Hi,
Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.
6 new defect(s) introduced to Synchronet found with Coverity Scan.
1 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 6 of 6 defect(s)
** CID 330950: Resource leaks (RESOURCE_LEAK)
/js_socket.c: 919 in js_connect_event_thread()
________________________________________________________________________________________________________
*** CID 330950: Resource leaks (RESOURCE_LEAK)
/js_socket.c: 919 in js_connect_event_thread()
913 ioctlsocket(a->sock,FIONBIO,(ulong*)&(a->nonblocking));
914 send(a->sv[1], &sresult, 1, 0);
915
916 done:
917 closesocket(a->sv[1]);
918 free(a);
>>> CID 330950: Resource leaks (RESOURCE_LEAK)
>>> Variable "res" going out of scope leaks the storage it points to.
919 }
920
921 static JSBool
922 js_connect_event(JSContext *cx, uintN argc, jsval *arglist, js_socket_private_t *p, ushort port, JSObject *obj)
923 {
924 SOCKET sv[2];
** CID 330949: Null pointer dereferences (FORWARD_NULL)
________________________________________________________________________________________________________
*** CID 330949: Null pointer dereferences (FORWARD_NULL)
/js_socket.c: 1040 in js_connect()
1034 free(p->hostname);
1035 JSSTRING_TO_MSTRING(cx, str, p->hostname, NULL);
1036 port = js_port(cx,argv[1],p->type);
1037 rc=JS_SUSPENDREQUEST(cx);
1038
1039 if (argc > 2 && JSVAL_IS_OBJECT(argv[2]) && JS_ObjectIsFunction(cx, JSVAL_TO_OBJECT(argv[2]))) {
>>> CID 330949: Null pointer dereferences (FORWARD_NULL)
>>> Passing "p" to "js_connect_event", which dereferences null "p->hostname".
1040 JSBool bgr = js_connect_event(cx, argc, arglist, p, port, obj);
1041 JS_RESUMEREQUEST(cx, rc);
1042 return bgr;
1043 }
1044
1045 dbprintf(FALSE, p, "resolving hostname: %s", p->hostname);
** CID 330948: Error handling issues (CHECKED_RETURN)
/js_socket.c: 914 in js_connect_event_thread()
________________________________________________________________________________________________________
*** CID 330948: Error handling issues (CHECKED_RETURN)
/js_socket.c: 914 in js_connect_event_thread()
908 if(result == 0)
909 break;
910 }
911 sresult = result;
912 /* Restore original setting here */
913 ioctlsocket(a->sock,FIONBIO,(ulong*)&(a->nonblocking));
>>> CID 330948: Error handling issues (CHECKED_RETURN)
>>> Calling "send(a->sv[1], &sresult, 1UL, 0)" without checking return value. This library function may fail and return an error code.
914 send(a->sv[1], &sresult, 1, 0);
915
916 done:
917 closesocket(a->sv[1]);
918 free(a);
919 }
** CID 330947: (FORWARD_NULL)
/js_internal.c: 1138 in js_handle_events()
/js_internal.c: 1249 in js_handle_events()
/js_internal.c: 1126 in js_handle_events()
/js_internal.c: 1273 in js_handle_events()
/js_internal.c: 1261 in js_handle_events()
/js_internal.c: 1286 in js_handle_events()
/js_internal.c: 1198 in js_handle_events()
/js_internal.c: 1149 in js_handle_events()
________________________________________________________________________________________________________
*** CID 330947: (FORWARD_NULL)
/js_internal.c: 1138 in js_handle_events()
1132 hsock = ev->data.sock;
1133 #endif
1134 break;
1135 case JS_EVENT_SOCKET_WRITABLE_ONCE:
1136 case JS_EVENT_SOCKET_WRITABLE:
1137 #ifdef PREFER_POLL
>>> CID 330947: (FORWARD_NULL)
>>> Dereferencing null pointer "fds".
