionList(sections, "guru:"); 647 cfg->total_gurus = (uint16_t)strListCount(list);
648
649 if(cfg->total_gurus) {
650 if((cfg->guru=(guru_t **)malloc(sizeof(guru_t *)*cfg->total_gurus))==NULL)
CID 433271: (RESOURCE_LEAK)
Variable "sections" going out of scope leaks the storage it points to. 651 return allocerr(error, maxerrlen, fname, "gurus", sizeof(guru_t *)*cfg->total_gurus);
652 } else
653 cfg->guru=NULL;
654
655 for(uint i=0; i<cfg->total_gurus; i++) {
656 const char* name = list[i];
/scfglib2.c: 718 in read_chat_cfg()
712
713 list = iniGetParsedSectionList(sections, "chan:");
714 cfg->total_chans = (uint16_t)strListCount(list);
715
716 if(cfg->total_chans) {
717 if((cfg->chan=(chan_t **)malloc(sizeof(chan_t *)*cfg->total_chans))==NULL)
CID 433271: (RESOURCE_LEAK)
Variable "sections" going out of scope leaks the storage it points to. 718 return allocerr(error, maxerrlen, fname, "chans", sizeof(chan_t *)*cfg->total_chans);
719 } else
720 cfg->chan=NULL;
721
722 for(uint i=0; i<cfg->total_chans; i++) {
723 const char* name = list[i];
/scfglib2.c: 752 in read_chat_cfg()
746
747 list = iniGetParsedSectionList(sections, "pager:");
748 cfg->total_pages = (uint16_t)strListCount(list);
749
750 if(cfg->total_pages) {
751 if((cfg->page=(page_t **)malloc(sizeof(page_t *)*cfg->total_pages))==NULL)
CID 433271: (RESOURCE_LEAK)
Variable "sections" going out of scope leaks the storage it points to. 752 return allocerr(error, maxerrlen, fname, "pages", sizeof(page_t *)*cfg->total_pages);
753 } else
754 cfg->page=NULL;
755
756 for(uint i=0; i<cfg->total_pages; i++) {
757 const char* name = list[i];
/scfglib2.c: 725 in read_chat_cfg()
719 } else
720 cfg->chan=NULL;
721
722 for(uint i=0; i<cfg->total_chans; i++) {
723 const char* name = list[i];
724 if((cfg->chan[i]=(chan_t *)malloc(sizeof(chan_t)))==NULL)
CID 433271: (RESOURCE_LEAK)
Variable "sections" going out of scope leaks the storage it points to. 725 return allocerr(error, maxerrlen, fname, "chan", sizeof(chan_t));
726 str_list_t section = iniGetParsedSection(sections, name, /* cut: */TRUE);
727 memset(cfg->chan[i],0,sizeof(chan_t));
728
729 cfg->chan[i]->actset = getchatactset(cfg, iniGetString(section, NULL, "actions", "", value));
730 SAFECOPY(cfg->chan[i]->name, iniGetString(section, NULL, "name", "", value));
** CID 433270: Null pointer dereferences (FORWARD_NULL)
/scfglib1.c: 420 in read_msgs_cfg()
________________________________________________________________________________________________________
*** CID 433270: Null pointer dereferences (FORWARD_NULL)
/scfglib1.c: 420 in read_msgs_cfg()
414 continue;
415 *p = '\0';
416 char* code = p + 1;
417 int grpnum = getgrpnum_from_name(cfg, group);
418 if(!is_valid_grpnum(cfg, grpnum))
419 continue;
CID 433270: Null pointer dereferences (FORWARD_NULL)
Dereferencing null pointer "cfg->sub".
420 if((cfg->sub[i]=(sub_t *)malloc(sizeof(sub_t)))==NULL) 421 return allocerr(error, maxerrlen, fname, "sub", sizeof(sub_t));
422 section = iniGetParsedSection(sections, name, /* cut: */TRUE);
423 memset(cfg->sub[i],0,sizeof(sub_t));
424 SAFECOPY(cfg->sub[i]->code_suffix, code);
425
** CID 433269: Resource leaks (RESOURCE_LEAK)
/scfglib2.c: 117 in read_file_cfg()
________________________________________________________________________________________________________
*** CID 433269: Resource leaks (RESOURCE_LEAK)
/scfglib2.c: 117 in read_file_cfg()
111 return allocerr(error, maxerrlen, fname, "fcomps", sizeof(fcomp_t*)*cfg->total_fcomps);
112 } else
113 cfg->fcomp=NULL;
114
115 for(uint i=0; i<cfg->total_fcomps; i++) {
116 if((cfg->fcomp[i]=(fcomp_t *)malloc(sizeof(fcomp_t)))==NULL)
CID 433269: Resource leaks (RESOURCE_LEAK)
Variable "fcomp_list" going out of scope leaks the storage it points to.
