Messages: KK4QBN BBS

Sysop:	KK4QBN
Location:	Chatsworth, GA
Users:	8
Nodes:	10 (0 / 10)
Uptime:	70:18:41
Calls:	1,239
Calls today:	0
Files:	94,829
U/L today:	0 files (0K bytes)
D/L today:	116 files (2,857M bytes)
Messages:	31,735
Posted today:	0

New Defects reported by Coverity Scan for Synchronet

From scan-admin@coverity.com@VERT to All on Tue Jan 13 13:45:40 2026

----==_mimepart_69664c8455017_2561de2afbc97ad9ac598df
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

3 new defect(s) introduced to Synchronet found with Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 3 of 3 defect(s)

** CID 640989: (CONSTANT_EXPRESSION_RESULT)
/chk_ar.cpp: 752 in sbbs_t::ar_exp(const unsigned char **, user_t *, client_t *)()
/chk_ar.cpp: 763 in sbbs_t::ar_exp(const unsigned char **, user_t *, client_t *)()

_____________________________________________________________________________________________
*** CID 640989: (CONSTANT_EXPRESSION_RESULT)
/chk_ar.cpp: 752 in sbbs_t::ar_exp(const unsigned char **, user_t *, client_t *)()
746 while (**ptrptr != '\0' && **ptrptr != ']' && i < sizeof(tmp) - 1)
747 tmp[i++] = *(*ptrptr)++;
748 tmp[i] = '\0';
749 if (**ptrptr == ']') {
750 (*ptrptr)++;
751 section = tmp;

CID 640989: (CONSTANT_EXPRESSION_RESULT)
"**ptrptr == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".

752 SKIP_WHITESPACE(*ptrptr);
753 }
754 }
755 else if (strchr((char *)(*ptrptr), ':') != nullptr) { // [section:]key
756 i = 0;
757 while (**ptrptr != '\0' && **ptrptr != ':' && i < sizeof(tmp) - 1)
/chk_ar.cpp: 763 in sbbs_t::ar_exp(const unsigned char **, user_t *, client_t *)()
757 while (**ptrptr != '\0' && **ptrptr != ':' && i < sizeof(tmp) - 1)
758 tmp[i++] = *(*ptrptr)++;
759 tmp[i] = '\0';
760 if (**ptrptr != '\0') {
761 (*ptrptr)++;
762 section = tmp;

CID 640989: (CONSTANT_EXPRESSION_RESULT)
"**ptrptr == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".

763 SKIP_WHITESPACE(*ptrptr);
764 }
765 }
766 SKIP_CHAR((*ptrptr), ':');
767 if (!user_get_bool_property(&cfg, user->number, section, (char*)*ptrptr, false))
768 result = _not;

** CID 640988: Null pointer dereferences (FORWARD_NULL)

_____________________________________________________________________________________________
*** CID 640988: Null pointer dereferences (FORWARD_NULL)
/userdat.c: 4877 in user_get_bool_property()
4871 c_unescape_printable((char*)section);
4872 }
4873 if (key != NULL) {
4874 key = strdup(key);
4875 c_unescape_printable((char*)key);
4876 }

CID 640988: Null pointer dereferences (FORWARD_NULL)
Passing null pointer "key" to "iniReadBool", which dereferences it. 4877 bool result = iniReadBool(fp, section, key, deflt);

4878 iniCloseFile(fp);
4879 free((char*)section);
4880 free((char*)key);
4881 return result;
4882 }

** CID 640987: (CONSTANT_EXPRESSION_RESULT)
/userdat.c: 2740 in ar_exp()
/userdat.c: 2729 in ar_exp()

_____________________________________________________________________________________________
*** CID 640987: (CONSTANT_EXPRESSION_RESULT)
/userdat.c: 2740 in ar_exp()
2734 while (**ptrptr != '\0' && **ptrptr != ':' && i < sizeof(tmp) - 1)
2735 tmp[i++] = *(*ptrptr)++;
2736 tmp[i] = '\0';
2737 if (**ptrptr != '\0') {
2738 (*ptrptr)++;
2739 section = tmp;

CID 640987: (CONSTANT_EXPRESSION_RESULT)
"**ptrptr == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".

2740 SKIP_WHITESPACE(*ptrptr);
2741 }
2742 }
2743 SKIP_CHAR((*ptrptr), ':');
2744 if (!user_get_bool_property(cfg, user->number, section, (char*)*ptrptr, false))
2745 result = not;
/userdat.c: 2729 in ar_exp()
2723 while (**ptrptr != '\0' && **ptrptr != ']' && i < sizeof(tmp) - 1)
2724 tmp[i++] = *(*ptrptr)++;
2725 tmp[i] = '\0';
2726 if (**ptrptr == ']') {
2727 (*ptrptr)++;
2728 section = tmp;

CID 640987: (CONSTANT_EXPRESSION_RESULT)
"**ptrptr == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".

2729 SKIP_WHITESPACE(*ptrptr);
2730 }
2731 }
2732 else if (strchr((char *)(*ptrptr), ':') != NULL) { // [section:]key
2733 i = 0;
2734 while (**ptrptr != '\0' && **ptrptr != ':' && i < sizeof(tmp) - 1)

________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://scan.coverity.com/projects/synchronet?tab=overview

----==_mimepart_69664c8455017_2561de2afbc97ad9ac598df
Content-Type: text/html; charset=us-ascii
Content-Transfer-Encoding: 7bit

<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<title>New Defects Reported - Synchronet</title>
<style>
body { font-family: Arial, sans-serif; color: #222; line-height: 1.6; }
.button {
display: inline-block;
padding: 10px 20px;
margin: 20px 0;
font-size: 16px;
color: #fff !important;
background-color: #0056b3;
text-decoration: none;
border-radius: 5px;
}
pre {
background: #f8f9fa;
padding: 10px;
border-radius: 5px;
font-size: 14px;
overflow-x: auto;
}
</style>
</head>
<body>
<p>Hi,</p>

<p>
Please find the latest report on new defect(s) introduced to <strong>Synchronet</strong>
found with Coverity Scan.
</p>

<ul>
<li><strong>New Defects Found:</strong> 3</li>
<li><strong>Defects Shown:</strong> Showing 3 of 3 defect(s)</li>
</ul>

<h3>Defect Details</h3>
<pre>
** CID 640989: (CONSTANT_EXPRESSION_RESULT)
/chk_ar.cpp: 752 in sbbs_t::ar_exp(const unsigned char **, user_t *, client_t *)()
/chk_ar.cpp: 763 in sbbs_t::ar_exp(const unsigned char **, user_t *, client_t *)()

_____________________________________________________________________________________________
*** CID 640989: (CONSTANT_EXPRESSION_RESULT)
/chk_ar.cpp: 752 in sbbs_t::ar_exp(const unsigned char **, user_t *, client_t *)()
746 while (**ptrptr != '\0' && **ptrptr != ']' && i < sizeof(tmp) - 1)
747 tmp[i++] = *(*ptrptr)++;
748 tmp[i] = '\0';
749 if (**ptrptr == ']') { 750 (*ptrptr)++;
751 section = tmp; >>> CID 640989: (CONSTANT_EXPRESSION_RESULT) >>> "**ptrptr == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
752 SKIP_WHITESPACE(*ptrptr);
753 }
754 }
755 else if (strchr((char *)(*ptrptr), ':') != nullptr) { // [section:]key
756 i = 0;
757 while (**ptrptr != '\0' && **ptrptr != ':' && i < sizeof(tmp) - 1)
/chk_ar.cpp: 763 in sbbs_t::ar_exp(const unsigned char **, user_t *, client_t *)()
757 while (**ptrptr != '\0' && **ptrptr != ':' && i < sizeof(tmp) - 1)
758 tmp[i++] = *(*ptrptr)++;
759 tmp[i] = '\0';
760 if (**ptrptr != '\0') { 761 (*ptrptr)++;
762 section = tmp; >>> CID 640989: (CONSTANT_EXPRESSION_RESULT) >>> "**ptrptr == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
763 SKIP_WHITESPACE(*ptrptr);
764 }
765 }
766 SKIP_CHAR((*ptrptr), ':');
767 if (!user_get_bool_property(&cfg, user->number, section, (char*)*ptrptr, false))
768 result = _not;

** CID 640988: Null pointer dereferences (FORWARD_NULL)

_____________________________________________________________________________________________
*** CID 640988: Null pointer dereferences (FORWARD_NULL)
/userdat.c: 4877 in user_get_bool_property()
4871 c_unescape_printable((char*)section);
4872 }
4873 if (key != NULL) {
4874 key = strdup(key);
4875 c_unescape_printable((char*)key);
4876 }
>>> CID 640988: Null pointer dereferences (FORWARD_NULL) >>> Passing null pointer "key" to "iniReadBool", which dereferences it.
4877 bool result = iniReadBool(fp, section, key, deflt);
4878 iniCloseFile(fp);
4879 free((char*)section);
4880 free((char*)key);
4881 return result;
4882 }

** CID 640987: (CONSTANT_EXPRESSION_RESULT)
/userdat.c: 2740 in ar_exp()
/userdat.c: 2729 in ar_exp()

_____________________________________________________________________________________________
*** CID 640987: (CONSTANT_EXPRESSION_RESULT)
/userdat.c: 2740 in ar_exp()
2734 while (**ptrptr != '\0' && **ptrptr != ':' && i < sizeof(tmp) - 1)
2735 tmp[i++] = *(*ptrptr)++;
2736 tmp[i] = '\0';
2737 if (**ptrptr != '\0') { 2738 (*ptrptr)++;
2739 section = tmp; >>> CID 640987: (CONSTANT_EXPRESSION_RESULT) >>> "**ptrptr == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
2740 SKIP_WHITESPACE(*ptrptr);
2741 }
2742 }
2743 SKIP_CHAR((*ptrptr), ':');
2744 if (!user_get_bool_property(cfg, user->number, section, (char*)*ptrptr, false))
2745 result = not;
/userdat.c: 2729 in ar_exp()
2723 while (**ptrptr != '\0' && **ptrptr != ']' && i < sizeof(tmp) - 1)
2724 tmp[i++] = *(*ptrptr)++;
2725 tmp[i] = '\0';
2726 if (**ptrptr == ']') { 2727 (*ptrptr)++;
2728 section = tmp; >>> CID 640987: (CONSTANT_EXPRESSION_RESULT) >>> "**ptrptr == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
2729 SKIP_WHITESPACE(*ptrptr);
2730 }
2731 }
2732 else if (strchr((char *)(*ptrptr), ':') != NULL) { // [section:]key
2733 i = 0;
2734 while (**ptrptr != '\0' && **ptrptr != ':' && i < sizeof(tmp) - 1)

</pre>

<p>
<a href="https://scan.coverity.com/projects/synchronet?tab=overview" class="button">View Defects in Coverity Scan</a>
</p>

<p>Best regards,</p>
<p>The Coverity Scan Admin Team</p>
<img class="logo" width="140" src="https://scan.coverity.com/assets/BlackDuckLogo-6697adc63e07340464201a2ad534d3d3e44f95d36edda20b140440d34f05372f.svg" />
</body>
</html>
----==_mimepart_69664c8455017_2561de2afbc97ad9ac598df--

---
■ Synchronet ■ Vertrauen ■ Home of Synchronet ■ [vert/cvs/bbs].synchro.net

From scan-admin@coverity.com@VERT to All on Wed Jan 14 13:46:35 2026

----==_mimepart_69679e3a9f33a_26617a2afbc97ad9ac59811
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

113 new defect(s) introduced to Synchronet found with Coverity Scan.
7 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 20 of 113 defect(s)

** CID 641219: Integer handling issues (CONSTANT_EXPRESSION_RESULT) /userdat.c: 3499 in alias()

_____________________________________________________________________________________________
*** CID 641219: Integer handling issues (CONSTANT_EXPRESSION_RESULT) /userdat.c: 3499 in alias()
3493
3494 if (*tp == 0) /* no alias value */
3495 continue;
3496 *tp = 0;
3497
3498 vp = tp + 1;

CID 641219: Integer handling issues (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*vp == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".