1138 fds[cfd].fd = ev->data.sock;
1139 fds[cfd].events = POLLOUT;
1140 cfd++;
1141 #else
1142 FD_SET(ev->data.sock, &wfds);
1143 if (ev->data.sock > hsock)
/js_internal.c: 1249 in js_handle_events()
1243 #ifdef PREFER_POLL
1244 cfd = 0;
1245 #endif
1246 for (ev = *head; ev; ev = ev->next) {
1247 if (ev->type == JS_EVENT_SOCKET_READABLE || ev->type == JS_EVENT_SOCKET_READABLE_ONCE) {
1248 #ifdef PREFER_POLL
>>> CID 330947: (FORWARD_NULL)
>>> Dereferencing null pointer "fds".
1249 if (fds[cfd].revents & ~(POLLOUT | POLLWRNORM | POLLWRBAND)) {
1250 #else
1251 if (FD_ISSET(ev->data.sock, &rfds)) {
1252 #endif
1253 break;
1254 }
/js_internal.c: 1126 in js_handle_events()
1120 timeout = 0;
1121 for (ev = *head; ev; ev = ev->next) {
1122 switch (ev->type) {
1123 case JS_EVENT_SOCKET_READABLE_ONCE:
1124 case JS_EVENT_SOCKET_READABLE:
1125 #ifdef PREFER_POLL
>>> CID 330947: (FORWARD_NULL)
>>> Dereferencing null pointer "fds".
1126 fds[cfd].fd = ev->data.sock;
1127 fds[cfd].events = POLLIN;
1128 cfd++;
1129 #else
1130 FD_SET(ev->data.sock, &rfds);
1131 if (ev->data.sock > hsock)
/js_internal.c: 1273 in js_handle_events()
1267 #ifdef PREFER_POLL
1268 cfd++;
1269 #endif
1270 }
1271 else if (ev->type == JS_EVENT_SOCKET_CONNECT) {
1272 #ifdef PREFER_POLL
>>> CID 330947: (FORWARD_NULL)
>>> Dereferencing null pointer "fds".
1273 if (fds[cfd].revents & ~(POLLOUT | POLLWRNORM | POLLWRBAND)) {
1274 #else
1275 if (FD_ISSET(ev->data.connect.sv[0], &wfds)) {
1276 #endif
1277 closesocket(ev->data.connect.sv[0]);
1278 break;
/js_internal.c: 1261 in js_handle_events()
1255 #ifdef PREFER_POLL
1256 cfd++;
1257 #endif
1258 }
1259 else if (ev->type == JS_EVENT_SOCKET_WRITABLE || ev->type == JS_EVENT_SOCKET_WRITABLE_ONCE) {
1260 #ifdef PREFER_POLL
>>> CID 330947: (FORWARD_NULL)
>>> Dereferencing null pointer "fds".
1261 if (fds[cfd].revents & ~(POLLIN | POLLRDNORM | POLLRDBAND | POLLPRI)) {
1262 #else
1263 if (FD_ISSET(ev->data.sock, &wfds)) {
1264 #endif
1265 break;
1266 }
/js_internal.c: 1286 in js_handle_events()
1280 #ifdef PREFER_POLL
1281 cfd++;
1282 #endif
1283 }
1284 else if (ev->type == JS_EVENT_CONSOLE_INPUT) {
1285 #ifdef PREFER_POLL
>>> CID 330947: (FORWARD_NULL)
>>> Dereferencing null pointer "fds".
1286 if (fds[cfd].revents & ~(POLLOUT | POLLWRNORM | POLLWRBAND)) {
1287 #else
1288 if (FD_ISSET(ev->data.sock, &wfds)) {
1289 #endif
1290 break;
1291 }
/js_internal.c: 1198 in js_handle_events()
1192 timeout = 0;
1193 cev = ev;
1194 }
1195 else {
1196 input_locked = TRUE;
1197 #ifdef PREFER_POLL
>>> CID 330947: (FORWARD_NULL)
>>> Dereferencing null pointer "fds".
