9243 (void)uname(res); if (res != 0) { domain = res->domainname; }CID 319807: Memory - illegal accesses (UNINIT)
Using uninitialized value "res" when calling "uname".
9243 (void)uname(res); if (res != 0) { domain = res->domainname; }CID 319786: Null pointer dereferences (REVERSE_INULL)
Null-checking "res" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
3240 (void)fseeko(stream,start,SEEK_SET);CID 320538: Error handling issues (NEGATIVE_RETURNS)
"start" is passed to a parameter that cannot be negative.
9243 (void)uname(res); if (res != 0) { domain = res->domainname; }CID 319807: Memory - illegal accesses (UNINIT)
Using uninitialized value "res" when calling "uname".
9243 (void)uname(res); if (res != 0) { domain = res->domainname; }CID 319786: Null pointer dereferences (REVERSE_INULL)
Null-checking "res" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
417 lseek(fd, pos, SEEK_SET);CID 327965: Error handling issues (NEGATIVE_RETURNS)
"pos" is passed to a parameter that cannot be negative.
420 dbprintf(FALSE, p, "read %u raw bytes",len);CID 327964: Error handling issues (CHECKED_RETURN)
Calling "fseek(p->fp, pos + ((len >= 0) ? len : 0), 0)" without checking return value. This library function may fail and return an error code. 419 fseek(p->fp, pos + (len >= 0 ? len : 0), SEEK_SET);
function may fail and return an error code.CID 327963: Error handling issues (CHECKED_RETURN)
Calling "lseek(fd, pos, 0)" without checking return value. This library
9243 (void)uname(res); if (res != 0) { domain = res->domainname; }CID 319807: Memory - illegal accesses (UNINIT)
Using uninitialized value "res" when calling "uname".
9243 (void)uname(res); if (res != 0) { domain = res->domainname; }CID 319786: Null pointer dereferences (REVERSE_INULL)
Null-checking "res" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
9243 (void)uname(res); if (res != 0) { domain = res->domainname; }CID 319807: Memory - illegal accesses (UNINIT)
Using uninitialized value "res" when calling "uname".
9243 (void)uname(res); if (res != 0) { domain = res->domainname; }CID 319786: Null pointer dereferences (REVERSE_INULL)
Null-checking "res" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
9243 (void)uname(res); if (res != 0) { domain = res->domainname; }CID 319807: Memory - illegal accesses (UNINIT)
Using uninitialized value "res" when calling "uname".
9243 (void)uname(res); if (res != 0) { domain = res->domainname; }CID 319786: Null pointer dereferences (REVERSE_INULL)
Null-checking "res" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
9243 (void)uname(res); if (res != 0) { domain = res->domainname; }CID 319807: Memory - illegal accesses (UNINIT)
Using uninitialized value "res" when calling "uname".
9243 (void)uname(res); if (res != 0) { domain = res->domainname; }CID 319786: Null pointer dereferences (REVERSE_INULL)
Null-checking "res" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
985 int *valuePtr = ( int * ) data;CID 329517: Control flow issues (DEADCODE)
Execution cannot reach this statement: "valuePtr = (int *)data;".
Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.
1 new defect(s) introduced to Synchronet found with Coverity Scan.
2 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.
556 if(getsockopt(sock, SOL_SOCKET, SO_ERROR, (void*)&result,CID 329620: Uninitialized variables (UNINIT)
Using uninitialized value "optlen" when calling "getsockopt".
382 return INVALID_SOCKET;CID 329619: (RESOURCE_LEAK)
Variable "fds" going out of scope leaks the storage it points to.
625 return INVALID_SOCKET; /tmp/sbbs-Mar-21-2021/src/xpdev/multisock.c: 384 in xpms_accept()CID 329619: (RESOURCE_LEAK)
Variable "fds" going out of scope leaks the storage it points to.
384 return SOCKET_ERROR;CID 329619: (RESOURCE_LEAK)
Variable "fds" going out of scope leaks the storage it points to.
402 return ret;CID 329619: (RESOURCE_LEAK)
Variable "fds" going out of scope leaks the storage it points to.
566 return INVALID_SOCKET;CID 329619: (RESOURCE_LEAK)
Variable "fds" going out of scope leaks the storage it points to.
368 fds[scnt].fd = xpms_set->socks[i].sock;CID 329618: Null pointer dereferences (NULL_RETURNS)
Dereferencing "fds", which is known to be "NULL".
9243 (void)uname(res); if (res != 0) { domain = res->domainname; }CID 319807: Memory - illegal accesses (UNINIT)
Using uninitialized value "res" when calling "uname".
9243 (void)uname(res); if (res != 0) { domain = res->domainname; }CID 319786: Null pointer dereferences (REVERSE_INULL)
Null-checking "res" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
9243 (void)uname(res); if (res != 0) { domain = res->domainname; }CID 319807: Memory - illegal accesses (UNINIT)
Using uninitialized value "res" when calling "uname".
9243 (void)uname(res); if (res != 0) { domain = res->domainname; }CID 319786: Null pointer dereferences (REVERSE_INULL)
Null-checking "res" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
return value. This library function may fail and return an error code. [Note: The source code implementation of the function has been overridden by a builtinCID 330056: Error handling issues (CHECKED_RETURN)
Calling "poll(fds, ((mode & 0x40000000L) ? 1 : 2), 1)" without checking
2131 if((udp_buf = (BYTE*)calloc(1, MAX_UDP_BUF_LEN)) == NULL) {CID 330055: Resource leaks (RESOURCE_LEAK)
Overwriting "udp_buf" in "udp_buf = (uint8_t *)calloc(1UL, 8192UL)" leaks the storage that "udp_buf" points to.
735 }CID 330054: Program hangs (LOCK)
Returning without unlocking "status_thread_mutex".
562 continue;CID 330053: Program hangs (SLEEP)
Call to "lprintf" might sleep while holding lock "status_thread_mutex". 561 lprintf(LOG_CRIT, "Error recv returned %d (%d)!", len, errno);
2214 sbbs->rputs(inbuf, rd);CID 330052: Insecure data handling (TAINTED_SCALAR)
Passing tainted expression "inbuf" to "rputs", which uses it as an offset.
3809 sock = socket(cur->ai_family, cur->ai_socktype, cur->ai_protocol);CID 330051: Resource leaks (RESOURCE_LEAK)
Overwriting handle "sock" in "sock = socket(cur->ai_family, cur->ai_socktype, cur->ai_protocol)" leaks the handle.
ignored.CID 330050: Error handling issues (CHECKED_RETURN)
"read(int, void *, size_t)" returns the number of bytes read, but it is
1146 putextdesc(&scfg,f.dir,f.datoffset,ext);CID 330049: Insecure data handling (TAINTED_SCALAR)
Passing tainted expression "ext" to "putextdesc", which uses it as a loop boundary.
1692 fds[1].fd = err_pipe[0];CID 330048: Uninitialized variables (UNINIT)
Using uninitialized value "err_pipe[0]".
1983 if(cryptStatusError((err=crypt_pop_channel_data(sbbs, (char*)inbuf,CID 330047: (SLEEP)
Call to "crypt_pop_channel_data" might sleep while holding lock "sbbs->input_thread_mutex".
1967 YIELD();CID 330047: (SLEEP)
Call to "nanosleep" might sleep while holding lock "sbbs->input_thread_mutex".
1983 if(cryptStatusError((err=crypt_pop_channel_data(sbbs, (char*)inbuf,CID 330047: (SLEEP)
Call to "crypt_pop_channel_data" might sleep while holding lock "sbbs->ssh_mutex".
2009 return;CID 330046: Resource leaks (RESOURCE_LEAK)
Variable "fds" going out of scope leaks the storage it points to.
566 user.number = matchuser(&scfg, auth, TRUE);CID 330045: Memory - illegal accesses (STRING_NULL)
Passing unterminated string "auth" to "matchuser", which expects a null-terminated string.
1942 else if(uspy_socket[sbbs->cfg.node_num - 1] != INVALID_SOCKET &&CID 330044: (CONSTANT_EXPRESSION_RESULT)
"fds[1].revents | 1" is always 1/true regardless of the values of its operand. This occurs as the logical second operand of "&&".
1940 if (fds[0].revents | POLLIN)CID 330044: (CONSTANT_EXPRESSION_RESULT)
"fds[0].revents | 1" is always 1/true regardless of the values of its operand. This occurs as the logical operand of "if".
3066 sockreadline(session,head_line+i,sizeof(head_line)-i-1);CID 330043: Error handling issues (CHECKED_RETURN)
Calling "sockreadline" without checking return value (as is done elsewhere 4 out of 5 times).
6311 sess_sendbuf(session, buf, len, &failed);CID 330042: Program hangs (SLEEP)
Call to "sess_sendbuf" might sleep while holding lock "session->outbuf_write".
332 p+=dns_name(hostname, &namelen, sizeof(hostname)-1, msg+offset, p);CID 33663: (TAINTED_SCALAR)
Passing tainted expression "*p" to "dns_name", which uses it as an offset.
332 p+=dns_name(hostname, &namelen, sizeof(hostname)-1, msg+offset, p);CID 33663: (TAINTED_SCALAR)
Passing tainted expression "*p" to "dns_name", which uses it as an offset.
314 p+=dns_name(hostname, &namelen, sizeof(hostname)-1, msg+offset, p);CID 33663: (TAINTED_SCALAR)
Passing tainted expression "*p" to "dns_name", which uses it as an offset.
332 p+=dns_name(hostname, &namelen, sizeof(hostname)-1, msg+offset, p);CID 33663: (TAINTED_SCALAR)
Passing tainted expression "*p" to "dns_name", which uses it as an offset.
314 p+=dns_name(hostname, &namelen, sizeof(hostname)-1, msg+offset, p);CID 33663: (TAINTED_SCALAR)
Passing tainted expression "*p" to "dns_name", which uses it as an offset.
314 p+=dns_name(hostname, &namelen, sizeof(hostname)-1, msg+offset, p);CID 33663: (TAINTED_SCALAR)
Passing tainted expression "*p" to "dns_name", which uses it as an offset.
919 }CID 330950: Resource leaks (RESOURCE_LEAK)
Variable "res" going out of scope leaks the storage it points to.
1040 JSBool bgr = js_connect_event(cx, argc, arglist, p, port, obj);CID 330949: Null pointer dereferences (FORWARD_NULL)
Passing "p" to "js_connect_event", which dereferences null "p->hostname".
914 send(a->sv[1], &sresult, 1, 0);CID 330948: Error handling issues (CHECKED_RETURN)
Calling "send(a->sv[1], &sresult, 1UL, 0)" without checking return value. This library function may fail and return an error code.
1138 fds[cfd].fd = ev->data.sock; 1139 fds[cfd].events = POLLOUT;CID 330947: (FORWARD_NULL)
Dereferencing null pointer "fds".
1249 if (fds[cfd].revents & ~(POLLOUT | POLLWRNORM | POLLWRBAND)) {CID 330947: (FORWARD_NULL)
Dereferencing null pointer "fds".
1126 fds[cfd].fd = ev->data.sock; 1127 fds[cfd].events = POLLIN;CID 330947: (FORWARD_NULL)
Dereferencing null pointer "fds".
1273 if (fds[cfd].revents & ~(POLLOUT | POLLWRNORM | POLLWRBAND)) {CID 330947: (FORWARD_NULL)
Dereferencing null pointer "fds".
1261 if (fds[cfd].revents & ~(POLLIN | POLLRDNORM | POLLRDBAND |CID 330947: (FORWARD_NULL)
Dereferencing null pointer "fds".
1286 if (fds[cfd].revents & ~(POLLOUT | POLLWRNORM | POLLWRBAND)) {CID 330947: (FORWARD_NULL)
Dereferencing null pointer "fds".
1198 fds[cfd].fd = ev->data.sock;CID 330947: (FORWARD_NULL)
Dereferencing null pointer "fds".
1149 fds[cfd].fd = ev->data.connect.sv[0];CID 330947: (FORWARD_NULL)
Dereferencing null pointer "fds".
4795 str = fun->atom ? ATOM_TO_STRING(fun->atom) : NULL; 4796 } else if (type == JSTYPE_STRING) {CID 330946: Null pointer dereferences (NULL_RETURNS)
Dereferencing "fun", which is known to be "nullptr".
v)" when calling "JS_GetFunctionId".CID 330945: Null pointer dereferences (NULL_RETURNS)
Dereferencing a pointer that might be "nullptr" "JS_ValueToFunction(cx,
926 fseeko(fp,xfer.filepos,SEEK_SET);CID 330997: Error handling issues (CHECKED_RETURN)
Calling "fseeko(fp, xfer.filepos, 0)" without checking return value. This library function may fail and return an error code.
2257 if((p->smb_result=smb_updatemsg(&(p->smb), &msg))==SMB_SUCCESS)CID 330996: (TAINTED_SCALAR)
Passing tainted expression "msg.hdr" to "smb_updatemsg", which uses it as a loop boundary.
it as an offset.CID 330996: (TAINTED_SCALAR)
Passing tainted expression "*msg.hfield" to "smb_updatemsg", which uses
ignored.CID 330995: Error handling issues (CHECKED_RETURN)
"read(int, void *, size_t)" returns the number of bytes read, but it is
713 fseeko(fp,xfer.filepos+total,SEEK_SET);CID 330994: (CHECKED_RETURN)
Calling "fseeko(fp, xfer.filepos + total, 0)" without checking return value. This library function may fail and return an error code.
676 fseeko(fp,xfer.filepos,SEEK_SET);CID 330994: (CHECKED_RETURN)
Calling "fseeko(fp, xfer.filepos, 0)" without checking return value. This library function may fail and return an error code.
%d: %s"CID 330993: (FORWARD_NULL)
Passing null pointer "error" to "safe_snprintf", which dereferences it. 805 safe_snprintf(error, maxerrlen, "archive_read_data_block returned
%d: %s"CID 330993: (FORWARD_NULL)
Passing null pointer "error" to "safe_snprintf", which dereferences it. 731 safe_snprintf(error, maxerrlen, "archive_read_open_filename returned
errno, safe_strerror(errno, err, sizeof(err)), fpath);CID 330993: (FORWARD_NULL)
Passing null pointer "error" to "safe_snprintf", which dereferences it. 760 safe_snprintf(error, maxerrlen, "%d (%s) creating path '%s'",
%d: %s"CID 330993: (FORWARD_NULL)
Passing null pointer "error" to "safe_snprintf", which dereferences it. 740 safe_snprintf(error, maxerrlen, "archive_read_next_header returned
pathname);CID 330993: (FORWARD_NULL)
Passing null pointer "error" to "safe_snprintf", which dereferences it. 771 safe_snprintf(error, maxerrlen, "disallowed filename '%s'",
pathname);CID 330993: (FORWARD_NULL)
Passing null pointer "error" to "safe_snprintf", which dereferences it. 752 safe_snprintf(error, maxerrlen, "Illegal double-dots in path '%s'",
errno, safe_strerror(errno, err, sizeof(err)), fpath);CID 330993: (FORWARD_NULL)
Passing null pointer "error" to "safe_snprintf", which dereferences it. 790 safe_snprintf(error, maxerrlen, "%d (%s) opening/creating '%s'",
726 return -1;CID 330993: (FORWARD_NULL)
Passing null pointer "error" to "safe_snprintf", which dereferences it. 725 safe_snprintf(error, maxerrlen, "archive_read_new returned NULL");
extracted", max_files);CID 330993: (FORWARD_NULL)
Passing null pointer "error" to "safe_snprintf", which dereferences it. 816 safe_snprintf(error, maxerrlen, "maximum number of files (%lu)
583 if((ixbbuf=(uchar *)malloc(l))==NULL) {CID 330992: Error handling issues (NEGATIVE_RETURNS)
"l" is passed to a parameter that cannot be negative.
1049 p->smb_result = smb_putfile(&p->smb, &file);CID 330991: (TAINTED_SCALAR)
Passing tainted expression "file.hdr" to "smb_putfile", which uses it as a loop boundary.
1051 if((p->smb_result = smb_removefile(&p->smb, &file)) ==CID 330991: (TAINTED_SCALAR)
Passing tainted expression "file.hdr" to "smb_removefile", which uses it as a loop boundary.
1049 p->smb_result = smb_putfile(&p->smb, &file);CID 330991: (TAINTED_SCALAR)
Passing tainted expression "*file.hfield" to "smb_putfile", which uses it as an offset.
1051 if((p->smb_result = smb_removefile(&p->smb, &file)) ==CID 330991: (TAINTED_SCALAR)
Passing tainted expression "*file.hfield" to "smb_removefile", which uses it as an offset.
1533 if(p->smb.dirnum >= 0 && p->smb.dirnum < scfg->total_dirs) { 1534 safe_snprintf(p->smb.file, sizeof(p->smb.file), "%s%s" 1535 ,scfg->dir[p->smb.dirnum]->data_dir, scfg->dir[p->smb.dirnum]->code);CID 330990: Control flow issues (NO_EFFECT)
This greater-than-or-equal-to-zero comparison of an unsigned value is always true. "p->smb.dirnum >= 0U".
217 errormsg(WHERE,ERR_ALLOC,"local int var"CID 330989: (SIZEOF_MISMATCH)
Passing argument "getfname("execmisc.cpp")" of type "char *" and argument "8UL /* sizeof (char *) */ * this->global_int_vars" to function "errormsg" is suspicious.
156 errormsg(WHERE,ERR_ALLOC,"local int var"CID 330989: (SIZEOF_MISMATCH)
Passing argument "getfname("execmisc.cpp")" of type "char *" and argument "8UL /* sizeof (char *) */ * csi->int_vars" to function "errormsg" is suspicious.
186 errormsg(WHERE,ERR_ALLOC,"global str var"CID 330989: (SIZEOF_MISMATCH)
Passing argument "getfname("execmisc.cpp")" of type "char *" and argument "8UL /* sizeof (char *) */ * this->global_str_vars" to function "errormsg" is suspicious.
126 errormsg(WHERE,ERR_ALLOC,"local str var"CID 330989: (SIZEOF_MISMATCH)
Passing argument "getfname("execmisc.cpp")" of type "char *" and argument "8UL /* sizeof (char *) */ * csi->str_vars" to function "errormsg" is suspicious.
199 fseek(smb->sid_fp, start * sizeof(fileidxrec_t), SEEK_SET);CID 330988: Error handling issues (CHECKED_RETURN)
Calling "fseek(smb->sid_fp, start * 128UL, 0)" without checking return value. This library function may fail and return an error code.
289 return FALSE;CID 330987: (RESOURCE_LEAK)
Variable "cp" going out of scope leaks the storage it points to.
279 return FALSE;CID 330987: (RESOURCE_LEAK)
Variable "cp" going out of scope leaks the storage it points to.
1389 fseeko(smb.sdt_fp,offset,SEEK_SET);CID 330986: Error handling issues (CHECKED_RETURN)
Calling "fseeko(this->smb.sdt_fp, offset, 0)" without checking return value. This library function may fail and return an error code.
615 f->datoffset=ixbbuf[m]|((long)ixbbuf[m+1]<<8)|((long)ixbbuf[m+2]<<16);CID 330985: Memory - illegal accesses (OVERRUN)
Overrunning dynamic array "ixbbuf" at offset corresponding to index variable "m".
accesses it at byte offset 511 using argument "512UL".CID 330984: Memory - corruptions (OVERRUN)
Overrunning array "tmp2" of 256 bytes by passing it to a function which
407 return SMB_FAILURE;CID 330983: (RESOURCE_LEAK)
Variable "cp" going out of scope leaks the storage it points to.
384 return SMB_ERR_MEM;CID 330983: (RESOURCE_LEAK)
Variable "cp" going out of scope leaks the storage it points to.
2648 fseeko(p->fp,offset,SEEK_SET); /* restore saved file position */CID 330982: Error handling issues (CHECKED_RETURN)
Calling "fseeko(p->fp, offset, 0)" without checking return value. This library function may fail and return an error code.