3499 SKIP_WHITESPACE(vp);
3500 truncsp(vp);
3501 if (*vp == 0) /* no value */
3502 continue;
3503
3504 if (*np == '*') {

** CID 641218: (CONSTANT_EXPRESSION_RESULT)
/ftpsrvr.c: 3761 in ctrl_thread()
/ftpsrvr.c: 4084 in ctrl_thread()

_____________________________________________________________________________________________
*** CID 641218: (CONSTANT_EXPRESSION_RESULT)
/ftpsrvr.c: 3761 in ctrl_thread()
3755 tp = np; /* terminator pointer */
3756 FIND_WHITESPACE(tp);
3757 if (*tp)
3758 *tp = 0;
3759
3760 dp = tp + 1; /* description pointer */

CID 641218: (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*dp == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".

3761 SKIP_WHITESPACE(dp);
3762 truncsp(dp);
3763
3764 if (stricmp(dp, BBS_HIDDEN_ALIAS) == 0)
3765 continue;
3766
/ftpsrvr.c: 4084 in ctrl_thread()
4078 tp = np; /* terminator pointer */
4079 FIND_WHITESPACE(tp); 4080 if (*tp)
4081 *tp = 0;
4082
4083 dp = tp + 1; /* description pointer */

CID 641218: (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*dp == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".

4084 SKIP_WHITESPACE(dp); 4085 truncsp(dp);
4086
4087 if (stricmp(dp, BBS_HIDDEN_ALIAS) == 0)
4088 continue;
4089

** CID 641217: (CONSTANT_EXPRESSION_RESULT) /tmp/sbbs-Jan-14-2026/src/smblib/smbstr.c: 353 in smb_netaddr_type() /tmp/sbbs-Jan-14-2026/src/smblib/smbstr.c: 343 in smb_netaddr_type()

_____________________________________________________________________________________________
*** CID 641217: (CONSTANT_EXPRESSION_RESULT) /tmp/sbbs-Jan-14-2026/src/smblib/smbstr.c: 353 in smb_netaddr_type()
347 return NET_FIDO;
348 return NET_NONE;
349 }
350 if (p == str)
351 return NET_UNKNOWN;
352 p++;

CID 641217: (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".

353 SKIP_WHITESPACE(p);
354 if (*p == 0)
355 return NET_UNKNOWN;
356
357 type = smb_get_net_type_by_addr(p);
358 if (type == NET_INTERNET && strchr(str, ' ') != NULL) /tmp/sbbs-Jan-14-2026/src/smblib/smbstr.c: 343 in smb_netaddr_type()
337 const char* p;
338
339 if (str == NULL || IS_WHITESPACE(*str))
340 return NET_NONE;
341 if ((p = strchr(str, '@')) == NULL) {
342 p = str;

CID 641217: (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".

343 SKIP_WHITESPACE(p);
344 if (*p == 0)
345 return NET_NONE;
346 if (smb_get_net_type_by_addr(p) == NET_FIDO)
347 return NET_FIDO;
348 return NET_NONE;

** CID 641216: Integer handling issues (CONSTANT_EXPRESSION_RESULT) /sbbsecho.c: 6561 in read_areafile_bbs()

_____________________________________________________________________________________________
*** CID 641216: Integer handling issues (CONSTANT_EXPRESSION_RESULT) /sbbsecho.c: 6561 in read_areafile_bbs()
6555 lprintf(LOG_ERR, "ERROR allocating memory for area #%u.", cfg.areas + 1);
6556 bail(1);
6557 return;
6558 }
6559 sprintf(tmp_code, "%-.*s", LEN_EXTCODE, p);
6560 tp = tmp_code;

CID 641216: Integer handling issues (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*tp == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".

6561 FIND_WHITESPACE(tp);
6562 *tp = '\0';
6563 for (i = 0; i < scfg.total_subs; i++)
6564 if (!stricmp(tmp_code, scfg.sub[i]->code))
6565 break;
6566 if (i < scfg.total_subs)

** CID 641215: (CONSTANT_EXPRESSION_RESULT)
/un_rep.cpp: 567 in sbbs_t::unpack_rep(char *)()
/un_rep.cpp: 554 in sbbs_t::unpack_rep(char *)()
/un_rep.cpp: 570 in sbbs_t::unpack_rep(char *)()
/un_rep.cpp: 569 in sbbs_t::unpack_rep(char *)()
/un_rep.cpp: 552 in sbbs_t::unpack_rep(char *)()
/un_rep.cpp: 555 in sbbs_t::unpack_rep(char *)()

_____________________________________________________________________________________________
*** CID 641215: (CONSTANT_EXPRESSION_RESULT)
/un_rep.cpp: 567 in sbbs_t::unpack_rep(char *)()
561 subscan[n].cfg |= SUB_CFG_NSCAN | SUB_CFG_YSCAN;
562 }
563 continue;
564 }
565 if (strnicmp(str, "RESET ", 6) == 0) { 566 p = str + 6;

CID 641215: (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".

567 SKIP_WHITESPACE(p);
568 if ((n = resolve_qwkconf(atoi(p))) != INVALID_SUB) {
569 FIND_WHITESPACE(p);
570 SKIP_WHITESPACE(p);
571 /* If the [#ofmessages] is blank then the pointer should be set back to the start of the message base */
572 if (*p == 0) /un_rep.cpp: 554 in sbbs_t::unpack_rep(char *)()
548 if (!fgets(str, sizeof(str) - 1, fp)) 549 break;
550 if (strnicmp(str, "AREA ", 5) == 0) { 551 p = str + 5;
552 SKIP_WHITESPACE(p);
553 if ((n = resolve_qwkconf(atoi(p))) != INVALID_SUB) {

CID 641215: (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".

554 FIND_WHITESPACE(p);
555 SKIP_WHITESPACE(p);
556 if (strchr(p, 'D'))
557 subscan[n].cfg &= ~SUB_CFG_NSCAN;
558 else if (strchr(p, 'a') || strchr(p, 'g'))
559 subscan[n].cfg |= SUB_CFG_NSCAN;
/un_rep.cpp: 570 in sbbs_t::unpack_rep(char *)()
564 }
565 if (strnicmp(str, "RESET ", 6) == 0) { 566 p = str + 6;
567 SKIP_WHITESPACE(p);
568 if ((n = resolve_qwkconf(atoi(p))) != INVALID_SUB) {
569 FIND_WHITESPACE(p);

CID 641215: (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".

570 SKIP_WHITESPACE(p);
571 /* If the [#ofmessages] is blank then the pointer should be set back to the start of the message base */
572 if (*p == 0)
573 subscan[n].ptr = 0;
574 else {
575 /* otherwise it should be set back [#ofmessages] back from the end of the message base. */
/un_rep.cpp: 569 in sbbs_t::unpack_rep(char *)()
563 continue;
564 }
565 if (strnicmp(str, "RESET ", 6) == 0) { 566 p = str + 6;
567 SKIP_WHITESPACE(p);
568 if ((n = resolve_qwkconf(atoi(p))) != INVALID_SUB) {

CID 641215: (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".

569 FIND_WHITESPACE(p);
570 SKIP_WHITESPACE(p);
571 /* If the [#ofmessages] is blank then the pointer should be set back to the start of the message base */
572 if (*p == 0)
573 subscan[n].ptr = 0;
574 else {
/un_rep.cpp: 552 in sbbs_t::unpack_rep(char *)()
546 if (fp != NULL) {
547 while (!feof(fp)) {
548 if (!fgets(str, sizeof(str) - 1, fp)) 549 break;
550 if (strnicmp(str, "AREA ", 5) == 0) { 551 p = str + 5;

CID 641215: (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".

552 SKIP_WHITESPACE(p);
553 if ((n = resolve_qwkconf(atoi(p))) != INVALID_SUB) {
554 FIND_WHITESPACE(p);
555 SKIP_WHITESPACE(p);
556 if (strchr(p, 'D'))
557 subscan[n].cfg &= ~SUB_CFG_NSCAN;
/un_rep.cpp: 555 in sbbs_t::unpack_rep(char *)()
549 break;
550 if (strnicmp(str, "AREA ", 5) == 0) { 551 p = str + 5;
552 SKIP_WHITESPACE(p);
553 if ((n = resolve_qwkconf(atoi(p))) != INVALID_SUB) {
554 FIND_WHITESPACE(p);

CID 641215: (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".

555 SKIP_WHITESPACE(p);
556 if (strchr(p, 'D'))
557 subscan[n].cfg &= ~SUB_CFG_NSCAN;
558 else if (strchr(p, 'a') || strchr(p, 'g'))
559 subscan[n].cfg |= SUB_CFG_NSCAN;
560 else if (strchr(p, 'p'))

** CID 641214: Integer handling issues (CONSTANT_EXPRESSION_RESULT) /sbbsecho.c: 1603 in check_elists()

_____________________________________________________________________________________________
*** CID 641214: Integer handling issues (CONSTANT_EXPRESSION_RESULT) /sbbsecho.c: 1603 in check_elists()
1597 break;
1598 p = str;
1599 SKIP_WHITESPACE(p); 1600 if (*p == ';') /* Ignore Comment Lines */
1601 continue;
1602 tp = p;

CID 641214: Integer handling issues (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*tp == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".

1603 FIND_WHITESPACE(tp); 1604 *tp = '\0';
1605 if (!stricmp(areatag, p)) {
1606 match = true; 1607 break;
1608 }

** CID 641213: Integer handling issues (CONSTANT_EXPRESSION_RESULT) /userdat.c: 3492 in alias()

_____________________________________________________________________________________________
*** CID 641213: Integer handling issues (CONSTANT_EXPRESSION_RESULT) /userdat.c: 3492 in alias()
3486 break;
3487 np = line;
3488 SKIP_WHITESPACE(np);
3489 if (*np == ';' || *np == 0) /* no name value, or comment */
3490 continue;
3491 tp = np;

CID 641213: Integer handling issues (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*tp == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".

3492 FIND_WHITESPACE(tp);
3493
3494 if (*tp == 0) /* no alias value */
3495 continue;
3496 *tp = 0;
3497

** CID 641212: Integer handling issues (CONSTANT_EXPRESSION_RESULT) /sbbsecho.c: 1531 in netmail_arealist()

_____________________________________________________________________________________________
*** CID 641212: Integer handling issues (CONSTANT_EXPRESSION_RESULT) /sbbsecho.c: 1531 in netmail_arealist()
1525 truncsp(str);
1526 p = str;
1527 SKIP_WHITESPACE(p);
1528 if (*p == 0 || *p == ';') /* Ignore Blank and Comment Lines */
1529 continue;
1530 tp = p; >>> CID 641212: Integer handling issues (CONSTANT_EXPRESSION_RESULT)

"(unsigned char)*tp == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".

1531 FIND_WHITESPACE(tp);
1532 *tp = '\0';
1533 if (find_linked_area(p, addr) == SUB_NOT_FOUND) {
1534 if (strListFind(area_list, p, /* case_sensitive */ false) < 0)
1535 strListPush(&area_list, p);
1536 }

** CID 641211: Integer handling issues (CONSTANT_EXPRESSION_RESULT) /tmp/sbbs-Jan-14-2026/src/xpdev/ini_file.c: 232 in key_name()

_____________________________________________________________________________________________
*** CID 641211: Integer handling issues (CONSTANT_EXPRESSION_RESULT) /tmp/sbbs-Jan-14-2026/src/xpdev/ini_file.c: 232 in key_name()
226 *vp = NULL;
227
228 if (p == NULL)
229 return NULL;
230
231 /* Parse value name */

CID 641211: Integer handling issues (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".

232 SKIP_WHITESPACE(p);
233 if (*p == INI_COMMENT_CHAR)
234 return NULL;
235 if (*p == INI_OPEN_SECTION_CHAR)
236 return INI_NEW_SECTION;
237 equal = strchr(p, '=');

** CID 641210: Integer handling issues (CONSTANT_EXPRESSION_RESULT) /wordwrap.c: 211 in get_ws_len()

_____________________________________________________________________________________________
*** CID 641210: Integer handling issues (CONSTANT_EXPRESSION_RESULT) /wordwrap.c: 211 in get_ws_len()
205 {
206 struct section_len ret = {0, 0};
207
208 for (ret.bytes = 0; ; ret.bytes++) {
209 if (!buf[ret.bytes])
210 break;

CID 641210: Integer handling issues (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)buf[ret.bytes] == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".

