Subj : New Defects reported by Coverity Scan for Synchronet
To   : cov-scan@synchro.net
From : scan-admin@coverity.com
Date : Tue Jun 06 2023 12:40 pm

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

6 new defect(s) introduced to Synchronet found with Coverity Scan.
38 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 6 of 6 defect(s)


** CID 462239:    (CHECKED_RETURN)
/tmp/sbbs-Jun-06-2023/3rdp/src/mozjs/js-1.8.5/js/src/ctypes/libffi/src/closures.c: 428 in dlmmap_locked()
/tmp/sbbs-Jun-06-2023/3rdp/src/mozjs/js-1.8.5/js/src/ctypes/libffi/src/closures.c: 416 in dlmmap_locked()


________________________________________________________________________________________________________
*** CID 462239:    (CHECKED_RETURN)
/tmp/sbbs-Jun-06-2023/3rdp/src/mozjs/js-1.8.5/js/src/ctypes/libffi/src/closures.c: 428 in dlmmap_locked()
422
423       start = mmap (start, length, prot, flags, execfd, offset);
424
425       if (start == MFAIL)
426         {
427           munmap (ptr, length);
>>>     CID 462239:    (CHECKED_RETURN)
>>>     Calling "ftruncate" without checking return value (as is done elsewhere 45 out of 52 times).
428           ftruncate (execfd, offset);
429           return start;
430         }
431
432       mmap_exec_offset ((char *)start, length) = (char*)ptr - (char*)start;
433
/tmp/sbbs-Jun-06-2023/3rdp/src/mozjs/js-1.8.5/js/src/ctypes/libffi/src/closures.c: 416 in dlmmap_locked()
410         {
411           if (!offset)
412     	{
413     	  close (execfd);
414     	  goto retry_open;
415     	}
>>>     CID 462239:    (CHECKED_RETURN)
>>>     Calling "ftruncate" without checking return value (as is done elsewhere 45 out of 52 times).
416           ftruncate (execfd, offset);
417           return MFAIL;
418         }
419       else if (!offset
420     	   && open_temp_exec_file_opts[open_temp_exec_file_opts_idx].repeat)
421         open_temp_exec_file_opts_next ();

** CID 462238:    (RESOURCE_LEAK)
/writemsg.cpp: 1731 in sbbs_t::editmsg(smb_t *, smbmsg_t *)()
/writemsg.cpp: 1717 in sbbs_t::editmsg(smb_t *, smbmsg_t *)()


________________________________________________________________________________________________________
*** CID 462238:    (RESOURCE_LEAK)
/writemsg.cpp: 1731 in sbbs_t::editmsg(smb_t *, smbmsg_t *)()
1725     		if(j>1 && (j!=x || feof(instream)) && buf[j-1]==LF && buf[j-2]==CR)
1726     			buf[j-1]=buf[j-2]=0;	/* Convert to NULL */
1727     		if(fwrite(buf,j,1,smb->sdt_fp) != 1) {
1728     			errormsg(WHERE, ERR_WRITE, smb->file, j);
1729     			smb_unlocksmbhdr(smb);
1730     			smb_freemsgdat(smb,offset,length,1);
>>>     CID 462238:    (RESOURCE_LEAK)
>>>     Variable "instream" going out of scope leaks the storage it points to.
1731     			return false;
1732     		}
1733     		x=SDT_BLOCK_LEN;
1734     	}
1735     	fflush(smb->sdt_fp);
1736     	fclose(instream);
/writemsg.cpp: 1717 in sbbs_t::editmsg(smb_t *, smbmsg_t *)()
1711     	fseeko(smb->sdt_fp,offset,SEEK_SET);
1712     	xlat=XLAT_NONE;
1713     	if(fwrite(&xlat,2,1,smb->sdt_fp) != 1) {
1714     		errormsg(WHERE, ERR_WRITE, smb->file, 2);
1715     		smb_unlocksmbhdr(smb);
1716     		smb_freemsgdat(smb,offset,length,1);
>>>     CID 462238:    (RESOURCE_LEAK)
>>>     Variable "instream" going out of scope leaks the storage it points to.
1717     		return false;
1718     	}
1719     	x=SDT_BLOCK_LEN-2;				/* Don't read/write more than 255 */
1720     	while(!feof(instream)) {
1721     		memset(buf,0,x);
1722     		j=fread(buf,1,x,instream);

** CID 462237:  Resource leaks  (RESOURCE_LEAK)
/writemsg.cpp: 244 in sbbs_t::process_edited_file(const char *, const char *, int, unsigned int *, unsigned int)()


