Subj : New Defects reported by Coverity Scan for Synchronet To : cov-scan@synchro.net From : scan-admin@coverity.com Date : Sat Jun 03 2023 12:40 pm Hi, Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan. 7 new defect(s) introduced to Synchronet found with Coverity Scan. New defect(s) Reported-by: Coverity Scan Showing 7 of 7 defect(s) ** CID 462165: Null pointer dereferences (FORWARD_NULL) /tmp/sbbs-Jun-03-2023/src/conio/x_events.c: 904 in local_draw_rect() ________________________________________________________________________________________________________ *** CID 462165: Null pointer dereferences (FORWARD_NULL) /tmp/sbbs-Jun-03-2023/src/conio/x_events.c: 904 in local_draw_rect() 898 x11.XFillRectangle(dpy, win, gc, 0, yoff, xoff, yoff + xim->height); 899 x11.XFillRectangle(dpy, win, gc, xoff+xim->width, yoff, w, yoff + xim->height); 900 x11.XFillRectangle(dpy, win, gc, 0, yoff + xim->height, w, h); 901 } 902 if (x_internal_scaling || xrender_found == false) { 903 if (last == NULL) >>> CID 462165: Null pointer dereferences (FORWARD_NULL) >>> Dereferencing null pointer "source". 904 x11.XPutImage(dpy, win, gc, xim, 0, 0, xoff, yoff, source->w, source->h); 905 else { 906 release_buffer(last); 907 last = NULL; 908 } 909 } ** CID 462164: Concurrent data access violations (MISSING_LOCK) /tmp/sbbs-Jun-03-2023/src/conio/sdl_con.c: 448 in internal_setwinsize() ________________________________________________________________________________________________________ *** CID 462164: Concurrent data access violations (MISSING_LOCK) /tmp/sbbs-Jun-03-2023/src/conio/sdl_con.c: 448 in internal_setwinsize() 442 pthread_mutex_lock(&win_mutex); 443 sdl.GetWindowSize(win, &w, &h); 444 pthread_mutex_unlock(&win_mutex); 445 if (w != vs->winwidth || h != vs->winheight) 446 changed = true; 447 pthread_mutex_unlock(&vstatlock); >>> CID 462164: Concurrent data access violations (MISSING_LOCK) >>> Accessing "vstat.scaling" without holding lock "vstatlock". Elsewhere, "video_stats.scaling" is accessed with "vstatlock" held 13 out of 18 times (1 of these accesses strongly imply that it is necessary). 448 vstat.scaling = sdl_getscaling(); 449 } 450 if (changed) 451 setup_surfaces(vs); 452 } 453 ** CID 462163: Concurrent data access violations (MISSING_LOCK) /tmp/sbbs-Jun-03-2023/src/conio/sdl_con.c: 408 in update_cvstat() ________________________________________________________________________________________________________ *** CID 462163: Concurrent data access violations (MISSING_LOCK) /tmp/sbbs-Jun-03-2023/src/conio/sdl_con.c: 408 in update_cvstat() 402 } 403 404 static void 405 update_cvstat(struct video_stats *vs) 406 { 407 if (vs != NULL && vs != &vstat) { >>> CID 462163: Concurrent data access violations (MISSING_LOCK) >>> Accessing "vstat.scaling" without holding lock "vstatlock". Elsewhere, "video_stats.scaling" is accessed with "vstatlock" held 13 out of 18 times (1 of these accesses strongly imply that it is necessary). 