211 if (!IS_WHITESPACE(buf[ret.bytes]))
212 break;
213 if (buf[ret.bytes] == '\t') {
214 ret.len++;
215 while ((ret.len + col) % 8)
216 ret.len++;

** CID 641209: (CONSTANT_EXPRESSION_RESULT) /tmp/sbbs-Jan-14-2026/src/xpdev/ini_file.c: 83 in section_name() /tmp/sbbs-Jan-14-2026/src/xpdev/ini_file.c: 87 in section_name()

_____________________________________________________________________________________________
*** CID 641209: (CONSTANT_EXPRESSION_RESULT) /tmp/sbbs-Jan-14-2026/src/xpdev/ini_file.c: 83 in section_name()
77 }
78
79 static char* section_name(char* p)
80 {
81 char* tp;
82

CID 641209: (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".

83 SKIP_WHITESPACE(p);
84 if (*p != INI_OPEN_SECTION_CHAR)
85 return NULL;
86 p++;
87 SKIP_WHITESPACE(p);
88 tp = strrchr(p, INI_CLOSE_SECTION_CHAR); /tmp/sbbs-Jan-14-2026/src/xpdev/ini_file.c: 87 in section_name()
81 char* tp;
82
83 SKIP_WHITESPACE(p);
84 if (*p != INI_OPEN_SECTION_CHAR)
85 return NULL;
86 p++;

CID 641209: (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".

87 SKIP_WHITESPACE(p);
88 tp = strrchr(p, INI_CLOSE_SECTION_CHAR);
89 if (tp == NULL)
90 return NULL;
91 *tp = 0;
92 truncsp(p);

** CID 641208: Integer handling issues (CONSTANT_EXPRESSION_RESULT) /mailsrvr.cpp: 1989 in parse_mail_address(const char *, char *, unsigned long, char *, unsigned long)()

_____________________________________________________________________________________________
*** CID 641208: Integer handling issues (CONSTANT_EXPRESSION_RESULT) /mailsrvr.cpp: 1989 in parse_mail_address(const char *, char *, unsigned long, char *, unsigned long)()
1983
1984 /* Get the address */
1985 if ((tp = (char*)strchr(p, '<')) != NULL)
1986 tp++;
1987 else
1988 tp = (char*)p;

CID 641208: Integer handling issues (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*tp == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".

1989 SKIP_WHITESPACE(tp);
1990 sprintf(addr, "%.*s", (int)addr_len, tp);
1991 truncstr(addr, ">( ");
1992
1993 if (name != NULL) {
1994 SAFECOPY(tmp, p);

** CID 641207: Integer handling issues (CONSTANT_EXPRESSION_RESULT) /sbbsecho.c: 2496 in process_areamgr()

_____________________________________________________________________________________________
*** CID 641207: Integer handling issues (CONSTANT_EXPRESSION_RESULT) /sbbsecho.c: 2496 in process_areamgr()
2490 }
2491
2492 m = strlen(p);
2493 add_area = strListInit();
2494 del_area = strListInit();
2495 for (l = 0; l < m; l++) {

CID 641207: Integer handling issues (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)p[l] == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".

2496 while (*(p + l) && IS_WHITESPACE(*(p + l))) l++;
2497 while (*(p + l) == CTRL_A) { /* Ignore kludge lines June-13-2004 */
2498 while (*(p + l) && *(p + l) != '\r') l++;
2499 continue;
2500 }
2501 if (!(*(p + l)))

** CID 641206: Integer handling issues (CONSTANT_EXPRESSION_RESULT) /tmp/sbbs-Jan-14-2026/src/xpdev/ini_file.c: 118 in section_match()

_____________________________________________________________________________________________
*** CID 641206: Integer handling issues (CONSTANT_EXPRESSION_RESULT) /tmp/sbbs-Jan-14-2026/src/xpdev/ini_file.c: 118 in section_match() 112 /* Search for matches */
113 for (i = 0; names[i] != NULL && !found; i++)
114 for (j = 0; comps[j] != NULL && !found; j++) {
115 n = names[i];
116 SKIP_WHITESPACE(n);
117 c = comps[j];

CID 641206: Integer handling issues (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*c == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".

118 SKIP_WHITESPACE(c);
119 if (case_sensitive)
120 found = strcmp(n, c) == 0;
121 else
122 found = stricmp(n, c) == 0;
123 }

** CID 641205: (CONSTANT_EXPRESSION_RESULT)
/sbbsecho.c: 2225 in areamgr_command()
/sbbsecho.c: 2191 in areamgr_command()
/sbbsecho.c: 2224 in areamgr_command()
/sbbsecho.c: 2335 in areamgr_command()
/sbbsecho.c: 2156 in areamgr_command()
/sbbsecho.c: 2273 in areamgr_command()
/sbbsecho.c: 2192 in areamgr_command()
/sbbsecho.c: 2336 in areamgr_command()
/sbbsecho.c: 2250 in areamgr_command()
/sbbsecho.c: 2155 in areamgr_command()
/sbbsecho.c: 2274 in areamgr_command()
/sbbsecho.c: 2306 in areamgr_command()
/sbbsecho.c: 2249 in areamgr_command()

_____________________________________________________________________________________________
*** CID 641205: (CONSTANT_EXPRESSION_RESULT)
/sbbsecho.c: 2225 in areamgr_command()
2219 }
2220
2221 if (strnicmp(instr, "PKTPWD ", 7) == 0) {
2222 char pktpwd[FIDO_PASS_LEN + 1]; /* Packet password for this node */
2223 char* p = instr;
2224 FIND_WHITESPACE(p);

CID 641205: (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".

2225 SKIP_WHITESPACE(p);
2226 SAFECOPY(pktpwd, p);
2227 if (!stricmp(pktpwd, nodecfg->pktpwd)) {
2228 snprintf(str, sizeof str, "Your packet password was already set to '%s'."
2229 , nodecfg->pktpwd);
2230 lprintf(LOG_INFO, "AreaMgr (for %s) %s", faddrtoa(&addr), str);
/sbbsecho.c: 2191 in areamgr_command()
2185 return true;
2186 }
2187
2188 if (strnicmp(instr, "PASSWORD ", 9) == 0 || strnicmp(instr, "PWD ", 4) == 0) {
2189 char password[FIDO_SUBJ_LEN]; /* AreaMgr password for this node */
2190 char* p = instr;

CID 641205: (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".

2191 FIND_WHITESPACE(p);
2192 SKIP_WHITESPACE(p);
2193 SAFECOPY(password, p);
2194 if (strchr(password, ' ') != NULL) {
2195 snprintf(str, sizeof str, "Your AreaMgr password cannot contain spaces.");
2196 lprintf(LOG_INFO, "AreaMgr (for %s) %s", faddrtoa(&addr), str);
/sbbsecho.c: 2224 in areamgr_command()
2218 return true;
2219 }
2220
2221 if (strnicmp(instr, "PKTPWD ", 7) == 0) {
2222 char pktpwd[FIDO_PASS_LEN + 1]; /* Packet password for this node */
2223 char* p = instr;

CID 641205: (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".

2224 FIND_WHITESPACE(p);
2225 SKIP_WHITESPACE(p);
2226 SAFECOPY(pktpwd, p);
2227 if (!stricmp(pktpwd, nodecfg->pktpwd)) {
2228 snprintf(str, sizeof str, "Your packet password was already set to '%s'."
2229 , nodecfg->pktpwd);
/sbbsecho.c: 2335 in areamgr_command()
2329 , str, /* dest: */ addr, /* src: */ NULL);
2330 return true;
2331 }
2332
2333 if (strnicmp(instr, "ECHOSTATS ", 10) == 0) {
2334 char* p = instr;

CID 641205: (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".

2335 FIND_WHITESPACE(p);
2336 SKIP_WHITESPACE(p);
2337 echostat_t* stat = get_echostat(p, /* create: */ false);
2338 if (stat == NULL) {
2339 lprintf(LOG_INFO, "AreaMgr (for %s) EchoStats request for unknown echo: %s", faddrtoa(&addr), p);
2340 } else {
/sbbsecho.c: 2156 in areamgr_command()
2150 alter_config(nodecfg, "Name", to);
2151 }
2152
2153 if (strnicmp(instr, "COMPRESSION ", 12) == 0 || strnicmp(instr, "COMPRESS ", 9) == 0) {
2154 char* p = instr;
2155 FIND_WHITESPACE(p);

CID 641205: (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".

2156 SKIP_WHITESPACE(p);
2157 if (!stricmp(p, "NONE"))
2158 nodecfg->archive = SBBSECHO_ARCHIVE_NONE;
2159 else {
2160 for (u = 0; u < cfg.arcdefs; u++)
2161 if (stricmp(p, cfg.arcdef[u].name) == 0)
/sbbsecho.c: 2273 in areamgr_command()
2267 create_netmail(to, /* msg: */ NULL, "TIC File Password Change Request", str, /* dest: */ addr, /* src: */ NULL);
2268 return true;
2269 }
2270
2271 if (strnicmp(instr, "NOTIFY ", 7) == 0) {
2272 char* p = instr;

CID 641205: (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".

2273 FIND_WHITESPACE(p);
2274 SKIP_WHITESPACE(p);
2275 if (alter_config(nodecfg, "Notify", p)) {
2276 SAFEPRINTF2(str, "Your Notification Messages have been changed from '%s' to '%s'."
2277 , nodecfg->send_notify ? "ON" : "OFF", p);
2278 } else {
/sbbsecho.c: 2192 in areamgr_command()
2186 }
2187
2188 if (strnicmp(instr, "PASSWORD ", 9) == 0 || strnicmp(instr, "PWD ", 4) == 0) {
2189 char password[FIDO_SUBJ_LEN]; /* AreaMgr password for this node */
2190 char* p = instr;
2191 FIND_WHITESPACE(p);

CID 641205: (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".

2192 SKIP_WHITESPACE(p);
2193 SAFECOPY(password, p);
2194 if (strchr(password, ' ') != NULL) {
2195 snprintf(str, sizeof str, "Your AreaMgr password cannot contain spaces.");
2196 lprintf(LOG_INFO, "AreaMgr (for %s) %s", faddrtoa(&addr), str);
2197 create_netmail(to, /* msg: */ NULL, "AreaMgr Password Change Request", str
/sbbsecho.c: 2336 in areamgr_command()
2330 return true;
2331 }
2332
2333 if (strnicmp(instr, "ECHOSTATS ", 10) == 0) {
2334 char* p = instr;
2335 FIND_WHITESPACE(p);

CID 641205: (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".

2336 SKIP_WHITESPACE(p);
2337 echostat_t* stat = get_echostat(p, /* create: */ false);
2338 if (stat == NULL) {
2339 lprintf(LOG_INFO, "AreaMgr (for %s) EchoStats request for unknown echo: %s", faddrtoa(&addr), p);
2340 } else {
2341 FILE* fp;
/sbbsecho.c: 2250 in areamgr_command()
2244 }
2245
2246 if (strnicmp(instr, "TICPWD ", 7) == 0) {
2247 char ticpwd[SBBSECHO_MAX_TICPWD_LEN + 1]; /* TIC File password for this node */
2248 char* p = instr;
2249 FIND_WHITESPACE(p);

CID 641205: (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".

2250 SKIP_WHITESPACE(p);
2251 SAFECOPY(ticpwd, p);
2252 if (!stricmp(ticpwd, nodecfg->ticpwd)) {
2253 snprintf(str, sizeof str, "Your TIC File password was already set to '%s'."
2254 , nodecfg->ticpwd);
2255 lprintf(LOG_INFO, "AreaMgr (for %s) %s", faddrtoa(&addr), str);
/sbbsecho.c: 2155 in areamgr_command()
2149 lprintf(LOG_INFO, "AreaMgr (for %s) Changing name to: %s", faddrtoa(&addr), to);
2150 alter_config(nodecfg, "Name", to);
2151 }
2152
2153 if (strnicmp(instr, "COMPRESSION ", 12) == 0 || strnicmp(instr, "COMPRESS ", 9) == 0) {
2154 char* p = instr;

CID 641205: (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".

2155 FIND_WHITESPACE(p);
2156 SKIP_WHITESPACE(p);
2157 if (!stricmp(p, "NONE"))
2158 nodecfg->archive = SBBSECHO_ARCHIVE_NONE;
2159 else {
2160 for (u = 0; u < cfg.arcdefs; u++)
/sbbsecho.c: 2274 in areamgr_command()
2268 return true;
2269 }
2270
2271 if (strnicmp(instr, "NOTIFY ", 7) == 0) {
2272 char* p = instr;
2273 FIND_WHITESPACE(p);

CID 641205: (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".

