Subj : New Defects reported by Coverity Scan for Synchronet To : cov-scan@synchro.net From : scan-admin@coverity.com Date : Sat Apr 03 2021 01:02 pm Hi, Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan. 6 new defect(s) introduced to Synchronet found with Coverity Scan. 1 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan. New defect(s) Reported-by: Coverity Scan Showing 6 of 6 defect(s) ** CID 330950: Resource leaks (RESOURCE_LEAK) /js_socket.c: 919 in js_connect_event_thread() ________________________________________________________________________________________________________ *** CID 330950: Resource leaks (RESOURCE_LEAK) /js_socket.c: 919 in js_connect_event_thread() 913 ioctlsocket(a->sock,FIONBIO,(ulong*)&(a->nonblocking)); 914 send(a->sv[1], &sresult, 1, 0); 915 916 done: 917 closesocket(a->sv[1]); 918 free(a); >>> CID 330950: Resource leaks (RESOURCE_LEAK) >>> Variable "res" going out of scope leaks the storage it points to. 919 } 920 921 static JSBool 922 js_connect_event(JSContext *cx, uintN argc, jsval *arglist, js_socket_private_t *p, ushort port, JSObject *obj) 923 { 924 SOCKET sv[2]; ** CID 330949: Null pointer dereferences (FORWARD_NULL) ________________________________________________________________________________________________________ *** CID 330949: Null pointer dereferences (FORWARD_NULL) /js_socket.c: 1040 in js_connect() 1034 free(p->hostname); 1035 JSSTRING_TO_MSTRING(cx, str, p->hostname, NULL); 1036 port = js_port(cx,argv[1],p->type); 1037 rc=JS_SUSPENDREQUEST(cx); 1038 1039 if (argc > 2 && JSVAL_IS_OBJECT(argv[2]) && JS_ObjectIsFunction(cx, JSVAL_TO_OBJECT(argv[2]))) { >>> CID 330949: Null pointer dereferences (FORWARD_NULL) >>> Passing "p" to "js_connect_event", which dereferences null "p->hostname". 1040 JSBool bgr = js_connect_event(cx, argc, arglist, p, port, obj); 1041 JS_RESUMEREQUEST(cx, rc); 1042 return bgr; 1043 } 1044 1045 dbprintf(FALSE, p, "resolving hostname: %s", p->hostname); ** CID 330948: Error handling issues (CHECKED_RETURN) /js_socket.c: 914 in js_connect_event_thread() ________________________________________________________________________________________________________ *** CID 330948: Error handling issues (CHECKED_RETURN) /js_socket.c: 914 in js_connect_event_thread() 908 if(result == 0) 909 break; 910 } 911 sresult = result; 912 /* Restore original setting here */ 913 ioctlsocket(a->sock,FIONBIO,(ulong*)&(a->nonblocking)); >>> CID 330948: Error handling issues (CHECKED_RETURN) >>> Calling "send(a->sv[1], &sresult, 1UL, 0)" without checking return value. This library function may fail and return an error code. 914 send(a->sv[1], &sresult, 1, 0); 915 916 done: 917 closesocket(a->sv[1]); 918 free(a); 919 } ** CID 330947: (FORWARD_NULL) /js_internal.c: 1138 in js_handle_events() /js_internal.c: 1249 in js_handle_events() /js_internal.c: 1126 in js_handle_events() /js_internal.c: 1273 in js_handle_events() /js_internal.c: 1261 in js_handle_events() /js_internal.c: 1286 in