Subj : New Defects reported by Coverity Scan for Synchronet
To : All
From : scan-admin@coverity.com
Date : Mon Jan 05 2026 01:46 pm
----==_mimepart_695bc0a9c87c5_1d5c082c2daae1599845356
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Hi,
Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.
4 new defect(s) introduced to Synchronet found with Coverity Scan.
1 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 4 of 4 defect(s)
** CID 640406: High impact quality (Y2K38_SAFETY)
/getstats.c: 127 in fread_dstats()
_____________________________________________________________________________________________
*** CID 640406: High impact quality (Y2K38_SAFETY)
/getstats.c: 127 in fread_dstats()
121 if (fp == NULL)
122 return false;
123
124 memset(stats, 0, sizeof(*stats));
125 if ((ini = iniReadFile(fp)) == NULL)
126 return false;
>>> CID 640406: High impact quality (Y2K38_SAFETY)
>>> A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "iniGetDateTime(ini, NULL, "Date", 0L)" is cast to "time32_t".
127 stats->date = (time32_t)iniGetDateTime(ini, NULL, strStatsDate, 0);
128 gettotals(ini, strStatsToday, &stats->today);
129 gettotals(ini, strStatsTotal, &stats->total);
130 iniFreeStringList(ini);
131 stats->last = time32(NULL);
132
** CID 640405: API usage errors (PW.PRINTF_ARG_MISMATCH)
/atcodes.cpp: 844 in ()
_____________________________________________________________________________________________
*** CID 640405: API usage errors (PW.PRINTF_ARG_MISMATCH)
/atcodes.cpp: 844 in ()
838 if (strcmp(sp, "CLOCK") == 0) {
839 snprintf(str, maxlen, "%" PRIu64, xp_timer64());
840 return str;
841 }
842
843 if (strcmp(sp, "TIMER") == 0) {
>>> CID 640405: API usage errors (PW.PRINTF_ARG_MISMATCH)
>>> argument is incompatible with corresponding format string conversion (expected type "double" but argument has type "long double")
844 snprintf(str, maxlen, "%f", xp_timer());
845 return str;
846 }
847
848 if (strcmp(sp, "GENDERS") == 0)
849 return cfg.new_genders;
** CID 640404: API usage errors (PRINTF_ARGS)
/atcodes.cpp: 844 in sbbs_t::atcode(const char *, char *, unsigned long, int *, bool, JSObject *)()
_____________________________________________________________________________________________
*** CID 640404: API usage errors (PRINTF_ARGS)
/atcodes.cpp: 844 in sbbs_t::atcode(const char *, char *, unsigned long, int *, bool, JSObject *)()
838 if (strcmp(sp, "CLOCK") == 0) {
839 snprintf(str, maxlen, "%" PRIu64, xp_timer64());
840 return str;
841 }
842
843 if (strcmp(sp, "TIMER") == 0) {
>>> CID 640404: API usage errors (PRINTF_ARGS)
>>> Argument "xp_timer()" to format specifier "%f" was expected to have type "double" but has type "long double". [Note: The source code implementation of the function has been overridden by a builtin model.]
844 snprintf(str, maxlen, "%f", xp_timer());
845 return str;
846 }
847
848 if (strcmp(sp, "GENDERS") == 0)
849 return cfg.new_genders;
** CID 640403: Error handling issues (CHECKED_RETURN)
/js_system.cpp: 1351 in js_minutestr(JSContext *, unsigned int, unsigned long *)()
_____________________________________________________________________________________________
*** CID 640403: Error handling issues (CHECKED_RETURN)
/js_system.cpp: 1351 in js_minutestr(JSContext *, unsigned int, unsigned long *)()
1345 if (js_argvIsNullOrVoid(cx, argv, 0))
1346 return JS_FALSE;
1347
1348 if (argc > 1 && JSVAL_IS_BOOLEAN(argv[1]))
1349 estimate = JSVAL_TO_BOOLEAN(argv[1]);
1350
>>> CID 640403: Error handling issues (CHECKED_RETURN)
>>> Calling "JS_ValueToECMAUint32" without checking return value (as is done elsewhere 96 out of 102 times).
1351 JS_ValueToECMAUint32(cx, argv[0], &t);
1352 if ((js_str = JS_NewStringCopyZ(cx, minutes_to_str(t, str, sizeof str, estimate))) == NULL)
1353 return JS_FALSE;
1354
1355 JS_SET_RVAL(cx, arglist, STRING_TO_JSVAL(js_str));
1356 return JS_TRUE;
________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://scan.coverity.com/projects/synchronet?tab=overview
----==_mimepart_695bc0a9c87c5_1d5c082c2daae1599845356
Content-Type: text/html; charset=us-ascii
Content-Transfer-Encoding: 7bit
New Defects Reported - Synchronet
Hi,
Please find the latest report on new defect(s) introduced to Synchronet
found with Coverity Scan.