2274 SKIP_WHITESPACE(p);
2275 if (alter_config(nodecfg, "Notify", p)) {
2276 SAFEPRINTF2(str, "Your Notification Messages have been changed from '%s' to '%s'."
2277 , nodecfg->send_notify ? "ON" : "OFF", p);
2278 } else {
2279 SAFECOPY(str, "Error changing Notify Setting"); /sbbsecho.c: 2306 in areamgr_command()
2300 return true;
2301 }
2302
2303 // %RESCAN <area-tag> [R=<count> || D=<days>]
2304 if (strnicmp(instr, "RESCAN ", 7) == 0) {
2305 char* p = instr + 7;

CID 641205: (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".

2306 SKIP_WHITESPACE(p);
2307 char* tp = p;
2308 FIND_WHITESPACE(tp);
2309 if (*tp != '\0') {
2310 *tp = '\0';
2311 ++tp;
/sbbsecho.c: 2249 in areamgr_command()
2243 return true;
2244 }
2245
2246 if (strnicmp(instr, "TICPWD ", 7) == 0) {
2247 char ticpwd[SBBSECHO_MAX_TICPWD_LEN + 1]; /* TIC File password for this node */
2248 char* p = instr;

CID 641205: (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".

2249 FIND_WHITESPACE(p);
2250 SKIP_WHITESPACE(p);
2251 SAFECOPY(ticpwd, p);
2252 if (!stricmp(ticpwd, nodecfg->ticpwd)) {
2253 snprintf(str, sizeof str, "Your TIC File password was already set to '%s'."
2254 , nodecfg->ticpwd);

** CID 641204: Integer handling issues (CONSTANT_EXPRESSION_RESULT) /main.cpp: 5749 in bbs_thread()

_____________________________________________________________________________________________
*** CID 641204: Integer handling issues (CONSTANT_EXPRESSION_RESULT) /main.cpp: 5749 in bbs_thread()
5743 /* ToDo: Make ident timeout configurable */
5744 if (identify(&client_addr, inet_addrport(&client_addr), str, sizeof(str) - 1, /* timeout: */ 1)) {
5745 lprintf(LOG_DEBUG, "%04d %s [%s] Ident Response: %s", client_socket, client.protocol, host_ip, str);
5746 identity = strrchr(str, ':'); 5747 if (identity != NULL) {
5748 identity++; /* skip colon */

CID 641204: Integer handling issues (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*identity == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".

5749 SKIP_WHITESPACE(identity);
5750 if (*identity)
5751 lprintf(LOG_INFO, "%04d %s [%s] Identity: %s", client_socket, client.protocol, host_ip, identity);
5752 }
5753 }
5754 sbbs->cp437_out(crlf);

** CID 641203: (CONSTANT_EXPRESSION_RESULT)
/netmail.cpp: 432 in sbbs_t::qwktonetmail(_IO_FILE *, char *, char *, unsigned char)()
/netmail.cpp: 422 in sbbs_t::qwktonetmail(_IO_FILE *, char *, char *, unsigned char)()

_____________________________________________________________________________________________
*** CID 641203: (CONSTANT_EXPRESSION_RESULT)
/netmail.cpp: 432 in sbbs_t::qwktonetmail(_IO_FILE *, char *, char *, unsigned char)()
426 SAFECOPY(to, p);
427 p += strlen(p) + 1;
428 continue;
429 }
430 if (strncmp(p, "Subject:", 8) == 0) {
431 p += 8;

CID 641203: (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".

432 SKIP_WHITESPACE(p);
433 char* tp = strchr(p, QWK_NEWLINE); /* chop off at first CR */
434 if (tp != NULL)
435 *tp = 0;
436 subject = p;
437 p += strlen(p) + 1;
/netmail.cpp: 422 in sbbs_t::qwktonetmail(_IO_FILE *, char *, char *, unsigned char)()
416 SAFECOPY(to, into);
417
418 // Parse QWKE Kludge Lines here:
419 while (p < end && *p != QWK_NEWLINE) {
420 if (strncmp(p, "To:", 3) == 0) {
421 p += 3;

CID 641203: (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".

422 SKIP_WHITESPACE(p);
423 char* tp = strchr(p, QWK_NEWLINE); /* chop off at first CR */
424 if (tp != NULL)
425 *tp = 0;
426 SAFECOPY(to, p);
427 p += strlen(p) + 1;

** CID 641202: Integer handling issues (CONSTANT_EXPRESSION_RESULT) /mailsrvr.cpp: 1960 in dns_blacklisted(int, const char *, xp_sockaddr *, char *, char *, char *)()

_____________________________________________________________________________________________
*** CID 641202: Integer handling issues (CONSTANT_EXPRESSION_RESULT) /mailsrvr.cpp: 1960 in dns_blacklisted(int, const char *, xp_sockaddr *, char *, char *, char *)()
1954 continue;
1955
1956 sprintf(list, "%.100s", p);
1957
1958 /* terminate */
1959 tp = p;

CID 641202: Integer handling issues (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*tp == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".

1960 FIND_WHITESPACE(tp);
1961 *tp = 0;
1962
1963 found = rblchk(sock, prot, addr, p);
1964 }
1965 fclose(fp);

** CID 641201: (CONSTANT_EXPRESSION_RESULT)
/netmail.cpp: 1185 in sbbs_t::inetmail(const char *, const char *, int, smb_t *, smbmsg_t *, char **)()
/netmail.cpp: 1195 in sbbs_t::inetmail(const char *, const char *, int, smb_t *, smbmsg_t *, char **)()
/netmail.cpp: 975 in sbbs_t::inetmail(const char *, const char *, int, smb_t *, smbmsg_t *, char **)()
/netmail.cpp: 1202 in sbbs_t::inetmail(const char *, const char *, int, smb_t *, smbmsg_t *, char **)()

_____________________________________________________________________________________________
*** CID 641201: (CONSTANT_EXPRESSION_RESULT)
/netmail.cpp: 1185 in sbbs_t::inetmail(const char *, const char *, int, smb_t *, smbmsg_t *, char **)()
1179 break;
1180 }
1181
1182 /* Get destination user address */
1183 if ((p = strrchr(rcpt_list[rcpt_count], '<')) != NULL) {
1184 p++;

CID 641201: (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".

1185 SKIP_WHITESPACE(p);
1186 SAFECOPY(addr, p);
1187 p = strrchr(addr, '>');
1188 if (p == NULL) {
1189 bprintf(text[InvalidNetMailAddr], rcpt_list[rcpt_count]);
1190 break;
/netmail.cpp: 1195 in sbbs_t::inetmail(const char *, const char *, int, smb_t *, smbmsg_t *, char **)()
1189 bprintf(text[InvalidNetMailAddr], rcpt_list[rcpt_count]);
1190 break;
1191 }
1192 *p = 0;
1193 } else {
1194 p = rcpt_list[rcpt_count];

CID 641201: (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".

1195 SKIP_WHITESPACE(p);
1196 SAFECOPY(addr, p);
1197 }
1198 truncsp(addr);
1199
1200 /* Get destination user name */
/netmail.cpp: 975 in sbbs_t::inetmail(const char *, const char *, int, smb_t *, smbmsg_t *, char **)()
969 bprintf(text[InvalidNetMailAddr], p);
970 continue;
971 }
972 while (at > p && *at > ' ')
973 at--;
974 p = at;

CID 641201: (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".

975 SKIP_WHITESPACE(p);
976 uint16_t net_type = smb_netaddr_type(p);
977 if (net_type != NET_INTERNET) {
978 bprintf(text[InvalidNetMailAddr], p);
979 break;
980 }
/netmail.cpp: 1202 in sbbs_t::inetmail(const char *, const char *, int, smb_t *, smbmsg_t *, char **)()
1196 SAFECOPY(addr, p);
1197 }
1198 truncsp(addr);
1199
1200 /* Get destination user name */
1201 p = rcpt_list[rcpt_count];

CID 641201: (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".

1202 SKIP_WHITESPACE(p);
1203 SAFECOPY(name, p);
1204 p = strrchr(name, '<');
1205 if (!p)
1206 p = strrchr(name, '@');
1207 if (!p)

** CID 641200: (CONSTANT_EXPRESSION_RESULT)
/ftpsrvr.c: 1534 in ftpalias()
/ftpsrvr.c: 1547 in ftpalias()

_____________________________________________________________________________________________
*** CID 641200: (CONSTANT_EXPRESSION_RESULT)
/ftpsrvr.c: 1534 in ftpalias()
1528
1529 while (!feof(fp)) {
1530 if (!fgets(line, sizeof(line), fp))
1531 break;
1532
1533 p = line; /* alias */

CID 641200: (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".

1534 SKIP_WHITESPACE(p);
1535 if (*p == ';') /* comment */
1536 continue;
1537
1538 tp = p; /* terminator */
1539 FIND_WHITESPACE(tp);
/ftpsrvr.c: 1547 in ftpalias()
1541 *tp = 0;
1542
1543 if (stricmp(p, alias)) /* Not a match */
1544 continue;
1545
1546 p = tp + 1; /* filename */

CID 641200: (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".

1547 SKIP_WHITESPACE(p);
1548
1549 tp = p; /* terminator */
1550 FIND_WHITESPACE(tp);
1551 if (*tp)
1552 *tp = 0;

________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://scan.coverity.com/projects/synchronet?tab=overview

----==_mimepart_69679e3a9f33a_26617a2afbc97ad9ac59811
Content-Type: text/html; charset=us-ascii
Content-Transfer-Encoding: 7bit

<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<title>New Defects Reported - Synchronet</title>
<style>
body { font-family: Arial, sans-serif; color: #222; line-height: 1.6; }
.button {
display: inline-block;
padding: 10px 20px;
margin: 20px 0;
font-size: 16px;
color: #fff !important;
background-color: #0056b3;
text-decoration: none;
border-radius: 5px;
}
pre {
background: #f8f9fa;
padding: 10px;
border-radius: 5px;
font-size: 14px;
overflow-x: auto;
}
</style>
</head>
<body>
<p>Hi,</p>

<p>
Please find the latest report on new defect(s) introduced to <strong>Synchronet</strong>
found with Coverity Scan.
</p>

<ul>
<li><strong>New Defects Found:</strong> 113</li>
<li>
7 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.
</li>
<li><strong>Defects Shown:</strong> Showing 20 of 113 defect(s)</li>
</ul>

<h3>Defect Details</h3>
<pre>
** CID 641219: Integer handling issues (CONSTANT_EXPRESSION_RESULT) /userdat.c: 3499 in alias()

_____________________________________________________________________________________________
*** CID 641219: Integer handling issues (CONSTANT_EXPRESSION_RESULT) /userdat.c: 3499 in alias()
3493
3494 if (*tp == 0) /* no alias value */
3495 continue;
3496 *tp = 0;
3497
3498 vp = tp + 1;
>>> CID 641219: Integer handling issues (CONSTANT_EXPRESSION_RESULT)
>>> "(unsigned char)*vp == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
3499 SKIP_WHITESPACE(vp);
3500 truncsp(vp);
3501 if (*vp == 0) /* no value */
3502 continue;
3503
3504 if (*np == '*') {

** CID 641218: (CONSTANT_EXPRESSION_RESULT)
/ftpsrvr.c: 3761 in ctrl_thread()
/ftpsrvr.c: 4084 in ctrl_thread()

_____________________________________________________________________________________________
*** CID 641218: (CONSTANT_EXPRESSION_RESULT)
/ftpsrvr.c: 3761 in ctrl_thread()
3755 tp = np; /* terminator pointer */
3756 FIND_WHITESPACE(tp);
3757 if (*tp)
3758 *tp = 0;
3759
3760 dp = tp + 1; /* description pointer */
>>> CID 641218: (CONSTANT_EXPRESSION_RESULT) >>> "(unsigned char)*dp == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
3761 SKIP_WHITESPACE(dp);
3762 truncsp(dp);
3763
3764 if (stricmp(dp, BBS_HIDDEN_ALIAS) == 0)
3765 continue;
3766
/ftpsrvr.c: 4084 in ctrl_thread()
4078 tp = np; /* terminator pointer */
4079 FIND_WHITESPACE(tp); 4080 if (*tp)
4081 *tp = 0;
4082
4083 dp = tp + 1; /* description pointer */
>>> CID 641218: (CONSTANT_EXPRESSION_RESULT) >>> "(unsigned char)*dp == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
4084 SKIP_WHITESPACE(dp); 4085 truncsp(dp);
4086
4087 if (stricmp(dp, BBS_HIDDEN_ALIAS) == 0)
4088 continue;
4089