601 return false;CID 330981: (RESOURCE_LEAK)
Handle variable "extfile" going out of scope leaks the handle.
580 continue;CID 330981: (RESOURCE_LEAK)
Handle variable "extfile" going out of scope leaks the handle.
574 continue;CID 330981: (RESOURCE_LEAK)
Handle variable "extfile" going out of scope leaks the handle.
129 format_diz(lines, ext, maxlen, /* allow_ansi: */false);Ignoring storage allocated by "format_diz(lines, ext, maxlen, false)" leaks it.
210 strftime(f.desc, sizeof(f.desc), datefmt, &tm);CID 330979: (SIZEOF_MISMATCH)
Passing argument "f.desc" of type "char *" and argument "8UL /* sizeof (f.desc) */" to function "strftime" is suspicious.
219 strftime(f.desc, sizeof(f.desc), datefmt, &tm);CID 330979: (SIZEOF_MISMATCH)
Passing argument "f.desc" of type "char *" and argument "8UL /* sizeof (f.desc) */" to function "strftime" is suspicious.
2288 if((buf=smb_getmsgtxt(&(p->smb), msg, mode))==NULL) {CID 330978: (TAINTED_SCALAR)
Passing tainted expression "*msg->dfield" to "smb_getmsgtxt", which uses it as an allocation size.
as a loop boundary.CID 330978: (TAINTED_SCALAR)
Passing tainted expression "msg->hdr" to "smb_getmsgtxt", which uses it
194 SAFECAT((char*)buf,crlf);CID 331001: Incorrect expression (BAD_SIZEOF)
Taking the size of "buf", which is the address of an object, is suspicious.
&slen);CID 331003: Error handling issues (CHECKED_RETURN)
Calling "getpeername(ev->data.connect.sock, __SOCKADDR_ARG({.__sockaddr__ = &jssp->remote_addr.addr}), &slen)" without checking return value. This library function may fail and return an error code. 1380 getpeername(ev->data.connect.sock, &jssp->remote_addr.addr,
9243 (void)uname(res); if (res != 0) { domain = res->domainname; }CID 319807: Memory - illegal accesses (UNINIT)
Using uninitialized value "res" when calling "uname".
9243 (void)uname(res); if (res != 0) { domain = res->domainname; }CID 319786: Null pointer dereferences (REVERSE_INULL)
Null-checking "res" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
buf, size, pad))) != NULL)CID 331093: Null pointer dereferences (FORWARD_NULL)
Passing null pointer "filepath" to "getfname", which dereferences it. 787 if((js_str = JS_NewStringCopyZ(cx, format_filename(getfname(filepath),
770 JS_ValueToInt32(cx, argv[argn], &size);CID 331092: Error handling issues (CHECKED_RETURN)
Calling "JS_ValueToInt32" without checking return value (as is done elsewhere 251 out of 286 times).
792 }CID 331091: Resource leaks (RESOURCE_LEAK)
Variable "filepath" going out of scope leaks the storage it points to. 791 return JS_TRUE;
9243 (void)uname(res); if (res != 0) { domain = res->domainname; }CID 319807: Memory - illegal accesses (UNINIT)
Using uninitialized value "res" when calling "uname".
9243 (void)uname(res); if (res != 0) { domain = res->domainname; }CID 319786: Null pointer dereferences (REVERSE_INULL)
Null-checking "res" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
9243 (void)uname(res); if (res != 0) { domain = res->domainname; }CID 319807: Memory - illegal accesses (UNINIT)
Using uninitialized value "res" when calling "uname".
9243 (void)uname(res); if (res != 0) { domain = res->domainname; }CID 319786: Null pointer dereferences (REVERSE_INULL)
Null-checking "res" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
1229 p->smb_result = smb_removefile(&p->smb, &file); 1230 smb_freefilemem(&file);CID 331161: (TAINTED_SCALAR)
Passing tainted expression "*file.hfield" to "smb_removefile", which uses it as an offset.
1229 p->smb_result = smb_removefile(&p->smb, &file); 1230 smb_freefilemem(&file);CID 331161: (TAINTED_SCALAR)
Passing tainted expression "file.hdr" to "smb_removefile", which uses it as a loop boundary.
model.]CID 331194: Error handling issues (NEGATIVE_RETURNS)
"(size_t)len" is passed to a parameter that cannot be negative. [Note: The source code implementation of the function has been overridden by a builtin
989 char* eof = strchr(buf, CTRL_Z); // CP/M EOFCID 331193: Memory - illegal accesses (STRING_NULL)
Passing unterminated string "buf" to "strchr", which expects a null-terminated string. [Note: The source code implementation of the function has been overridden by a builtin model.]
986 fread(buf, (size_t)len, 1, fp);CID 331192: Error handling issues (CHECKED_RETURN)
"fread(void * restrict, size_t, size_t, FILE * restrict)" returns the number of bytes read, but it is ignored.
model.]CID 331191: Null pointer dereferences (FORWARD_NULL)
Passing null pointer "buf" to "strchr", which dereferences it. [Note: The source code implementation of the function has been overridden by a builtin
40 fseeko(fp, offset, SEEK_SET);CID 331190: Error handling issues (CHECKED_RETURN)
Calling "fseeko(fp, offset, 0)" without checking return value. This library function may fail and return an error code.
446 }CID 331349: Uninitialized variables (MISSING_RETURN)
Arriving at the end of a function without returning a value.
9243 (void)uname(res); if (res != 0) { domain = res->domainname; }CID 319807: Memory - illegal accesses (UNINIT)
Using uninitialized value "res" when calling "uname".
9243 (void)uname(res); if (res != 0) { domain = res->domainname; }CID 319786: Null pointer dereferences (REVERSE_INULL)
Null-checking "res" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
466 }CID 331353: Resource leaks (RESOURCE_LEAK)
Variable "root_keys" going out of scope leaks the storage it points to. 465 return FALSE;
784 get_ini_globals(list, &global_buf);CID 331352: Memory - illegal accesses (UNINIT)
Using uninitialized value "global_buf.interfaces" when calling "get_ini_globals".
516 XPutPixel(xim,(x+rect->rect.x)*x_cvstat.scaling+xscale,(y+rect->rect.y)*x_cvstat.scaling*x_cvstat.vmultiplier+yscale,pixel);CID 331355: Uninitialized variables (UNINIT)
Using uninitialized value "pixel" when calling "*xim->f.put_pixel".
9243 (void)uname(res); if (res != 0) { domain = res->domainname; }CID 319807: Memory - illegal accesses (UNINIT)
Using uninitialized value "res" when calling "uname".
9243 (void)uname(res); if (res != 0) { domain = res->domainname; }CID 319786: Null pointer dereferences (REVERSE_INULL)
Null-checking "res" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
200 return NULL;CID 331583: (RESOURCE_LEAK)
Variable "ret2" going out of scope leaks the storage it points to.
173 return NULL;CID 331583: (RESOURCE_LEAK)
Variable "ret2" going out of scope leaks the storage it points to.
297 SAFEPRINTF2(path,"%s%s",dirpath,f->name);CID 331582: Uninitialized variables (UNINIT)
Using uninitialized value "*dirpath" as argument to "%s" when calling "safe_snprintf".
173 return NULL;CID 331581: (RESOURCE_LEAK)
Variable "ret1" going out of scope leaks the storage it points to.
200 return NULL;CID 331581: (RESOURCE_LEAK)
Variable "ret1" going out of scope leaks the storage it points to.
196 case 8:CID 331591: Control flow issues (DEADCODE)
Execution cannot reach this statement: "case 8:".
9243 (void)uname(res); if (res != 0) { domain = res->domainname; }CID 319807: Memory - illegal accesses (UNINIT)
Using uninitialized value "res" when calling "uname".
9243 (void)uname(res); if (res != 0) { domain = res->domainname; }CID 319786: Null pointer dereferences (REVERSE_INULL)
Null-checking "res" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
9243 (void)uname(res); if (res != 0) { domain = res->domainname; }CID 319807: Memory - illegal accesses (UNINIT)
Using uninitialized value "res" when calling "uname".
9243 (void)uname(res); if (res != 0) { domain = res->domainname; }CID 319786: Null pointer dereferences (REVERSE_INULL)
Null-checking "res" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
9243 (void)uname(res); if (res != 0) { domain = res->domainname; }CID 319807: Memory - illegal accesses (UNINIT)
Using uninitialized value "res" when calling "uname".
9243 (void)uname(res); if (res != 0) { domain = res->domainname; }CID 319786: Null pointer dereferences (REVERSE_INULL)
Null-checking "res" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
719 force_cursor = 0;CID 331789: Concurrent data access violations (MISSING_LOCK)
Accessing "force_cursor" without holding lock "vstatlock". Elsewhere, "force_cursor" is accessed with "vstatlock" held 4 out of 5 times.
708 screen->update_pixels = 0;CID 331788: Concurrent data access violations (MISSING_LOCK)
Accessing "screen->update_pixels" without holding lock "bitmap_screen.screenlock". Elsewhere, "bitmap_screen.update_pixels" is accessed with "bitmap_screen.screenlock" held 18 out of 19 times.
9243 (void)uname(res); if (res != 0) { domain = res->domainname; }CID 319807: Memory - illegal accesses (UNINIT)
Using uninitialized value "res" when calling "uname".
9243 (void)uname(res); if (res != 0) { domain = res->domainname; }CID 319786: Null pointer dereferences (REVERSE_INULL)
Null-checking "res" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
9243 (void)uname(res); if (res != 0) { domain = res->domainname; }CID 319807: Memory - illegal accesses (UNINIT)
Using uninitialized value "res" when calling "uname".
9243 (void)uname(res); if (res != 0) { domain = res->domainname; }CID 319786: Null pointer dereferences (REVERSE_INULL)
Null-checking "res" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
9243 (void)uname(res); if (res != 0) { domain = res->domainname; }CID 319807: Memory - illegal accesses (UNINIT)
Using uninitialized value "res" when calling "uname".
9243 (void)uname(res); if (res != 0) { domain = res->domainname; }CID 319786: Null pointer dereferences (REVERSE_INULL)
Null-checking "res" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
9243 (void)uname(res); if (res != 0) { domain = res->domainname; }CID 319807: Memory - illegal accesses (UNINIT)
Using uninitialized value "res" when calling "uname".
9243 (void)uname(res); if (res != 0) { domain = res->domainname; }CID 319786: Null pointer dereferences (REVERSE_INULL)
Null-checking "res" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
9243 (void)uname(res); if (res != 0) { domain = res->domainname; }CID 319807: Memory - illegal accesses (UNINIT)
Using uninitialized value "res" when calling "uname".
9243 (void)uname(res); if (res != 0) { domain = res->domainname; }CID 319786: Null pointer dereferences (REVERSE_INULL)
Null-checking "res" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
3967 if(!copy && remove(src)) {CID 332219: Control flow issues (DEADCODE)
Execution cannot reach the expression "remove(src)" inside this statement: "if (!copy && remove(src)) {...".
9243 (void)uname(res); if (res != 0) { domain = res->domainname; }CID 319807: Memory - illegal accesses (UNINIT)
Using uninitialized value "res" when calling "uname".
9243 (void)uname(res); if (res != 0) { domain = res->domainname; }CID 319786: Null pointer dereferences (REVERSE_INULL)
Null-checking "res" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
3941 if(!stricmp(src,dest)) /* source and destination are the same! */CID 332340: Uninitialized variables (UNINIT)
Using uninitialized value "*src" when calling "strcasecmp".
9243 (void)uname(res); if (res != 0) { domain = res->domainname; }CID 319807: Memory - illegal accesses (UNINIT)
Using uninitialized value "res" when calling "uname".
9243 (void)uname(res); if (res != 0) { domain = res->domainname; }CID 319786: Null pointer dereferences (REVERSE_INULL)
Null-checking "res" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
9243 (void)uname(res); if (res != 0) { domain = res->domainname; }CID 319807: Memory - illegal accesses (UNINIT)
Using uninitialized value "res" when calling "uname".
9243 (void)uname(res); if (res != 0) { domain = res->domainname; }CID 319786: Null pointer dereferences (REVERSE_INULL)
Null-checking "res" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
9243 (void)uname(res); if (res != 0) { domain = res->domainname; }CID 319807: Memory - illegal accesses (UNINIT)
Using uninitialized value "res" when calling "uname".
9243 (void)uname(res); if (res != 0) { domain = res->domainname; }CID 319786: Null pointer dereferences (REVERSE_INULL)
Null-checking "res" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
9243 (void)uname(res); if (res != 0) { domain = res->domainname; }CID 319807: Memory - illegal accesses (UNINIT)
Using uninitialized value "res" when calling "uname".
9243 (void)uname(res); if (res != 0) { domain = res->domainname; }CID 319786: Null pointer dereferences (REVERSE_INULL)
Null-checking "res" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
9243 (void)uname(res); if (res != 0) { domain = res->domainname; }CID 319807: Memory - illegal accesses (UNINIT)
Using uninitialized value "res" when calling "uname".
9243 (void)uname(res); if (res != 0) { domain = res->domainname; }CID 319786: Null pointer dereferences (REVERSE_INULL)
Null-checking "res" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
9243 (void)uname(res); if (res != 0) { domain = res->domainname; }CID 319807: Memory - illegal accesses (UNINIT)
Using uninitialized value "res" when calling "uname".
9243 (void)uname(res); if (res != 0) { domain = res->domainname; }CID 319786: Null pointer dereferences (REVERSE_INULL)
Null-checking "res" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
9243 (void)uname(res); if (res != 0) { domain = res->domainname; }CID 319807: Memory - illegal accesses (UNINIT)
Using uninitialized value "res" when calling "uname".
9243 (void)uname(res); if (res != 0) { domain = res->domainname; }CID 319786: Null pointer dereferences (REVERSE_INULL)
Null-checking "res" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
9243 (void)uname(res); if (res != 0) { domain = res->domainname; }CID 319807: Memory - illegal accesses (UNINIT)
Using uninitialized value "res" when calling "uname".
9243 (void)uname(res); if (res != 0) { domain = res->domainname; }CID 319786: Null pointer dereferences (REVERSE_INULL)
Null-checking "res" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
9243 (void)uname(res); if (res != 0) { domain = res->domainname; }CID 319807: Memory - illegal accesses (UNINIT)
Using uninitialized value "res" when calling "uname".
9243 (void)uname(res); if (res != 0) { domain = res->domainname; }CID 319786: Null pointer dereferences (REVERSE_INULL)
Null-checking "res" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
9243 (void)uname(res); if (res != 0) { domain = res->domainname; }CID 319807: Memory - illegal accesses (UNINIT)
Using uninitialized value "res" when calling "uname".
9243 (void)uname(res); if (res != 0) { domain = res->domainname; }CID 319786: Null pointer dereferences (REVERSE_INULL)
Null-checking "res" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
9243 (void)uname(res); if (res != 0) { domain = res->domainname; }CID 319807: Memory - illegal accesses (UNINIT)
Using uninitialized value "res" when calling "uname".
9243 (void)uname(res); if (res != 0) { domain = res->domainname; }CID 319786: Null pointer dereferences (REVERSE_INULL)
Null-checking "res" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
9243 (void)uname(res); if (res != 0) { domain = res->domainname; }CID 319807: Memory - illegal accesses (UNINIT)
Using uninitialized value "res" when calling "uname".
9243 (void)uname(res); if (res != 0) { domain = res->domainname; }CID 319786: Null pointer dereferences (REVERSE_INULL)
Null-checking "res" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
9243 (void)uname(res); if (res != 0) { domain = res->domainname; }CID 319807: Memory - illegal accesses (UNINIT)
Using uninitialized value "res" when calling "uname".
9243 (void)uname(res); if (res != 0) { domain = res->domainname; }CID 319786: Null pointer dereferences (REVERSE_INULL)
Null-checking "res" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
9243 (void)uname(res); if (res != 0) { domain = res->domainname; }CID 319807: Memory - illegal accesses (UNINIT)
Using uninitialized value "res" when calling "uname".
9243 (void)uname(res); if (res != 0) { domain = res->domainname; }CID 319786: Null pointer dereferences (REVERSE_INULL)
Null-checking "res" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
9243 (void)uname(res); if (res != 0) { domain = res->domainname; }CID 319807: Memory - illegal accesses (UNINIT)
Using uninitialized value "res" when calling "uname".
9243 (void)uname(res); if (res != 0) { domain = res->domainname; }CID 319786: Null pointer dereferences (REVERSE_INULL)
Null-checking "res" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
9243 (void)uname(res); if (res != 0) { domain = res->domainname; }CID 319807: Memory - illegal accesses (UNINIT)
Using uninitialized value "res" when calling "uname".
9243 (void)uname(res); if (res != 0) { domain = res->domainname; }CID 319786: Null pointer dereferences (REVERSE_INULL)
Null-checking "res" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
9243 (void)uname(res); if (res != 0) { domain = res->domainname; }CID 319807: Memory - illegal accesses (UNINIT)
Using uninitialized value "res" when calling "uname".
9243 (void)uname(res); if (res != 0) { domain = res->domainname; }CID 319786: Null pointer dereferences (REVERSE_INULL)
Null-checking "res" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
9243 (void)uname(res); if (res != 0) { domain = res->domainname; }CID 319807: Memory - illegal accesses (UNINIT)
Using uninitialized value "res" when calling "uname".
9243 (void)uname(res); if (res != 0) { domain = res->domainname; }CID 319786: Null pointer dereferences (REVERSE_INULL)
Null-checking "res" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
9243 (void)uname(res); if (res != 0) { domain = res->domainname; }CID 319807: Memory - illegal accesses (UNINIT)
Using uninitialized value "res" when calling "uname".
9243 (void)uname(res); if (res != 0) { domain = res->domainname; }CID 319786: Null pointer dereferences (REVERSE_INULL)
Null-checking "res" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
9243 (void)uname(res); if (res != 0) { domain = res->domainname; }CID 319807: Memory - illegal accesses (UNINIT)
Using uninitialized value "res" when calling "uname".
9243 (void)uname(res); if (res != 0) { domain = res->domainname; }CID 319786: Null pointer dereferences (REVERSE_INULL)
Null-checking "res" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
9243 (void)uname(res); if (res != 0) { domain = res->domainname; }CID 319807: Memory - illegal accesses (UNINIT)
Using uninitialized value "res" when calling "uname".
9243 (void)uname(res); if (res != 0) { domain = res->domainname; }CID 319786: Null pointer dereferences (REVERSE_INULL)
Null-checking "res" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
9243 (void)uname(res); if (res != 0) { domain = res->domainname; }CID 319807: Memory - illegal accesses (UNINIT)
Using uninitialized value "res" when calling "uname".
9243 (void)uname(res); if (res != 0) { domain = res->domainname; }CID 319786: Null pointer dereferences (REVERSE_INULL)
Null-checking "res" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
9243 (void)uname(res); if (res != 0) { domain = res->domainname; }CID 319807: Memory - illegal accesses (UNINIT)
Using uninitialized value "res" when calling "uname".
9243 (void)uname(res); if (res != 0) { domain = res->domainname; }CID 319786: Null pointer dereferences (REVERSE_INULL)
Null-checking "res" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
9243 (void)uname(res); if (res != 0) { domain = res->domainname; }CID 319807: Memory - illegal accesses (UNINIT)
Using uninitialized value "res" when calling "uname".
9243 (void)uname(res); if (res != 0) { domain = res->domainname; }CID 319786: Null pointer dereferences (REVERSE_INULL)
Null-checking "res" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
9243 (void)uname(res); if (res != 0) { domain = res->domainname; }CID 319807: Memory - illegal accesses (UNINIT)
Using uninitialized value "res" when calling "uname".
9243 (void)uname(res); if (res != 0) { domain = res->domainname; }CID 319786: Null pointer dereferences (REVERSE_INULL)
Null-checking "res" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
9243 (void)uname(res); if (res != 0) { domain = res->domainname; }CID 319807: Memory - illegal accesses (UNINIT)
Using uninitialized value "res" when calling "uname".