- New Defects Found: 4
-
1 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.
- Defects Shown: Showing 4 of 4 defect(s)
Defect Details
** CID 640406: High impact quality (Y2K38_SAFETY)
/getstats.c: 127 in fread_dstats()
_____________________________________________________________________________________________
*** CID 640406: High impact quality (Y2K38_SAFETY)
/getstats.c: 127 in fread_dstats()
121 if (fp == NULL)
122 return false;
123
124 memset(stats, 0, sizeof(*stats));
125 if ((ini = iniReadFile(fp)) == NULL)
126 return false;
>>> CID 640406: High impact quality (Y2K38_SAFETY)
>>> A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "iniGetDateTime(ini, NULL, "Date", 0L)" is cast to "time32_t".
127 stats->date = (time32_t)iniGetDateTime(ini, NULL, strStatsDate, 0);
128 gettotals(ini, strStatsToday, &stats->today);
129 gettotals(ini, strStatsTotal, &stats->total);
130 iniFreeStringList(ini);
131 stats->last = time32(NULL);
132
** CID 640405: API usage errors (PW.PRINTF_ARG_MISMATCH)
/atcodes.cpp: 844 in ()
_____________________________________________________________________________________________
*** CID 640405: API usage errors (PW.PRINTF_ARG_MISMATCH)
/atcodes.cpp: 844 in ()
838 if (strcmp(sp, "CLOCK") == 0) {
839 snprintf(str, maxlen, "%" PRIu64, xp_timer64());
840 return str;
841 }
842
843 if (strcmp(sp, "TIMER") == 0) {
>>> CID 640405: API usage errors (PW.PRINTF_ARG_MISMATCH)
>>> argument is incompatible with corresponding format string conversion (expected type "double" but argument has type "long double")
844 snprintf(str, maxlen, "%f", xp_timer());
845 return str;
846 }
847
848 if (strcmp(sp, "GENDERS") == 0)
849 return cfg.new_genders;
** CID 640404: API usage errors (PRINTF_ARGS)
/atcodes.cpp: 844 in sbbs_t::atcode(const char *, char *, unsigned long, int *, bool, JSObject *)()
_____________________________________________________________________________________________
*** CID 640404: API usage errors (PRINTF_ARGS)
/atcodes.cpp: 844 in sbbs_t::atcode(const char *, char *, unsigned long, int *, bool, JSObject *)()
838 if (strcmp(sp, "CLOCK") == 0) {
839 snprintf(str, maxlen, "%" PRIu64, xp_timer64());
840 return str;
841 }
842
843 if (strcmp(sp, "TIMER") == 0) {
>>> CID 640404: API usage errors (PRINTF_ARGS)
>>> Argument "xp_timer()" to format specifier "%f" was expected to have type "double" but has type "long double". [Note: The source code implementation of the function has been overridden by a builtin model.]
844 snprintf(str, maxlen, "%f", xp_timer());
845 return str;
846 }
847
848 if (strcmp(sp, "GENDERS") == 0)
849 return cfg.new_genders;
** CID 640403: Error handling issues (CHECKED_RETURN)
/js_system.cpp: 1351 in js_minutestr(JSContext *, unsigned int, unsigned long *)()
_____________________________________________________________________________________________
*** CID 640403: Error handling issues (CHECKED_RETURN)
/js_system.cpp: 1351 in js_minutestr(JSContext *, unsigned int, unsigned long *)()
1345 if (js_argvIsNullOrVoid(cx, argv, 0))
1346 return JS_FALSE;
1347
1348 if (argc > 1 && JSVAL_IS_BOOLEAN(argv[1]))
1349 estimate = JSVAL_TO_BOOLEAN(argv[1]);
1350
>>> CID 640403: Error handling issues (CHECKED_RETURN)
>>> Calling "JS_ValueToECMAUint32" without checking return value (as is done elsewhere 96 out of 102 times).
1351 JS_ValueToECMAUint32(cx, argv[0], &t);
1352 if ((js_str = JS_NewStringCopyZ(cx, minutes_to_str(t, str, sizeof str, estimate))) == NULL)
1353 return JS_FALSE;
1354
1355 JS_SET_RVAL(cx, arglist, STRING_TO_JSVAL(js_str));
1356 return JS_TRUE;
View Defects in Coverity Scan
Best regards,
The Coverity Scan Admin Team
----==_mimepart_695bc0a9c87c5_1d5c082c2daae1599845356--
.