** CID 641217: (CONSTANT_EXPRESSION_RESULT) /tmp/sbbs-Jan-14-2026/src/smblib/smbstr.c: 353 in smb_netaddr_type() /tmp/sbbs-Jan-14-2026/src/smblib/smbstr.c: 343 in smb_netaddr_type()

_____________________________________________________________________________________________
*** CID 641217: (CONSTANT_EXPRESSION_RESULT) /tmp/sbbs-Jan-14-2026/src/smblib/smbstr.c: 353 in smb_netaddr_type()
347 return NET_FIDO;
348 return NET_NONE;
349 }
350 if (p == str)
351 return NET_UNKNOWN;
352 p++;
>>> CID 641217: (CONSTANT_EXPRESSION_RESULT) >>> "(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
353 SKIP_WHITESPACE(p);
354 if (*p == 0)
355 return NET_UNKNOWN;
356
357 type = smb_get_net_type_by_addr(p);
358 if (type == NET_INTERNET && strchr(str, ' ') != NULL)
/tmp/sbbs-Jan-14-2026/src/smblib/smbstr.c: 343 in smb_netaddr_type()
337 const char* p;
338
339 if (str == NULL || IS_WHITESPACE(*str))
340 return NET_NONE;
341 if ((p = strchr(str, '@')) == NULL) {
342 p = str;
>>> CID 641217: (CONSTANT_EXPRESSION_RESULT) >>> "(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
343 SKIP_WHITESPACE(p);
344 if (*p == 0)
345 return NET_NONE;
346 if (smb_get_net_type_by_addr(p) == NET_FIDO)
347 return NET_FIDO;
348 return NET_NONE;

** CID 641216: Integer handling issues (CONSTANT_EXPRESSION_RESULT) /sbbsecho.c: 6561 in read_areafile_bbs()

_____________________________________________________________________________________________
*** CID 641216: Integer handling issues (CONSTANT_EXPRESSION_RESULT) /sbbsecho.c: 6561 in read_areafile_bbs()
6555 lprintf(LOG_ERR, "ERROR allocating memory for area #%u.", cfg.areas + 1);
6556 bail(1);
6557 return;
6558 }
6559 sprintf(tmp_code, "%-.*s", LEN_EXTCODE, p); 6560 tp = tmp_code;
>>> CID 641216: Integer handling issues (CONSTANT_EXPRESSION_RESULT)
>>> "(unsigned char)*tp == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
6561 FIND_WHITESPACE(tp);
6562 *tp = '\0';
6563 for (i = 0; i < scfg.total_subs; i++)
6564 if (!stricmp(tmp_code, scfg.sub[i]->code)) 6565 break;
6566 if (i < scfg.total_subs)

** CID 641215: (CONSTANT_EXPRESSION_RESULT)
/un_rep.cpp: 567 in sbbs_t::unpack_rep(char *)()
/un_rep.cpp: 554 in sbbs_t::unpack_rep(char *)()
/un_rep.cpp: 570 in sbbs_t::unpack_rep(char *)()
/un_rep.cpp: 569 in sbbs_t::unpack_rep(char *)()
/un_rep.cpp: 552 in sbbs_t::unpack_rep(char *)()
/un_rep.cpp: 555 in sbbs_t::unpack_rep(char *)()

_____________________________________________________________________________________________
*** CID 641215: (CONSTANT_EXPRESSION_RESULT)
/un_rep.cpp: 567 in sbbs_t::unpack_rep(char *)()
561 subscan[n].cfg |= SUB_CFG_NSCAN | SUB_CFG_YSCAN;
562 }
563 continue;
564 }
565 if (strnicmp(str, "RESET ", 6) == 0) {
566 p = str + 6;
>>> CID 641215: (CONSTANT_EXPRESSION_RESULT) >>> "(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
567 SKIP_WHITESPACE(p);
568 if ((n = resolve_qwkconf(atoi(p))) != INVALID_SUB) {
569 FIND_WHITESPACE(p);
570 SKIP_WHITESPACE(p);
571 /* If the [#ofmessages] is blank then the pointer should be set back to the start of the message base */
572 if (*p == 0) /un_rep.cpp: 554 in sbbs_t::unpack_rep(char *)()
548 if (!fgets(str, sizeof(str) - 1, fp)) 549 break;
550 if (strnicmp(str, "AREA ", 5) == 0) {
551 p = str + 5;
552 SKIP_WHITESPACE(p);
553 if ((n = resolve_qwkconf(atoi(p))) != INVALID_SUB) {
>>> CID 641215: (CONSTANT_EXPRESSION_RESULT) >>> "(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
554 FIND_WHITESPACE(p);
555 SKIP_WHITESPACE(p);
556 if (strchr(p, 'D'))
557 subscan[n].cfg &= ~SUB_CFG_NSCAN;
558 else if (strchr(p, 'a') || strchr(p, 'g'))
559 subscan[n].cfg |= SUB_CFG_NSCAN;
/un_rep.cpp: 570 in sbbs_t::unpack_rep(char *)()
564 }
565 if (strnicmp(str, "RESET ", 6) == 0) {
566 p = str + 6;
567 SKIP_WHITESPACE(p);
568 if ((n = resolve_qwkconf(atoi(p))) != INVALID_SUB) {
569 FIND_WHITESPACE(p); >>> CID 641215: (CONSTANT_EXPRESSION_RESULT) >>> "(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
570 SKIP_WHITESPACE(p);
571 /* If the [#ofmessages] is blank then the pointer should be set back to the start of the message base */
572 if (*p == 0)
573 subscan[n].ptr = 0;
574 else {
575 /* otherwise it should be set back [#ofmessages] back from the end of the message base. */
/un_rep.cpp: 569 in sbbs_t::unpack_rep(char *)()
563 continue;
564 }
565 if (strnicmp(str, "RESET ", 6) == 0) {
566 p = str + 6;
567 SKIP_WHITESPACE(p);
568 if ((n = resolve_qwkconf(atoi(p))) != INVALID_SUB) {
>>> CID 641215: (CONSTANT_EXPRESSION_RESULT) >>> "(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
569 FIND_WHITESPACE(p);
570 SKIP_WHITESPACE(p);
571 /* If the [#ofmessages] is blank then the pointer should be set back to the start of the message base */
572 if (*p == 0)
573 subscan[n].ptr = 0;
574 else {
/un_rep.cpp: 552 in sbbs_t::unpack_rep(char *)()
546 if (fp != NULL) {
547 while (!feof(fp)) {
548 if (!fgets(str, sizeof(str) - 1, fp)) 549 break;
550 if (strnicmp(str, "AREA ", 5) == 0) {
551 p = str + 5;
>>> CID 641215: (CONSTANT_EXPRESSION_RESULT) >>> "(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
552 SKIP_WHITESPACE(p);
553 if ((n = resolve_qwkconf(atoi(p))) != INVALID_SUB) {
554 FIND_WHITESPACE(p);
555 SKIP_WHITESPACE(p);
556 if (strchr(p, 'D'))
557 subscan[n].cfg &= ~SUB_CFG_NSCAN;
/un_rep.cpp: 555 in sbbs_t::unpack_rep(char *)()
549 break;
550 if (strnicmp(str, "AREA ", 5) == 0) {
551 p = str + 5;
552 SKIP_WHITESPACE(p);
553 if ((n = resolve_qwkconf(atoi(p))) != INVALID_SUB) {
554 FIND_WHITESPACE(p); >>> CID 641215: (CONSTANT_EXPRESSION_RESULT) >>> "(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
555 SKIP_WHITESPACE(p);
556 if (strchr(p, 'D'))
557 subscan[n].cfg &= ~SUB_CFG_NSCAN;
558 else if (strchr(p, 'a') || strchr(p, 'g'))
559 subscan[n].cfg |= SUB_CFG_NSCAN;
560 else if (strchr(p, 'p'))

** CID 641214: Integer handling issues (CONSTANT_EXPRESSION_RESULT) /sbbsecho.c: 1603 in check_elists()

_____________________________________________________________________________________________
*** CID 641214: Integer handling issues (CONSTANT_EXPRESSION_RESULT) /sbbsecho.c: 1603 in check_elists()
1597 break;
1598 p = str;
1599 SKIP_WHITESPACE(p); 1600 if (*p == ';') /* Ignore Comment Lines */
1601 continue;
1602 tp = p;
>>> CID 641214: Integer handling issues (CONSTANT_EXPRESSION_RESULT)
>>> "(unsigned char)*tp == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
1603 FIND_WHITESPACE(tp); 1604 *tp = '\0'; 1605 if (!stricmp(areatag, p)) {
1606 match = true; 1607 break;
1608 }

** CID 641213: Integer handling issues (CONSTANT_EXPRESSION_RESULT) /userdat.c: 3492 in alias()

_____________________________________________________________________________________________
*** CID 641213: Integer handling issues (CONSTANT_EXPRESSION_RESULT) /userdat.c: 3492 in alias()
3486 break;
3487 np = line;
3488 SKIP_WHITESPACE(np);
3489 if (*np == ';' || *np == 0) /* no name value, or comment */
3490 continue;
3491 tp = np;
>>> CID 641213: Integer handling issues (CONSTANT_EXPRESSION_RESULT)
>>> "(unsigned char)*tp == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
3492 FIND_WHITESPACE(tp);
3493
3494 if (*tp == 0) /* no alias value */
3495 continue;
3496 *tp = 0;
3497

** CID 641212: Integer handling issues (CONSTANT_EXPRESSION_RESULT) /sbbsecho.c: 1531 in netmail_arealist()

_____________________________________________________________________________________________
*** CID 641212: Integer handling issues (CONSTANT_EXPRESSION_RESULT) /sbbsecho.c: 1531 in netmail_arealist()
1525 truncsp(str);
1526 p = str;
1527 SKIP_WHITESPACE(p);
1528 if (*p == 0 || *p == ';') /* Ignore Blank and Comment Lines */
1529 continue;
1530 tp = p; >>> CID 641212: Integer handling issues (CONSTANT_EXPRESSION_RESULT)
>>> "(unsigned char)*tp == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
1531 FIND_WHITESPACE(tp);
1532 *tp = '\0';
1533 if (find_linked_area(p, addr) == SUB_NOT_FOUND) {
1534 if (strListFind(area_list, p, /* case_sensitive */ false) < 0)
1535 strListPush(&area_list, p);
1536 }

** CID 641211: Integer handling issues (CONSTANT_EXPRESSION_RESULT) /tmp/sbbs-Jan-14-2026/src/xpdev/ini_file.c: 232 in key_name()

_____________________________________________________________________________________________
*** CID 641211: Integer handling issues (CONSTANT_EXPRESSION_RESULT) /tmp/sbbs-Jan-14-2026/src/xpdev/ini_file.c: 232 in key_name()
226 *vp = NULL;
227
228 if (p == NULL)
229 return NULL;
230
231 /* Parse value name */
>>> CID 641211: Integer handling issues (CONSTANT_EXPRESSION_RESULT)
>>> "(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
232 SKIP_WHITESPACE(p);
233 if (*p == INI_COMMENT_CHAR)
234 return NULL;
235 if (*p == INI_OPEN_SECTION_CHAR)
236 return INI_NEW_SECTION;
237 equal = strchr(p, '=');

** CID 641210: Integer handling issues (CONSTANT_EXPRESSION_RESULT) /wordwrap.c: 211 in get_ws_len()

_____________________________________________________________________________________________
*** CID 641210: Integer handling issues (CONSTANT_EXPRESSION_RESULT) /wordwrap.c: 211 in get_ws_len()
205 {
206 struct section_len ret = {0, 0};
207
208 for (ret.bytes = 0; ; ret.bytes++) {
209 if (!buf[ret.bytes])
210 break;
>>> CID 641210: Integer handling issues (CONSTANT_EXPRESSION_RESULT)
>>> "(unsigned char)buf[ret.bytes] == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
211 if (!IS_WHITESPACE(buf[ret.bytes]))
212 break;
213 if (buf[ret.bytes] == '\t') {
214 ret.len++;
215 while ((ret.len + col) % 8)
216 ret.len++;