9243 (void)uname(res); if (res != 0) { domain = res->domainname; }CID 319786: Null pointer dereferences (REVERSE_INULL)
Null-checking "res" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
9243 (void)uname(res); if (res != 0) { domain = res->domainname; }CID 319807: Memory - illegal accesses (UNINIT)
Using uninitialized value "res" when calling "uname".
9243 (void)uname(res); if (res != 0) { domain = res->domainname; }CID 319786: Null pointer dereferences (REVERSE_INULL)
Null-checking "res" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
9243 (void)uname(res); if (res != 0) { domain = res->domainname; }CID 319807: Memory - illegal accesses (UNINIT)
Using uninitialized value "res" when calling "uname".
9243 (void)uname(res); if (res != 0) { domain = res->domainname; }CID 319786: Null pointer dereferences (REVERSE_INULL)
Null-checking "res" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
time32(NULL));CID 342467: API usage errors (PW.PRINTF_ARG_MISMATCH)
argument is incompatible with corresponding format string conversion 1120 fprintf(fp, "\1MSGID: %s %08lx\r", smb_faddrtoa(&faddr, NULL),
1120 fprintf(fp, "\1MSGID: %s %08lx\r", smb_faddrtoa(&faddr, NULL),CID 342466: API usage errors (PRINTF_ARGS)
Argument "time32(NULL)" to format specifier "%08lx" was expected to have type "unsigned long" but has type "int". [Note: The source code implementation of the function has been overridden by a builtin model.]
9243 (void)uname(res); if (res != 0) { domain = res->domainname; }CID 319807: Memory - illegal accesses (UNINIT)
Using uninitialized value "res" when calling "uname".
9243 (void)uname(res); if (res != 0) { domain = res->domainname; }CID 319786: Null pointer dereferences (REVERSE_INULL)
Null-checking "res" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
9243 (void)uname(res); if (res != 0) { domain = res->domainname; }CID 319807: Memory - illegal accesses (UNINIT)
Using uninitialized value "res" when calling "uname".
9243 (void)uname(res); if (res != 0) { domain = res->domainname; }CID 319786: Null pointer dereferences (REVERSE_INULL)
Null-checking "res" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
9243 (void)uname(res); if (res != 0) { domain = res->domainname; }CID 319807: Memory - illegal accesses (UNINIT)
Using uninitialized value "res" when calling "uname".
9243 (void)uname(res); if (res != 0) { domain = res->domainname; }CID 319786: Null pointer dereferences (REVERSE_INULL)
Null-checking "res" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
9243 (void)uname(res); if (res != 0) { domain = res->domainname; }CID 319807: Memory - illegal accesses (UNINIT)
Using uninitialized value "res" when calling "uname".
9243 (void)uname(res); if (res != 0) { domain = res->domainname; }CID 319786: Null pointer dereferences (REVERSE_INULL)
Null-checking "res" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
9243 (void)uname(res); if (res != 0) { domain = res->domainname; }CID 319807: Memory - illegal accesses (UNINIT)
Using uninitialized value "res" when calling "uname".
9243 (void)uname(res); if (res != 0) { domain = res->domainname; }CID 319786: Null pointer dereferences (REVERSE_INULL)
Null-checking "res" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
9243 (void)uname(res); if (res != 0) { domain = res->domainname; }CID 319807: Memory - illegal accesses (UNINIT)
Using uninitialized value "res" when calling "uname".
9243 (void)uname(res); if (res != 0) { domain = res->domainname; }CID 319786: Null pointer dereferences (REVERSE_INULL)
Null-checking "res" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
9243 (void)uname(res); if (res != 0) { domain = res->domainname; }CID 319807: Memory - illegal accesses (UNINIT)
Using uninitialized value "res" when calling "uname".
9243 (void)uname(res); if (res != 0) { domain = res->domainname; }CID 319786: Null pointer dereferences (REVERSE_INULL)
Null-checking "res" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
9243 (void)uname(res); if (res != 0) { domain = res->domainname; }CID 319807: Memory - illegal accesses (UNINIT)
Using uninitialized value "res" when calling "uname".
9243 (void)uname(res); if (res != 0) { domain = res->domainname; }CID 319786: Null pointer dereferences (REVERSE_INULL)
Null-checking "res" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
9243 (void)uname(res); if (res != 0) { domain = res->domainname; }CID 319807: Memory - illegal accesses (UNINIT)
Using uninitialized value "res" when calling "uname".
9243 (void)uname(res); if (res != 0) { domain = res->domainname; }CID 319786: Null pointer dereferences (REVERSE_INULL)
Null-checking "res" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
9243 (void)uname(res); if (res != 0) { domain = res->domainname; }CID 319807: Memory - illegal accesses (UNINIT)
Using uninitialized value "res" when calling "uname".
9243 (void)uname(res); if (res != 0) { domain = res->domainname; }CID 319786: Null pointer dereferences (REVERSE_INULL)
Null-checking "res" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
1742 strcpy(user.tmpext,supported_archive_formats[0]);CID 345193: Security best practices violations (STRING_OVERFLOW)
You might overrun the 4-character fixed-size string "user.tmpext" by copying "supported_archive_formats[0]" without checking the length.
9243 (void)uname(res); if (res != 0) { domain = res->domainname; }CID 319807: Memory - illegal accesses (UNINIT)
Using uninitialized value "res" when calling "uname".
9243 (void)uname(res); if (res != 0) { domain = res->domainname; }CID 319786: Null pointer dereferences (REVERSE_INULL)
Null-checking "res" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
202 SAFECAT(newfilespec, getfext(filespec));CID 345291: (NULL_RETURNS)
Dereferencing a pointer that might be "NULL" "(char *)getfext(filespec)" when calling "strcat". [Note: The source code implementation of the function has been overridden by a builtin model.]
202 SAFECAT(newfilespec, getfext(filespec));CID 345291: (NULL_RETURNS)
Dereferencing a pointer that might be "NULL" "(char *)getfext(filespec)" when calling "strlen".
9243 (void)uname(res); if (res != 0) { domain = res->domainname; }CID 319807: Memory - illegal accesses (UNINIT)
Using uninitialized value "res" when calling "uname".
9243 (void)uname(res); if (res != 0) { domain = res->domainname; }CID 319786: Null pointer dereferences (REVERSE_INULL)
Null-checking "res" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
480 case '\r': // PETSCII "Return" / new-lineCID 345626: Control flow issues (MISSING_BREAK)
The case for value "13" is not terminated by a "break" statement.
9243 (void)uname(res); if (res != 0) { domain = res->domainname; }CID 319807: Memory - illegal accesses (UNINIT)
Using uninitialized value "res" when calling "uname".
9243 (void)uname(res); if (res != 0) { domain = res->domainname; }CID 319786: Null pointer dereferences (REVERSE_INULL)
Null-checking "res" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
9243 (void)uname(res); if (res != 0) { domain = res->domainname; }CID 319807: Memory - illegal accesses (UNINIT)
Using uninitialized value "res" when calling "uname".
9243 (void)uname(res); if (res != 0) { domain = res->domainname; }CID 319786: Null pointer dereferences (REVERSE_INULL)
Null-checking "res" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
9243 (void)uname(res); if (res != 0) { domain = res->domainname; }CID 319807: Memory - illegal accesses (UNINIT)
Using uninitialized value "res" when calling "uname".
9243 (void)uname(res); if (res != 0) { domain = res->domainname; }CID 319786: Null pointer dereferences (REVERSE_INULL)
Null-checking "res" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
9243 (void)uname(res); if (res != 0) { domain = res->domainname; }CID 319807: Memory - illegal accesses (UNINIT)
Using uninitialized value "res" when calling "uname".
9243 (void)uname(res); if (res != 0) { domain = res->domainname; }CID 319786: Null pointer dereferences (REVERSE_INULL)
Null-checking "res" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
9243 (void)uname(res); if (res != 0) { domain = res->domainname; }CID 319807: Memory - illegal accesses (UNINIT)
Using uninitialized value "res" when calling "uname".
9243 (void)uname(res); if (res != 0) { domain = res->domainname; }CID 319786: Null pointer dereferences (REVERSE_INULL)
Null-checking "res" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
1464 if(read(file,buf,length)!=length) {CID 349724: Error handling issues (NEGATIVE_RETURNS)
"length" is passed to a parameter that cannot be negative. [Note: The source code implementation of the function has been overridden by a builtin model.]
Hi,
Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.
so is this something DM setup or just something someone else decided to do.
Deuce and I set it up, years ago now.
Re: New Defects reported by Coverity Scan for Synchronet
By: MRO to scan-admin@coverity.com on Thu Feb 24 2022 09:23 am
so is this something DM setup or just something someone else decided to do.
Deuce and I set it up, years ago now.
Re: New Defects reported by Coverity Scan for Synchronet
By: Digital Man to MRO on Thu Feb 24 2022 01:13 pm
Re: New Defects reported by Coverity Scan for Synchronet
By: MRO to scan-admin@coverity.com on Thu Feb 24 2022 09:23 am
so is this something DM setup or just something someone else decided to do.
Deuce and I set it up, years ago now.
okay but is it actually accurate most of the time, considering that synchronet is a bit obscure compared to what it normally checks?
9243 (void)uname(res); if (res != 0) { domain = res->domainname; }CID 319807: Memory - illegal accesses (UNINIT)
Using uninitialized value "res" when calling "uname".
9243 (void)uname(res); if (res != 0) { domain = res->domainname; }CID 319786: Null pointer dereferences (REVERSE_INULL)
Null-checking "res" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
3959 JS_SetReservedSlot(cx, obj, key, JSVAL_VOID);Calling "JS_SetReservedSlot" without checking return value (as is done elsewhere 38 out of 43 times).
3965 JS_SetReservedSlot(cx, obj, JSRESERVED_GLOBAL_EVAL_ALLOWED, JSVAL_VOID);CID 349947: (CHECKED_RETURN)
Calling "JS_SetReservedSlot" without checking return value (as is done elsewhere 38 out of 43 times).
3973 JS_SetReservedSlot(cx, obj, JSRESERVED_GLOBAL_FLAGS, Jsvalify(Int32Value(flags)));CID 349947: (CHECKED_RETURN)
Calling "JS_SetReservedSlot" without checking return value (as is done elsewhere 38 out of 43 times).
259 JS_SetReservedSlot(cx, obj, SLOT_LIBRARY, PRIVATE_TO_JSVAL(NULL)); 260CID 349946: Error handling issues (CHECKED_RETURN)
Calling "JS_SetReservedSlot" without checking return value (as is done elsewhere 38 out of 43 times).
4834 if (!JS_GetElement(cx, arrayObj, i, &argTypes[i]))CID 349945: Null pointer dereferences (FORWARD_NULL)
Passing null pointer "arrayObj" to "JS_GetElement", which dereferences it.
226 int fd = mkstemp (name);CID 43174: Security best practices violations (SECURE_TEMP)
Calling "mkstemp" without securely setting umask first.
436 return start;CID 43169: Resource leaks (RESOURCE_LEAK)
Variable "ptr" going out of scope leaks the storage it points to.
148 case FFI_TYPE_POINTER:CID 43149: Control flow issues (MISSING_BREAK)
The case for value "14" is not terminated by a "break" statement.
4350 }CID 43148: Program hangs (LOCK)
Returning without unlocking "_gm_.mutex".
4246 return mem;CID 43147: Program hangs (LOCK)
Returning without unlocking "_gm_.mutex".
501 int ret = munmap (code, length);CID 43140: Memory - corruptions (BAD_FREE)
"munmap" frees incorrect pointer "code".
194 SAFECAT(buf,crlf);CID 350349: Memory - illegal accesses (STRING_NULL)
Passing unterminated string "buf" to "strlen", which expects a null-terminated string.
1376 return JS_LIKELY(!!p2) ? p2 : onOutOfMemory(p, newBytes, cx); 1377 }CID 350348: Resource leaks (RESOURCE_LEAK)
Variable "p2" going out of scope leaks the storage it points to.
2517 return false;CID 350347: (UNINIT)
Using uninitialized value "rdata.session.frame_.regs_.fp" when calling "~ReplaceData".
2517 return false;CID 350347: (UNINIT)
Using uninitialized value "rdata.singleShot.prevInvokeArgEnd" when calling "~ReplaceData".
2443 return false;CID 350347: (UNINIT)
Using uninitialized value "rdata.singleShot.prevInvokeArgEnd" when calling "~ReplaceData".
2443 return false;CID 350347: (UNINIT)
Using uninitialized value "rdata.session.frame_.regs_.fp" when calling "~ReplaceData".
2165 return expression(pn->pn_left, &expr) &&CID 350346: (UNINIT)
Using uninitialized value "stmt" when calling "whileStatement".
2166 statement(pn->pn_right, &stmt) &&CID 350346: (UNINIT)
Using uninitialized value "stmt.data" when calling "whileStatement". 2165 return expression(pn->pn_left, &expr) &&
1130 bn_correct_top(rr);CID 350345: Memory - corruptions (OVERRUN)
Overrunning callee's array of size 72 by passing argument "rr->top" (which evaluates to 272) in call to "BN_normalise".
3355 pics.append(pic);CID 350344: Uninitialized variables (UNINIT)
Using uninitialized value "pic". Field "pic.vr" is uninitialized when calling "append".
1922 JS_SET_RVAL(cx, arglist, BOOLEAN_TO_JSVAL(check_name(sys->cfg,str)));CID 350343: Uninitialized variables (UNINIT)
Using uninitialized value "*str" when calling "check_name".
3160 strlwr(str);CID 350342: Uninitialized variables (UNINIT)
Using uninitialized value "*str" when calling "strlwr".
1369 return JS_LIKELY(!!p) ? p : onOutOfMemory(reinterpret_cast<void *>(1), bytes, cx);CID 350341: Resource leaks (RESOURCE_LEAK)
Variable "p" going out of scope leaks the storage it points to.
5408 oplen = cs->length;CID 350340: Memory - illegal accesses (OVERRUN)
Overrunning array of 1952 bytes at byte offset 2040 by dereferencing pointer "cs".
3528 pics.append(pic);CID 350339: Uninitialized variables (UNINIT)
Using uninitialized value "pic". Field "pic.pc" is uninitialized when calling "append".
506 j1 = cmp(b, s);CID 350338: (USE_AFTER_FREE)
Calling "cmp" dereferences freed pointer "s".
481 delta = diff(PASS_STATE s, mhi);CID 350338: (USE_AFTER_FREE)
Calling "diff" dereferences freed pointer "s".
481 delta = diff(PASS_STATE s, mhi);CID 350338: (USE_AFTER_FREE)
Calling "diff" dereferences freed pointer "s".
1359 return JS_LIKELY(!!p) ? p : onOutOfMemory(NULL, bytes, cx); 1360 }CID 350337: Resource leaks (RESOURCE_LEAK)
Variable "p" going out of scope leaks the storage it points to.
2755 remove(bat_list);CID 350336: Uninitialized variables (UNINIT)
Using uninitialized value "*bat_list" when calling "remove".
716 _allocator.retire(ins->getReg()); // free any register associated with entryCID 350335: Memory - corruptions (OVERRUN)
Overrunning callee's array of size 32 by passing argument "ins->getReg()" (which evaluates to 127) in call to "retire".
3108 delta = diff(PASS_STATE S, mhi);CID 350334: (USE_AFTER_FREE)
Calling "diff" dereferences freed pointer "mhi".
3108 delta = diff(PASS_STATE S, mhi);CID 350334: (USE_AFTER_FREE)
Calling "diff" dereferences freed pointer "mhi".
3095 mlo = mhi;CID 350334: (USE_AFTER_FREE)
Using freed pointer "mhi".
1818 JS_RESUMEREQUEST(cx, rc);CID 350333: Uninitialized variables (UNINIT)
Using uninitialized value "*cstr" when calling "getSocketOptionByName". 1817 if((opt = getSocketOptionByName(cstr, &level)) == -1) {
542 _allocator.retire(r);CID 350332: (OVERRUN)
Overrunning callee's array of size 32 by passing argument "r" (which evaluates to 127) in call to "retire".
511 _allocator.useActive(r);CID 350332: (OVERRUN)
Overrunning callee's array of size 32 by passing argument "r" (which evaluates to 127) in call to "useActive".
255 _allocator.addActive(r, ins);CID 350331: Memory - corruptions (OVERRUN)
Overrunning callee's array of size 32 by passing argument "r" (which evaluates to 127) in call to "addActive".
2114 if (!(JS_UNLIKELY(atom == cx->runtime->atomState.protoAtom) 2115 ? js_SetPropertyHelper(cx, obj, id, defineHow, &rval, false)CID 350330: Error handling issues (CHECKED_RETURN)
Calling "js_SetPropertyHelper" without checking return value (as is done elsewhere 4 out of 5 times).
3629 (void)fseeko(stream,pos,SEEK_SET);CID 350353: Error handling issues (NEGATIVE_RETURNS)
"pos" is passed to a parameter that cannot be negative.
1208 fseeko(tmp_sdt, offset, SEEK_SET);CID 350413: Error handling issues (CHECKED_RETURN)
Calling "fseeko(tmp_sdt, offset, 0)" without checking return value. This library function may fail and return an error code.
9243 (void)uname(res); if (res != 0) { domain = res->domainname; }CID 319807: Memory - illegal accesses (UNINIT)
Using uninitialized value "res" when calling "uname".
9243 (void)uname(res); if (res != 0) { domain = res->domainname; }CID 319786: Null pointer dereferences (REVERSE_INULL)
Null-checking "res" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
9243 (void)uname(res); if (res != 0) { domain = res->domainname; }CID 319807: Memory - illegal accesses (UNINIT)
Using uninitialized value "res" when calling "uname".
9243 (void)uname(res); if (res != 0) { domain = res->domainname; }CID 319786: Null pointer dereferences (REVERSE_INULL)
Null-checking "res" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
9243 (void)uname(res); if (res != 0) { domain = res->domainname; }CID 319807: Memory - illegal accesses (UNINIT)
Using uninitialized value "res" when calling "uname".
9243 (void)uname(res); if (res != 0) { domain = res->domainname; }CID 319786: Null pointer dereferences (REVERSE_INULL)
Null-checking "res" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
9243 (void)uname(res); if (res != 0) { domain = res->domainname; }CID 319807: Memory - illegal accesses (UNINIT)
Using uninitialized value "res" when calling "uname".
9243 (void)uname(res); if (res != 0) { domain = res->domainname; }CID 319786: Null pointer dereferences (REVERSE_INULL)
Null-checking "res" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
9243 (void)uname(res); if (res != 0) { domain = res->domainname; }CID 319807: Memory - illegal accesses (UNINIT)
Using uninitialized value "res" when calling "uname".
9243 (void)uname(res); if (res != 0) { domain = res->domainname; }CID 319786: Null pointer dereferences (REVERSE_INULL)
Null-checking "res" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
9243 (void)uname(res); if (res != 0) { domain = res->domainname; }CID 319807: Memory - illegal accesses (UNINIT)
Using uninitialized value "res" when calling "uname".
9243 (void)uname(res); if (res != 0) { domain = res->domainname; }CID 319786: Null pointer dereferences (REVERSE_INULL)
Null-checking "res" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
373 JS_ValueToECMAUint32(cx, *vp, (uint32_t*)&sys->cfg->sys_misc);CID 350813: Error handling issues (CHECKED_RETURN)
Calling "JS_ValueToECMAUint32" without checking return value (as is done elsewhere 68 out of 71 times).
1198 JS_ValueToECMAUint32(cx,argv[0],&t);CID 350812: Error handling issues (CHECKED_RETURN)
Calling "JS_ValueToECMAUint32" without checking return value (as is done elsewhere 68 out of 71 times).
1171 JS_ValueToECMAUint32(cx,argv[0],(uint32_t*)&t);CID 350811: Error handling issues (CHECKED_RETURN)
Calling "JS_ValueToECMAUint32" without checking return value (as is done elsewhere 68 out of 71 times).