117 return allocerr(error, maxerrlen, fname, "fcomp", sizeof(fcomp_t));
118 str_list_t section = iniGetParsedSection(sections, fcomp_list[i], /* cut: */TRUE);
119 memset(cfg->fcomp[i],0,sizeof(fcomp_t));
120 SAFECOPY(cfg->fcomp[i]->ext, iniGetString(section, NULL, "extension", "", value));
121 SAFECOPY(cfg->fcomp[i]->cmd, iniGetString(section, NULL, "cmd", "", value));
122 SAFECOPY(cfg->fcomp[i]->arstr, iniGetString(section, NULL, "ars", "", value));
** CID 433268: Resource leaks (RESOURCE_LEAK)
/scfglib2.c: 194 in read_file_cfg()
________________________________________________________________________________________________________
*** CID 433268: Resource leaks (RESOURCE_LEAK)
/scfglib2.c: 194 in read_file_cfg()
188 return allocerr(error, maxerrlen, fname, "dlevents", sizeof(dlevent_t*)*cfg->total_dlevents);
189 } else
190 cfg->dlevent=NULL;
191
192 for(uint i=0; i<cfg->total_dlevents; i++) {
193 if((cfg->dlevent[i]=(dlevent_t *)malloc(sizeof(dlevent_t)))==NULL)
CID 433268: Resource leaks (RESOURCE_LEAK)
Variable "dlevent_list" going out of scope leaks the storage it points to.
194 return allocerr(error, maxerrlen, fname, "dlevent", sizeof(dlevent_t));
195 str_list_t section = iniGetParsedSection(sections, dlevent_list[i], /* cut: */TRUE);
196 memset(cfg->dlevent[i],0,sizeof(dlevent_t));
197 SAFECOPY(cfg->dlevent[i]->ext, iniGetString(section, NULL, "extension", "", value));
198 SAFECOPY(cfg->dlevent[i]->cmd, iniGetString(section, NULL, "cmd", "", value));
199 SAFECOPY(cfg->dlevent[i]->workstr, iniGetString(section, NULL, "working", "", value));
** CID 433267: Control flow issues (DEADCODE)
/mqtt.c: 41 in mqtt_init()
________________________________________________________________________________________________________
*** CID 433267: Control flow issues (DEADCODE)
/mqtt.c: 41 in mqtt_init()
35 mqtt->host = host;
36 mqtt->server = server;
37 #ifdef USE_MOSQUITTO
38 return mosquitto_lib_init();
39 #endif
40 }
CID 433267: Control flow issues (DEADCODE)
Execution cannot reach this statement: "return 100;".
41 return MQTT_FAILURE;
42 }
43
44 static char* format_topic(struct mqtt* mqtt, enum topic_depth depth, char* str, size_t size, const char* sbuf)
45 {
46 switch(depth) {
** CID 433266: (RESOURCE_LEAK)
/scfglib1.c: 523 in read_msgs_cfg()
/scfglib1.c: 381 in read_msgs_cfg()
/scfglib1.c: 373 in read_msgs_cfg()
________________________________________________________________________________________________________
*** CID 433266: (RESOURCE_LEAK)
/scfglib1.c: 523 in read_msgs_cfg()
517 cfg->qhub=NULL;
518
519 cfg->total_qhubs = 0;
520 for(uint i=0; qhub_list[i] != NULL; i++) {
521 const char* name = qhub_list[i];
522 if((cfg->qhub[i]=(qhub_t *)malloc(sizeof(qhub_t)))==NULL)
CID 433266: (RESOURCE_LEAK)
Variable "sections" going out of scope leaks the storage it points to. 523 return allocerr(error, maxerrlen, fname, "qhub", sizeof(qhub_t));
524 section = iniGetParsedSection(sections, name, /* cut: */TRUE);
525 memset(cfg->qhub[i],0,sizeof(qhub_t));
526
527 SAFECOPY(cfg->qhub[i]->id, name + 5);
528 cfg->qhub[i]->time = iniGetShortInt(section, NULL, "time", 0);
/scfglib1.c: 381 in read_msgs_cfg()
375 cfg->grp=NULL;
376
377 for(uint i=0; i<cfg->total_grps; i++) {
378
379 const char* name = grp_list[i];
380 if((cfg->grp[i]=(grp_t *)malloc(sizeof(grp_t)))==NULL) >>> CID 433266: (RESOURCE_LEAK)
Variable "sections" going out of scope leaks the storage it points to. 381 return allocerr(error, maxerrlen, fname, "group", sizeof(grp_t));
382 section = iniGetParsedSection(sections, name, /* cut: */TRUE);
383 memset(cfg->grp[i],0,sizeof(grp_t));
384 SAFECOPY(cfg->grp[i]->sname, name + 4);
385 SAFECOPY(cfg->grp[i]->lname, iniGetString(section, NULL, "description", name + 4, value));
386 SAFECOPY(cfg->grp[i]->code_prefix, iniGetString(section, NULL, "code_prefix", "", value));
/scfglib1.c: 373 in read_msgs_cfg()
367
368 str_list_t grp_list = iniGetParsedSectionList(sections, "grp:");
369 cfg->total_grps = (uint16_t)strListCount(grp_list);
370
371 if(cfg->total_grps) {
372 if((cfg->grp=(grp_t **)malloc(sizeof(grp_t *)*cfg->total_grps))==NULL)
CID 433266: (RESOURCE_LEAK)