** CID 641209: (CONSTANT_EXPRESSION_RESULT) /tmp/sbbs-Jan-14-2026/src/xpdev/ini_file.c: 83 in section_name() /tmp/sbbs-Jan-14-2026/src/xpdev/ini_file.c: 87 in section_name()

_____________________________________________________________________________________________
*** CID 641209: (CONSTANT_EXPRESSION_RESULT) /tmp/sbbs-Jan-14-2026/src/xpdev/ini_file.c: 83 in section_name()
77 }
78
79 static char* section_name(char* p)
80 {
81 char* tp;
82
>>> CID 641209: (CONSTANT_EXPRESSION_RESULT) >>> "(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
83 SKIP_WHITESPACE(p);
84 if (*p != INI_OPEN_SECTION_CHAR)
85 return NULL;
86 p++;
87 SKIP_WHITESPACE(p);
88 tp = strrchr(p, INI_CLOSE_SECTION_CHAR); /tmp/sbbs-Jan-14-2026/src/xpdev/ini_file.c: 87 in section_name()
81 char* tp;
82
83 SKIP_WHITESPACE(p);
84 if (*p != INI_OPEN_SECTION_CHAR)
85 return NULL;
86 p++;
>>> CID 641209: (CONSTANT_EXPRESSION_RESULT) >>> "(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
87 SKIP_WHITESPACE(p);
88 tp = strrchr(p, INI_CLOSE_SECTION_CHAR);
89 if (tp == NULL)
90 return NULL;
91 *tp = 0;
92 truncsp(p);

** CID 641208: Integer handling issues (CONSTANT_EXPRESSION_RESULT) /mailsrvr.cpp: 1989 in parse_mail_address(const char *, char *, unsigned long, char *, unsigned long)()

_____________________________________________________________________________________________
*** CID 641208: Integer handling issues (CONSTANT_EXPRESSION_RESULT) /mailsrvr.cpp: 1989 in parse_mail_address(const char *, char *, unsigned long, char *, unsigned long)()
1983
1984 /* Get the address */
1985 if ((tp = (char*)strchr(p, '<')) != NULL)
1986 tp++;
1987 else
1988 tp = (char*)p;
>>> CID 641208: Integer handling issues (CONSTANT_EXPRESSION_RESULT)
>>> "(unsigned char)*tp == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
1989 SKIP_WHITESPACE(tp);
1990 sprintf(addr, "%.*s", (int)addr_len, tp);
1991 truncstr(addr, ">( ");
1992
1993 if (name != NULL) {
1994 SAFECOPY(tmp, p);

** CID 641207: Integer handling issues (CONSTANT_EXPRESSION_RESULT) /sbbsecho.c: 2496 in process_areamgr()

_____________________________________________________________________________________________
*** CID 641207: Integer handling issues (CONSTANT_EXPRESSION_RESULT) /sbbsecho.c: 2496 in process_areamgr()
2490 }
2491
2492 m = strlen(p);
2493 add_area = strListInit();
2494 del_area = strListInit();
2495 for (l = 0; l < m; l++) {
>>> CID 641207: Integer handling issues (CONSTANT_EXPRESSION_RESULT)
>>> "(unsigned char)p[l] == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
2496 while (*(p + l) && IS_WHITESPACE(*(p + l))) l++;
2497 while (*(p + l) == CTRL_A) { /* Ignore kludge lines June-13-2004 */
2498 while (*(p + l) && *(p + l) != '\r') l++;
2499 continue;
2500 }
2501 if (!(*(p + l)))

** CID 641206: Integer handling issues (CONSTANT_EXPRESSION_RESULT) /tmp/sbbs-Jan-14-2026/src/xpdev/ini_file.c: 118 in section_match()

_____________________________________________________________________________________________
*** CID 641206: Integer handling issues (CONSTANT_EXPRESSION_RESULT) /tmp/sbbs-Jan-14-2026/src/xpdev/ini_file.c: 118 in section_match() 112 /* Search for matches */
113 for (i = 0; names[i] != NULL && !found; i++)
114 for (j = 0; comps[j] != NULL && !found; j++) { 115 n = names[i];
116 SKIP_WHITESPACE(n);
117 c = comps[j];
>>> CID 641206: Integer handling issues (CONSTANT_EXPRESSION_RESULT)
>>> "(unsigned char)*c == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
118 SKIP_WHITESPACE(c);
119 if (case_sensitive)
120 found = strcmp(n, c) == 0;
121 else
122 found = stricmp(n, c) == 0;
123 }

** CID 641205: (CONSTANT_EXPRESSION_RESULT)
/sbbsecho.c: 2225 in areamgr_command()
/sbbsecho.c: 2191 in areamgr_command()
/sbbsecho.c: 2224 in areamgr_command()
/sbbsecho.c: 2335 in areamgr_command()
/sbbsecho.c: 2156 in areamgr_command()
/sbbsecho.c: 2273 in areamgr_command()
/sbbsecho.c: 2192 in areamgr_command()
/sbbsecho.c: 2336 in areamgr_command()
/sbbsecho.c: 2250 in areamgr_command()
/sbbsecho.c: 2155 in areamgr_command()
/sbbsecho.c: 2274 in areamgr_command()
/sbbsecho.c: 2306 in areamgr_command()
/sbbsecho.c: 2249 in areamgr_command()

_____________________________________________________________________________________________
*** CID 641205: (CONSTANT_EXPRESSION_RESULT)
/sbbsecho.c: 2225 in areamgr_command()
2219 }
2220
2221 if (strnicmp(instr, "PKTPWD ", 7) == 0) {
2222 char pktpwd[FIDO_PASS_LEN + 1]; /* Packet password for this node */
2223 char* p = instr;
2224 FIND_WHITESPACE(p);
>>> CID 641205: (CONSTANT_EXPRESSION_RESULT) >>> "(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
2225 SKIP_WHITESPACE(p);
2226 SAFECOPY(pktpwd, p);
2227 if (!stricmp(pktpwd, nodecfg->pktpwd)) {
2228 snprintf(str, sizeof str, "Your packet password was already set to '%s'."
2229 , nodecfg->pktpwd);
2230 lprintf(LOG_INFO, "AreaMgr (for %s) %s", faddrtoa(&addr), str);
/sbbsecho.c: 2191 in areamgr_command()
2185 return true;
2186 }
2187
2188 if (strnicmp(instr, "PASSWORD ", 9) == 0 || strnicmp(instr, "PWD ", 4) == 0) {
2189 char password[FIDO_SUBJ_LEN]; /* AreaMgr password for this node */
2190 char* p = instr;
>>> CID 641205: (CONSTANT_EXPRESSION_RESULT) >>> "(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
2191 FIND_WHITESPACE(p);
2192 SKIP_WHITESPACE(p);
2193 SAFECOPY(password, p);
2194 if (strchr(password, ' ') != NULL) {
2195 snprintf(str, sizeof str, "Your AreaMgr password cannot contain spaces.");
2196 lprintf(LOG_INFO, "AreaMgr (for %s) %s", faddrtoa(&addr), str);
/sbbsecho.c: 2224 in areamgr_command()
2218 return true;
2219 }
2220
2221 if (strnicmp(instr, "PKTPWD ", 7) == 0) {
2222 char pktpwd[FIDO_PASS_LEN + 1]; /* Packet password for this node */
2223 char* p = instr;
>>> CID 641205: (CONSTANT_EXPRESSION_RESULT) >>> "(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
2224 FIND_WHITESPACE(p);
2225 SKIP_WHITESPACE(p);
2226 SAFECOPY(pktpwd, p);
2227 if (!stricmp(pktpwd, nodecfg->pktpwd)) {
2228 snprintf(str, sizeof str, "Your packet password was already set to '%s'."
2229 , nodecfg->pktpwd);
/sbbsecho.c: 2335 in areamgr_command()
2329 , str, /* dest: */ addr, /* src: */ NULL);
2330 return true;
2331 }
2332
2333 if (strnicmp(instr, "ECHOSTATS ", 10) == 0) {
2334 char* p = instr;
>>> CID 641205: (CONSTANT_EXPRESSION_RESULT) >>> "(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
2335 FIND_WHITESPACE(p);
2336 SKIP_WHITESPACE(p);
2337 echostat_t* stat = get_echostat(p, /* create: */ false);
2338 if (stat == NULL) {
2339 lprintf(LOG_INFO, "AreaMgr (for %s) EchoStats request for unknown echo: %s", faddrtoa(&addr), p);
2340 } else {
/sbbsecho.c: 2156 in areamgr_command()
2150 alter_config(nodecfg, "Name", to);
2151 }
2152
2153 if (strnicmp(instr, "COMPRESSION ", 12) == 0 || strnicmp(instr, "COMPRESS ", 9) == 0) {
2154 char* p = instr;
2155 FIND_WHITESPACE(p);
>>> CID 641205: (CONSTANT_EXPRESSION_RESULT) >>> "(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
2156 SKIP_WHITESPACE(p);
2157 if (!stricmp(p, "NONE"))
2158 nodecfg->archive = SBBSECHO_ARCHIVE_NONE; 2159 else {
2160 for (u = 0; u < cfg.arcdefs; u++)
2161 if (stricmp(p, cfg.arcdef[u].name) == 0)
/sbbsecho.c: 2273 in areamgr_command()
2267 create_netmail(to, /* msg: */ NULL, "TIC File Password Change Request", str, /* dest: */ addr, /* src: */ NULL);
2268 return true;
2269 }
2270
2271 if (strnicmp(instr, "NOTIFY ", 7) == 0) {
2272 char* p = instr;
>>> CID 641205: (CONSTANT_EXPRESSION_RESULT) >>> "(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
2273 FIND_WHITESPACE(p);
2274 SKIP_WHITESPACE(p);
2275 if (alter_config(nodecfg, "Notify", p)) { 2276 SAFEPRINTF2(str, "Your Notification Messages have been changed from '%s' to '%s'."
2277 , nodecfg->send_notify ? "ON" : "OFF", p);
2278 } else {
/sbbsecho.c: 2192 in areamgr_command()
2186 }
2187
2188 if (strnicmp(instr, "PASSWORD ", 9) == 0 || strnicmp(instr, "PWD ", 4) == 0) {
2189 char password[FIDO_SUBJ_LEN]; /* AreaMgr password for this node */
2190 char* p = instr;
2191 FIND_WHITESPACE(p);
>>> CID 641205: (CONSTANT_EXPRESSION_RESULT) >>> "(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
2192 SKIP_WHITESPACE(p);
2193 SAFECOPY(password, p);
2194 if (strchr(password, ' ') != NULL) {
2195 snprintf(str, sizeof str, "Your AreaMgr password cannot contain spaces.");
2196 lprintf(LOG_INFO, "AreaMgr (for %s) %s", faddrtoa(&addr), str);
2197 create_netmail(to, /* msg: */ NULL, "AreaMgr Password Change Request", str
/sbbsecho.c: 2336 in areamgr_command()
2330 return true;
2331 }
2332
2333 if (strnicmp(instr, "ECHOSTATS ", 10) == 0) {
2334 char* p = instr;
2335 FIND_WHITESPACE(p);
>>> CID 641205: (CONSTANT_EXPRESSION_RESULT) >>> "(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
2336 SKIP_WHITESPACE(p);
2337 echostat_t* stat = get_echostat(p, /* create: */ false);
2338 if (stat == NULL) {
2339 lprintf(LOG_INFO, "AreaMgr (for %s) EchoStats request for unknown echo: %s", faddrtoa(&addr), p);
2340 } else {
2341 FILE* fp;
/sbbsecho.c: 2250 in areamgr_command()
2244 }
2245
2246 if (strnicmp(instr, "TICPWD ", 7) == 0) {
2247 char ticpwd[SBBSECHO_MAX_TICPWD_LEN + 1]; /* TIC File password for this node */
2248 char* p = instr;
2249 FIND_WHITESPACE(p);
>>> CID 641205: (CONSTANT_EXPRESSION_RESULT) >>> "(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
2250 SKIP_WHITESPACE(p);
2251 SAFECOPY(ticpwd, p);
2252 if (!stricmp(ticpwd, nodecfg->ticpwd)) {
2253 snprintf(str, sizeof str, "Your TIC File password was already set to '%s'."
2254 , nodecfg->ticpwd);
2255 lprintf(LOG_INFO, "AreaMgr (for %s) %s", faddrtoa(&addr), str);
/sbbsecho.c: 2155 in areamgr_command()
2149 lprintf(LOG_INFO, "AreaMgr (for %s) Changing name to: %s", faddrtoa(&addr), to);
2150 alter_config(nodecfg, "Name", to);
2151 }
2152
2153 if (strnicmp(instr, "COMPRESSION ", 12) == 0 || strnicmp(instr, "COMPRESS ", 9) == 0) {
2154 char* p = instr;
>>> CID 641205: (CONSTANT_EXPRESSION_RESULT) >>> "(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
2155 FIND_WHITESPACE(p);
2156 SKIP_WHITESPACE(p);
2157 if (!stricmp(p, "NONE"))
2158 nodecfg->archive = SBBSECHO_ARCHIVE_NONE; 2159 else {
2160 for (u = 0; u < cfg.arcdefs; u++) /sbbsecho.c: 2274 in areamgr_command()
2268 return true;
2269 }
2270
2271 if (strnicmp(instr, "NOTIFY ", 7) == 0) {
2272 char* p = instr;
2273 FIND_WHITESPACE(p);
>>> CID 641205: (CONSTANT_EXPRESSION_RESULT) >>> "(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
2274 SKIP_WHITESPACE(p);
2275 if (alter_config(nodecfg, "Notify", p)) { 2276 SAFEPRINTF2(str, "Your Notification Messages have been changed from '%s' to '%s'."
2277 , nodecfg->send_notify ? "ON" : "OFF", p);
2278 } else {
2279 SAFECOPY(str, "Error changing Notify Setting");
/sbbsecho.c: 2306 in areamgr_command()
2300 return true;
2301 }
2302
2303 // %RESCAN <area-tag> [R=<count> || D=<days>] 2304 if (strnicmp(instr, "RESCAN ", 7) == 0) {
2305 char* p = instr + 7;
>>> CID 641205: (CONSTANT_EXPRESSION_RESULT) >>> "(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
2306 SKIP_WHITESPACE(p);
2307 char* tp = p;
2308 FIND_WHITESPACE(tp);
2309 if (*tp != '\0') {
2310 *tp = '\0';
2311 ++tp;
/sbbsecho.c: 2249 in areamgr_command()
2243 return true;
2244 }
2245
2246 if (strnicmp(instr, "TICPWD ", 7) == 0) {
2247 char ticpwd[SBBSECHO_MAX_TICPWD_LEN + 1]; /* TIC File password for this node */
2248 char* p = instr;
>>> CID 641205: (CONSTANT_EXPRESSION_RESULT) >>> "(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
2249 FIND_WHITESPACE(p);
2250 SKIP_WHITESPACE(p);
2251 SAFECOPY(ticpwd, p);
2252 if (!stricmp(ticpwd, nodecfg->ticpwd)) {
2253 snprintf(str, sizeof str, "Your TIC File password was already set to '%s'."
2254 , nodecfg->ticpwd);