9243 (void)uname(res); if (res != 0) { domain = res->domainname; }CID 319807: Memory - illegal accesses (UNINIT)
Using uninitialized value "res" when calling "uname".
9243 (void)uname(res); if (res != 0) { domain = res->domainname; }CID 319786: Null pointer dereferences (REVERSE_INULL)
Null-checking "res" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
dereferenced on all paths leading to the check.CID 351271: Null pointer dereferences (REVERSE_INULL)
Null-checking "p" suggests that it may be null, but it has already been
9243 (void)uname(res); if (res != 0) { domain = res->domainname; }CID 319807: Memory - illegal accesses (UNINIT)
Using uninitialized value "res" when calling "uname".
9243 (void)uname(res); if (res != 0) { domain = res->domainname; }CID 319786: Null pointer dereferences (REVERSE_INULL)
Null-checking "res" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
9243 (void)uname(res); if (res != 0) { domain = res->domainname; }CID 319807: Memory - illegal accesses (UNINIT)
Using uninitialized value "res" when calling "uname".
9243 (void)uname(res); if (res != 0) { domain = res->domainname; }CID 319786: Null pointer dereferences (REVERSE_INULL)
Null-checking "res" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
9243 (void)uname(res); if (res != 0) { domain = res->domainname; }CID 319807: Memory - illegal accesses (UNINIT)
Using uninitialized value "res" when calling "uname".
9243 (void)uname(res); if (res != 0) { domain = res->domainname; }CID 319786: Null pointer dereferences (REVERSE_INULL)
Null-checking "res" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
582 localguru(gurubuf,i);CID 351999: Insecure data handling (TAINTED_SCALAR)
Passing tainted expression "*gurubuf" to "localguru", which uses it as a loop boundary.
1396 SAFEPRINTF2(str, "%s bytes, keep %lu"CID 351998: API usage errors (PRINTF_ARGS)
Argument "cfg.max_logs_kept" to format specifier "%lu" was expected to have type "unsigned long" but has type "unsigned short".
1397 ,byte_count_to_str(cfg.max_log_size, tmp, sizeof(tmp))CID 351997: API usage errors (PW.PRINTF_ARG_MISMATCH)
argument is incompatible with corresponding format string conversion 1396 SAFEPRINTF2(str, "%s bytes, keep %lu"
9243 (void)uname(res); if (res != 0) { domain = res->domainname; }CID 319807: Memory - illegal accesses (UNINIT)
Using uninitialized value "res" when calling "uname".
9243 (void)uname(res); if (res != 0) { domain = res->domainname; }CID 319786: Null pointer dereferences (REVERSE_INULL)
Null-checking "res" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
9243 (void)uname(res); if (res != 0) { domain = res->domainname; }CID 319807: Memory - illegal accesses (UNINIT)
Using uninitialized value "res" when calling "uname".
9243 (void)uname(res); if (res != 0) { domain = res->domainname; }CID 319786: Null pointer dereferences (REVERSE_INULL)
Null-checking "res" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
9243 (void)uname(res); if (res != 0) { domain = res->domainname; }CID 319807: Memory - illegal accesses (UNINIT)
Using uninitialized value "res" when calling "uname".
9243 (void)uname(res); if (res != 0) { domain = res->domainname; }CID 319786: Null pointer dereferences (REVERSE_INULL)
Null-checking "res" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
670 cfg.event[i]->months|=(1<<(atoi(p)-1));CID 174496: Integer handling issues (BAD_SHIFT)
In expression "1 << atoi(p) - 1", shifting by a negative amount has undefined behavior. The shift amount, "atoi(p) - 1", is -1.
9243 (void)uname(res); if (res != 0) { domain = res->domainname; }CID 319807: Memory - illegal accesses (UNINIT)
Using uninitialized value "res" when calling "uname".
9243 (void)uname(res); if (res != 0) { domain = res->domainname; }CID 319786: Null pointer dereferences (REVERSE_INULL)
Null-checking "res" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
9243 (void)uname(res); if (res != 0) { domain = res->domainname; }CID 319807: Memory - illegal accesses (UNINIT)
Using uninitialized value "res" when calling "uname".
9243 (void)uname(res); if (res != 0) { domain = res->domainname; }CID 319786: Null pointer dereferences (REVERSE_INULL)
Null-checking "res" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
9243 (void)uname(res); if (res != 0) { domain = res->domainname; }CID 319807: Memory - illegal accesses (UNINIT)
Using uninitialized value "res" when calling "uname".
9243 (void)uname(res); if (res != 0) { domain = res->domainname; }CID 319786: Null pointer dereferences (REVERSE_INULL)
Null-checking "res" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
9243 (void)uname(res); if (res != 0) { domain = res->domainname; }CID 319807: Memory - illegal accesses (UNINIT)
Using uninitialized value "res" when calling "uname".
9243 (void)uname(res); if (res != 0) { domain = res->domainname; }CID 319786: Null pointer dereferences (REVERSE_INULL)
Null-checking "res" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
9243 (void)uname(res); if (res != 0) { domain = res->domainname; }CID 319807: Memory - illegal accesses (UNINIT)
Using uninitialized value "res" when calling "uname".
9243 (void)uname(res); if (res != 0) { domain = res->domainname; }CID 319786: Null pointer dereferences (REVERSE_INULL)
Null-checking "res" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
9243 (void)uname(res); if (res != 0) { domain = res->domainname; }CID 319807: Memory - illegal accesses (UNINIT)
Using uninitialized value "res" when calling "uname".
9243 (void)uname(res); if (res != 0) { domain = res->domainname; }CID 319786: Null pointer dereferences (REVERSE_INULL)
Null-checking "res" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
9243 (void)uname(res); if (res != 0) { domain = res->domainname; }CID 319807: Memory - illegal accesses (UNINIT)
Using uninitialized value "res" when calling "uname".
9243 (void)uname(res); if (res != 0) { domain = res->domainname; }CID 319786: Null pointer dereferences (REVERSE_INULL)
Null-checking "res" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
9243 (void)uname(res); if (res != 0) { domain = res->domainname; }CID 319807: Memory - illegal accesses (UNINIT)
Using uninitialized value "res" when calling "uname".
9243 (void)uname(res); if (res != 0) { domain = res->domainname; }CID 319786: Null pointer dereferences (REVERSE_INULL)
Null-checking "res" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
9243 (void)uname(res); if (res != 0) { domain = res->domainname; }CID 319807: Memory - illegal accesses (UNINIT)
Using uninitialized value "res" when calling "uname".
9243 (void)uname(res); if (res != 0) { domain = res->domainname; }CID 319786: Null pointer dereferences (REVERSE_INULL)
Null-checking "res" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
9243 (void)uname(res); if (res != 0) { domain = res->domainname; }CID 319807: Memory - illegal accesses (UNINIT)
Using uninitialized value "res" when calling "uname".
9243 (void)uname(res); if (res != 0) { domain = res->domainname; }CID 319786: Null pointer dereferences (REVERSE_INULL)
Null-checking "res" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
9243 (void)uname(res); if (res != 0) { domain = res->domainname; }CID 319807: Memory - illegal accesses (UNINIT)
Using uninitialized value "res" when calling "uname".
9243 (void)uname(res); if (res != 0) { domain = res->domainname; }CID 319786: Null pointer dereferences (REVERSE_INULL)
Null-checking "res" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
9243 (void)uname(res); if (res != 0) { domain = res->domainname; }CID 319807: Memory - illegal accesses (UNINIT)
Using uninitialized value "res" when calling "uname".
9243 (void)uname(res); if (res != 0) { domain = res->domainname; }CID 319786: Null pointer dereferences (REVERSE_INULL)
Null-checking "res" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
9243 (void)uname(res); if (res != 0) { domain = res->domainname; }CID 319807: Memory - illegal accesses (UNINIT)
Using uninitialized value "res" when calling "uname".
9243 (void)uname(res); if (res != 0) { domain = res->domainname; }CID 319786: Null pointer dereferences (REVERSE_INULL)
Null-checking "res" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
9243 (void)uname(res); if (res != 0) { domain = res->domainname; }CID 319807: Memory - illegal accesses (UNINIT)
Using uninitialized value "res" when calling "uname".
9243 (void)uname(res); if (res != 0) { domain = res->domainname; }CID 319786: Null pointer dereferences (REVERSE_INULL)
Null-checking "res" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
9243 (void)uname(res); if (res != 0) { domain = res->domainname; }CID 319807: Memory - illegal accesses (UNINIT)
Using uninitialized value "res" when calling "uname".
9243 (void)uname(res); if (res != 0) { domain = res->domainname; }CID 319786: Null pointer dereferences (REVERSE_INULL)
Null-checking "res" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
9243 (void)uname(res); if (res != 0) { domain = res->domainname; }CID 319807: Memory - illegal accesses (UNINIT)
Using uninitialized value "res" when calling "uname".
9243 (void)uname(res); if (res != 0) { domain = res->domainname; }CID 319786: Null pointer dereferences (REVERSE_INULL)
Null-checking "res" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
9243 (void)uname(res); if (res != 0) { domain = res->domainname; }CID 319807: Memory - illegal accesses (UNINIT)
Using uninitialized value "res" when calling "uname".
9243 (void)uname(res); if (res != 0) { domain = res->domainname; }CID 319786: Null pointer dereferences (REVERSE_INULL)
Null-checking "res" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
9243 (void)uname(res); if (res != 0) { domain = res->domainname; }CID 319807: Memory - illegal accesses (UNINIT)
Using uninitialized value "res" when calling "uname".
9243 (void)uname(res); if (res != 0) { domain = res->domainname; }CID 319786: Null pointer dereferences (REVERSE_INULL)
Null-checking "res" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
9243 (void)uname(res); if (res != 0) { domain = res->domainname; }CID 319807: Memory - illegal accesses (UNINIT)
Using uninitialized value "res" when calling "uname".
9243 (void)uname(res); if (res != 0) { domain = res->domainname; }CID 319786: Null pointer dereferences (REVERSE_INULL)
Null-checking "res" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
9243 (void)uname(res); if (res != 0) { domain = res->domainname; }CID 319807: Memory - illegal accesses (UNINIT)
Using uninitialized value "res" when calling "uname".
9243 (void)uname(res); if (res != 0) { domain = res->domainname; }CID 319786: Null pointer dereferences (REVERSE_INULL)
Null-checking "res" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
9243 (void)uname(res); if (res != 0) { domain = res->domainname; }CID 319807: Memory - illegal accesses (UNINIT)
Using uninitialized value "res" when calling "uname".
9243 (void)uname(res); if (res != 0) { domain = res->domainname; }CID 319786: Null pointer dereferences (REVERSE_INULL)
Null-checking "res" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
9243 (void)uname(res); if (res != 0) { domain = res->domainname; }CID 319807: Memory - illegal accesses (UNINIT)
Using uninitialized value "res" when calling "uname".
9243 (void)uname(res); if (res != 0) { domain = res->domainname; }CID 319786: Null pointer dereferences (REVERSE_INULL)
Null-checking "res" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
9243 (void)uname(res); if (res != 0) { domain = res->domainname; }CID 319807: Memory - illegal accesses (UNINIT)
Using uninitialized value "res" when calling "uname".
9243 (void)uname(res); if (res != 0) { domain = res->domainname; }CID 319786: Null pointer dereferences (REVERSE_INULL)
Null-checking "res" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
9243 (void)uname(res); if (res != 0) { domain = res->domainname; }CID 319807: Memory - illegal accesses (UNINIT)
Using uninitialized value "res" when calling "uname".
9243 (void)uname(res); if (res != 0) { domain = res->domainname; }CID 319786: Null pointer dereferences (REVERSE_INULL)
Null-checking "res" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
Just curious, should we avoid updating on days where coverity scan finds errors.
9243 (void)uname(res); if (res != 0) { domain = res->domainname; }CID 319807: Memory - illegal accesses (UNINIT)
Using uninitialized value "res" when calling "uname".
9243 (void)uname(res); if (res != 0) { domain = res->domainname; }CID 319786: Null pointer dereferences (REVERSE_INULL)
Null-checking "res" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
9243 (void)uname(res); if (res != 0) { domain = res->domainname; }CID 319807: Memory - illegal accesses (UNINIT)
Using uninitialized value "res" when calling "uname".
9243 (void)uname(res); if (res != 0) { domain = res->domainname; }CID 319786: Null pointer dereferences (REVERSE_INULL)
Null-checking "res" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
9243 (void)uname(res); if (res != 0) { domain = res->domainname; }CID 319807: Memory - illegal accesses (UNINIT)
Using uninitialized value "res" when calling "uname".
9243 (void)uname(res); if (res != 0) { domain = res->domainname; }CID 319786: Null pointer dereferences (REVERSE_INULL)
Null-checking "res" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
9243 (void)uname(res); if (res != 0) { domain = res->domainname; }CID 319807: Memory - illegal accesses (UNINIT)
Using uninitialized value "res" when calling "uname".
9243 (void)uname(res); if (res != 0) { domain = res->domainname; }CID 319786: Null pointer dereferences (REVERSE_INULL)
Null-checking "res" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
9243 (void)uname(res); if (res != 0) { domain = res->domainname; }CID 319807: Memory - illegal accesses (UNINIT)
Using uninitialized value "res" when calling "uname".
9243 (void)uname(res); if (res != 0) { domain = res->domainname; }CID 319786: Null pointer dereferences (REVERSE_INULL)
Null-checking "res" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
9243 (void)uname(res); if (res != 0) { domain = res->domainname; }CID 319807: Memory - illegal accesses (UNINIT)
Using uninitialized value "res" when calling "uname".
9243 (void)uname(res); if (res != 0) { domain = res->domainname; }CID 319786: Null pointer dereferences (REVERSE_INULL)
Null-checking "res" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
9243 (void)uname(res); if (res != 0) { domain = res->domainname; }CID 319807: Memory - illegal accesses (UNINIT)
Using uninitialized value "res" when calling "uname".
9243 (void)uname(res); if (res != 0) { domain = res->domainname; }CID 319786: Null pointer dereferences (REVERSE_INULL)
Null-checking "res" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
9243 (void)uname(res); if (res != 0) { domain = res->domainname; }CID 319807: Memory - illegal accesses (UNINIT)
Using uninitialized value "res" when calling "uname".
9243 (void)uname(res); if (res != 0) { domain = res->domainname; }CID 319786: Null pointer dereferences (REVERSE_INULL)
Null-checking "res" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
9243 (void)uname(res); if (res != 0) { domain = res->domainname; }CID 319807: Memory - illegal accesses (UNINIT)
Using uninitialized value "res" when calling "uname".
9243 (void)uname(res); if (res != 0) { domain = res->domainname; }CID 319786: Null pointer dereferences (REVERSE_INULL)
Null-checking "res" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
9243 (void)uname(res); if (res != 0) { domain = res->domainname; }CID 319807: Memory - illegal accesses (UNINIT)
Using uninitialized value "res" when calling "uname".
9243 (void)uname(res); if (res != 0) { domain = res->domainname; }CID 319786: Null pointer dereferences (REVERSE_INULL)
Null-checking "res" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
9243 (void)uname(res); if (res != 0) { domain = res->domainname; }CID 319807: Memory - illegal accesses (UNINIT)
Using uninitialized value "res" when calling "uname".
9243 (void)uname(res); if (res != 0) { domain = res->domainname; }CID 319786: Null pointer dereferences (REVERSE_INULL)
Null-checking "res" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
9243 (void)uname(res); if (res != 0) { domain = res->domainname; }CID 319807: Memory - illegal accesses (UNINIT)
Using uninitialized value "res" when calling "uname".
9243 (void)uname(res); if (res != 0) { domain = res->domainname; }CID 319786: Null pointer dereferences (REVERSE_INULL)
Null-checking "res" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
9243 (void)uname(res); if (res != 0) { domain = res->domainname; }CID 319807: Memory - illegal accesses (UNINIT)
Using uninitialized value "res" when calling "uname".
9243 (void)uname(res); if (res != 0) { domain = res->domainname; }CID 319786: Null pointer dereferences (REVERSE_INULL)
Null-checking "res" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
9243 (void)uname(res); if (res != 0) { domain = res->domainname; }CID 319807: Memory - illegal accesses (UNINIT)
Using uninitialized value "res" when calling "uname".
9243 (void)uname(res); if (res != 0) { domain = res->domainname; }CID 319786: Null pointer dereferences (REVERSE_INULL)
Null-checking "res" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
9243 (void)uname(res); if (res != 0) { domain = res->domainname; }CID 319807: Memory - illegal accesses (UNINIT)
Using uninitialized value "res" when calling "uname".
9243 (void)uname(res); if (res != 0) { domain = res->domainname; }CID 319786: Null pointer dereferences (REVERSE_INULL)
Null-checking "res" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
253 str[rsp + 1] = 0;CID 319174: Memory - corruptions (OVERRUN)
Overrunning array "str" of 128 bytes at byte offset 128 using index "rsp + 1UL" (which evaluates to 128).
9243 (void)uname(res); if (res != 0) { domain = res->domainname; }CID 319807: Memory - illegal accesses (UNINIT)
Using uninitialized value "res" when calling "uname".
9243 (void)uname(res); if (res != 0) { domain = res->domainname; }CID 319786: Null pointer dereferences (REVERSE_INULL)
Null-checking "res" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
9243 (void)uname(res); if (res != 0) { domain = res->domainname; }CID 319807: Memory - illegal accesses (UNINIT)
Using uninitialized value "res" when calling "uname".
9243 (void)uname(res); if (res != 0) { domain = res->domainname; }CID 319786: Null pointer dereferences (REVERSE_INULL)
Null-checking "res" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
9243 (void)uname(res); if (res != 0) { domain = res->domainname; }CID 319807: Memory - illegal accesses (UNINIT)
Using uninitialized value "res" when calling "uname".
9243 (void)uname(res); if (res != 0) { domain = res->domainname; }CID 319786: Null pointer dereferences (REVERSE_INULL)
Null-checking "res" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
9243 (void)uname(res); if (res != 0) { domain = res->domainname; }CID 319807: Memory - illegal accesses (UNINIT)
Using uninitialized value "res" when calling "uname".
9243 (void)uname(res); if (res != 0) { domain = res->domainname; }CID 319786: Null pointer dereferences (REVERSE_INULL)
Null-checking "res" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
674 beep();CID 376409: (SLEEP)
Call to "ciolib_beep" might sleep while holding lock "sdl_keylock".
682 beep();CID 376409: (SLEEP)
Call to "ciolib_beep" might sleep while holding lock "sdl_keylock".
1141 bputs(unixtodstr(&cfg,(time32_t)now,tmp1)); 1142 break;CID 376408: High impact quality (Y2K38_SAFETY)
A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "this->now" is cast to "time32_t".
841 return(::timestr(&cfg,(time32_t)intime,timestr_output));CID 376407: High impact quality (Y2K38_SAFETY)
A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "intime" is cast to "time32_t".
1607 putuserdat(&scfg, &session->user);CID 376406: High impact quality (Y2K38_SAFETY)
A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "session->logon_time" is cast to "time32_t". 1606 session->user.logontime = (time32_t)session->logon_time;
827 JS_SET_RVAL(cx, arglist,UINT_TO_JSVAL((uint32_t)time(NULL))); 828 return(JS_TRUE);CID 376405: High impact quality (Y2K38_SAFETY)
A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "time(NULL)" is cast to "uint32_t".
638 client.time = time(NULL);CID 376404: High impact quality (Y2K38_SAFETY)
A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "time(NULL)" is cast to "time32_t".
414 const SES_CHECKATTRIBUTE_FUNCTION checkAttributeFunction = \CID 376403: Control flow issues (DEADCODE)
Execution cannot reach the expression "sessionInfoPtr->checkAttributeFunction.fnPtr" inside this statement: "checkAttributeFunction = (S...".