Variable "sections" going out of scope leaks the storage it points to. 373 return allocerr(error, maxerrlen, fname, "groups", sizeof(grp_t *)*cfg->total_grps);
374 } else
375 cfg->grp=NULL;
376
377 for(uint i=0; i<cfg->total_grps; i++) {
378
** CID 433265: (RESOURCE_LEAK)
/scfglib1.c: 381 in read_msgs_cfg()
/scfglib1.c: 373 in read_msgs_cfg()
________________________________________________________________________________________________________
*** CID 433265: (RESOURCE_LEAK)
/scfglib1.c: 381 in read_msgs_cfg()
375 cfg->grp=NULL;
376
377 for(uint i=0; i<cfg->total_grps; i++) {
378
379 const char* name = grp_list[i];
380 if((cfg->grp[i]=(grp_t *)malloc(sizeof(grp_t)))==NULL) >>> CID 433265: (RESOURCE_LEAK)
Variable "grp_list" going out of scope leaks the storage it points to. 381 return allocerr(error, maxerrlen, fname, "group", sizeof(grp_t));
382 section = iniGetParsedSection(sections, name, /* cut: */TRUE);
383 memset(cfg->grp[i],0,sizeof(grp_t));
384 SAFECOPY(cfg->grp[i]->sname, name + 4);
385 SAFECOPY(cfg->grp[i]->lname, iniGetString(section, NULL, "description", name + 4, value));
386 SAFECOPY(cfg->grp[i]->code_prefix, iniGetString(section, NULL, "code_prefix", "", value));
/scfglib1.c: 373 in read_msgs_cfg()
367
368 str_list_t grp_list = iniGetParsedSectionList(sections, "grp:");
369 cfg->total_grps = (uint16_t)strListCount(grp_list);
370
371 if(cfg->total_grps) {
372 if((cfg->grp=(grp_t **)malloc(sizeof(grp_t *)*cfg->total_grps))==NULL)
CID 433265: (RESOURCE_LEAK)
Variable "grp_list" going out of scope leaks the storage it points to. 373 return allocerr(error, maxerrlen, fname, "groups", sizeof(grp_t *)*cfg->total_grps);
374 } else
375 cfg->grp=NULL;
376
377 for(uint i=0; i<cfg->total_grps; i++) {
378
** CID 433264: Memory - corruptions (REVERSE_NEGATIVE)
/main.cpp: 2347 in output_thread(void *)()
________________________________________________________________________________________________________
*** CID 433264: Memory - corruptions (REVERSE_NEGATIVE)
/main.cpp: 2347 in output_thread(void *)()
2341 }
2342 }
2343 #endif
2344 sbbs->terminate_output_thread = false;
2345
2346 /* Note: do not terminate when online==FALSE, that is expected for the terminal server output_thread */
CID 433264: Memory - corruptions (REVERSE_NEGATIVE)
You might be using variable "sbbs->client_socket" before verifying that it is >= 0.
2347 while (sbbs->client_socket != INVALID_SOCKET && !terminate_server && !sbbs->terminate_output_thread) {
2348 /*
2349 * I'd like to check the linear buffer against the highwater
2350 * at this point, but it would get too clumsy imho - Deuce
2351 *
2352 * Actually, another option would just be to have the size
** CID 433263: (RESOURCE_LEAK)
/scfglib1.c: 548 in read_msgs_cfg()
/scfglib1.c: 523 in read_msgs_cfg()
/scfglib1.c: 515 in read_msgs_cfg()
/scfglib1.c: 546 in read_msgs_cfg()
________________________________________________________________________________________________________
*** CID 433263: (RESOURCE_LEAK)
/scfglib1.c: 548 in read_msgs_cfg()
542 if(k) {
543 if((cfg->qhub[i]->sub=(sub_t**)malloc(sizeof(sub_t*)*k))==NULL)
544 return allocerr(error, maxerrlen, fname, "qhub sub", sizeof(sub_t)*k);
545 if((cfg->qhub[i]->conf=(ushort *)malloc(sizeof(ushort)*k))==NULL)
546 return allocerr(error, maxerrlen, fname, "qhub conf", sizeof(ushort)*k);
547 if((cfg->qhub[i]->mode=(char *)malloc(sizeof(char)*k))==NULL)
CID 433263: (RESOURCE_LEAK)
Variable "qhub_list" going out of scope leaks the storage it points to. 548 return allocerr(error, maxerrlen, fname, "qhub mode", sizeof(uchar)*k);
549 }
550
551 for(uint j=0;j<k;j++) {
552 uint16_t confnum;
553 int subnum;
/scfglib1.c: 523 in read_msgs_cfg()
517 cfg->qhub=NULL;
518
519 cfg->total_qhubs = 0;
520 for(uint i=0; qhub_list[i] != NULL; i++) {
521 const char* name = qhub_list[i];
522 if((cfg->qhub[i]=(qhub_t *)malloc(sizeof(qhub_t)))==NULL)
CID 433263: (RESOURCE_LEAK)
Variable "qhub_list" going out of scope leaks the storage it points to. 523 return allocerr(error, maxerrlen, fname, "qhub", sizeof(qhub_t));
524 section = iniGetParsedSection(sections, name, /* cut: */TRUE);
525 memset(cfg->qhub[i],0,sizeof(qhub_t));
526
527 SAFECOPY(cfg->qhub[i]->id, name + 5);
528 cfg->qhub[i]->time = iniGetShortInt(section, NULL, "time", 0);
