Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

3 new defect(s) introduced to Synchronet found with Coverity Scan.
5 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 3 of 3 defect(s)


** CID 351999:  Insecure data handling  (TAINTED_SCALAR)


________________________________________________________________________________________________________
*** CID 351999:  Insecure data handling  (TAINTED_SCALAR)
/chat.cpp: 582 in sbbs_t::guru_page()()
576     		return(false);
577     	}
578     	if(read(file,gurubuf,length) != length)
579     		errormsg(WHERE, ERR_READ, path, length);
580     	gurubuf[length]=0;
581     	close(file);
>>>     CID 351999:  Insecure data handling  (TAINTED_SCALAR)
>>>     Passing tainted expression "*gurubuf" to "localguru", which uses it as a loop boundary.
582     	localguru(gurubuf,i);
583     	free(gurubuf);
584     	return(true);
585     }
586
587     /****************************************************************************/

** CID 351998:  API usage errors  (PRINTF_ARGS)


________________________________________________________________________________________________________
*** CID 351998:  API usage errors  (PRINTF_ARGS)
/scfg/scfgsys.c: 1396 in sys_cfg()
1390     					if(cfg.mail_backup_level)
1391     						sprintf(str,"%hu",cfg.mail_backup_level);
1392     					else
1393     						strcpy(str,"None");
1394     					sprintf(opt[i++],"%-27.27s%s","Mail Database Backups",str);
1395     					if(cfg.max_log_size && cfg.max_logs_kept) {
>>>     CID 351998:  API usage errors  (PRINTF_ARGS)
>>>     Argument "cfg.max_logs_kept" to format specifier "%lu" was expected to have type "unsigned long" but has type "unsigned short".
1396     						SAFEPRINTF2(str, "%s bytes, keep %lu"
1397     							,byte_count_to_str(cfg.max_log_size, tmp, sizeof(tmp))
1398     							,cfg.max_logs_kept);
1399     					} else {
1400     						SAFECOPY(str, "Unlimited");
1401     					}

** CID 351997:  API usage errors  (PW.PRINTF_ARG_MISMATCH)
/scfg/scfgsys.c: 1396 in ()


________________________________________________________________________________________________________
*** CID 351997:  API usage errors  (PW.PRINTF_ARG_MISMATCH)
/scfg/scfgsys.c: 1396 in ()
1390     					if(cfg.mail_backup_level)
1391     						sprintf(str,"%hu",cfg.mail_backup_level);
1392     					else
1393     						strcpy(str,"None");
1394     					sprintf(opt[i++],"%-27.27s%s","Mail Database Backups",str);
1395     					if(cfg.max_log_size && cfg.max_logs_kept) {
>>>     CID 351997:  API usage errors  (PW.PRINTF_ARG_MISMATCH)
>>>     argument is incompatible with corresponding format string conversion
1396     						SAFEPRINTF2(str, "%s bytes, keep %lu"
1397     							,byte_count_to_str(cfg.max_log_size, tmp, sizeof(tmp))
1398     							,cfg.max_logs_kept);
1399     					} else {
1400     						SAFECOPY(str, "Unlimited");
1401     					}


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yp-2FP9gGRhvFklLaQKuBylUrkMFB3WMR2p7qIYKYTZrh4BbWTBf-2B-2Fi5ZUVF-2Fo-2B6flxo-3Dv98d_g4j7BHlu96plUOfCQsO0yRjoWZCZl8YGnZ-2FUtT39hrBQXq292UPSsYZB6Gh6KX7L3zQbhWOMu2Kkl4RkAFINrQC8BTQdoE8XeU2exLHjLVO2Cd4WbDBwt1lJWKsV7Yp8MRspW6dXps6YMEsM6ouXTLQbVrkmrc-2BuX7I2UmXPApyFOHO9YNWJ2sKXqPlIwYNDDJHauBS22j9Bg-2FopOXF8-2FQ-3D-3D


--- SBBSecho 3.15-Linux