** CID 641204: Integer handling issues (CONSTANT_EXPRESSION_RESULT) /main.cpp: 5749 in bbs_thread()

_____________________________________________________________________________________________
*** CID 641204: Integer handling issues (CONSTANT_EXPRESSION_RESULT) /main.cpp: 5749 in bbs_thread()
5743 /* ToDo: Make ident timeout configurable */
5744 if (identify(&client_addr, inet_addrport(&client_addr), str, sizeof(str) - 1, /* timeout: */ 1)) {
5745 lprintf(LOG_DEBUG, "%04d %s [%s] Ident Response: %s", client_socket, client.protocol, host_ip, str);
5746 identity = strrchr(str, ':');
5747 if (identity != NULL) {
5748 identity++; /* skip colon */
>>> CID 641204: Integer handling issues (CONSTANT_EXPRESSION_RESULT)
>>> "(unsigned char)*identity == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
5749 SKIP_WHITESPACE(identity);
5750 if (*identity)
5751 lprintf(LOG_INFO, "%04d %s [%s] Identity: %s", client_socket, client.protocol, host_ip, identity);
5752 }
5753 }
5754 sbbs->cp437_out(crlf);

** CID 641203: (CONSTANT_EXPRESSION_RESULT)
/netmail.cpp: 432 in sbbs_t::qwktonetmail(_IO_FILE *, char *, char *, unsigned char)()
/netmail.cpp: 422 in sbbs_t::qwktonetmail(_IO_FILE *, char *, char *, unsigned char)()

_____________________________________________________________________________________________
*** CID 641203: (CONSTANT_EXPRESSION_RESULT)
/netmail.cpp: 432 in sbbs_t::qwktonetmail(_IO_FILE *, char *, char *, unsigned char)()
426 SAFECOPY(to, p);
427 p += strlen(p) + 1;
428 continue;
429 }
430 if (strncmp(p, "Subject:", 8) == 0) {
431 p += 8;
>>> CID 641203: (CONSTANT_EXPRESSION_RESULT) >>> "(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
432 SKIP_WHITESPACE(p);
433 char* tp = strchr(p, QWK_NEWLINE); /* chop off at first CR */
434 if (tp != NULL)
435 *tp = 0;
436 subject = p;
437 p += strlen(p) + 1;
/netmail.cpp: 422 in sbbs_t::qwktonetmail(_IO_FILE *, char *, char *, unsigned char)()
416 SAFECOPY(to, into);
417
418 // Parse QWKE Kludge Lines here:
419 while (p < end && *p != QWK_NEWLINE) {
420 if (strncmp(p, "To:", 3) == 0) {
421 p += 3;
>>> CID 641203: (CONSTANT_EXPRESSION_RESULT) >>> "(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
422 SKIP_WHITESPACE(p);
423 char* tp = strchr(p, QWK_NEWLINE); /* chop off at first CR */
424 if (tp != NULL)
425 *tp = 0;
426 SAFECOPY(to, p);
427 p += strlen(p) + 1;

** CID 641202: Integer handling issues (CONSTANT_EXPRESSION_RESULT) /mailsrvr.cpp: 1960 in dns_blacklisted(int, const char *, xp_sockaddr *, char *, char *, char *)()

_____________________________________________________________________________________________
*** CID 641202: Integer handling issues (CONSTANT_EXPRESSION_RESULT) /mailsrvr.cpp: 1960 in dns_blacklisted(int, const char *, xp_sockaddr *, char *, char *, char *)()
1954 continue;
1955
1956 sprintf(list, "%.100s", p);
1957
1958 /* terminate */
1959 tp = p;
>>> CID 641202: Integer handling issues (CONSTANT_EXPRESSION_RESULT)
>>> "(unsigned char)*tp == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
1960 FIND_WHITESPACE(tp);
1961 *tp = 0;
1962
1963 found = rblchk(sock, prot, addr, p);
1964 }
1965 fclose(fp);

** CID 641201: (CONSTANT_EXPRESSION_RESULT)
/netmail.cpp: 1185 in sbbs_t::inetmail(const char *, const char *, int, smb_t *, smbmsg_t *, char **)()
/netmail.cpp: 1195 in sbbs_t::inetmail(const char *, const char *, int, smb_t *, smbmsg_t *, char **)()
/netmail.cpp: 975 in sbbs_t::inetmail(const char *, const char *, int, smb_t *, smbmsg_t *, char **)()
/netmail.cpp: 1202 in sbbs_t::inetmail(const char *, const char *, int, smb_t *, smbmsg_t *, char **)()

_____________________________________________________________________________________________
*** CID 641201: (CONSTANT_EXPRESSION_RESULT)
/netmail.cpp: 1185 in sbbs_t::inetmail(const char *, const char *, int, smb_t *, smbmsg_t *, char **)()
1179 break;
1180 }
1181
1182 /* Get destination user address */
1183 if ((p = strrchr(rcpt_list[rcpt_count], '<')) != NULL) {
1184 p++;
>>> CID 641201: (CONSTANT_EXPRESSION_RESULT) >>> "(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
1185 SKIP_WHITESPACE(p);
1186 SAFECOPY(addr, p);
1187 p = strrchr(addr, '>');
1188 if (p == NULL) {
1189 bprintf(text[InvalidNetMailAddr], rcpt_list[rcpt_count]);
1190 break;
/netmail.cpp: 1195 in sbbs_t::inetmail(const char *, const char *, int, smb_t *, smbmsg_t *, char **)()
1189 bprintf(text[InvalidNetMailAddr], rcpt_list[rcpt_count]);
1190 break;
1191 }
1192 *p = 0;
1193 } else {
1194 p = rcpt_list[rcpt_count];
>>> CID 641201: (CONSTANT_EXPRESSION_RESULT) >>> "(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
1195 SKIP_WHITESPACE(p);
1196 SAFECOPY(addr, p);
1197 }
1198 truncsp(addr);
1199
1200 /* Get destination user name */
/netmail.cpp: 975 in sbbs_t::inetmail(const char *, const char *, int, smb_t *, smbmsg_t *, char **)()
969 bprintf(text[InvalidNetMailAddr], p);
970 continue;
971 }
972 while (at > p && *at > ' ')
973 at--;
974 p = at;
>>> CID 641201: (CONSTANT_EXPRESSION_RESULT) >>> "(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
975 SKIP_WHITESPACE(p);
976 uint16_t net_type = smb_netaddr_type(p);
977 if (net_type != NET_INTERNET) {
978 bprintf(text[InvalidNetMailAddr], p);
979 break;
980 }
/netmail.cpp: 1202 in sbbs_t::inetmail(const char *, const char *, int, smb_t *, smbmsg_t *, char **)()
1196 SAFECOPY(addr, p);
1197 }
1198 truncsp(addr);
1199
1200 /* Get destination user name */
1201 p = rcpt_list[rcpt_count];
>>> CID 641201: (CONSTANT_EXPRESSION_RESULT) >>> "(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
1202 SKIP_WHITESPACE(p);
1203 SAFECOPY(name, p);
1204 p = strrchr(name, '<');
1205 if (!p)
1206 p = strrchr(name, '@');
1207 if (!p)

** CID 641200: (CONSTANT_EXPRESSION_RESULT)
/ftpsrvr.c: 1534 in ftpalias()
/ftpsrvr.c: 1547 in ftpalias()

_____________________________________________________________________________________________
*** CID 641200: (CONSTANT_EXPRESSION_RESULT)
/ftpsrvr.c: 1534 in ftpalias()
1528
1529 while (!feof(fp)) {
1530 if (!fgets(line, sizeof(line), fp))
1531 break;
1532
1533 p = line; /* alias */
>>> CID 641200: (CONSTANT_EXPRESSION_RESULT) >>> "(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
1534 SKIP_WHITESPACE(p);
1535 if (*p == ';') /* comment */
1536 continue;
1537
1538 tp = p; /* terminator */
1539 FIND_WHITESPACE(tp);
/ftpsrvr.c: 1547 in ftpalias()
1541 *tp = 0;
1542
1543 if (stricmp(p, alias)) /* Not a match */
1544 continue;
1545
1546 p = tp + 1; /* filename */
>>> CID 641200: (CONSTANT_EXPRESSION_RESULT) >>> "(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
1547 SKIP_WHITESPACE(p);
1548
1549 tp = p; /* terminator */
1550 FIND_WHITESPACE(tp);
1551 if (*tp)
1552 *tp = 0;

</pre>

<p>
<a href="https://scan.coverity.com/projects/synchronet?tab=overview" class="button">View Defects in Coverity Scan</a>
</p>

<p>Best regards,</p>
<p>The Coverity Scan Admin Team</p>
<img class="logo" width="140" src="https://scan.coverity.com/assets/BlackDuckLogo-6697adc63e07340464201a2ad534d3d3e44f95d36edda20b140440d34f05372f.svg" />
</body>
</html>
----==_mimepart_69679e3a9f33a_26617a2afbc97ad9ac59811--

---
■ Synchronet ■ Vertrauen ■ Home of Synchronet ■ [vert/cvs/bbs].synchro.net

From scan-admin@coverity.com@VERT to All on Wed Jan 28 13:46:25 2026

----==_mimepart_697a13306f491_cf6782d0dbe50d9a0894b
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

3 new defect(s) introduced to Synchronet found with Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 3 of 3 defect(s)

** CID 642982: (FORWARD_NULL)
/prntfile.cpp: 263 in sbbs_t::printfile(const char *, int, int, JSObject *)()
/prntfile.cpp: 228 in sbbs_t::printfile(const char *, int, int, JSObject *)()

_____________________________________________________________________________________________
*** CID 642982: (FORWARD_NULL)
/prntfile.cpp: 263 in sbbs_t::printfile(const char *, int, int, JSObject *)()
257 default:
258 case TERM_KEY_DOWN:
259 nextline = line + 1; 260 break;
261 }
262 if (nextline != line + 1 && nextline < lines)

CID 642982: (FORWARD_NULL)
Dereferencing null pointer "offset".