/scfglib1.c: 515 in read_msgs_cfg()
509 /**********/
510 str_list_t qhub_list = iniGetParsedSectionList(sections, "qhub:");
511 cfg->total_qhubs = (uint16_t)strListCount(qhub_list);
512
513 if(cfg->total_qhubs) {
514 if((cfg->qhub=(qhub_t **)malloc(sizeof(qhub_t *)*cfg->total_qhubs))==NULL)
CID 433263: (RESOURCE_LEAK)
Variable "qhub_list" going out of scope leaks the storage it points to. 515 return allocerr(error, maxerrlen, fname, "qhubs", sizeof(qhub_t*)*cfg->total_qhubs);
516 } else
517 cfg->qhub=NULL;
518
519 cfg->total_qhubs = 0;
520 for(uint i=0; qhub_list[i] != NULL; i++) {
/scfglib1.c: 546 in read_msgs_cfg()
540 str_list_t qsub_list = iniGetParsedSectionList(sections, str);
541 uint k = strListCount(qsub_list);
542 if(k) {
543 if((cfg->qhub[i]->sub=(sub_t**)malloc(sizeof(sub_t*)*k))==NULL)
544 return allocerr(error, maxerrlen, fname, "qhub sub", sizeof(sub_t)*k);
545 if((cfg->qhub[i]->conf=(ushort *)malloc(sizeof(ushort)*k))==NULL)
CID 433263: (RESOURCE_LEAK)
Variable "qhub_list" going out of scope leaks the storage it points to. 546 return allocerr(error, maxerrlen, fname, "qhub conf", sizeof(ushort)*k);
547 if((cfg->qhub[i]->mode=(char *)malloc(sizeof(char)*k))==NULL)
548 return allocerr(error, maxerrlen, fname, "qhub mode", sizeof(uchar)*k);
549 }
550
551 for(uint j=0;j<k;j++) {
** CID 433262: High impact quality (Y2K38_SAFETY)
/qwk.cpp: 1036 in sbbs_t::qwk_vote(char **, const char *, unsigned short, const char *, unsigned int, sbbs_t::msg_filters, int)()
________________________________________________________________________________________________________
*** CID 433262: High impact quality (Y2K38_SAFETY)
/qwk.cpp: 1036 in sbbs_t::qwk_vote(char **, const char *, unsigned short, const char *, unsigned int, sbbs_t::msg_filters, int)()
1030 smbmsg_t msg;
1031 ZERO_VAR(msg);
1032
1033 if((p=iniGetString(ini, section, "WhenWritten", NULL, NULL)) != NULL) {
1034 char zone[32];
1035 xpDateTime_t dt=isoDateTimeStr_parse(p);
CID 433262: High impact quality (Y2K38_SAFETY)
A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "xpDateTime_to_localtime(dt)" is cast to "uint32_t".
1036 msg.hdr.when_written.time=(uint32_t)xpDateTime_to_localtime(dt);
1037 msg.hdr.when_written.zone=dt.zone;
1038 sscanf(p,"%*s %s",zone);
1039 if(zone[0])
1040 msg.hdr.when_written.zone=(ushort)strtoul(zone,NULL,16);
1041 }
** CID 433261: (RESOURCE_LEAK)
/scfglib2.c: 245 in read_file_cfg()
/scfglib2.c: 252 in read_file_cfg()
________________________________________________________________________________________________________
*** CID 433261: (RESOURCE_LEAK)
/scfglib2.c: 245 in read_file_cfg()
239
240 str_list_t lib_list = iniGetParsedSectionList(sections, "lib:");
241 cfg->total_libs = (uint16_t)strListCount(lib_list);
242
243 if(cfg->total_libs) {
244 if((cfg->lib=(lib_t **)malloc(sizeof(lib_t *)*cfg->total_libs))==NULL)
CID 433261: (RESOURCE_LEAK)
Variable "lib_list" going out of scope leaks the storage it points to. 245 return allocerr(error, maxerrlen, fname, "libs", sizeof(lib_t *)*cfg->total_libs);
246 } else
247 cfg->lib=NULL;
248
249 for(uint i=0; i<cfg->total_libs; i++) {
250 char* name = lib_list[i];
/scfglib2.c: 252 in read_file_cfg()
246 } else
247 cfg->lib=NULL;
248
249 for(uint i=0; i<cfg->total_libs; i++) {
250 char* name = lib_list[i];
251 if((cfg->lib[i]=(lib_t *)malloc(sizeof(lib_t)))==NULL) >>> CID 433261: (RESOURCE_LEAK)
Variable "lib_list" going out of scope leaks the storage it points to. 252 return allocerr(error, maxerrlen, fname, "lib", sizeof(lib_t));
253 str_list_t section = iniGetParsedSection(sections, name, /* cut: */TRUE);
254 memset(cfg->lib[i],0,sizeof(lib_t));
255 cfg->lib[i]->offline_dir=INVALID_DIR;
256 SAFECOPY(cfg->lib[i]->sname, name + 4);
257 SAFECOPY(cfg->lib[i]->lname, iniGetString(section, NULL, "description", name + 4, value));
** CID 433260: (RESOURCE_LEAK)
/scfglib1.c: 546 in read_msgs_cfg()
/scfglib1.c: 548 in read_msgs_cfg()
/scfglib1.c: 544 in read_msgs_cfg()
________________________________________________________________________________________________________
*** CID 433260: (RESOURCE_LEAK)
/scfglib1.c: 546 in read_msgs_cfg()