408 vstat.scaling = sdl_getscaling(); 409 pthread_mutex_lock(&vstatlock); 410 *vs = vstat; 411 pthread_mutex_unlock(&vstatlock); 412 } 413 } ** CID 462162: Concurrent data access violations (MISSING_LOCK) /tmp/sbbs-Jun-03-2023/src/conio/sdl_con.c: 657 in setup_surfaces() ________________________________________________________________________________________________________ *** CID 462162: Concurrent data access violations (MISSING_LOCK) /tmp/sbbs-Jun-03-2023/src/conio/sdl_con.c: 657 in setup_surfaces() 651 else if(sdl_init_good) { 652 ev.type=SDL_QUIT; 653 sdl_exitcode=1; 654 sdl.PeepEvents(&ev, 1, SDL_ADDEVENT, SDL_FIRSTEVENT, SDL_LASTEVENT); 655 } 656 pthread_mutex_unlock(&win_mutex); >>> CID 462162: Concurrent data access violations (MISSING_LOCK) >>> Accessing "vstat.scaling" without holding lock "vstatlock". Elsewhere, "video_stats.scaling" is accessed with "vstatlock" held 13 out of 18 times (1 of these accesses strongly imply that it is necessary). 657 vstat.scaling = sdl_getscaling(); 658 } 659 660 /* Called from event thread only */ 661 static void sdl_add_key(unsigned int keyval, struct video_stats *vs) 662 { ** CID 462161: Null pointer dereferences (FORWARD_NULL) /tmp/sbbs-Jun-03-2023/src/conio/x_cio.c: 511 in x_init() ________________________________________________________________________________________________________ *** CID 462161: Null pointer dereferences (FORWARD_NULL) /tmp/sbbs-Jun-03-2023/src/conio/x_cio.c: 511 in x_init() 505 xp_dlclose(dl); 506 return(-1); 507 } 508 #ifdef WITH_XRENDER 509 xrender_found = true; 510 if ((dl2 = xp_dlopen(libnames2,RTLD_LAZY,7)) == NULL) { >>> CID 462161: Null pointer dereferences (FORWARD_NULL) >>> Passing null pointer "dl2" to "dlclose", which dereferences it. 511 xp_dlclose(dl2); 512 xrender_found = false; 513 } 514 if (xrender_found && ((x11.XRenderFindStandardFormat = xp_dlsym(dl2, XRenderFindStandardFormat)) == NULL)) { 515 xp_dlclose(dl); 516 xrender_found = false; ** CID 462160: Null pointer dereferences (REVERSE_INULL) /tmp/sbbs-Jun-03-2023/src/conio/x_events.c: 589 in init_window() ________________________________________________________________________________________________________ *** CID 462160: Null pointer dereferences (REVERSE_INULL) /tmp/sbbs-Jun-03-2023/src/conio/x_events.c: 589 in init_window() 583 if (classhints) { 584 classhints->res_name = (char *)ciolib_initial_program_name; 585 classhints->res_class = (char *)ciolib_initial_program_class; 586 } 587 wmhints=x11.XAllocWMHints(); 588 wmhints->flags = 0; >>> CID 462160: Null pointer dereferences (REVERSE_INULL) >>> Null-checking "wmhints" suggests that it may be null, but it has already been dereferenced on all paths leading to the check. 589 if(wmhints) { 590 wmhints->initial_state=NormalState; 591 wmhints->flags |= (StateHint | InputHint); 592 wmhints->input = True; 593 set_icon(ciolib_initial_icon, ciolib_initial_icon_width, wmhints); 594 x11.XSetWMProperties(dpy, win, NULL, NULL, 0, 0, NULL, wmhints, classhints); ** CID 462159: (RESOURCE_LEAK) /tmp/sbbs-Jun-03-2023/src/conio/x_cio.c: 591 in x_init() /tmp/sbbs-Jun-03-2023/src/conio/x_cio.c: 552 in x_init() /tmp/sbbs-Jun-03-2023/src/conio/x_cio.c: 552 in x_init() /tmp/sbbs-Jun-03-2023/src/conio/x_cio.c: 557 in x_init() /tmp/sbbs-Jun-03-2023/src/conio/x_cio.c: 552 in x_init() /tmp/sbbs-Jun-03-2023/src/conio/x_cio.c: 563 in x_init() /tmp/sbbs-Jun-03-2023/src/conio/x_cio.c: 570 in x_init() ________________________________________________________________________________________________________ *** CID 462159: (RESOURCE_LEAK) /tmp/sbbs-Jun-03-2023/src/conio/x_cio.c: 591 in x_init() 585 xp_dlclose(dl); 586 sem_destroy(&pastebuf_set); 587 sem_destroy(&pastebuf_used); 588 sem_destroy(&init_complete); 589 sem_destroy(&mode_set); 590 pthread_mutex_destroy(©buf_mutex); >>> CID 