235 YIELD();CID 376402: Program hangs (SLEEP)
Call to "nanosleep" might sleep while holding lock "sdl_ufunc_mtx".
a negative parameter being interpreted as unsigned.CID 376401: (OVERRUN)
Calling "CallAddPropertyHook" with "obj->slots" and "shape->slot" is suspicious because of the very large index, 4294967295. The index may be due to
a negative parameter being interpreted as unsigned.CID 376401: (OVERRUN)
Calling "nativeSetSlot" with "obj->slots" and "shape->slot" is suspicious because of the very large index, 4294967295. The index may be due to
332 const SES_CHECKATTRIBUTE_FUNCTION checkAttributeFunction = \CID 376400: Control flow issues (DEADCODE)
Execution cannot reach the expression "sessionInfoPtr->checkAttributeFunction.fnPtr" inside this statement: "checkAttributeFunction = (S...".
246 msg.hdr.when_written.time=(uint32_t)time(NULL);CID 376399: High impact quality (Y2K38_SAFETY)
A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "time(NULL)" is cast to "uint32_t".
1944 bb = bb1;CID 376398: Memory - illegal accesses (USE_AFTER_FREE)
Using freed pointer "bb1".
194 fclose(stream);A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "this->qwknode[i].time" is cast to "time32_t". 193 ,unixtodstr(&cfg,(time32_t)qwknode[i].time,str),qwknode[i].id,qwknode[i].path);
be due to a negative parameter being interpreted as unsigned. [Note: The sourceCID 376396: Memory - corruptions (OVERRUN)
Calling "read" with "gurubuf" and "(size_t)filelength(file)" is suspicious because of the very large index, 18446744073709551615. The index may
566 *dt=(time32_t)tmptime;CID 376395: High impact quality (Y2K38_SAFETY)
A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "tmptime" is cast to "time32_t".
1046 msg.hdr.when_written.time=(uint32_t)xpDateTime_to_localtime(dt);CID 376394: High impact quality (Y2K38_SAFETY)
A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "xpDateTime_to_localtime(dt)" is cast to "uint32_t".
because of the very large index, 18446744073709551615. The index may be due to a negative parameter being interpreted as unsigned.CID 376393: Memory - corruptions (OVERRUN)
Calling "strListCombine" with "metadata" and "size - 1UL" is suspicious
298 memset(brute_buf+1,'_',l-1);CID 376392: Memory - corruptions (OVERRUN)
Calling "memset" with "brute_buf + 1" and "l - 1UL" is suspicious because of the very large index, 18446744073709551615. The index may be due to a negative parameter being interpreted as unsigned. [Note: The source code implementation of the function has been overridden by a builtin model.]
&file)));CID 376391: High impact quality (Y2K38_SAFETY)
A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "getfiletime(scfg, &file)" is cast to "uint32". 1128 JS_SET_RVAL(cx, arglist, UINT_TO_JSVAL((uint32)getfiletime(scfg,
1565 user->pwmod=time(NULL);CID 376390: High impact quality (Y2K38_SAFETY)
A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "time(NULL)" is cast to "time32_t".
89 new defect(s) introduced to Synchronet found with Coverity Scan.
1082 pthread_mutex_lock(&vstatlock);CID 432266: Program hangs (ORDER_REVERSAL)
Calling "pthread_mutex_lock" acquires lock "vstatlock" while holding lock "win_mutex" (count: 1 / 4).
1039 ch=(char)getstr(str,LEN_PASS,K_UPPER);CID 433272: Code maintainability issues (UNUSED_VALUE)
Assigning value from "(char)this->getstr(str, 40UL, 1L, NULL)" to "ch" here, but that stored value is overwritten before it can be used.
659 str_list_t section = iniGetParsedSection(sections, name, /* cut:CID 433271: (RESOURCE_LEAK)
Variable "sections" going out of scope leaks the storage it points to. 658 return allocerr(error, maxerrlen, fname, "guru", sizeof(guru_t));
760 str_list_t section = iniGetParsedSection(sections, name, /* cut:CID 433271: (RESOURCE_LEAK)
Variable "sections" going out of scope leaks the storage it points to. 759 return allocerr(error, maxerrlen, fname, "page", sizeof(page_t));
*)*cfg->total_actsets);CID 433271: (RESOURCE_LEAK)
Variable "sections" going out of scope leaks the storage it points to. 679 return allocerr(error, maxerrlen, fname, "actsets", sizeof(actset_t
sizeof(actset_t));CID 433271: (RESOURCE_LEAK)
Variable "sections" going out of scope leaks the storage it points to. 687 return allocerr(error, maxerrlen, fname, "actset",
*)*cfg->total_gurus);CID 433271: (RESOURCE_LEAK)
Variable "sections" going out of scope leaks the storage it points to. 651 return allocerr(error, maxerrlen, fname, "gurus", sizeof(guru_t
*)*cfg->total_chans);CID 433271: (RESOURCE_LEAK)
Variable "sections" going out of scope leaks the storage it points to. 718 return allocerr(error, maxerrlen, fname, "chans", sizeof(chan_t
*)*cfg->total_pages);CID 433271: (RESOURCE_LEAK)
Variable "sections" going out of scope leaks the storage it points to. 752 return allocerr(error, maxerrlen, fname, "pages", sizeof(page_t
726 str_list_t section = iniGetParsedSection(sections, name, /* cut:CID 433271: (RESOURCE_LEAK)
Variable "sections" going out of scope leaks the storage it points to. 725 return allocerr(error, maxerrlen, fname, "chan", sizeof(chan_t));
420 if((cfg->sub[i]=(sub_t *)malloc(sizeof(sub_t)))==NULL) 421 return allocerr(error, maxerrlen, fname, "sub", sizeof(sub_t));CID 433270: Null pointer dereferences (FORWARD_NULL)
Dereferencing null pointer "cfg->sub".
117 return allocerr(error, maxerrlen, fname, "fcomp", sizeof(fcomp_t));CID 433269: Resource leaks (RESOURCE_LEAK)
Variable "fcomp_list" going out of scope leaks the storage it points to.
194 return allocerr(error, maxerrlen, fname, "dlevent",CID 433268: Resource leaks (RESOURCE_LEAK)
Variable "dlevent_list" going out of scope leaks the storage it points to.
41 return MQTT_FAILURE;CID 433267: Control flow issues (DEADCODE)
Execution cannot reach this statement: "return 100;".
524 section = iniGetParsedSection(sections, name, /* cut: */TRUE);CID 433266: (RESOURCE_LEAK)
Variable "sections" going out of scope leaks the storage it points to. 523 return allocerr(error, maxerrlen, fname, "qhub", sizeof(qhub_t));
382 section = iniGetParsedSection(sections, name, /* cut: */TRUE);Variable "sections" going out of scope leaks the storage it points to. 381 return allocerr(error, maxerrlen, fname, "group", sizeof(grp_t));
*)*cfg->total_grps);CID 433266: (RESOURCE_LEAK)
Variable "sections" going out of scope leaks the storage it points to. 373 return allocerr(error, maxerrlen, fname, "groups", sizeof(grp_t
382 section = iniGetParsedSection(sections, name, /* cut: */TRUE);Variable "grp_list" going out of scope leaks the storage it points to. 381 return allocerr(error, maxerrlen, fname, "group", sizeof(grp_t));
*)*cfg->total_grps);CID 433265: (RESOURCE_LEAK)
Variable "grp_list" going out of scope leaks the storage it points to. 373 return allocerr(error, maxerrlen, fname, "groups", sizeof(grp_t
it is >= 0.CID 433264: Memory - corruptions (REVERSE_NEGATIVE)
You might be using variable "sbbs->client_socket" before verifying that
sizeof(uchar)*k);CID 433263: (RESOURCE_LEAK)
Variable "qhub_list" going out of scope leaks the storage it points to. 548 return allocerr(error, maxerrlen, fname, "qhub mode",
524 section = iniGetParsedSection(sections, name, /* cut: */TRUE);CID 433263: (RESOURCE_LEAK)
Variable "qhub_list" going out of scope leaks the storage it points to. 523 return allocerr(error, maxerrlen, fname, "qhub", sizeof(qhub_t));
sizeof(qhub_t*)*cfg->total_qhubs);CID 433263: (RESOURCE_LEAK)
Variable "qhub_list" going out of scope leaks the storage it points to. 515 return allocerr(error, maxerrlen, fname, "qhubs",
sizeof(ushort)*k);CID 433263: (RESOURCE_LEAK)
Variable "qhub_list" going out of scope leaks the storage it points to. 546 return allocerr(error, maxerrlen, fname, "qhub conf",
1036 msg.hdr.when_written.time=(uint32_t)xpDateTime_to_localtime(dt);CID 433262: High impact quality (Y2K38_SAFETY)
A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "xpDateTime_to_localtime(dt)" is cast to "uint32_t".
*)*cfg->total_libs);CID 433261: (RESOURCE_LEAK)
Variable "lib_list" going out of scope leaks the storage it points to. 245 return allocerr(error, maxerrlen, fname, "libs", sizeof(lib_t
253 str_list_t section = iniGetParsedSection(sections, name, /* cut:Variable "lib_list" going out of scope leaks the storage it points to. 252 return allocerr(error, maxerrlen, fname, "lib", sizeof(lib_t));
sizeof(ushort)*k);CID 433260: (RESOURCE_LEAK)
Variable "qsub_list" going out of scope leaks the storage it points to. 546 return allocerr(error, maxerrlen, fname, "qhub conf",
sizeof(uchar)*k);CID 433260: (RESOURCE_LEAK)
Variable "qsub_list" going out of scope leaks the storage it points to. 548 return allocerr(error, maxerrlen, fname, "qhub mode",
sizeof(sub_t)*k);CID 433260: (RESOURCE_LEAK)
Variable "qsub_list" going out of scope leaks the storage it points to. 544 return allocerr(error, maxerrlen, fname, "qhub sub",
463 return false;CID 433259: Resource leaks (RESOURCE_LEAK)
Variable "out" going out of scope leaks the storage it points to.
481 return allocerr(error, maxerrlen, fname, "xtrns", sizeof(xtrn_tCID 433258: (RESOURCE_LEAK)
Variable "list" going out of scope leaks the storage it points to.
500 return allocerr(error, maxerrlen, fname, "xtrn", sizeof(xtrn_t));CID 433258: (RESOURCE_LEAK)
Variable "list" going out of scope leaks the storage it points to.
462 return allocerr(error, maxerrlen, fname, "xtrnsec",CID 433258: (RESOURCE_LEAK)
Variable "list" going out of scope leaks the storage it points to.
428 return allocerr(error, maxerrlen, fname, "xedit", sizeof(xedit_t));CID 433258: (RESOURCE_LEAK)
Variable "list" going out of scope leaks the storage it points to.
541 return allocerr(error, maxerrlen, fname, "event", sizeof(event_t));CID 433258: (RESOURCE_LEAK)
Variable "list" going out of scope leaks the storage it points to.
594 return allocerr(error, maxerrlen, fname, "hotkeys", sizeof(hotkey_tCID 433258: (RESOURCE_LEAK)
Variable "list" going out of scope leaks the storage it points to.
534 return allocerr(error, maxerrlen, fname, "events", sizeof(event_tCID 433258: (RESOURCE_LEAK)
Variable "list" going out of scope leaks the storage it points to.
579 return allocerr(error, maxerrlen, fname, "natvpgm",CID 433258: (RESOURCE_LEAK)
Variable "list" going out of scope leaks the storage it points to.
455 return allocerr(error, maxerrlen, fname, "xtrnsecs",CID 433258: (RESOURCE_LEAK)
Variable "list" going out of scope leaks the storage it points to.
601 return allocerr(error, maxerrlen, fname, "hotkey",CID 433258: (RESOURCE_LEAK)
Variable "list" going out of scope leaks the storage it points to.
421 return allocerr(error, maxerrlen, fname, "xedits", sizeof(xedit_tCID 433258: (RESOURCE_LEAK)
Variable "list" going out of scope leaks the storage it points to.
572 return allocerr(error, maxerrlen, fname, "natvpgms",CID 433258: (RESOURCE_LEAK)
Variable "list" going out of scope leaks the storage it points to.
314 if((cfg->dir[i]=(dir_t *)malloc(sizeof(dir_t)))==NULL) 315 return allocerr(error, maxerrlen, fname, "dir", sizeof(dir_t));CID 433257: Null pointer dereferences (FORWARD_NULL)
Dereferencing null pointer "cfg->dir".
6401 while(session->socket!=INVALID_SOCKET) {CID 433256: Memory - corruptions (REVERSE_NEGATIVE)
You might be using variable "session->socket" before verifying that it is >= 0.
*)*(cfg->total_dirs+1));CID 433255: (RESOURCE_LEAK)
Variable "dir_list" going out of scope leaks the storage it points to. 296 return allocerr(error, maxerrlen, fname, "dirs", sizeof(dir_t
316 str_list_t section = iniGetParsedSection(sections, name, /* cut:Variable "dir_list" going out of scope leaks the storage it points to. 315 return allocerr(error, maxerrlen, fname, "dir", sizeof(dir_t));
167 return allocerr(error, maxerrlen, fname, "ftest", sizeof(ftest_t));CID 433254: Resource leaks (RESOURCE_LEAK)
Variable "ftest_list" going out of scope leaks the storage it points to.
85 int result = ::putuserdatetime(&cfg, usernumber, fnum, (time32_t)t);CID 433253: High impact quality (Y2K38_SAFETY)
A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "t" is cast to "time32_t".
720 SAFECOPY(client.user, cstr);CID 434885: Null pointer dereferences (FORWARD_NULL)
Passing null pointer "cstr" to "strncpy", which dereferences it.
666 SAFECOPY(client.user, cstr);CID 434884: Null pointer dereferences (FORWARD_NULL)
Passing null pointer "cstr" to "strncpy", which dereferences it.
1370 if(*gamedir == 0) {CID 434888: Uninitialized variables (UNINIT)
Using uninitialized value "*gamedir".
46 ,timestr(cfg, (time32_t)now, tstr)CID 435652: High impact quality (Y2K38_SAFETY)
A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "now" is cast to "time32_t".
102 ,timestr(cfg, (time32_t)now, tstr)CID 435651: High impact quality (Y2K38_SAFETY)
A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "now" is cast to "time32_t".
2266 load_msgs_cfg(&cfg, error, sizeof(error));CID 436064: Error handling issues (CHECKED_RETURN)
Calling "load_msgs_cfg" without checking return value (as is done elsewhere 4 out of 5 times).
(this->cols - 1) - 1" is greater than 0x7FFFFFFF, the upper bits of the result will all be 1.CID 436320: (SIGN_EXTENSION)
Suspicious implicit sign extension: "this->cfg.level_linespermsg[useron_level]" with type "uint16_t" (16 bits, unsigned) is promoted in "this->cfg.level_linespermsg[useron_level] * (this->cols - 1) - 1" to type "int" (32 bits, signed), then sign-extended to type "long" (64 bits, signed). If "this->cfg.level_linespermsg[useron_level] *
(this->cols - 1) - 1" is greater than 0x7FFFFFFF, the upper bits of the result will all be 1.CID 436320: (SIGN_EXTENSION)
Suspicious implicit sign extension: "this->cfg.level_linespermsg[useron_level]" with type "uint16_t" (16 bits, unsigned) is promoted in "this->cfg.level_linespermsg[useron_level] * (this->cols - 1) - 1" to type "int" (32 bits, signed), then sign-extended to type "long" (64 bits, signed). If "this->cfg.level_linespermsg[useron_level] *
657 length=(cfg.level_linespermsg[useron_level]*MAX_LINE_LEN)-(l+1);CID 436320: (SIGN_EXTENSION)
Suspicious implicit sign extension: "this->cfg.level_linespermsg[useron_level]" with type "uint16_t" (16 bits, unsigned) is promoted in "this->cfg.level_linespermsg[useron_level] * (this->cols - 1)" to type "int" (32 bits, signed), then sign-extended to type "unsigned long" (64 bits, unsigned). If "this->cfg.level_linespermsg[useron_level] * (this->cols - 1)" is greater than 0x7FFFFFFF, the upper bits of the result will all be 1.
294 if((buf=(char*)malloc((cfg.level_linespermsg[useron_level]*MAX_LINE_LEN) + 1))CID 436320: (SIGN_EXTENSION)
Suspicious implicit sign extension: "this->cfg.level_linespermsg[useron_level]" with type "uint16_t" (16 bits, unsigned) is promoted in "this->cfg.level_linespermsg[useron_level] * (this->cols - 1) + 1" to type "int" (32 bits, signed), then sign-extended to type "unsigned long" (64 bits, unsigned). If "this->cfg.level_linespermsg[useron_level] * (this->cols - 1) + 1" is greater than 0x7FFFFFFF, the upper bits of the result will all be 1.
656 if(length>(long)((cfg.level_linespermsg[useron_level]*MAX_LINE_LEN)-(l+1))) {CID 436320: (SIGN_EXTENSION)
Suspicious implicit sign extension: "this->cfg.level_linespermsg[useron_level]" with type "uint16_t" (16 bits, unsigned) is promoted in "this->cfg.level_linespermsg[useron_level] * (this->cols - 1)" to type "int" (32 bits, signed), then sign-extended to type "unsigned long" (64 bits, unsigned). If "this->cfg.level_linespermsg[useron_level] * (this->cols - 1)" is greater than 0x7FFFFFFF, the upper bits of the result will all be 1.
49 msg->hdr.when_written.time=(uint32_t)xpDateTime_to_localtime(dt);CID 436319: High impact quality (Y2K38_SAFETY)
A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "xpDateTime_to_localtime(dt)" is cast to "uint32_t".
88 remove(str);CID 436318: Error handling issues (CHECKED_RETURN)
Calling "remove(str)" without checking return value. This library function may fail and return an error code.
198 msg->hdr.when_written.time=(uint32_t)sane_mktime(&tm); 199 }CID 436317: High impact quality (Y2K38_SAFETY)
A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "sane_mktime(&tm)" is cast to "uint32_t".
1382 fseeko(smb.sdt_fp,offset,SEEK_SET);CID 436316: Error handling issues (CHECKED_RETURN)
Calling "fseeko(this->smb.sdt_fp, offset, 0)" without checking return value. This library function may fail and return an error code.
406 min=min*10+(buf[++m]&0xf);CID 436315: Code maintainability issues (UNUSED_VALUE)
Assigning value from "min * 10 + (buf[++m] & 0xf)" to "min" here, but that stored value is overwritten before it can be used.
1692 }CID 436314: (RESOURCE_LEAK)
Handle variable "fd" going out of scope leaks the handle.
1692 }CID 436314: (RESOURCE_LEAK)
Handle variable "fd" going out of scope leaks the handle.
be due to a negative parameter being interpreted as unsigned.CID 436313: (OVERRUN)
Calling "exec" with "sbbs->main_csi.cs" and "sbbs->main_csi.length" is suspicious because of the very large index, 18446744073709551615. The index may
be due to a negative parameter being interpreted as unsigned. [Note: The sourceCID 436313: (OVERRUN)
Calling "read" with "sbbs->main_csi.cs" and "sbbs->main_csi.length" is suspicious because of the very large index, 18446744073709551615. The index may
function may fail and return an error code. [Note: The source code implementation of the function has been overridden by a builtin model.]CID 436312: Error handling issues (CHECKED_RETURN)
Calling "poll(fds, 1UL, 1)" without checking return value. This library
812 if(lread(file,bin.cs,bin.length)!=(ssize_t)bin.length) {CID 436311: (OVERRUN)
Calling "read" with "bin.cs" and "bin.length" is suspicious because of the very large index, 18446744073709551615. The index may be due to a negative parameter being interpreted as unsigned. [Note: The source code implementation of the function has been overridden by a builtin model.]
825 while(exec(&bin)==0)CID 436311: (OVERRUN)
Calling "exec" with "bin.cs" and "bin.length" is suspicious because of the very large index, 18446744073709551615. The index may be due to a negative parameter being interpreted as unsigned.