540 str_list_t qsub_list = iniGetParsedSectionList(sections, str);
541 uint k = strListCount(qsub_list);
542 if(k) {
543 if((cfg->qhub[i]->sub=(sub_t**)malloc(sizeof(sub_t*)*k))==NULL)
544 return allocerr(error, maxerrlen, fname, "qhub sub", sizeof(sub_t)*k);
545 if((cfg->qhub[i]->conf=(ushort *)malloc(sizeof(ushort)*k))==NULL)
CID 433260: (RESOURCE_LEAK)
Variable "qsub_list" going out of scope leaks the storage it points to. 546 return allocerr(error, maxerrlen, fname, "qhub conf", sizeof(ushort)*k);
547 if((cfg->qhub[i]->mode=(char *)malloc(sizeof(char)*k))==NULL)
548 return allocerr(error, maxerrlen, fname, "qhub mode", sizeof(uchar)*k);
549 }
550
551 for(uint j=0;j<k;j++) {
/scfglib1.c: 548 in read_msgs_cfg()
542 if(k) {
543 if((cfg->qhub[i]->sub=(sub_t**)malloc(sizeof(sub_t*)*k))==NULL)
544 return allocerr(error, maxerrlen, fname, "qhub sub", sizeof(sub_t)*k);
545 if((cfg->qhub[i]->conf=(ushort *)malloc(sizeof(ushort)*k))==NULL)
546 return allocerr(error, maxerrlen, fname, "qhub conf", sizeof(ushort)*k);
547 if((cfg->qhub[i]->mode=(char *)malloc(sizeof(char)*k))==NULL)
CID 433260: (RESOURCE_LEAK)
Variable "qsub_list" going out of scope leaks the storage it points to. 548 return allocerr(error, maxerrlen, fname, "qhub mode", sizeof(uchar)*k);
549 }
550
551 for(uint j=0;j<k;j++) {
552 uint16_t confnum;
553 int subnum;
/scfglib1.c: 544 in read_msgs_cfg()
538 char str[128];
539 SAFEPRINTF(str, "qhubsub:%s:", cfg->qhub[i]->id);
540 str_list_t qsub_list = iniGetParsedSectionList(sections, str);
541 uint k = strListCount(qsub_list);
542 if(k) {
543 if((cfg->qhub[i]->sub=(sub_t**)malloc(sizeof(sub_t*)*k))==NULL)
CID 433260: (RESOURCE_LEAK)
Variable "qsub_list" going out of scope leaks the storage it points to. 544 return allocerr(error, maxerrlen, fname, "qhub sub", sizeof(sub_t)*k);
545 if((cfg->qhub[i]->conf=(ushort *)malloc(sizeof(ushort)*k))==NULL)
546 return allocerr(error, maxerrlen, fname, "qhub conf", sizeof(ushort)*k);
547 if((cfg->qhub[i]->mode=(char *)malloc(sizeof(char)*k))==NULL)
548 return allocerr(error, maxerrlen, fname, "qhub mode", sizeof(uchar)*k);
549 }
** CID 433259: Resource leaks (RESOURCE_LEAK)
/upgrade_to_v320.c: 463 in upgrade_users()
________________________________________________________________________________________________________
*** CID 433259: Resource leaks (RESOURCE_LEAK)
/upgrade_to_v320.c: 463 in upgrade_users()
457 return false;
458 }
459
460 int file = v31x_openuserdat(&scfg, /* for_modify */FALSE);
461 if(file == -1) {
462 perror("user.dat");
CID 433259: Resource leaks (RESOURCE_LEAK)
Variable "out" going out of scope leaks the storage it points to.
463 return false;
464 }
465 for(uint i = 1; i <= last; i++) {
466 user_t user;
467 ZERO_VAR(user);
468 user.number = i;
** CID 433258: (RESOURCE_LEAK)
/scfglib2.c: 481 in read_xtrn_cfg()
/scfglib2.c: 500 in read_xtrn_cfg()
/scfglib2.c: 462 in read_xtrn_cfg()
/scfglib2.c: 428 in read_xtrn_cfg()
/scfglib2.c: 541 in read_xtrn_cfg()
/scfglib2.c: 594 in read_xtrn_cfg()
/scfglib2.c: 534 in read_xtrn_cfg()
/scfglib2.c: 579 in read_xtrn_cfg()
/scfglib2.c: 455 in read_xtrn_cfg()
/scfglib2.c: 601 in read_xtrn_cfg()
/scfglib2.c: 421 in read_xtrn_cfg()
/scfglib2.c: 572 in read_xtrn_cfg()
________________________________________________________________________________________________________
*** CID 433258: (RESOURCE_LEAK)
/scfglib2.c: 481 in read_xtrn_cfg()
475
476 list = iniGetParsedSectionList(sections, "prog:");
477 cfg->total_xtrns = (uint16_t)strListCount(list);
478
479 if(cfg->total_xtrns) {
480 if((cfg->xtrn=(xtrn_t **)malloc(sizeof(xtrn_t *)*cfg->total_xtrns))==NULL)
CID 433258: (RESOURCE_LEAK)
Variable "list" going out of scope leaks the storage it points to.
481 return allocerr(error, maxerrlen, fname, "xtrns", sizeof(xtrn_t *)*cfg->total_xtrns);
482 } else
483 cfg->xtrn=NULL;
484
485 cfg->total_xtrns = 0;
486 for(uint i=0; list[i] != NULL; i++) {
/scfglib2.c: 500 in read_xtrn_cfg()
494 char* code = p + 1;
495 int secnum = getxtrnsec(cfg, sec);
496 if(!is_valid_xtrnsec(cfg, secnum))
497 continue;
498
499 if((cfg->xtrn[i]=(xtrn_t *)malloc(sizeof(xtrn_t)))==NULL)
CID 433258: (RESOURCE_LEAK)
Variable "list" going out of scope leaks the storage it points to.