js_handle_events() /js_internal.c: 1198 in js_handle_events() /js_internal.c: 1149 in js_handle_events() ________________________________________________________________________________________________________ *** CID 330947: (FORWARD_NULL) /js_internal.c: 1138 in js_handle_events() 1132 hsock = ev->data.sock; 1133 #endif 1134 break; 1135 case JS_EVENT_SOCKET_WRITABLE_ONCE: 1136 case JS_EVENT_SOCKET_WRITABLE: 1137 #ifdef PREFER_POLL >>> CID 330947: (FORWARD_NULL) >>> Dereferencing null pointer "fds". 1138 fds[cfd].fd = ev->data.sock; 1139 fds[cfd].events = POLLOUT; 1140 cfd++; 1141 #else 1142 FD_SET(ev->data.sock, &wfds); 1143 if (ev->data.sock > hsock) /js_internal.c: 1249 in js_handle_events() 1243 #ifdef PREFER_POLL 1244 cfd = 0; 1245 #endif 1246 for (ev = *head; ev; ev = ev->next) { 1247 if (ev->type == JS_EVENT_SOCKET_READABLE || ev->type == JS_EVENT_SOCKET_READABLE_ONCE) { 1248 #ifdef PREFER_POLL >>> CID 330947: (FORWARD_NULL) >>> Dereferencing null pointer "fds". 1249 if (fds[cfd].revents & ~(POLLOUT | POLLWRNORM | POLLWRBAND)) { 1250 #else 1251 if (FD_ISSET(ev->data.sock, &rfds)) { 1252 #endif 1253 break; 1254 } /js_internal.c: 1126 in js_handle_events() 1120 timeout = 0; 1121 for (ev = *head; ev; ev = ev->next) { 1122 switch (ev->type) { 1123 case JS_EVENT_SOCKET_READABLE_ONCE: 1124 case JS_EVENT_SOCKET_READABLE: 1125 #ifdef PREFER_POLL >>> CID 330947: (FORWARD_NULL) >>> Dereferencing null pointer "fds". 1126 fds[cfd].fd = ev->data.sock; 1127 fds[cfd].events = POLLIN; 1128 cfd++; 1129 #else 1130 FD_SET(ev->data.sock, &rfds); 1131 if (ev->data.sock > hsock) /js_internal.c: 1273 in js_handle_events() 1267 #ifdef PREFER_POLL 1268 cfd++; 1269 #endif 1270 } 1271 else if (ev->type == JS_EVENT_SOCKET_CONNECT) { 1272 #ifdef PREFER_POLL >>> CID 330947: (FORWARD_NULL) >>> Dereferencing null pointer "fds". 1273 if (fds[cfd].revents & ~(POLLOUT | POLLWRNORM | POLLWRBAND)) { 1274 #else 1275 if (FD_ISSET(ev->data.connect.sv[0], &wfds)) { 1276 #endif 1277 closesocket(ev->data.connect.sv[0]); 1278 break; /js_internal.c: 1261 in js_handle_events() 1255 #ifdef PREFER_POLL 1256 cfd++; 1257 #endif 1258 } 1259 else if (ev->type == JS_EVENT_SOCKET_WRITABLE || ev->type == JS_EVENT_SOCKET_WRITABLE_ONCE) { 1260 #ifdef PREFER_POLL >>> CID 330947: (FORWARD_NULL) >>> Dereferencing null pointer "fds". 1261 if (fds[cfd].revents & ~(POLLIN | POLLRDNORM | POLLRDBAND | POLLPRI)) { 1262 #else 1263 if (FD_ISSET(ev->data.sock, &wfds)) { 1264 #endif 1265 break; 1266 } /js_internal.c: 1286 in js_handle_events() 1280 #ifdef PREFER_POLL 1281 cfd++; 1282 #endif 1283 } 1284 else if (ev->type == JS_EVENT_CONSOLE_INPUT) { 1285 #ifdef PREFER_POLL >>> CID 330947: (FORWARD_NULL) >>> Dereferencing null pointer "fds". 1286 if (fds[cfd].revents & ~(POLLOUT | POLLWRNORM | POLLWRBAND)) { 1287 #else 1288 if (FD_ISSET(ev->data.sock, &wfds)) { 1289 #endif 1290 break; 1291 } /js_internal.c: 1198 in js_handle_events() 1192 timeout = 0; 1193 cev = ev; 1194 } 1195 else { 1196 input_locked = TRUE; 1197 #ifdef PREFER_POLL >>> CID 330947: (FORWARD_NULL) >>> Dereferencing null pointer "fds". 