________________________________________________________________________________________________________
*** CID 462237:  Resource leaks  (RESOURCE_LEAK)
/writemsg.cpp: 244 in sbbs_t::process_edited_file(const char *, const char *, int, unsigned int *, unsigned int)()
238     	}
239
240     	memset(buf,0,len+1);
241     	int rd = fread(buf,len,1,fp);
242     	fclose(fp);
243     	if(rd != 1)
>>>     CID 462237:  Resource leaks  (RESOURCE_LEAK)
>>>     Variable "buf" going out of scope leaks the storage it points to.
244     		return -4;
245
246     	if((fp=fopen(dest,"wb"))!=NULL) {
247     		len=process_edited_text(buf, fp, mode, lines, maxlines);
248     		fclose(fp);
249     	}

** CID 462236:  Null pointer dereferences  (FORWARD_NULL)
/tmp/sbbs-Jun-06-2023/src/conio/x_cio.c: 588 in x_initciolib()


________________________________________________________________________________________________________
*** CID 462236:  Null pointer dereferences  (FORWARD_NULL)
/tmp/sbbs-Jun-06-2023/src/conio/x_cio.c: 588 in x_initciolib()
582     	}
583     #endif
584     #ifdef WITH_XRANDR
585     	xrandr_found = true;
586     	if ((dl4 = xp_dlopen(libnames4,RTLD_LAZY,2)) == NULL)
587     		xrandr_found = false;
>>>     CID 462236:  Null pointer dereferences  (FORWARD_NULL)
>>>     Passing null pointer "dl4" to "dlsym", which dereferences it.
588     	if (xinerama_found && ((x11.XRRQueryVersion = xp_dlsym(dl4, XRRQueryVersion)) == NULL)) {
589     		xp_dlclose(dl4);
590     		xrandr_found = false;
591     	}
592     	if (xinerama_found && ((x11.XRRGetScreenResources = xp_dlsym(dl4, XRRGetScreenResources)) == NULL)) {
593     		xp_dlclose(dl4);

** CID 462235:  Resource leaks  (RESOURCE_LEAK)
/fmsgdump.c: 114 in msgdump()


________________________________________________________________________________________________________
*** CID 462235:  Resource leaks  (RESOURCE_LEAK)
/fmsgdump.c: 114 in msgdump()
108     		fprintf(stderr, "!MALLOC failure\n");
109     		return __COUNTER__;
110     	}
111     	fseek(fp, sizeof(hdr), SEEK_SET);
112     	if(fread(body, len, 1, fp) != 1) {
113     		perror("reading body text");
>>>     CID 462235:  Resource leaks  (RESOURCE_LEAK)
>>>     Variable "body" going out of scope leaks the storage it points to.
114     		return __COUNTER__;
115     	}
116     	fprintf(bodyfp, "\n-start of message text-\n");
117     	char* p = body;
118     	while(*p && p < body + len) {
119     		if((p == body || *(p - 1) == '\r') && *p == 1) {

** CID 462234:  Resource leaks  (RESOURCE_LEAK)
/netmail.cpp: 303 in sbbs_t::netmail(const char *, const char *, int, smb_t *, smbmsg_t *, char **)()


________________________________________________________________________________________________________
*** CID 462234:  Resource leaks  (RESOURCE_LEAK)
/netmail.cpp: 303 in sbbs_t::netmail(const char *, const char *, int, smb_t *, smbmsg_t *, char **)()
297     		errormsg(WHERE,ERR_ALLOC,str,length);
298     		return(false);
299     	}
300     	if(read(file,buf,length) != length) {
301     		close(file);
302     		errormsg(WHERE, ERR_READ, str, length);
>>>     CID 462234:  Resource leaks  (RESOURCE_LEAK)
>>>     Variable "buf" going out of scope leaks the storage it points to.
303     		return false;
304     	}
305     	close(file);
306
307     	smb_net_type_t nettype = NET_FIDO;
308     	smb_hfield_str(&msg,SENDER, from);


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yp-2FP9gGRhvFklLaQKuBylUrkMFB3WMR2p7qIYKYTZrh4BbWTBf-2B-2Fi5ZUVF-2Fo-2B6flxo-3DcBRy_g4j7BHlu96plUOfCQsO0yRjoWZCZl8YGnZ-2FUtT39hrB-2FxlaM9N-2BytN4abAlhxBOfL2Gc48Kht9DWsIw0TGq4KCIUCjvrRsYhjbSc3n6GrPlyk6u8jzpB0aqRS4dcNK81E-2FeN0SyAuTTv987PncAi-2FzopZuXT78jKuoT04lLRnCeEbfBKD6ahQnLeiOpkIZgmfmv57IglbC4RNT9dRkvaUQ-3D-3D



.