500 return allocerr(error, maxerrlen, fname, "xtrn", sizeof(xtrn_t));
501 str_list_t section = iniGetParsedSection(sections, name, /* cut: */TRUE);
502 memset(cfg->xtrn[i],0,sizeof(xtrn_t));
503 cfg->xtrn[i]->sec = secnum;
504
505 SAFECOPY(cfg->xtrn[i]->name, iniGetString(section, NULL, "name", code, value));
/scfglib2.c: 462 in read_xtrn_cfg()
456 } else
457 cfg->xtrnsec=NULL;
458
459 for(uint i=0; i<cfg->total_xtrnsecs; i++) {
460 const char* name = list[i];
461 if((cfg->xtrnsec[i]=(xtrnsec_t *)malloc(sizeof(xtrnsec_t)))==NULL)
CID 433258: (RESOURCE_LEAK)
Variable "list" going out of scope leaks the storage it points to.
462 return allocerr(error, maxerrlen, fname, "xtrnsec", sizeof(xtrnsec_t));
463 str_list_t section = iniGetParsedSection(sections, name, /* cut: */TRUE);
464 memset(cfg->xtrnsec[i],0,sizeof(xtrnsec_t));
465 SAFECOPY(cfg->xtrnsec[i]->code, name + 4);
466 SAFECOPY(cfg->xtrnsec[i]->name, iniGetString(section, NULL, "name", name + 4, value));
467 SAFECOPY(cfg->xtrnsec[i]->arstr, iniGetString(section, NULL, "ars", "", value));
/scfglib2.c: 428 in read_xtrn_cfg()
422 } else
423 cfg->xedit=NULL;
424
425 for(uint i=0; i<cfg->total_xedits; i++) {
426 const char* name = list[i];
427 if((cfg->xedit[i]=(xedit_t *)malloc(sizeof(xedit_t)))==NULL)
CID 433258: (RESOURCE_LEAK)
Variable "list" going out of scope leaks the storage it points to.
428 return allocerr(error, maxerrlen, fname, "xedit", sizeof(xedit_t));
429 str_list_t section = iniGetParsedSection(sections, name, /* cut: */TRUE);
430 memset(cfg->xedit[i],0,sizeof(xedit_t));
431 SAFECOPY(cfg->xedit[i]->code, name + 7);
432 SAFECOPY(cfg->xedit[i]->name, iniGetString(section, NULL, "name", name + 7, value));
433 SAFECOPY(cfg->xedit[i]->rcmd, iniGetString(section, NULL, "cmd", "", value));
/scfglib2.c: 541 in read_xtrn_cfg()
535 } else
536 cfg->event=NULL;
537
538 for(uint i=0; i<cfg->total_events; i++) {
539 const char* name = list[i];
540 if((cfg->event[i]=(event_t *)malloc(sizeof(event_t)))==NULL)
CID 433258: (RESOURCE_LEAK)
Variable "list" going out of scope leaks the storage it points to.
541 return allocerr(error, maxerrlen, fname, "event", sizeof(event_t));
542 memset(cfg->event[i],0,sizeof(event_t));
543 str_list_t section = iniGetParsedSection(sections, name, /* cut: */TRUE);
544
545 SAFECOPY(cfg->event[i]->code, name + 6);
546 SAFECOPY(cfg->event[i]->cmd, iniGetString(section, NULL, "cmd", "", value));
/scfglib2.c: 594 in read_xtrn_cfg()
588
589 list = iniGetParsedSectionList(sections, "hotkey:");
590 cfg->total_hotkeys = (uint16_t)strListCount(list);
591
592 if(cfg->total_hotkeys) {
593 if((cfg->hotkey=(hotkey_t **)malloc(sizeof(hotkey_t *)*cfg->total_hotkeys))==NULL)
CID 433258: (RESOURCE_LEAK)
Variable "list" going out of scope leaks the storage it points to.
594 return allocerr(error, maxerrlen, fname, "hotkeys", sizeof(hotkey_t *)*cfg->total_hotkeys);
595 } else
596 cfg->hotkey=NULL;
597
598 for(uint i=0; i<cfg->total_hotkeys; i++) {
599 const char* section = list[i];
/scfglib2.c: 534 in read_xtrn_cfg()
528
529 list = iniGetParsedSectionList(sections, "event:");
530 cfg->total_events = (uint16_t)strListCount(list);
531
532 if(cfg->total_events) {
533 if((cfg->event=(event_t **)malloc(sizeof(event_t *)*cfg->total_events))==NULL)
CID 433258: (RESOURCE_LEAK)
Variable "list" going out of scope leaks the storage it points to.
534 return allocerr(error, maxerrlen, fname, "events", sizeof(event_t *)*cfg->total_events);
535 } else
536 cfg->event=NULL;
537
538 for(uint i=0; i<cfg->total_events; i++) {
539 const char* name = list[i];
/scfglib2.c: 579 in read_xtrn_cfg()
573 } else
574 cfg->natvpgm=NULL;
575
576 for(uint i=0; i<cfg->total_natvpgms; i++) {
577 const char* name = list[i];
578 if((cfg->natvpgm[i]=(natvpgm_t *)malloc(sizeof(natvpgm_t)))==NULL)
CID 433258: (RESOURCE_LEAK)
Variable "list" going out of scope leaks the storage it points to.
