New Defects Reported

Subj : New Defects reported by Coverity Scan for Synchronet To : All From : scan-admin@coverity.com Date : Mon Jan 12 2026 01:47 pm ----==_mimepart_6964fb8d1cdba_2460bc2afbc97ad9ac59882 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Hi, Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan. 2 new defect(s) introduced to Synchronet found with Coverity Scan. 6 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan. New defect(s) Reported-by: Coverity Scan Showing 2 of 2 defect(s) ** CID 640971: High impact quality (Y2K38_SAFETY) /atcodes.cpp: 620 in sbbs_t::atcode(const char *, char *, unsigned long, int *, bool, unsigned int, JSObject *)() _____________________________________________________________________________________________ *** CID 640971: High impact quality (Y2K38_SAFETY) /atcodes.cpp: 620 in sbbs_t::atcode(const char *, char *, unsigned long, int *, bool, unsigned int, JSObject *)() 614 615 if (code_match(sp, "UPTIME", ¶m)) { 616 extern volatile time_t uptime; 617 time_t up = 0; 618 if (uptime != 0 && time(&now) >= uptime) 619 up = now - uptime; >>> CID 640971: High impact quality (Y2K38_SAFETY) >>> A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "up" is cast to "uint". 620 return duration((uint)up, str, maxlen, param, DURATION_MINIMAL_VERBAL); 621 } 622 623 if (!strcmp(sp, "SERVED")) { 624 extern volatile uint served; 625 safe_snprintf(str, maxlen, "%u", served); ** CID 640970: Insecure data handling (INTEGER_OVERFLOW) /atcodes.cpp: 1695 in sbbs_t::atcode(const char *, char *, unsigned long, int *, bool, unsigned int, JSObject *)() _____________________________________________________________________________________________ *** CID 640970: Insecure data handling (INTEGER_OVERFLOW) /atcodes.cpp: 1695 in sbbs_t::atcode(const char *, char *, unsigned long, int *, bool, unsigned int, JSObject *)() 1689 if (!strcmp(sp, "BYTESLEFT")) { 1690 safe_snprintf(str, maxlen, "%" PRIu64, user_available_credits(&useron)); 1691 return str; 1692 } 1693 1694 if (code_match(sp, "CDTLEFT", ¶m)) >>> CID 640970: Insecure data handling (INTEGER_OVERFLOW) >>> The cast of "user_available_credits(&this->useron)" to a signed type could result in a negative number. 1695 return byte_count(static_cast(user_available_credits(&useron)), str, maxlen, param, BYTE_COUNT_VERBAL); 1696 1697 if (code_match(sp, "CREDITS", ¶m)) 1698 return byte_count(useron.cdt, str, maxlen, param, BYTE_COUNT_BYTES); 1699 1700 if (code_match(sp, "FREECDT", ¶m)) ________________________________________________________________________________________________________ To view the defects in Coverity Scan visit, https://scan.coverity.com/projects/synchronet?tab=overview ----==_mimepart_6964fb8d1cdba_2460bc2afbc97ad9ac59882 Content-Type: text/html; charset=us-ascii Content-Transfer-Encoding: 7bit New Defects Reported - Synchronet

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

New Defects Found: 2
6 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.
Defects Shown: Showing 2 of 2 defect(s)

Defect Details

** CID 640971:       High impact quality  (Y2K38_SAFETY)
/atcodes.cpp: 620           in sbbs_t::atcode(const char *, char *, unsigned long, int *, bool, unsigned int, JSObject *)()


_____________________________________________________________________________________________
*** CID 640971:         High impact quality  (Y2K38_SAFETY)
/atcodes.cpp: 620             in sbbs_t::atcode(const char *, char *, unsigned long, int *, bool, unsigned int, JSObject *)()
614
615     	if (code_match(sp, "UPTIME", &param)) {
616     		extern volatile time_t uptime;
617     		time_t                 up = 0;
618     		if (uptime != 0 && time(&now) >= uptime)
619     			up = now - uptime;
>>>     CID 640971:         High impact quality  (Y2K38_SAFETY)
>>>     A "time_t" value is stored in an integer with too few bits to accommodate it.  The expression "up" is cast to "uint".
620     		return duration((uint)up, str, maxlen, param, DURATION_MINIMAL_VERBAL);
621     	}
622
623     	if (!strcmp(sp, "SERVED")) {
624     		extern volatile uint served;
625     		safe_snprintf(str, maxlen, "%u", served);

** CID 640970:       Insecure data handling  (INTEGER_OVERFLOW)
/atcodes.cpp: 1695           in sbbs_t::atcode(const char *, char *, unsigned long, int *, bool, unsigned int, JSObject *)()


_____________________________________________________________________________________________
*** CID 640970:         Insecure data handling  (INTEGER_OVERFLOW)
/atcodes.cpp: 1695             in sbbs_t::atcode(const char *, char *, unsigned long, int *, bool, unsigned int, JSObject *)()
1689     	if (!strcmp(sp, "BYTESLEFT")) {
1690     		safe_snprintf(str, maxlen, "%" PRIu64, user_available_credits(&useron));
1691     		return str;
1692     	}
1693
1694     	if (code_match(sp, "CDTLEFT", &param))
>>>     CID 640970:         Insecure data handling  (INTEGER_OVERFLOW)
>>>     The cast of "user_available_credits(&this->useron)" to a signed type could result in a negative number.
1695     		return byte_count(static_cast<int64_t>(user_available_credits(&useron)), str, maxlen, param, BYTE_COUNT_VERBAL);
1696
1697     	if (code_match(sp, "CREDITS", &param))
1698     		return byte_count(useron.cdt, str, maxlen, param, BYTE_COUNT_BYTES);
1699
1700     	if (code_match(sp, "FREECDT", &param))

View Defects in Coverity Scan

Best regards,

The Coverity Scan Admin Team

----==_mimepart_6964fb8d1cdba_2460bc2afbc97ad9ac59882-- .