462159: (RESOURCE_LEAK) >>> Variable "dl2" going out of scope leaks the storage it points to. 591 return(-1); 592 } 593 _beginthread(x11_mouse_thread,1<<16,NULL); 594 cio_api.options |= CONIO_OPT_SET_TITLE | CONIO_OPT_SET_NAME | CONIO_OPT_SET_ICON; 595 return(0); 596 } /tmp/sbbs-Jun-03-2023/src/conio/x_cio.c: 552 in x_init() 546 #endif 547 setlocale(LC_ALL, ""); 548 x11.XSetLocaleModifiers("@im=none"); 549 550 if(sem_init(&pastebuf_set, 0, 0)) { 551 xp_dlclose(dl); >>> CID 462159: (RESOURCE_LEAK) >>> Variable "dl2" going out of scope leaks the storage it points to. 552 return(-1); 553 } 554 if(sem_init(&pastebuf_used, 0, 0)) { 555 xp_dlclose(dl); 556 sem_destroy(&pastebuf_set); 557 return(-1); /tmp/sbbs-Jun-03-2023/src/conio/x_cio.c: 552 in x_init() 546 #endif 547 setlocale(LC_ALL, ""); 548 x11.XSetLocaleModifiers("@im=none"); 549 550 if(sem_init(&pastebuf_set, 0, 0)) { 551 xp_dlclose(dl); >>> CID 462159: (RESOURCE_LEAK) >>> Variable "dl2" going out of scope leaks the storage it points to. 552 return(-1); 553 } 554 if(sem_init(&pastebuf_used, 0, 0)) { 555 xp_dlclose(dl); 556 sem_destroy(&pastebuf_set); 557 return(-1); /tmp/sbbs-Jun-03-2023/src/conio/x_cio.c: 557 in x_init() 551 xp_dlclose(dl); 552 return(-1); 553 } 554 if(sem_init(&pastebuf_used, 0, 0)) { 555 xp_dlclose(dl); 556 sem_destroy(&pastebuf_set); >>> CID 462159: (RESOURCE_LEAK) >>> Variable "dl2" going out of scope leaks the storage it points to. 557 return(-1); 558 } 559 if(sem_init(&init_complete, 0, 0)) { 560 xp_dlclose(dl); 561 sem_destroy(&pastebuf_set); 562 sem_destroy(&pastebuf_used); /tmp/sbbs-Jun-03-2023/src/conio/x_cio.c: 552 in x_init() 546 #endif 547 setlocale(LC_ALL, ""); 548 x11.XSetLocaleModifiers("@im=none"); 549 550 if(sem_init(&pastebuf_set, 0, 0)) { 551 xp_dlclose(dl); >>> CID 462159: (RESOURCE_LEAK) >>> Variable "dl2" going out of scope leaks the storage it points to. 552 return(-1); 553 } 554 if(sem_init(&pastebuf_used, 0, 0)) { 555 xp_dlclose(dl); 556 sem_destroy(&pastebuf_set); 557 return(-1); /tmp/sbbs-Jun-03-2023/src/conio/x_cio.c: 563 in x_init() 557 return(-1); 558 } 559 if(sem_init(&init_complete, 0, 0)) { 560 xp_dlclose(dl); 561 sem_destroy(&pastebuf_set); 562 sem_destroy(&pastebuf_used); >>> CID 462159: (RESOURCE_LEAK) >>> Variable "dl2" going out of scope leaks the storage it points to. 563 return(-1); 564 } 565 if(sem_init(&mode_set, 0, 0)) { 566 xp_dlclose(dl); 567 sem_destroy(&pastebuf_set); 568 sem_destroy(&pastebuf_used); /tmp/sbbs-Jun-03-2023/src/conio/x_cio.c: 570 in x_init() 564 } 565 if(sem_init(&mode_set, 0, 0)) { 566 xp_dlclose(dl); 567 sem_destroy(&pastebuf_set); 568 sem_destroy(&pastebuf_used); 569 sem_destroy(&init_complete); >>> CID 462159: (RESOURCE_LEAK) >>> Variable "dl2" going out of scope leaks the storage it points to. 570 return(-1); 571 } 572 573 if(pthread_mutex_init(©buf_mutex, 0)) { 574 xp_dlclose(dl); 575 sem_destroy(&pastebuf_set); ________________________________________________________________________________________________________ To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yp-2FP9gGRhvFklLaQKuBylUrkMFB3WMR2p7qIYKYTZrh4BbWTBf-2B-2Fi5ZUVF-2Fo-2B6flxo-3DIG4__g4j7BHlu96plUOfCQsO0yRjoWZCZl8YGnZ-2FUtT39hrBPyDfdctenEpBqzGZNVHs42ttgLTzzOGVhZnCvXDhpCF9jzW-2Bs67lHgn4mRJqKpKp0lKywESuC-2B8aPwq-2BHoGo6NvVv2XtDxVwk0ttDNXD70ZWDHBkynCZQ-2FnfDOJmi8gjr3lodcSxrI82eFAdcseucYkY4oNbs56dG5-2FpY2OKpzQ-3D-3D .