579 return allocerr(error, maxerrlen, fname, "natvpgm", sizeof(natvpgm_t));
580 memset(cfg->natvpgm[i],0,sizeof(natvpgm_t));
581 SAFECOPY(cfg->natvpgm[i]->name, name + 7);
582 }
583 iniFreeStringList(list);
584
/scfglib2.c: 455 in read_xtrn_cfg()
449 list = iniGetParsedSectionList(sections, "sec:");
450 cfg->total_xtrnsecs = (uint16_t)strListCount(list);
451
452 if(cfg->total_xtrnsecs) {
453 if((cfg->xtrnsec=(xtrnsec_t **)malloc(sizeof(xtrnsec_t *)*cfg->total_xtrnsecs))
454 ==NULL)
CID 433258: (RESOURCE_LEAK)
Variable "list" going out of scope leaks the storage it points to.
455 return allocerr(error, maxerrlen, fname, "xtrnsecs", sizeof(xtrnsec_t *)*cfg->total_xtrnsecs);
456 } else
457 cfg->xtrnsec=NULL;
458
459 for(uint i=0; i<cfg->total_xtrnsecs; i++) {
460 const char* name = list[i];
/scfglib2.c: 601 in read_xtrn_cfg()
595 } else
596 cfg->hotkey=NULL;
597
598 for(uint i=0; i<cfg->total_hotkeys; i++) {
599 const char* section = list[i];
600 if((cfg->hotkey[i]=(hotkey_t *)malloc(sizeof(hotkey_t)))==NULL)
CID 433258: (RESOURCE_LEAK)
Variable "list" going out of scope leaks the storage it points to.
601 return allocerr(error, maxerrlen, fname, "hotkey", sizeof(hotkey_t));
602 memset(cfg->hotkey[i],0,sizeof(hotkey_t));
603
604 cfg->hotkey[i]->key = atoi(list[i] + 7);
605 SAFECOPY(cfg->hotkey[i]->cmd, iniGetString(ini, section, "cmd", "", value));
606 }
/scfglib2.c: 421 in read_xtrn_cfg()
415
416 str_list_t list = iniGetParsedSectionList(sections, "editor:"); 417 cfg->total_xedits = (uint16_t)strListCount(list);
418
419 if(cfg->total_xedits) {
420 if((cfg->xedit=(xedit_t **)malloc(sizeof(xedit_t *)*cfg->total_xedits))==NULL)
CID 433258: (RESOURCE_LEAK)
Variable "list" going out of scope leaks the storage it points to.
421 return allocerr(error, maxerrlen, fname, "xedits", sizeof(xedit_t *)*cfg->total_xedits);
422 } else
423 cfg->xedit=NULL;
424
425 for(uint i=0; i<cfg->total_xedits; i++) {
426 const char* name = list[i];
/scfglib2.c: 572 in read_xtrn_cfg()
566
567 list = iniGetParsedSectionList(sections, "native:");
568 cfg->total_natvpgms = (uint16_t)strListCount(list);
569
570 if(cfg->total_natvpgms) {
571 if((cfg->natvpgm=(natvpgm_t **)malloc(sizeof(natvpgm_t *)*cfg->total_natvpgms))==NULL)
CID 433258: (RESOURCE_LEAK)
Variable "list" going out of scope leaks the storage it points to.
572 return allocerr(error, maxerrlen, fname, "natvpgms", sizeof(natvpgm_t *)*cfg->total_natvpgms);
573 } else
574 cfg->natvpgm=NULL;
575
576 for(uint i=0; i<cfg->total_natvpgms; i++) {
577 const char* name = list[i];
** CID 433257: Null pointer dereferences (FORWARD_NULL)
/scfglib2.c: 314 in read_file_cfg()
________________________________________________________________________________________________________
*** CID 433257: Null pointer dereferences (FORWARD_NULL)
/scfglib2.c: 314 in read_file_cfg()
308 *p = '\0';
309 char* code = p + 1;
310 int libnum = getlibnum_from_name(cfg, lib);
311 if(!is_valid_libnum(cfg, libnum))
312 continue;
313
CID 433257: Null pointer dereferences (FORWARD_NULL)
Dereferencing null pointer "cfg->dir".
314 if((cfg->dir[i]=(dir_t *)malloc(sizeof(dir_t)))==NULL) 315 return allocerr(error, maxerrlen, fname, "dir", sizeof(dir_t));
316 str_list_t section = iniGetParsedSection(sections, name, /* cut: */TRUE);
317 memset(cfg->dir[i],0,sizeof(dir_t));
318 SAFECOPY(cfg->dir[i]->code_suffix, code);
319
** CID 433256: Memory - corruptions (REVERSE_NEGATIVE)
/websrvr.c: 6401 in http_output_thread()
________________________________________________________________________________________________________
*** CID 433256: Memory - corruptions (REVERSE_NEGATIVE)
/websrvr.c: 6401 in http_output_thread()
6395 #endif
6396
6397 /*
6398 * Do *not* exit on terminate_server... wait for session thread 6399 * to close the socket and set it to INVALID_SOCKET
6400 */
CID 433256: Memory - corruptions (REVERSE_NEGATIVE)
You might be using variable "session->socket" before verifying that it is >= 0.