1198 fds[cfd].fd = ev->data.sock;
1199 fds[cfd].events = POLLIN;
1200 cfd++;
1201 #else
1202 FD_SET(ev->data.sock, &rfds);
1203 if (ev->data.sock > hsock)
/js_internal.c: 1149 in js_handle_events()
1143 if (ev->data.sock > hsock)
1144 hsock = ev->data.sock;
1145 #endif
1146 break;
1147 case JS_EVENT_SOCKET_CONNECT:
1148 #ifdef PREFER_POLL
>>> CID 330947: (FORWARD_NULL)
>>> Dereferencing null pointer "fds".
1149 fds[cfd].fd = ev->data.connect.sv[0];
1150 fds[cfd].events = POLLIN;
1151 cfd++;
1152 #else
1153 FD_SET(ev->data.connect.sv[0], &rfds);
1154 if (ev->data.sock > hsock)
** CID 330946: Null pointer dereferences (NULL_RETURNS)
/tmp/sbbs-Apr-03-2021/3rdp/src/mozjs/js-1.8.5/js/src/shell/js.cpp: 4795 in Help(JSContext *, unsigned int, unsigned long *)()
________________________________________________________________________________________________________
*** CID 330946: Null pointer dereferences (NULL_RETURNS)
/tmp/sbbs-Apr-03-2021/3rdp/src/mozjs/js-1.8.5/js/src/shell/js.cpp: 4795 in Help(JSContext *, unsigned int, unsigned long *)()
4789 jsval *argv = JS_ARGV(cx, vp);
4790 for (i = 0; i < argc; i++) {
4791 did_something = 0;
4792 type = JS_TypeOfValue(cx, argv[i]);
4793 if (type == JSTYPE_FUNCTION) {
4794 fun = JS_ValueToFunction(cx, argv[i]);
>>> CID 330946: Null pointer dereferences (NULL_RETURNS)
>>> Dereferencing "fun", which is known to be "nullptr".
4795 str = fun->atom ? ATOM_TO_STRING(fun->atom) : NULL;
4796 } else if (type == JSTYPE_STRING) {
4797 str = JSVAL_TO_STRING(argv[i]);
4798 } else {
4799 str = NULL;
4800 }
** CID 330945: Null pointer dereferences (NULL_RETURNS)
________________________________________________________________________________________________________
*** CID 330945: Null pointer dereferences (NULL_RETURNS)
/tmp/sbbs-Apr-03-2021/3rdp/src/mozjs/js-1.8.5/js/src/jsexn.cpp: 550 in ValueToShortSource(JSContext *, unsigned long)()
544 return NULL;
545
546 if (VALUE_IS_FUNCTION(cx, v)) {
547 /*
548 * XXX Avoid function decompilation bloat for now.
549 */
>>> CID 330945: Null pointer dereferences (NULL_RETURNS)
>>> Dereferencing a pointer that might be "nullptr" "JS_ValueToFunction(cx, v)" when calling "JS_GetFunctionId".
550 str = JS_GetFunctionId(JS_ValueToFunction(cx, v));
551 if (!str && !(str = js_ValueToSource(cx, Valueify(v)))) {
552 /*
553 * Continue to soldier on if the function couldn't be
554 * converted into a string.
555 */
________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yp-2FP9gGRhvFklLaQKuBylUrkMFB3WMR2p7qIYKYTZrh4BbWTBf-2B-2Fi5ZUVF-2Fo-2B6flxo-3D-wGS_g4j7BHlu96plUOfCQsO0yRjoWZCZl8YGnZ-2FUtT39hrAzXmjcYguE2omc6tjz5npgQwR8DPj3gtRpRyKifexImS6lYY08gIdHnNdqrwjKbqPCGg7zzomYr1TIcd5JfXiW0FyUZvaZRJAhpRa4nQcFR63XnyrG4ZvVzFwI1WWcWyGFFiBbH4rLW7qEfxMaH8s1TyO7xNLY3MATScE7ko8zAA64QfWBsBcIOCpr2vtW8u4-3D
--- SBBSecho 3.14-Linux
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
|