1114 useron.expire=(time32_t)juliantounix(i);CID 436310: High impact quality (Y2K38_SAFETY)
A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "juliantounix(i)" is cast to "time32_t".
294 remove(str);CID 436309: Error handling issues (CHECKED_RETURN)
Calling "remove(str)" without checking return value. This library function may fail and return an error code.
619 remove(str);CID 436308: (CHECKED_RETURN)
Calling "remove(str)" without checking return value. This library function may fail and return an error code.
745 remove(packet);CID 436308: (CHECKED_RETURN)
Calling "remove(packet)" without checking return value. This library function may fail and return an error code.
733 remove(packet);CID 436308: (CHECKED_RETURN)
Calling "remove(packet)" without checking return value. This library function may fail and return an error code.
4407 fprintf(fp, "done=%u\n", (uint)now);CID 436307: High impact quality (Y2K38_SAFETY)
A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "now" is cast to "uint".
1235 return(unixtodstr(&cfg,(time32_t)ns_time,str));CID 436306: High impact quality (Y2K38_SAFETY)
A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "this->ns_time" is cast to "time32_t".
128 errormsg(WHERE, ERR_CHK, "time", (uint)now); 129 return(false);CID 436305: (Y2K38_SAFETY)
A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "this->now" is cast to "uint".
598 ,(uint)elapsedCID 436305: (Y2K38_SAFETY)
A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "elapsed" is cast to "uint".
603 ,(uint)elapsedCID 436305: (Y2K38_SAFETY)
A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "elapsed" is cast to "uint".
242 fread(buf,len,sizeof(char),fp);CID 436304: Error handling issues (CHECKED_RETURN)
"fread(void * restrict, size_t, size_t, FILE * restrict)" returns the number of bytes read, but it is ignored.
218 if(!smb_getmsghdr(&smb,&msg)) {CID 436303: Uninitialized variables (UNINIT)
Using uninitialized value "msg.idx_offset" when calling "smb_getmsghdr".
194 SAFECAT(buf,crlf);CID 436302: Memory - illegal accesses (STRING_NULL)
Passing unterminated string "buf" to "strlen", which expects a null-terminated string.
752 cp437_to_utf8_str(str, buf, sizeof(buf) - 1, /* minval:CID 436301: Insecure data handling (TAINTED_SCALAR)
Passing tainted expression "str" to "cp437_to_utf8_str", which uses it as an offset.
2033 fprintf(fp, "Created = 0x%x\n", (int)time(NULL));CID 436563: High impact quality (Y2K38_SAFETY)
A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "time(NULL)" is cast to "int".
118 remove(protlog); /* Deletes the protocol log */CID 446269: Error handling issues (CHECKED_RETURN)
Calling "remove(protlog)" without checking return value. This library function may fail and return an error code.
75 SAFEPRINTF2(str,"Estimated Time: %s Transfer Time: %s"CID 446268: High impact quality (Y2K38_SAFETY)
A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "elapsed" is cast to "uint".
131 }Variable "stream" going out of scope leaks the storage it points to. 130 return(false);
3435 pthread_mutex_unlock(&nodefile_mutex);CID 451019: (NEGATIVE_RETURNS)
"this->client_socket" is passed to a parameter that cannot be negative. 3434 errormsg(WHERE, ERR_OPEN, str, cfg.node_num);
3445 }CID 451019: (NEGATIVE_RETURNS)
"this->client_socket" is passed to a parameter that cannot be negative. 3443 errormsg(WHERE,ERR_WRITE,str,sizeof(node_t)); 3444 break;
1437 external(cmdstr(cfg.xtrn[xtrnnum]->clean, drop_file, startup_dir,CID 451018: (LOCK)
"external" locks "this->input_thread_mutex" while it is locked.
NULL, mode)CID 451018: (LOCK)
"external" unlocks "this->input_thread_mutex" while it is unlocked. 1437 external(cmdstr(cfg.xtrn[xtrnnum]->clean, drop_file, startup_dir,
218 if((*cur)>=opts)CID 451057: Uninitialized variables (UNINIT)
Using uninitialized value "*cur".
872 chdir(bbs_startup.ctrl_dir);CID 451056: Error handling issues (CHECKED_RETURN)
Calling "chdir" without checking return value (as is done elsewhere 18 out of 21 times).
2498 sbbs_write_ini(CID 451084: Error handling issues (CHECKED_RETURN)
Calling "sbbs_write_ini" without checking return value (as is done elsewhere 6 out of 7 times).
50 iniWriteFile(fp, ini);CID 451182: Null pointer dereferences (NULL_RETURNS)
Dereferencing a pointer that might be "NULL" "fp" when calling "iniWriteFile".
suspicious.CID 452331: Incorrect expression (SIZEOF_MISMATCH)
Passing argument "getfname("writemsg.cpp")" of type "char *" and argument "8UL /* sizeof (char *) */ * (maxlines + 1)" to function "errormsg" is
966 if(line < 0)CID 452330: Control flow issues (NO_EFFECT)
This less-than-zero comparison of an unsigned value is never true. "line < 0U".
these accesses strongly imply that it is necessary).CID 452566: Concurrent data access violations (MISSING_LOCK)
Accessing "vs->winwidth" without holding lock "vstatlock". Elsewhere, "video_stats.winwidth" is accessed with "vstatlock" held 6 out of 9 times (1 of
288 release_vmem(vmem_ptr);CID 452578: Concurrent data access violations (ATOMICITY)
Using an unreliable value of "vmem_ptr" inside the second locked section. If the data that "vmem_ptr" depends on was changed by another thread, this use might be incorrect.
850 release_vmem(vmem_ptr);CID 452577: Concurrent data access violations (ATOMICITY)
Using an unreliable value of "vmem_ptr" inside the second locked section. If the data that "vmem_ptr" depends on was changed by another thread, this use might be incorrect.
1239 release_vmem(vmem_ptr);CID 452576: Concurrent data access violations (ATOMICITY)
Using an unreliable value of "vmem_ptr" inside the second locked section. If the data that "vmem_ptr" depends on was changed by another thread, this use might be incorrect.
1264 release_vmem(vmem_ptr);CID 452575: Concurrent data access violations (ATOMICITY)
Using an unreliable value of "vmem_ptr" inside the second locked section. If the data that "vmem_ptr" depends on was changed by another thread, this use might be incorrect.
1289 release_vmem(vmem_ptr);CID 452574: Concurrent data access violations (ATOMICITY)
Using an unreliable value of "vmem_ptr" inside the second locked section. If the data that "vmem_ptr" depends on was changed by another thread, this use might be incorrect.
882 release_vmem(vmem_ptr);CID 452573: Concurrent data access violations (ATOMICITY)
Using an unreliable value of "vmem_ptr" inside the second locked section. If the data that "vmem_ptr" depends on was changed by another thread, this use might be incorrect.
931 release_vmem(vmem_ptr);CID 452572: Concurrent data access violations (ATOMICITY)
Using an unreliable value of "vmem_ptr" inside the second locked section. If the data that "vmem_ptr" depends on was changed by another thread, this use might be incorrect.
562 release_vmem(vmem_ptr);Using an unreliable value of "vmem_ptr" inside the second locked section. If the data that "vmem_ptr" depends on was changed by another thread, this use might be incorrect.
647 release_vmem(vmem_ptr);CID 452582: (ATOMICITY)
Using an unreliable value of "vmem_ptr" inside the second locked section. If the data that "vmem_ptr" depends on was changed by another thread, this use might be incorrect.
584 release_vmem(vmem_ptr);CID 452582: (ATOMICITY)
Using an unreliable value of "vmem_ptr" inside the second locked section. If the data that "vmem_ptr" depends on was changed by another thread, this use might be incorrect.
1608 request_redraw();CID 452581: Program hangs (ORDER_REVERSAL)
Calling "request_redraw" acquires lock "vstatlock" while holding lock "screenlock" (count: 1 / 2).
89 fwrite(y2r, 4, 1 << 24, y);CID 453600: (NULL_RETURNS)
Dereferencing a pointer that might be "NULL" "r" when calling "fwrite". 88 fwrite(r2y, 4, 1 << 24, r);
90 fclose(s);CID 453600: (NULL_RETURNS)
Dereferencing a pointer that might be "NULL" "y" when calling "fwrite". 89 fwrite(y2r, 4, 1 << 24, y);
69 fprintf(s,CID 453600: (NULL_RETURNS)
Dereferencing a pointer that might be "NULL" "s" when calling "fprintf". [Note: The source code implementation of the function has been overridden by a builtin model.]
78 fprintf(h,CID 453600: (NULL_RETURNS)
Dereferencing a pointer that might be "NULL" "h" when calling "fprintf". [Note: The source code implementation of the function has been overridden by a builtin model.]
a function which accesses it at byte offset 4000 using argument "wr" (which evaluates to 4001).CID 453850: Memory - corruptions (OVERRUN)
Overrunning buffer pointed to by "wrbuf" of 4000 bytes by passing it to
72 sprintf(path, "%s/r2y.bin", argv[2]);CID 453849: (STRING_SIZE)
Passing string "argv[2]" of unknown size to "sprintf".
74 sprintf(path, "%s/y2r.bin", argv[2]);CID 453849: (STRING_SIZE)
Passing string "argv[2]" of unknown size to "sprintf".
68 sprintf(path, "%s/rgbmap.s", argv[2]);CID 453849: (STRING_SIZE)
Passing string "argv[2]" of unknown size to "sprintf".
70 sprintf(path, "%s/rgbmap.h", argv[2]);CID 453849: (STRING_SIZE)
Passing string "argv[2]" of unknown size to "sprintf".
562 x_cvstat = vstat;CID 453848: Concurrent data access violations (MISSING_LOCK)
Accessing "x_cvstat" without holding lock "vstatlock". Elsewhere, "x_cvstat" is accessed with "vstatlock" held 3 out of 4 times (1 of these accesses strongly imply that it is necessary).
336 if (x_cvstat.aspect_width != 0 && x_cvstat.aspect_height != 0) {CID 454698: Incorrect expression (IDENTICAL_BRANCHES)
The same code is executed regardless of whether "x_cvstat.aspect_width != 0 && x_cvstat.aspect_height != 0" is true, because the 'then' and 'else' branches are identical. Should one of the branches be modified, or the entire 'if' statement replaced?
565 return(-1);CID 454697: Program hangs (LOCK)
Returning without unlocking "vstatlock".
return true;".CID 454696: Control flow issues (UNREACHABLE)
This code cannot be reached: "if (fval == 0.)
904 x11.XPutImage(dpy, win, gc, xim, 0, 0, xoff, yoff, source->w,CID 462165: Null pointer dereferences (FORWARD_NULL)
Dereferencing null pointer "source".
448 vstat.scaling = sdl_getscaling();CID 462164: Concurrent data access violations (MISSING_LOCK)
Accessing "vstat.scaling" without holding lock "vstatlock". Elsewhere, "video_stats.scaling" is accessed with "vstatlock" held 13 out of 18 times (1 of these accesses strongly imply that it is necessary).
408 vstat.scaling = sdl_getscaling();CID 462163: Concurrent data access violations (MISSING_LOCK)
Accessing "vstat.scaling" without holding lock "vstatlock". Elsewhere, "video_stats.scaling" is accessed with "vstatlock" held 13 out of 18 times (1 of these accesses strongly imply that it is necessary).
657 vstat.scaling = sdl_getscaling();CID 462162: Concurrent data access violations (MISSING_LOCK)
Accessing "vstat.scaling" without holding lock "vstatlock". Elsewhere, "video_stats.scaling" is accessed with "vstatlock" held 13 out of 18 times (1 of these accesses strongly imply that it is necessary).
511 xp_dlclose(dl2);CID 462161: Null pointer dereferences (FORWARD_NULL)
Passing null pointer "dl2" to "dlclose", which dereferences it.
589 if(wmhints) {CID 462160: Null pointer dereferences (REVERSE_INULL)
Null-checking "wmhints" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
591 return(-1);CID 462159: (RESOURCE_LEAK)
Variable "dl2" going out of scope leaks the storage it points to.
552 return(-1);CID 462159: (RESOURCE_LEAK)
Variable "dl2" going out of scope leaks the storage it points to.
552 return(-1);CID 462159: (RESOURCE_LEAK)
Variable "dl2" going out of scope leaks the storage it points to.
557 return(-1);CID 462159: (RESOURCE_LEAK)
Variable "dl2" going out of scope leaks the storage it points to.
552 return(-1);CID 462159: (RESOURCE_LEAK)
Variable "dl2" going out of scope leaks the storage it points to.
563 return(-1);CID 462159: (RESOURCE_LEAK)
Variable "dl2" going out of scope leaks the storage it points to.
570 return(-1);CID 462159: (RESOURCE_LEAK)
Variable "dl2" going out of scope leaks the storage it points to.
1167 fwrite(&ch,1,1,tmp_shd);CID 462184: (RESOURCE_LEAK)
Variable "datoffset" going out of scope leaks the storage it points to. 1166 return;
1162 fwrite(&hdr,1,sizeof(smbhdr_t),tmp_shd);CID 462184: (RESOURCE_LEAK)
Variable "datoffset" going out of scope leaks the storage it points to. 1161 return;
1250 if(!m && *(ushort *)buf!=XLAT_NONE && *(ushort *)buf!=XLAT_LZH) {CID 462184: (RESOURCE_LEAK)
Variable "datoffset" going out of scope leaks the storage it points to. 1249 return;
564 xp_dlclose(dl3);CID 462183: Null pointer dereferences (FORWARD_NULL)
Passing null pointer "dl3" to "dlclose", which dereferences it.
619 return(-1);CID 462182: (RESOURCE_LEAK)
Variable "dl4" going out of scope leaks the storage it points to.
608 return(-1);CID 462182: (RESOURCE_LEAK)
Variable "dl4" going out of scope leaks the storage it points to.
613 return(-1);CID 462182: (RESOURCE_LEAK)
Variable "dl4" going out of scope leaks the storage it points to.
626 return(-1);CID 462182: (RESOURCE_LEAK)
Variable "dl4" going out of scope leaks the storage it points to.
647 return(-1);CID 462182: (RESOURCE_LEAK)
Variable "dl4" going out of scope leaks the storage it points to.
608 return(-1);CID 462181: Resource leaks (RESOURCE_LEAK)
Variable "dl3" going out of scope leaks the storage it points to.
579 xp_dlclose(dl4);CID 462180: Null pointer dereferences (FORWARD_NULL)
Passing null pointer "dl4" to "dlclose", which dereferences it.
305 }CID 462179: Control flow issues (DEADCODE)
Execution cannot reach this statement: "x11.XRRFreeCrtcInfo(xrrci);". 304 x11.XRRFreeCrtcInfo(xrrci);
45 out of 52 times).CID 462239: (CHECKED_RETURN)
Calling "ftruncate" without checking return value (as is done elsewhere
45 out of 52 times).CID 462239: (CHECKED_RETURN)
Calling "ftruncate" without checking return value (as is done elsewhere
1732 }CID 462238: (RESOURCE_LEAK)
Variable "instream" going out of scope leaks the storage it points to. 1731 return false;
1718 }CID 462238: (RESOURCE_LEAK)
Variable "instream" going out of scope leaks the storage it points to. 1717 return false;
244 return -4;CID 462237: Resource leaks (RESOURCE_LEAK)
Variable "buf" going out of scope leaks the storage it points to.
588 if (xinerama_found && ((x11.XRRQueryVersion = xp_dlsym(dl4, XRRQueryVersion)) == NULL)) {CID 462236: Null pointer dereferences (FORWARD_NULL)
Passing null pointer "dl4" to "dlsym", which dereferences it.
114 return __COUNTER__;CID 462235: Resource leaks (RESOURCE_LEAK)
Variable "body" going out of scope leaks the storage it points to.
303 return false;CID 462234: Resource leaks (RESOURCE_LEAK)
Variable "buf" going out of scope leaks the storage it points to.
3525 case 'a': /* Character Position Forward */CID 462300: Control flow issues (MISSING_BREAK)
The case for value "'a'" is not terminated by a "break" statement.
3533 case 'j': /* Character Position Backward */CID 462299: Control flow issues (MISSING_BREAK)
The case for value "'j'" is not terminated by a "break" statement.
1893 return(0);CID 462298: (NEGATIVE_RETURNS)
"this->curdirnum" is passed to a parameter that cannot be negative. 1892 csi->logic=select_editor() ? LOGIC_TRUE:LOGIC_FALSE;
1881 && chk_ar(cfg.shell[i]->ar,&useron,&client))CID 462298: (NEGATIVE_RETURNS)
"this->curdirnum" is passed to a parameter that cannot be negative. 1880 if(!stricmp(csi->str,cfg.shell[i]->code)
1182CID 462298: (NEGATIVE_RETURNS)
"this->curdirnum" is passed to a parameter that cannot be negative. 1181 return(exec_function(csi));
1500 return(0);CID 462298: (NEGATIVE_RETURNS)
"this->curdirnum" is passed to a parameter that cannot be negative. 1499 user_event((user_event_t)*(csi->ip++));
1182CID 462298: (NEGATIVE_RETURNS)
"this->cursubnum" is passed to a parameter that cannot be negative. 1181 return(exec_function(csi));
1762 return(0);CID 462298: (NEGATIVE_RETURNS)
"this->curdirnum" is passed to a parameter that cannot be negative. 1761 logout();
1539 return(0);CID 462298: (NEGATIVE_RETURNS)
"this->curdirnum" is passed to a parameter that cannot be negative. 1538 multinodechat(*csi->ip++);
1876 return(0);CID 462298: (NEGATIVE_RETURNS)
"this->curdirnum" is passed to a parameter that cannot be negative. 1875 csi->logic=select_shell() ? LOGIC_TRUE:LOGIC_FALSE;
1898 && chk_ar(cfg.xedit[i]->ar,&useron,&client))CID 462298: (NEGATIVE_RETURNS)
"this->curdirnum" is passed to a parameter that cannot be negative. 1897 if(!stricmp(csi->str,cfg.xedit[i]->code)
218 if(!smb_getmsghdr(&smb,&msg)) {CID 462297: Uninitialized variables (UNINIT)
Using uninitialized value "msg.idx_offset" when calling "smb_getmsghdr".
296 if((buf=(char*)malloc((cfg.level_linespermsg[useron_level]*MAX_LINE_LEN) + 1))CID 462296: Integer handling issues (SIGN_EXTENSION)
Suspicious implicit sign extension: "this->cfg.level_linespermsg[useron_level]" with type "uint16_t" (16 bits, unsigned) is promoted in "this->cfg.level_linespermsg[useron_level] * (this->cols - 1 + 2) + 1" to type "int" (32 bits, signed), then sign-extended to type "unsigned long" (64 bits, unsigned). If "this->cfg.level_linespermsg[useron_level] * (this->cols - 1 + 2) + 1" is greater than 0x7FFFFFFF, the upper bits of the result will all be 1.
3509 case 'A': /* Cursor Up */CID 462295: Control flow issues (MISSING_BREAK)
The case for value "'A'" is not terminated by a "break" statement.
1038 if(!writemsg(msgpath,nulstr,title,WM_NETMAIL|mode,INVALID_SUB, to_list, /* from: */your_addr, &editor, &charset)) {CID 462294: Integer handling issues (NEGATIVE_RETURNS)
A negative constant "-1" is passed as an argument to a parameter that cannot be negative.
200 if(!writemsg(msgpath,nulstr,subj,WM_NETMAIL|mode,INVALID_SUB, to,CID 462293: Integer handling issues (NEGATIVE_RETURNS)
A negative constant "-1" is passed as an argument to a parameter that cannot be negative.
526 strcat(*pp1,*pp2);CID 462292: (NULL_RETURNS)
Dereferencing a pointer that might be "nullptr" "*pp1" when calling "strcat". [Note: The source code implementation of the function has been overridden by a builtin model.]