6401 while(session->socket!=INVALID_SOCKET) {
6402
6403 /* Wait for something to output in the RingBuffer */ 6404 if((avail=RingBufFull(obuf))==0) { /* empty */ 6405 if(WaitForEvent(obuf->data_event, 1000) != WAIT_OBJECT_0)
6406 continue;
** CID 433255: (RESOURCE_LEAK)
/scfglib2.c: 296 in read_file_cfg()
/scfglib2.c: 315 in read_file_cfg()
________________________________________________________________________________________________________
*** CID 433255: (RESOURCE_LEAK)
/scfglib2.c: 296 in read_file_cfg()
290 cfg->sysop_dir=cfg->user_dir=cfg->upload_dir=INVALID_DIR;
291 str_list_t dir_list = iniGetParsedSectionList(sections, "dir:");
292 cfg->total_dirs = (uint16_t)strListCount(dir_list);
293
294 if(cfg->total_dirs) {
295 if((cfg->dir=(dir_t **)malloc(sizeof(dir_t *)*(cfg->total_dirs+1)))==NULL)
CID 433255: (RESOURCE_LEAK)
Variable "dir_list" going out of scope leaks the storage it points to. 296 return allocerr(error, maxerrlen, fname, "dirs", sizeof(dir_t *)*(cfg->total_dirs+1));
297 } else
298 cfg->dir=NULL;
299
300 cfg->total_dirs = 0;
301 for(uint i=0; dir_list[i] != NULL; i++) {
/scfglib2.c: 315 in read_file_cfg()
309 char* code = p + 1;
310 int libnum = getlibnum_from_name(cfg, lib);
311 if(!is_valid_libnum(cfg, libnum))
312 continue;
313
314 if((cfg->dir[i]=(dir_t *)malloc(sizeof(dir_t)))==NULL) >>> CID 433255: (RESOURCE_LEAK)
Variable "dir_list" going out of scope leaks the storage it points to. 315 return allocerr(error, maxerrlen, fname, "dir", sizeof(dir_t));
316 str_list_t section = iniGetParsedSection(sections, name, /* cut: */TRUE);
317 memset(cfg->dir[i],0,sizeof(dir_t));
318 SAFECOPY(cfg->dir[i]->code_suffix, code);
319
320 cfg->dir[i]->dirnum = i;
** CID 433254: Resource leaks (RESOURCE_LEAK)
/scfglib2.c: 167 in read_file_cfg()
________________________________________________________________________________________________________
*** CID 433254: Resource leaks (RESOURCE_LEAK)
/scfglib2.c: 167 in read_file_cfg()
161 return allocerr(error, maxerrlen, fname, "ftests", sizeof(ftest_t*)*cfg->total_ftests);
162 } else
163 cfg->ftest=NULL;
164
165 for(uint i=0; i<cfg->total_ftests; i++) {
166 if((cfg->ftest[i]=(ftest_t *)malloc(sizeof(ftest_t)))==NULL)
CID 433254: Resource leaks (RESOURCE_LEAK)
Variable "ftest_list" going out of scope leaks the storage it points to.
167 return allocerr(error, maxerrlen, fname, "ftest", sizeof(ftest_t));
168 str_list_t section = iniGetParsedSection(sections, ftest_list[i], /* cut: */TRUE);
169 memset(cfg->ftest[i],0,sizeof(ftest_t));
170 SAFECOPY(cfg->ftest[i]->ext, iniGetString(section, NULL, "extension", "", value));
171 SAFECOPY(cfg->ftest[i]->cmd, iniGetString(section, NULL, "cmd", "", value));
172 SAFECOPY(cfg->ftest[i]->workstr, iniGetString(section, NULL, "working", "", value));
** CID 433253: High impact quality (Y2K38_SAFETY)
/data_ovl.cpp: 85 in sbbs_t::putuserdatetime(int, user_field, long)()
________________________________________________________________________________________________________
*** CID 433253: High impact quality (Y2K38_SAFETY)
/data_ovl.cpp: 85 in sbbs_t::putuserdatetime(int, user_field, long)()
79 }
80 return true;
81 }
82
83 bool sbbs_t::putuserdatetime(int usernumber, enum user_field fnum, time_t t)
84 {
CID 433253: High impact quality (Y2K38_SAFETY)
A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "t" is cast to "time32_t".
85 int result = ::putuserdatetime(&cfg, usernumber, fnum, (time32_t)t);
86 if(result != 0) {
87 errormsg(WHERE, ERR_WRITE, USER_DATA_FILENAME, result);
88 return false;
89 }
90 return true;
________________________________________________________________________________________________________
To view the defects in Coverity Scan visit,
https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yp-2FP9gGRhvFklLaQKuBylUrkMFB3WMR2p7qIYKYTZrh4BbWTBf-2B-2Fi5ZUVF-2Fo-2B6flxo-3DKDXB_g4j7BHlu96plUOfCQsO0yRjoWZCZl8YGnZ-2FUtT39hrDurF1YI6zrehre-2ByboPjRtzp0Uy9HxsPpEX6zuOHgkysGkYAIhBrTkr4fuqAJ-2FB9iKqhkl3PBoU8Vxw9H0mOzOUPRQ8hRzN0dT2QpcICdfJX0ngV6zwPKV-2B-2BuWPoh6viSCOhOEjV9OKJBVoKjy1pwkvK0uVxvk593QiNyE8GHMjw-3D-3D
---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net