TIP: Click on subject to list as thread! ANSI
echo: sync_programming
to: cov-scan@synchro.net
from: scan-admin@coverity.com
date: 2023-05-07 14:09:00
subject: New Defects reported by C
Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

3 new defect(s) introduced to Synchronet found with Coverity Scan.


New defect(s) Reported-by: Coverity Scan
Showing 3 of 3 defect(s)


** CID 453850:  Memory - corruptions  (OVERRUN)


________________________________________________________________________________________________________
*** CID 453850:  Memory - corruptions  (OVERRUN)
/main.cpp: 2135 in input_thread(void *)()
2129     		else
2130     			wrbuf=telnet_interpret(sbbs, inbuf, rd, telbuf, wr);
2131     		if(wr > (int)sizeof(telbuf))
2132     			lprintf(LOG_ERR,"!TELBUF OVERFLOW (%d>%d)",wr,(int)sizeof(telbuf));
2133
2134     		if(!(sbbs->console & CON_RAW_IN))
>>>     CID 453850:  Memory - corruptions  (OVERRUN)
>>>     Overrunning buffer pointed to by "wrbuf" of 4000 bytes by passing it to a function which accesses it at byte offset 4000 using argument "wr" (which evaluates to 4001).
2135     			sbbs->translate_input(wrbuf, wr);
2136
2137     		if(sbbs->passthru_socket_active == true) {
2138     			BOOL writable = FALSE;
2139     			if(socket_check(sbbs->passthru_socket, NULL, &writable, 1000) && writable)
2140     				(void)sendsocket(sbbs->passthru_socket, (char*)wrbuf, wr);

** CID 453849:    (STRING_SIZE)
/tmp/sbbs-May-07-2023/src/conio/genmap.c: 72 in main()
/tmp/sbbs-May-07-2023/src/conio/genmap.c: 74 in main()
/tmp/sbbs-May-07-2023/src/conio/genmap.c: 68 in main()
/tmp/sbbs-May-07-2023/src/conio/genmap.c: 70 in main()


________________________________________________________________________________________________________
*** CID 453849:    (STRING_SIZE)
/tmp/sbbs-May-07-2023/src/conio/genmap.c: 72 in main()
66     		return EXIT_FAILURE;
67     	}
68     	sprintf(path, "%s/rgbmap.s", argv[2]);
69     	s = fopen(path, "w");
70     	sprintf(path, "%s/rgbmap.h", argv[2]);
71     	h = fopen(path, "w");
>>>     CID 453849:    (STRING_SIZE)
>>>     Passing string "argv[2]" of unknown size to "sprintf".
72     	sprintf(path, "%s/r2y.bin", argv[2]);
73     	r = fopen(path, "wb");
74     	sprintf(path, "%s/y2r.bin", argv[2]);
75     	y = fopen(path, "wb");
76     	init_r2y();
77     	if (argc > 1 && strcmp(argv[1], "win32") == 0)
/tmp/sbbs-May-07-2023/src/conio/genmap.c: 74 in main()
68     	sprintf(path, "%s/rgbmap.s", argv[2]);
69     	s = fopen(path, "w");
70     	sprintf(path, "%s/rgbmap.h", argv[2]);
71     	h = fopen(path, "w");
72     	sprintf(path, "%s/r2y.bin", argv[2]);
73     	r = fopen(path, "wb");
>>>     CID 453849:    (STRING_SIZE)
>>>     Passing string "argv[2]" of unknown size to "sprintf".
74     	sprintf(path, "%s/y2r.bin", argv[2]);
75     	y = fopen(path, "wb");
76     	init_r2y();
77     	if (argc > 1 && strcmp(argv[1], "win32") == 0)
78     		mangle = "_";
79
/tmp/sbbs-May-07-2023/src/conio/genmap.c: 68 in main()
62     	char *mangle = "";
63
64     	if (argc != 3) {
65     		fprintf(stderr, "Usage: %s  \n", argv[0]);
66     		return EXIT_FAILURE;
67     	}
>>>     CID 453849:    (STRING_SIZE)
>>>     Passing string "argv[2]" of unknown size to "sprintf".
68     	sprintf(path, "%s/rgbmap.s", argv[2]);
69     	s = fopen(path, "w");
70     	sprintf(path, "%s/rgbmap.h", argv[2]);
71     	h = fopen(path, "w");
72     	sprintf(path, "%s/r2y.bin", argv[2]);
73     	r = fopen(path, "wb");
/tmp/sbbs-May-07-2023/src/conio/genmap.c: 70 in main()
64     	if (argc != 3) {
65     		fprintf(stderr, "Usage: %s  \n", argv[0]);
66     		return EXIT_FAILURE;
67     	}
68     	sprintf(path, "%s/rgbmap.s", argv[2]);
69     	s = fopen(path, "w");
>>>     CID 453849:    (STRING_SIZE)
>>>     Passing string "argv[2]" of unknown size to "sprintf".
70     	sprintf(path, "%s/rgbmap.h", argv[2]);
71     	h = fopen(path, "w");
72     	sprintf(path, "%s/r2y.bin", argv[2]);
73     	r = fopen(path, "wb");
74     	sprintf(path, "%s/y2r.bin", argv[2]);
75     	y = fopen(path, "wb");

** CID 453848:  Concurrent data access violations  (MISSING_LOCK)
/tmp/sbbs-May-07-2023/src/conio/x_events.c: 562 in video_init()


________________________________________________________________________________________________________
*** CID 453848:  Concurrent data access violations  (MISSING_LOCK)
/tmp/sbbs-May-07-2023/src/conio/x_events.c: 562 in video_init()
556     	if (x_cvstat.scaling < 1 || vstat.scaling < 1)
557     		x_cvstat.scaling = vstat.scaling = 1;
558     	pthread_mutex_unlock(&vstatlock);
559     	/* Initialize mode 3 (text, 80x25, 16 colors) */
560     	if(load_vmode(&vstat, ciolib_initial_mode))
561     		return(-1);
>>>     CID 453848:  Concurrent data access violations  (MISSING_LOCK)
>>>     Accessing "x_cvstat" without holding lock "vstatlock". Elsewhere, "x_cvstat" is accessed with "vstatlock" held 3 out of 4 times (1 of these accesses strongly imply that it is necessary).
562     	x_cvstat = vstat;
563     	if(init_window())
564     		return(-1);
565     	bitmap_drv_init(x11_drawrect, x11_flush);
566     	pthread_mutex_lock(&vstatlock);
567     	bitmap_drv_init_mode(vstat.mode, NULL, NULL, 0, 0);


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yp-2FP9gGRhvFklLaQKuBylUrkMFB3WMR2p7qIYKYTZrh4BbWTBf-2B-2Fi5ZUVF-2Fo-2B6flxo-3DHCK2_g4j7BHlu96plUOfCQsO0yRjoWZCZl8YGnZ-2FUtT39hrCrnxZlR95qbad06mHzW16hipyALzV0mFuj3ay6pFxYR0eStfRzX4PFZA0tGWVeDEIjb6ggx0scvHBcaLMTSmWKTHh-2BY-2F-2FJXVJUS-2FMWWRke5EcHM57k-2F70xISfOM2XGn-2F4aK35uR43soY3XaxM-2BxoxpO-2BmFSex4uKhKezwAhOx42w-3D-3D


--- SBBSecho 3.20-Linux
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
SOURCE: echomail via QWK@pharcyde.org

Email questions or comments to sysop@ipingthereforeiam.com
All parts of this website painstakingly hand-crafted in the U.S.A.!
IPTIA BBS/MUD/Terminal/Game Server List, © 2025 IPTIA Consulting™.