526 strcat(*pp1,*pp2);CID 462292: (NULL_RETURNS)
Dereferencing a pointer that might be "nullptr" "*pp1" when calling "strcat". [Note: The source code implementation of the function has been overridden by a builtin model.]
3517 case 'B': /* Cursor Down */CID 462291: Control flow issues (MISSING_BREAK)
The case for value "'B'" is not terminated by a "break" statement.
1316 if(!writemsg(msgpath,nulstr,title, (mode|WM_QWKNET|WM_NETMAIL) ,INVALID_SUB,to,/* from: */useron.alias, &editor, &charset)) {CID 462290: Integer handling issues (NEGATIVE_RETURNS)
A negative constant "-1" is passed as an argument to a parameter that cannot be negative.
53 if(!writemsg(msgpath,nulstr,title,wm_mode,INVALID_SUB,"Bulk Mailing"CID 462289: Integer handling issues (NEGATIVE_RETURNS)
A negative constant "-1" is passed as an argument to a parameter that cannot be negative.
351 SAFEPRINTF(str,"%s ",unixtodstr(&cfg,(time32_t)now,tmp));CID 462288: High impact quality (Y2K38_SAFETY)
A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "this->now" is cast to "time32_t".
762 cp437_to_utf8_str(str, buf, sizeof(buf) - 1, /* minval:CID 462287: Insecure data handling (TAINTED_SCALAR)
Passing tainted expression "str" to "cp437_to_utf8_str", which uses it as an offset.
1796 remove(outpath); // expected to fail (file does not exist) much ofCID 462777: Error handling issues (CHECKED_RETURN)
Calling "remove(outpath)" without checking return value. This library function may fail and return an error code.
2447 return NULL;CID 465170: Resource leaks (RESOURCE_LEAK)
Variable "item" going out of scope leaks the storage it points to.
544 if((cfg.ftest = (ftest_t**)new_item(cfg.ftest, sizeof(ftest_t),CID 465169: (SIZEOF_MISMATCH)
Passing argument "240UL /* sizeof (ftest_t) */" to function "new_item" and then casting the return value to "ftest_t **" is suspicious.
sizeof(dlevent_t), i, &cfg.total_dlevents)) == NULL) {CID 465169: (SIZEOF_MISMATCH)
Passing argument "240UL /* sizeof (dlevent_t) */" to function "new_item" and then casting the return value to "dlevent_t **" is suspicious. 698 if((cfg.dlevent = (dlevent_t**)new_item(cfg.dlevent,
1124 if((cfg.prot = (prot_t**)new_item(cfg.prot, sizeof(prot_t), i,CID 465169: (SIZEOF_MISMATCH)
Passing argument "720UL /* sizeof (prot_t) */" to function "new_item" and then casting the return value to "prot_t **" is suspicious.
844 if((cfg.fextr = (fextr_t**)new_item(cfg.fextr, sizeof(fextr_t),CID 465169: (SIZEOF_MISMATCH)
Passing argument "199UL /* sizeof (fextr_t) */" to function "new_item" and then casting the return value to "fextr_t **" is suspicious.
412 if((cfg.fview = (fview_t**)new_item(cfg.fview, sizeof(fview_t),CID 465169: (SIZEOF_MISMATCH)
Passing argument "199UL /* sizeof (fview_t) */" to function "new_item" and then casting the return value to "fview_t **" is suspicious.
982 if((cfg.fcomp = (fcomp_t**)new_item(cfg.fcomp, sizeof(fcomp_t),CID 465169: (SIZEOF_MISMATCH)
Passing argument "199UL /* sizeof (fcomp_t) */" to function "new_item" and then casting the return value to "fcomp_t **" is suspicious.
1344 return(unixtodstr(&cfg,(time32_t)ns_time,str));CID 465835: High impact quality (Y2K38_SAFETY)
A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "this->ns_time" is cast to "time32_t".
450 telnet_mode |= TELNET_MODE_OFF;CID 469141: Data race undermines locking (LOCK_EVASION)
Thread1 sets "telnet_mode" to a new value. Now the two threads have an inconsistent view of "telnet_mode" and updates to fields correlated with "telnet_mode" may be lost.
out of 5 times).CID 469140: Error handling issues (CHECKED_RETURN)
Calling "putnmsg" without checking return value (as is done elsewhere 4
1376 return JS_LIKELY(!!p2) ? p2 : onOutOfMemory(p, newBytes, cx); 1377 }CID 469139: Resource leaks (RESOURCE_LEAK)
Failing to save or free storage allocated by "this->onOutOfMemory(p, newBytes, cx)" leaks it.
354 if(ch && !n && ((keys == NULL && !IS_DIGIT(ch)) || (strchr(str,ch))))CID 469138: Uninitialized variables (UNINIT)
Using uninitialized value "*str" when calling "strchr". [Note: The source code implementation of the function has been overridden by a builtin model.]
3549 m->magic = mparams.magic;CID 469137: Concurrent data access violations (MISSING_LOCK)
Accessing "mparams.magic" without holding lock "magic_init_mutex". Elsewhere, "malloc_params.magic" is written to with "magic_init_mutex" held 1 out of 1 times.
2175 return(JS_TRUE);CID 469136: Program hangs (LOCK)
Returning without unlocking "sbbs->input_thread_mutex".
35 listInit(&rt_list, 0);CID 469135: Concurrent data access violations (MISSING_LOCK)
Accessing "rt_list" without holding lock "jsrt_mutex". Elsewhere, "rt_list" is written to with "jsrt_mutex" held 4 out of 5 times.
1274 return false;CID 469134: Program hangs (LOCK)
Returning without unlocking "this->input_thread_mutex".
evaluates to 11) in call to "NewNativeClassInstance".CID 469133: Memory - corruptions (OVERRUN)
Overrunning callee's array of size 11 by passing argument "kind" (which
692 sdl.SetWindowFullscreen(win, fullscreen ? SDL_WINDOW_FULLSCREEN_DESKTOP : 0);CID 469132: Concurrent data access violations (MISSING_LOCK)
Accessing "win" without holding lock "win_mutex". Elsewhere, "win" is written to with "win_mutex" held 1 out of 1 times.
of 3 times.CID 469131: Concurrent data access violations (MISSING_LOCK)
Accessing "csi->cs" without holding lock "sbbs_t.input_thread_mutex". Elsewhere, "csi_t.cs" is written to with "sbbs_t.input_thread_mutex" held 3 out
628 return(false);CID 469130: Program hangs (LOCK)
Returning without unlocking "this->input_thread_mutex".
3908 ssh_mode = false;CID 469129: Data race undermines locking (LOCK_EVASION)
Thread1 sets "ssh_mode" to a new value. Now the two threads have an inconsistent view of "ssh_mode" and updates to fields correlated with "ssh_mode" may be lost.
716 j=0;CID 469128: Code maintainability issues (UNUSED_VALUE)
Assigning value "0" to "j" here, but that stored value is overwritten before it can be used.
873 j=0;CID 469127: Code maintainability issues (UNUSED_VALUE)
Assigning value "0" to "j" here, but that stored value is overwritten before it can be used.
1196 sdl_init_good=1;CID 469126: Data race undermines locking (LOCK_EVASION)
Thread1 sets "sdl_init_good" to a new value. Now the two threads have an inconsistent view of "sdl_init_good" and updates to fields correlated with "sdl_init_good" may be lost.
2149 }CID 469125: Program hangs (LOCK)
Returning without unlocking "sbbs->input_thread_mutex".
1387 return JS_LIKELY(!!p2) ? p2 : onOutOfMemory(p, bytes, cx); 1388 }CID 469124: Resource leaks (RESOURCE_LEAK)
Failing to save or free storage allocated by "this->onOutOfMemory(p, bytes, cx)" leaks it.
3642 insert_large_chunk(m, tp, psize);CID 469123: Memory - corruptions (USE_AFTER_FREE)
Dereferencing freed pointer "tp".
"bitmap_callbacks.lock" held 2 out of 3 times.CID 469122: Concurrent data access violations (MISSING_LOCK)
Accessing "callbacks.rects" without holding lock "bitmap_callbacks.lock". Elsewhere, "bitmap_callbacks.rects" is written to with
2495 ssh_errors++;CID 469167: (SLEEP)
Call to "lprintf" might sleep while holding lock "sbbs->ssh_mutex". 2494 GCESSTR(err, node, sbbs->ssh_session, "pushing data");
2480 ssh_errors++;CID 469167: (SLEEP)
Call to "lprintf" might sleep while holding lock "sbbs->ssh_mutex". 2479 GCESSTR(err, node, sbbs->ssh_session, "setting channel");
111 return false;CID 470390: Program hangs (LOCK)
Returning without unlocking "this->input_thread_mutex".
84 if(!SYSOP || yesno(text[DeleteFileQ]))CID 470389: (SLEEP)
Call to "yesno" might sleep while holding lock "this->input_thread_mutex".
76 clearline();CID 470389: (SLEEP)
Call to "clearline" might sleep while holding lock "this->input_thread_mutex".
203 restoreline();CID 470388: Program hangs (SLEEP)
Call to "restoreline" might sleep while holding lock "this->input_thread_mutex".
654 return(true);CID 470387: Program hangs (LOCK)
Returning without unlocking "this->input_thread_mutex".
86 return false;CID 470386: Program hangs (LOCK)
Returning without unlocking "this->input_thread_mutex".
201 switch(read(in,&ch,1)) {CID 470457: Incorrect expression (SIZEOF_MISMATCH)
Passing argument "&ch" of type "int *" and argument "1UL" to function "read" is suspicious because "sizeof (int) /*4*/" is expected.
3122 return false;CID 470557: Resource leaks (RESOURCE_LEAK)
Variable "spy" going out of scope leaks the storage it points to.
1157 rand(); /* throw-away first result */CID 470556: (DC.WEAK_CRYPTO)
"rand" should not be used for security-related applications, because linear congruential algorithms are too easy to break.
1159 ,rand(),socket,(ulong)time(NULL),(ulong)clock(),CID 470556: (DC.WEAK_CRYPTO)
"rand" should not be used for security-related applications, because linear congruential algorithms are too easy to break.
1089 setsockopt(socket,IPPROTO_TCP,TCP_NODELAY,(char*)&nodelay,sizeof(nodelay));CID 470555: Error handling issues (CHECKED_RETURN)
Calling "setsockopt(socket, IPPROTO_TCP, 1, (char *)&nodelay, 4U)" without checking return value. This library function may fail and return an error code.
3123 }CID 470554: Resource leaks (RESOURCE_LEAK)
Variable "rcptlst" going out of scope leaks the storage it points to. 3122 return false;
4204 ,rand(),socket,(ulong)time(NULL),(ulong)clock(),server_host_name());CID 470553: (DC.WEAK_CRYPTO)
"rand" should not be used for security-related applications, because linear congruential algorithms are too easy to break.
3078 rand(); /* throw-away first result */CID 470553: (DC.WEAK_CRYPTO)
"rand" should not be used for security-related applications, because linear congruential algorithms are too easy to break.
3079 SAFEPRINTF4(session_id,"%x%x%x%lx",getpid(),socket,rand(),(long)clock());CID 470553: (DC.WEAK_CRYPTO)
"rand" should not be used for security-related applications, because linear congruential algorithms are too easy to break.
1474 JS_ValueToInt32(cx, argv[i], &duration);CID 470929: Error handling issues (CHECKED_RETURN)
Calling "JS_ValueToInt32" without checking return value (as is done elsewhere 261 out of 293 times).
412 cert_entry->sess = -1;CID 471381: Null pointer dereferences (NULL_RETURNS)
Dereferencing "cert_entry", which is known to be "NULL".
367 strListCombine(list, auxdata, size - 1, "\r\n");CID 471656: Memory - corruptions (OVERRUN)
Calling "strListCombine" with "auxdata" and "size - 1UL" is suspicious because of the very large index, 18446744073709551615. The index may be due to a negative parameter being interpreted as unsigned.
505 if( isNullChannel( writeChannelInfoPtr ) )CID 476254: (NULL_RETURNS)
Dereferencing "writeChannelInfoPtr", which is known to be "NULL".
517 if( isNullChannel( writeChannelInfoPtr ) )CID 476254: (NULL_RETURNS)
Dereferencing "writeChannelInfoPtr", which is known to be "NULL".
511 if( isNullChannel( writeChannelInfoPtr ) )CID 476254: (NULL_RETURNS)
Dereferencing "writeChannelInfoPtr", which is known to be "NULL".
525 if( isNullChannel( writeChannelInfoPtr ) )CID 476254: (NULL_RETURNS)
Dereferencing "writeChannelInfoPtr", which is known to be "NULL".
335 return (DEBUG_EXIT);CID 476253: Resource leaks (RESOURCE_LEAK)
Variable "line" going out of scope leaks the storage it points to.
413 ssl_sync(cfg, lprintf);CID 477525: Error handling issues (CHECKED_RETURN)
Calling "ssl_sync" without checking return value (as is done elsewhere 6 out of 7 times).
753 return(false);CID 479110: Program hangs (LOCK)
Returning without unlocking "this->input_thread_mutex".
349 return( status ); /* Residual error from peekTag() */CID 479109: (DEADCODE)
Execution cannot reach this statement: "return status;".
364 return( status ); /* Residual error from peekTag() */CID 479109: (DEADCODE)
Execution cannot reach this statement: "return status;".
425 case CRYPT_CTXINFO_SSH_PUBLIC_KEY:CID 479108: Control flow issues (MISSING_BREAK)
The case for value "CRYPT_CTXINFO_SSH_PUBLIC_KEY" is not terminated by a "break" statement.
857 status = activateSubprotocolFunction( sessionInfoPtr );CID 479107: Control flow issues (DEADCODE)
Execution cannot reach this statement: "status = activateSubprotoco...".
elsewhere 36 out of 45 times).CID 479106: Error handling issues (CHECKED_RETURN)
Calling "readShortIntegerTag" without checking return value (as is done
1030 const SES_CLOSESUBPROTOCOL_FUNCTION closeSubprotocolFunction = \CID 479105: Control flow issues (DEADCODE)
Execution cannot reach the expression "sessionInfoPtr->closeInnerSubprotocolFunction.fnPtr" inside this statement: "closeSubprotocolFunction = ...".
220 ch |= string[ i ] << shiftAmt;CID 479104: (BAD_SHIFT)
In expression "string[i] << shiftAmt", left shifting by more than 31 bits has undefined behavior. The shift amount, "shiftAmt", is at least 72.
220 ch |= string[ i ] << shiftAmt;CID 479104: (BAD_SHIFT)
In expression "string[i] << shiftAmt", left shifting by more than 31 bits has undefined behavior. The shift amount, "shiftAmt", is at least 72.
120 if((i=smb_open(&smb))!=0) {CID 479103: (SLEEP)
Call to "smb_open" might sleep while holding lock "this->input_thread_mutex".
112 errormsg(WHERE,ERR_CREATE,str,0);CID 479103: (SLEEP)
Call to "errormsg" might sleep while holding lock "this->input_thread_mutex".
106 errormsg(WHERE,ERR_CREATE,str,0);CID 479103: (SLEEP)
Call to "errormsg" might sleep while holding lock "this->input_thread_mutex".
elsewhere 36 out of 45 times).CID 479102: Error handling issues (CHECKED_RETURN)
Calling "readShortIntegerTag" without checking return value (as is done
353 asprintf(&cryptfail, "Incorrect cryptlib patch set %.32s (expectedCID 479101: (CHECKED_RETURN)
Calling "asprintf" without checking return value (as is done elsewhere 19 out of 21 times).
345 asprintf(&cryptfail, "Incorrect cryptlib version %d (expected %d)",CID 479101: (CHECKED_RETURN)
Calling "asprintf" without checking return value (as is done elsewhere 19 out of 21 times).
659 cert_list = sess;CID 479100: (ATOMICITY)
Using an unreliable value of "sess" inside the second locked section. If the data that "sess" depends on was changed by another thread, this use might be incorrect.
659 cert_list = sess;CID 479100: (ATOMICITY)
Using an unreliable value of "sess" inside the second locked section. If the data that "sess" depends on was changed by another thread, this use might be incorrect.
495 return( status ); /* Residual error from checkStatusPeekTag() */CID 479099: Control flow issues (DEADCODE)
Execution cannot reach this statement: "return status;".
95 return false;CID 479098: Program hangs (LOCK)
Returning without unlocking "this->input_thread_mutex".
1035 ( void ) closeSubprotocolFunction( sessionInfoPtr );CID 479097: Control flow issues (DEADCODE)
Execution cannot reach this statement: "(void)closeSubprotocolFunct...".
"activateSubprotocolFunction...".CID 479096: Control flow issues (DEADCODE)
Execution cannot reach the expression "sessionInfoPtr->activateOuterSubprotocolFunction.fnPtr" inside this statement:
130 return( FALSE );CID 479095: Control flow issues (DEADCODE)
Execution cannot reach this statement: "return 0;".
720 return( status ); /* Residual error from peekTag() */CID 479094: (DEADCODE)
Execution cannot reach this statement: "return status;".
668 return( status ); /* Residual error from peekTag() */CID 479094: (DEADCODE)
Execution cannot reach this statement: "return status;".
641 return( status ); /* Residual error from peekTag() */CID 479094: (DEADCODE)
Execution cannot reach this statement: "return status;".
1779 case CRYPT_KEYSET_LDAP:CID 479093: (DEADCODE)
Execution cannot reach this statement: "case CRYPT_KEYSET_LDAP:".
1771 case CRYPT_KEYSET_DATABASE_STORE:CID 479093: (DEADCODE)
Execution cannot reach this statement: "case CRYPT_KEYSET_DATABASE:". 1770 case CRYPT_KEYSET_DATABASE:
1771 case CRYPT_KEYSET_DATABASE_STORE:CID 479093: (DEADCODE)
Execution cannot reach this statement: "case CRYPT_KEYSET_DATABASE_...".
285 insertDoubleListElement( newAttributeHeadPtr, newAttributeListTail,Variable "newAttributeField" going out of scope leaks the storage it points to.
"if".CID 479091: Integer handling issues (CONSTANT_EXPRESSION_RESULT)
"255612575 || channelNo == 0 || !waitforWindow" is always true regardless of the values of its operands. This occurs as the logical operand of
CID 480410: Uninitialized variables (UNINIT)
Using uninitialized value "bestf".
349 if (cryptStatusError(ret) || stp != 32 || memcmp(patches, CRYPTLIB_PATCHES, 32) != 0) {CID 483188: Memory - corruptions (OVERRUN)
Overrunning array """" of 1 bytes by passing it to a function which accesses it at byte offset 31 using argument "32UL".
3570 remove(str);CID 483249: Error handling issues (CHECKED_RETURN)
Calling "remove(str)" without checking return value. This library function may fail and return an error code.