1198 fds[cfd].fd = ev->data.sock; 1199 fds[cfd].events = POLLIN; 1200 cfd++; 1201 #else 1202 FD_SET(ev->data.sock, &rfds); 1203 if (ev->data.sock > hsock) /js_internal.c: 1149 in js_handle_events() 1143 if (ev->data.sock > hsock) 1144 hsock = ev->data.sock; 1145 #endif 1146 break; 1147 case JS_EVENT_SOCKET_CONNECT: 1148 #ifdef PREFER_POLL >>> CID 330947: (FORWARD_NULL) >>> Dereferencing null pointer "fds". 1149 fds[cfd].fd = ev->data.connect.sv[0]; 1150 fds[cfd].events = POLLIN; 1151 cfd++; 1152 #else 1153 FD_SET(ev->data.connect.sv[0], &rfds); 1154 if (ev->data.sock > hsock) ** CID 330946: Null pointer dereferences (NULL_RETURNS) /tmp/sbbs-Apr-03-2021/3rdp/src/mozjs/js-1.8.5/js/src/shell/js.cpp: 4795 in Help(JSContext *, unsigned int, unsigned long *)() ________________________________________________________________________________________________________ *** CID 330946: Null pointer dereferences (NULL_RETURNS) /tmp/sbbs-Apr-03-2021/3rdp/src/mozjs/js-1.8.5/js/src/shell/js.cpp: 4795 in Help(JSContext *, unsigned int, unsigned long *)() 4789 jsval *argv = JS_ARGV(cx, vp); 4790 for (i = 0; i < argc; i++) { 4791 did_something = 0; 4792 type = JS_TypeOfValue(cx, argv[i]); 4793 if (type == JSTYPE_FUNCTION) { 4794 fun = JS_ValueToFunction(cx, argv[i]); >>> CID 330946: Null pointer dereferences (NULL_RETURNS) >>> Dereferencing "fun", which is known to be "nullptr". 4795 str = fun->atom ? ATOM_TO_STRING(fun->atom) : NULL; 4796 } else if (type == JSTYPE_STRING) { 4797 str = JSVAL_TO_STRING(argv[i]); 4798 } else { 4799 str = NULL; 4800 } ** CID 330945: Null pointer dereferences (NULL_RETURNS) ________________________________________________________________________________________________________ *** CID 330945: Null pointer dereferences (NULL_RETURNS) /tmp/sbbs-Apr-03-2021/3rdp/src/mozjs/js-1.8.5/js/src/jsexn.cpp: 550 in ValueToShortSource(JSContext *, unsigned long)() 544 return NULL; 545 546 if (VALUE_IS_FUNCTION(cx, v)) { 547 /* 548 * XXX Avoid function decompilation bloat for now. 549 */ >>> CID 330945: Null pointer dereferences (NULL_RETURNS) >>> Dereferencing a pointer that might be "nullptr" "JS_ValueToFunction(cx, v)" when calling "JS_GetFunctionId". 550 str = JS_GetFunctionId(JS_ValueToFunction(cx, v)); 551 if (!str && !(str = js_ValueToSource(cx, Valueify(v)))) { 552 /* 553 * Continue to soldier on if the function couldn't be 554 * converted into a string. 555 */ ________________________________________________________________________________________________________ To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yp-2FP9gGRhvFklLaQKuBylUrkMFB3WMR2p7qIYKYTZrh4BbWTBf-2B-2Fi5ZUVF-2Fo-2B6flxo-3D-wGS_g4j7BHlu96plUOfCQsO0yRjoWZCZl8YGnZ-2FUtT39hrAzXmjcYguE2omc6tjz5npgQwR8DPj3gtRpRyKifexImS6lYY08gIdHnNdqrwjKbqPCGg7zzomYr1TIcd5JfXiW0FyUZvaZRJAhpRa4nQcFR63XnyrG4ZvVzFwI1WWcWyGFFiBbH4rLW7qEfxMaH8s1TyO7xNLY3MATScE7ko8zAA64QfWBsBcIOCpr2vtW8u4-3D .