1731 if(!js_GetMsgHeaderObjectPrivates(cx, hdrobj, /* smb_t: */NULL,CID 486181: (RESOURCE_LEAK)
Variable "instr" going out of scope leaks the storage it points to. 1730 return JS_FALSE;
1733 }CID 486181: (RESOURCE_LEAK)
Variable "instr" going out of scope leaks the storage it points to. 1732 return JS_FALSE;
1379 return(NULL);CID 486276: (USE_AFTER_FREE)
Calling "free" frees pointer "working" which has already been freed. 1378 free(working);
1379 return(NULL);CID 486276: (USE_AFTER_FREE)
Calling "free" frees pointer "working" which has already been freed. 1378 free(working);
1379 return(NULL);CID 486276: (USE_AFTER_FREE)
Calling "free" frees pointer "working" which has already been freed. 1378 free(working);
1379 return(NULL);CID 486276: (USE_AFTER_FREE)
Calling "free" frees pointer "working" which has already been freed. 1378 free(working);
1379 return(NULL);CID 486276: (USE_AFTER_FREE)
Calling "free" frees pointer "working" which has already been freed. 1378 free(working);
1379 return(NULL);CID 486276: (USE_AFTER_FREE)
Calling "free" frees pointer "working" which has already been freed. 1378 free(working);
1379 return(NULL);CID 486276: (USE_AFTER_FREE)
Calling "free" frees pointer "working" which has already been freed. 1378 free(working);
1379 return(NULL);CID 486276: (USE_AFTER_FREE)
Calling "free" frees pointer "working" which has already been freed. 1378 free(working);
1379 return(NULL);CID 486276: (USE_AFTER_FREE)
Calling "free" frees pointer "working" which has already been freed. 1378 free(working);
1379 return(NULL);CID 486276: (USE_AFTER_FREE)
Calling "free" frees pointer "working" which has already been freed. 1378 free(working);
1379 return(NULL);CID 486276: (USE_AFTER_FREE)
Calling "free" frees pointer "working" which has already been freed. 1378 free(working);
1379 return(NULL);CID 486276: (USE_AFTER_FREE)
Calling "free" frees pointer "working" which has already been freed. 1378 free(working);
1379 return(NULL);CID 486276: (USE_AFTER_FREE)
Calling "free" frees pointer "working" which has already been freed. 1378 free(working);
1379 return(NULL);CID 486276: (USE_AFTER_FREE)
Calling "free" frees pointer "working" which has already been freed. 1378 free(working);
1379 return(NULL);CID 486276: (USE_AFTER_FREE)
Calling "free" frees pointer "working" which has already been freed. 1378 free(working);
416 fseek(stream,l,SEEK_SET);CID 486477: Error handling issues (CHECKED_RETURN)
Calling "fseek(stream, l, 0)" without checking return value. This library function may fail and return an error code.
382 fexistcase(path);CID 486496: (CHECKED_RETURN)
Calling "fexistcase" without checking return value (as is done elsewhere 117 out of 130 times).
344 fexistcase(path);CID 486496: (CHECKED_RETURN)
Calling "fexistcase" without checking return value (as is done elsewhere 117 out of 130 times).
1073 return ret;CID 486966: Memory - illegal accesses (RETURN_LOCAL)
Returning pointer "ret" which points to local variable "fval".
503 if(callbacks.drawrect) {Accessing "callbacks.drawrect" without holding lock "bitmap_callbacks.lock". Elsewhere, "bitmap_callbacks.drawrect" is written to with "bitmap_callbacks.lock" held 1 out of 1 times (1 of these accesses strongly imply that it is necessary).
97 useron.laston=(time32_t)now;CID 487089: High impact quality (Y2K38_SAFETY)
A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "this->now" is cast to "time32_t".
89 remove(path);CID 487088: Error handling issues (CHECKED_RETURN)
Calling "remove(path)" without checking return value. This library function may fail and return an error code.
sftp_patt, sbbs->useron.alias);2 characters. Appending "dir", whose string length (null character not included) is 2 characters, plus the null character overruns "tmppath".
CID 487180: Memory - corruptions (BUFFER_SIZE)
Buffer "tmppath" has a size of 4097 characters, and its string length (null character not included) is 4095 characters, leaving an available space of
63 state->running--;CID 487179: (MISSING_LOCK)
Accessing "state->running" without holding lock "sftp_client_state.mtx". Elsewhere, "sftp_client_state.running" is written to with "sftp_client_state.mtx" held 1 out of 2 times (1 of these accesses strongly imply that it is necessary).
63 state->running--;CID 487179: (MISSING_LOCK)
Accessing "state->running" without holding lock "sftp_server_state.mtx". Elsewhere, "sftp_server_state.running" is written to with "sftp_server_state.mtx" held 1 out of 2 times (1 of these accesses strongly imply that it is necessary).
78 return true;CID 487178: (RESOURCE_LEAK)
Variable "fname" going out of scope leaks the storage it points to.
72 return true;CID 487178: (RESOURCE_LEAK)
Variable "fname" going out of scope leaks the storage it points to.
82 return true;CID 487178: (RESOURCE_LEAK)
Variable "fname" going out of scope leaks the storage it points to.
68 return true;CID 487178: (RESOURCE_LEAK)
Variable "fname" going out of scope leaks the storage it points to.
433 sftp_fattr_set_times(attr, fd, fd);CID 487177: (Y2K38_SAFETY)
A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "fd" is cast to "uint32_t".
433 sftp_fattr_set_times(attr, fd, fd);CID 487177: (Y2K38_SAFETY)
A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "fd" is cast to "uint32_t".
741 return -1;CID 487176: (RESOURCE_LEAK)
Variable "p" going out of scope leaks the storage it points to.
741 return -1;CID 487176: (RESOURCE_LEAK)
Variable "p" going out of scope leaks the storage it points to.
1517 return sftps_send_error(sbbs->sftp_state, SSH_FX_FAILURE, "ENameCID 487175: Resource leaks (RESOURCE_LEAK)
Variable "attr" going out of scope leaks the storage it points to.
1993 cname = nullptr;CID 487174: Code maintainability issues (UNUSED_VALUE)
Assigning value "NULL" to "cname" here, but that stored value is overwritten before it can be used.
987 return false;CID 487173: Program hangs (LOCK)
Returning without unlocking "sbbs->ssh_mutex".
171 if (this->sftp_path[files_path_len] == 0 || this->sftp_path[files_path_len] == 0) {CID 487172: Incorrect expression (CONSTANT_EXPRESSION_RESULT)
The expression "this->sftp_path[6UL /* files_path_len */] == 0 || this->sftp_path[6UL /* files_path_len */] == 0" does not accomplish anything because it evaluates to either of its identical operands, "this->sftp_path[6UL /* files_path_len */] == 0".
324 for (ext = 0; ext < extcnt; ext++) {CID 487171: Insecure data handling (TAINTED_SCALAR)
Using tainted variable "extcnt" as a loop boundary.
1147 if (access(pmap.local_path, F_OK) != 0) {CID 487170: Security best practices violations (TOCTOU)
Calling function "access" to perform check on "pmap.local_path".
1044 remove(sbbs->sftp_filedes[i]->local_path);CID 487169: Error handling issues (CHECKED_RETURN)
Calling "remove(sbbs->sftp_filedes[i]->local_path)" without checking return value. This library function may fail and return an error code.
value is overwritten before it can be used.CID 487168: (UNUSED_VALUE)
Assigning value from "setChannelAttributeS(sessionInfoPtr, CRYPT_SESSINFO_SSH_CHANNEL_TYPE, "shell", 5)" to "status" here, but that stored
691 status = setChannelAttributeS( sessionInfoPtr, 692 CRYPT_SESSINFO_SSH_CHANNEL_TYPE,CID 487168: (UNUSED_VALUE)
Assigning value from "setChannelAttributeS(sessionInfoPtr, CRYPT_SESSINFO_SSH_CHANNEL_TYPE, "exec", 4)" to "status" here, but that stored value is overwritten before it can be used.
2048 return ret;CID 487167: Program hangs (LOCK)
Returning without unlocking "sbbs->sftp_state->mtx".
2036 cryptSetAttribute(sbbs->ssh_session,CID 487166: (CHECKED_RETURN)
Calling "cryptSetAttribute" without checking return value (as is done elsewhere 50 out of 61 times).
2028 cryptSetAttribute(sbbs->ssh_session,CID 487166: (CHECKED_RETURN)
Calling "cryptSetAttribute" without checking return value (as is done elsewhere 50 out of 61 times).
(inbuf), tgot))1979 sbbs->sftp_end();
1984 if (cname && sbbs->session_channel == -1 && strcmp(cname,CID 487165: (REVERSE_INULL)
Null-checking "cname" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
1975 if (((startup->options & (BBS_OPT_ALLOW_SFTP |CID 487165: (REVERSE_INULL)
Null-checking "cname" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
(inbuf), tgot))1979 sbbs->sftp_end();
1424 return sftps_send_error(sbbs->sftp_state, SSH_FX_FAILURE,CID 487164: Resource leaks (RESOURCE_LEAK)
Variable "link" going out of scope leaks the storage it points to.
373 return false;CID 487163: Program hangs (LOCK)
Returning without unlocking "state->mtx".
871 sftp_fattr_free(ret);CID 487162: Control flow issues (DEADCODE)
Execution cannot reach this statement: "sftp_fattr_free(ret);".
448 sftp_fattr_set_times(attr, fd, fd);CID 487161: (Y2K38_SAFETY)
A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "fd" is cast to "uint32_t".
448 sftp_fattr_set_times(attr, fd, fd);CID 487161: (Y2K38_SAFETY)
A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "fd" is cast to "uint32_t".
1625 fn.add_name(strdup(vpath), lname, attr);CID 487600: Error handling issues (CHECKED_RETURN)
Calling "add_name" without checking return value (as is done elsewhere 4 out of 5 times).
36 return mktime(&tm) - mktime(gmtime_r(&t,&gmt));CID 487672: Null pointer dereferences (NULL_RETURNS)
Dereferencing a pointer that might be "NULL" "gmtime_r(&t, &gmt)" when calling "mktime".
6243 if(!session->send_failed) {CID 488122: Concurrent data access violations (MISSING_LOCK)
Accessing "session->send_failed" without holding lock "http_session_t.outbuf_write". Elsewhere, "http_session_t.send_failed" is written to with "http_session_t.outbuf_write" held 1 out of 1 times.
344 answers[a++]=(char)getkeys((char *)buf+m,0);CID 488309: Memory - illegal accesses (STRING_NULL)
Passing unterminated string "(char *)buf + m" to "getkeys", which expects a null-terminated string.
3666 faddr=atofaddr(buf+i+1);CID 488308: (STRING_NULL)
Passing unterminated string "buf + i + 1" to "atofaddr", which expects a null-terminated string.
3660 faddr=atofaddr(buf+i+6);CID 488308: (STRING_NULL)
Passing unterminated string "buf + i + 6" to "atofaddr", which expects a null-terminated string.
1085 set_convenience_ptr(msg,msg->hfield[i].type,msg->hfield[i].length,msg->hfield_dat[i]);CID 488307: Memory - illegal accesses (STRING_NULL)
Passing unterminated string "msg->hfield_dat[i]" to "set_convenience_ptr", which expects a null-terminated string.
a null-terminated string. [Note: The source code implementation of the functionCID 488306: (STRING_NULL)
Passing unterminated string "record.author" to "strlcpy", which expects
null-terminated string. [Note: The source code implementation of the function has been overridden by a builtin model.]CID 488306: (STRING_NULL)
Passing unterminated string "record.date" to "strlcpy", which expects a
has been overridden by a builtin model.]CID 488306: (STRING_NULL)
Passing unterminated string "record.title" to "strlcpy", which expects a null-terminated string. [Note: The source code implementation of the function
has been overridden by a builtin model.]Passing unterminated string "record.group" to "strlcpy", which expects a null-terminated string. [Note: The source code implementation of the function
1908 strcpy(bbs_startup.ctrl_dir,ctrl_dir);CID 488305: Memory - corruptions (STRING_OVERFLOW)
You might overrun the 1024-character destination string "bbs_startup.ctrl_dir" by writing 4097 characters from "ctrl_dir".
2698 LAZY_INTEGER("git_time", git_time);CID 492209: High impact quality (Y2K38_SAFETY)
A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "git_time" is cast to "uint32".
4472 fexistcase(str);CID 492287: Error handling issues (CHECKED_RETURN)
Calling "fexistcase" without checking return value (as is done elsewhere 117 out of 131 times).
811 if(client->protocol == NULL || username == NULL)CID 493283: Incorrect expression (NO_EFFECT)
Comparing an array to null is not useful: "client->protocol == NULL", since the test will always evaluate as true.
325 return strdup(cp);CID 497098: Resource leaks (RESOURCE_LEAK)
Variable "cp" going out of scope leaks the storage it points to.
it.CID 508260: Null pointer dereferences (FORWARD_NULL)
Passing null pointer "array" to "JS_GetArrayLength", which dereferences
491 JS_ReportError(cx, "Unable to get parent js object"); 492 return JS_FALSE;CID 508259: Control flow issues (DEADCODE)
Execution cannot reach this statement: "JS_ReportError(cx, "Unable ...".
387 SAFECAT(buf,crlf);CID 508288: (STRING_NULL)
Passing unterminated string "buf" to "strlen", which expects a null-terminated string.
387 SAFECAT(buf,crlf);CID 508288: (STRING_NULL)
Passing unterminated string "buf" to "strlen", which expects a null-terminated string.
3127 HANDLE_PENDING(cx, tmp);CID 508287: Resource leaks (RESOURCE_LEAK)
Variable "server_user_name" going out of scope leaks the storage it points to.
3127 HANDLE_PENDING(cx, tmp);CID 508286: Resource leaks (RESOURCE_LEAK)
Variable "addr" going out of scope leaks the storage it points to.
3128 strListPush(&send_strings, tmp);CID 508285: Resource leaks (RESOURCE_LEAK)
Variable "term_type" going out of scope leaks the storage it points to. 3127 HANDLE_PENDING(cx, tmp);
3041 HANDLE_PENDING(cx, tmp);CID 508284: Resource leaks (RESOURCE_LEAK)
Variable "addr" going out of scope leaks the storage it points to.
3127 HANDLE_PENDING(cx, tmp);CID 508283: Resource leaks (RESOURCE_LEAK)
Variable "client_user_name" going out of scope leaks the storage it points to.
1308 && strcmp(filename, file.name) != 0 && smb_findfile(&p->smb,CID 509555: Null pointer dereferences (FORWARD_NULL)
Passing null pointer "file.name" to "strcmp", which dereferences it. 1307 if(p->smb_result == SMB_SUCCESS
633 printf(" %02X %.*s", fidx.hash.flags, (int)sizeof(fidx.name),CID 509554: Memory - illegal accesses (STRING_NULL)
Passing unterminated string "fidx.name" to "printf", which expects a null-terminated string. [Note: The source code implementation of the function has been overridden by a builtin model.]
1335 if(p->smb_result != SMB_SUCCESS)CID 509553: Control flow issues (NESTING_INDENT_MISMATCH)
This 'if' statement is indented to column 41, as if it were nested within the preceding parent statement, but it is not.
244 if(stricmp(fidx.name, fname) != 0)CID 509552: Memory - illegal accesses (STRING_NULL)
Passing unterminated string "fidx.name" to "strcasecmp", which expects a null-terminated string.
441 if(stricmp(fidx[i].name, fname) == 0) {Passing unterminated string "fidx[i].name" to "strcasecmp", which expects a null-terminated string.
139 return 0;CID 509721: Resource leaks (RESOURCE_LEAK)
Variable "ini" going out of scope leaks the storage it points to.
670 return(0);CID 509720: (RESOURCE_LEAK)
Variable "csts" going out of scope leaks the storage it points to.
676 return(0);CID 509720: (RESOURCE_LEAK)
Variable "csts" going out of scope leaks the storage it points to.
649 if((csts = fopen_cstats(&cfg, i, /* for_write: */TRUE)) == NULL) {CID 509720: (RESOURCE_LEAK)
Overwriting "csts" in "csts = fopen_cstats(&this->cfg, i, true)" leaks the storage that "csts" points to.
673 return(0);CID 509720: (RESOURCE_LEAK)
Variable "csts" going out of scope leaks the storage it points to.
682 return(0L);CID 509720: (RESOURCE_LEAK)
Variable "csts" going out of scope leaks the storage it points to.
361 SAFEPRINTF(str,"%s ",unixtodstr(&cfg,(time32_t)now,tmp));CID 510624: High impact quality (Y2K38_SAFETY)
A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "this->now" is cast to "time32_t".
2334 xfer_type = (xfer_type == XFER_UPLOAD) ? XFER_BATCH_UPLOAD :CID 511447: Control flow issues (DEADCODE)
Execution cannot reach the expression "XFER_BATCH_UPLOAD" inside this statement: "xfer_type = ((xfer_type == ...".
158 return unixtodstr(cfg, (time32_t)t, str);CID 511508: High impact quality (Y2K38_SAFETY)
A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "t" is cast to "time32_t".
990 return ::unixtodstr(&cfg, t, str);CID 511621: High impact quality (Y2K38_SAFETY)
A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "t" is cast to "time32_t".
1367 snprintf(opt[0],MAX_OPLN,"Numeric (e.g. %s)", unixtodstr(&cfg, (time32_t)t, tmp));CID 512127: (Y2K38_SAFETY)
A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "t" is cast to "time32_t".
1368 snprintf(opt[1],MAX_OPLN,"Verbal (e.g. %s)", verbal_datestr(&cfg,CID 512127: (Y2K38_SAFETY)
A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "t" is cast to "time32_t".
1001 uint8_t ch = line[i].ch;CID 514434: (NULL_RETURNS)
Dereferencing "line", which is known to be "NULL".
999 vmem_gettext(cterm->x, sy, cterm->x + tx - 2, sy, line);CID 514434: (NULL_RETURNS)
Dereferencing a pointer that might be "NULL" "line" when calling "ciolib_vmem_gettext".
4985 vmem_gettext(sx, sy, ex, sy, line);CID 514433: (NULL_RETURNS)
Dereferencing a pointer that might be "NULL" "line" when calling "ciolib_vmem_gettext".
5098 vmem_puttext(sx, sy, ex, sy, line);CID 514433: (NULL_RETURNS)
Dereferencing a pointer that might be "NULL" "line" when calling "ciolib_vmem_puttext".
4990 if (line[i].fg & 0x7F000000) {CID 514433: (NULL_RETURNS)
Dereferencing "line", which is known to be "NULL".
1659 lprintf(LOG_ERR, "%04d %s [%s] <%s> !Error %d writing user data forCID 514483: API usage errors (PRINTF_ARGS)
No argument for format specifier "%d".
1661 ,session->username, session->user.number);CID 514482: API usage errors (PW.TOO_FEW_PRINTF_ARGS)
the format string requires additional arguments
4850 online = false;CID 514519: (LOCK)
"external" unlocks "this->input_thread_mutex" while it is unlocked. 4849 int result = external(cmd, EX_OFFLINE);
4849 int result = external(cmd, EX_OFFLINE);CID 514519: (LOCK)
"external" locks "this->input_thread_mutex" while it is locked.
298 safe_snprintf(smb->last_error,sizeof(smb->last_error),"%s timeoutCID 514629: API usage errors (PW.PRINTF_ARG_MISMATCH)
argument is incompatible with corresponding format string conversion (expected type "int" but argument has type "long")
298 safe_snprintf(smb->last_error,sizeof(smb->last_error),"%s timeoutCID 514628: API usage errors (PRINTF_ARGS)
Argument "time(NULL) - start" to format specifier "%d" was expected to have type "int" but has type "long".
1397 return "";CID 514647: Resource leaks (RESOURCE_LEAK)
Handle variable "f" going out of scope leaks the handle.
1848 if((fwdfile=tmpfile())==NULL) { 1849 lprintf(LOG_ERR,"ERROR line %d opening forward temp "CID 515048: Security best practices violations (SECURE_TEMP)
"tmpfile" creates files with predictable names, which is unsafe.
1635 if(add_all || j >= 0) {CID 515047: Control flow issues (NO_EFFECT)
This greater-than-or-equal-to-zero comparison of an unsigned value is always true. "j >= 0U".
1989 chmod(outpath, st.st_mode);CID 515046: Error handling issues (CHECKED_RETURN)
Calling "chmod(outpath, st.st_mode)" without checking return value. This library function may fail and return an error code.
2142 if((tmpf=tmpfile())==NULL) {CID 515063: Security best practices violations (SECURE_TEMP)
"tmpfile" creates files with predictable names, which is unsafe.
357 sdl.GetWindowSize(win, &ABUw, &ABUh);CID 515130: Concurrent data access violations (MISSING_LOCK)
Accessing "win" without holding lock "win_mutex". Elsewhere, "win" is written to with "win_mutex" held 1 out of 1 times.
Sysop: | Kurt Hamm |
---|---|
Location: | Columbia, SC |
Users: | 7 |
Nodes: | 20 (0 / 20) |
Uptime: | 65:30:32 |
Calls: | 2,776 |
Files: | 64 |
Messages: | 849,325 |