263 fseeko(stream, offset[nextline], 0);
264 line = nextline;
265 }
266 else
267 ++line;
268 }
/prntfile.cpp: 228 in sbbs_t::printfile(const char *, int, int, JSObject *)()
222 else
223 nextline = line - (((term->rows - 1) * 2) - 1);
224 break;
225 case TERM_KEY_END:
226 {
227 bputs(text[SeekingFile]);

CID 642982: (FORWARD_NULL)
Dereferencing null pointer "offset".

228 fseeko(stream, offset[lines - 1], SEEK_SET);
229 if (fgets(buf, length + 1, stream) == NULL)
230 break;
231 off_t lastline = lines - 1;
232 while (!feof(stream) && !msgabort()) {
233 o = ftello(stream);

** CID 642981: Error handling issues (CHECKED_RETURN)
/prntfile.cpp: 228 in sbbs_t::printfile(const char *, int, int, JSObject *)()

_____________________________________________________________________________________________
*** CID 642981: Error handling issues (CHECKED_RETURN)
/prntfile.cpp: 228 in sbbs_t::printfile(const char *, int, int, JSObject *)()
222 else
223 nextline = line - (((term->rows - 1) * 2) - 1);
224 break;
225 case TERM_KEY_END:
226 {
227 bputs(text[SeekingFile]);

CID 642981: Error handling issues (CHECKED_RETURN)
Calling "fseeko(stream, offset[lines - 1UL], 0)" without checking return value. This library function may fail and return an error code.

228 fseeko(stream, offset[lines - 1], SEEK_SET);
229 if (fgets(buf, length + 1, stream) == NULL)
230 break;
231 off_t lastline = lines - 1;
232 while (!feof(stream) && !msgabort()) {
233 o = ftello(stream);

** CID 642980: Integer handling issues (INTEGER_OVERFLOW)
/prntfile.cpp: 228 in sbbs_t::printfile(const char *, int, int, JSObject *)()

_____________________________________________________________________________________________
*** CID 642980: Integer handling issues (INTEGER_OVERFLOW) /prntfile.cpp: 228 in sbbs_t::printfile(const char *, int, int, JSObject *)()
222 else
223 nextline = line - (((term->rows - 1) * 2) - 1);
224 break;
225 case TERM_KEY_END:
226 {
227 bputs(text[SeekingFile]);

CID 642980: Integer handling issues (INTEGER_OVERFLOW)
Expression "lines - 1UL", where "lines" is known to be equal to 0, underflows the type of "lines - 1UL", which is type "unsigned long".

228 fseeko(stream, offset[lines - 1], SEEK_SET);
229 if (fgets(buf, length + 1, stream) == NULL)
230 break;
231 off_t lastline = lines - 1;
232 while (!feof(stream) && !msgabort()) {
233 o = ftello(stream);

________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://scan.coverity.com/projects/synchronet?tab=overview

----==_mimepart_697a13306f491_cf6782d0dbe50d9a0894b
Content-Type: text/html; charset=us-ascii
Content-Transfer-Encoding: 7bit

<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<title>New Defects Reported - Synchronet</title>
<style>
body { font-family: Arial, sans-serif; color: #222; line-height: 1.6; }
.button {
display: inline-block;
padding: 10px 20px;
margin: 20px 0;
font-size: 16px;
color: #fff !important;
background-color: #0056b3;
text-decoration: none;
border-radius: 5px;
}
pre {
background: #f8f9fa;
padding: 10px;
border-radius: 5px;
font-size: 14px;
overflow-x: auto;
}
</style>
</head>
<body>
<p>Hi,</p>

<p>
Please find the latest report on new defect(s) introduced to <strong>Synchronet</strong>
found with Coverity Scan.
</p>

<ul>
<li><strong>New Defects Found:</strong> 3</li>
<li><strong>Defects Shown:</strong> Showing 3 of 3 defect(s)</li>
</ul>

<h3>Defect Details</h3>
<pre>
** CID 642982: (FORWARD_NULL)
/prntfile.cpp: 263 in sbbs_t::printfile(const char *, int, int, JSObject *)()
/prntfile.cpp: 228 in sbbs_t::printfile(const char *, int, int, JSObject *)()

_____________________________________________________________________________________________
*** CID 642982: (FORWARD_NULL)
/prntfile.cpp: 263 in sbbs_t::printfile(const char *, int, int, JSObject *)()
257 default:
258 case TERM_KEY_DOWN:
259 nextline = line + 1; 260 break;
261 }
262 if (nextline != line + 1 && nextline < lines)
>>> CID 642982: (FORWARD_NULL)
>>> Dereferencing null pointer "offset".
263 fseeko(stream, offset[nextline], 0);
264 line = nextline;
265 }
266 else
267 ++line;
268 }
/prntfile.cpp: 228 in sbbs_t::printfile(const char *, int, int, JSObject *)()
222 else
223 nextline = line - (((term->rows - 1) * 2) - 1);
224 break;
225 case TERM_KEY_END:
226 {
227 bputs(text[SeekingFile]);
>>> CID 642982: (FORWARD_NULL)
>>> Dereferencing null pointer "offset".
228 fseeko(stream, offset[lines - 1], SEEK_SET);
229 if (fgets(buf, length + 1, stream) == NULL)
230 break;
231 off_t lastline = lines - 1;
232 while (!feof(stream) && !msgabort()) {
233 o = ftello(stream);

** CID 642981: Error handling issues (CHECKED_RETURN)
/prntfile.cpp: 228 in sbbs_t::printfile(const char *, int, int, JSObject *)()

_____________________________________________________________________________________________
*** CID 642981: Error handling issues (CHECKED_RETURN)
/prntfile.cpp: 228 in sbbs_t::printfile(const char *, int, int, JSObject *)()
222 else
223 nextline = line - (((term->rows - 1) * 2) - 1);
224 break;
225 case TERM_KEY_END:
226 {
227 bputs(text[SeekingFile]);
>>> CID 642981: Error handling issues (CHECKED_RETURN) >>> Calling "fseeko(stream, offset[lines - 1UL], 0)" without checking return value. This library function may fail and return an error code.
228 fseeko(stream, offset[lines - 1], SEEK_SET);
229 if (fgets(buf, length + 1, stream) == NULL)
230 break;
231 off_t lastline = lines - 1;
232 while (!feof(stream) && !msgabort()) {
233 o = ftello(stream);

** CID 642980: Integer handling issues (INTEGER_OVERFLOW)
/prntfile.cpp: 228 in sbbs_t::printfile(const char *, int, int, JSObject *)()

_____________________________________________________________________________________________
*** CID 642980: Integer handling issues (INTEGER_OVERFLOW) /prntfile.cpp: 228 in sbbs_t::printfile(const char *, int, int, JSObject *)()
222 else
223 nextline = line - (((term->rows - 1) * 2) - 1);
224 break;
225 case TERM_KEY_END:
226 {
227 bputs(text[SeekingFile]);
>>> CID 642980: Integer handling issues (INTEGER_OVERFLOW)
>>> Expression "lines - 1UL", where "lines" is known to be equal to 0, underflows the type of "lines - 1UL", which is type "unsigned long".
228 fseeko(stream, offset[lines - 1], SEEK_SET);
229 if (fgets(buf, length + 1, stream) == NULL)
230 break;
231 off_t lastline = lines - 1;
232 while (!feof(stream) && !msgabort()) {
233 o = ftello(stream);

</pre>

<p>
<a href="https://scan.coverity.com/projects/synchronet?tab=overview" class="button">View Defects in Coverity Scan</a>
</p>

<p>Best regards,</p>
<p>The Coverity Scan Admin Team</p>
<img class="logo" width="140" src="https://scan.coverity.com/assets/BlackDuckLogo-6697adc63e07340464201a2ad534d3d3e44f95d36edda20b140440d34f05372f.svg" />
</body>
</html>
----==_mimepart_697a13306f491_cf6782d0dbe50d9a0894b--

---
■ Synchronet ■ Vertrauen ■ Home of Synchronet ■ [vert/cvs/bbs].synchro.net

From scan-admin@coverity.com@VERT to All on Thu Jan 29 13:46:20 2026

----==_mimepart_697b64ac475f5_def0e2bd3c9d4b9a8620dd
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

2 new defect(s) introduced to Synchronet found with Coverity Scan.
5 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 2 of 2 defect(s)

** CID 642992: API usage errors (PRINTF_ARGS)

_____________________________________________________________________________________________
*** CID 642992: API usage errors (PRINTF_ARGS)
/ftpsrvr.c: 5024 in ctrl_thread()
5018 transfer_aborted = TRUE;
5019 }
5020 }
5021 if (count && (count % 60) == 0)
5022 lprintf(LOG_WARNING, "%04d Still waiting (%us) for transfer to complete "
5023 "(aborted=%d, lastactive=%" PRId64 "s, max_inactivity=%us) ..."

CID 642992: API usage errors (PRINTF_ARGS)
Argument "count" to format specifier "%u" was expected to have type "unsigned int" but has type "unsigned long".

5024 , sock, count, transfer_aborted, (uint64_t)(time(NULL)-lastactive)
5025 , startup->max_inactivity);
5026 count++;
5027 mswait(1000);
5028 }
5029 lprintf(LOG_DEBUG, "%04d Done waiting for transfer to complete", sock);

** CID 642991: API usage errors (PW.PRINTF_ARG_MISMATCH)
/ftpsrvr.c: 5024 in ()

_____________________________________________________________________________________________
*** CID 642991: API usage errors (PW.PRINTF_ARG_MISMATCH)
/ftpsrvr.c: 5024 in ()
5018 transfer_aborted = TRUE;
5019 }
5020 }
5021 if (count && (count % 60) == 0)
5022 lprintf(LOG_WARNING, "%04d Still waiting (%us) for transfer to complete "
5023 "(aborted=%d, lastactive=%" PRId64 "s, max_inactivity=%us) ..."

CID 642991: API usage errors (PW.PRINTF_ARG_MISMATCH)
argument is incompatible with corresponding format string conversion (expected type "unsigned int" but argument has type "unsigned long")

5024 , sock, count, transfer_aborted, (uint64_t)(time(NULL)-lastactive)
5025 , startup->max_inactivity);
5026 count++;
5027 mswait(1000);
5028 }
5029 lprintf(LOG_DEBUG, "%04d Done waiting for transfer to complete", sock);

________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://scan.coverity.com/projects/synchronet?tab=overview

----==_mimepart_697b64ac475f5_def0e2bd3c9d4b9a8620dd
Content-Type: text/html; charset=us-ascii
Content-Transfer-Encoding: 7bit

<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<title>New Defects Reported - Synchronet</title>
<style>
body { font-family: Arial, sans-serif; color: #222; line-height: 1.6; }
.button {
display: inline-block;
padding: 10px 20px;
margin: 20px 0;
font-size: 16px;
color: #fff !important;
background-color: #0056b3;
text-decoration: none;
border-radius: 5px;
}
pre {
background: #f8f9fa;
padding: 10px;
border-radius: 5px;
font-size: 14px;
overflow-x: auto;
}
</style>
</head>
<body>
<p>Hi,</p>

<p>
Please find the latest report on new defect(s) introduced to <strong>Synchronet</strong>
found with Coverity Scan.
</p>

<ul>
<li><strong>New Defects Found:</strong> 2</li>
<li>
5 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.
</li>
<li><strong>Defects Shown:</strong> Showing 2 of 2 defect(s)</li>
</ul>

<h3>Defect Details</h3>
<pre>
** CID 642992: API usage errors (PRINTF_ARGS)

_____________________________________________________________________________________________
*** CID 642992: API usage errors (PRINTF_ARGS)
/ftpsrvr.c: 5024 in ctrl_thread()
5018 transfer_aborted = TRUE;
5019 }
5020 }
5021 if (count && (count % 60) == 0)
5022 lprintf(LOG_WARNING, "%04d Still waiting (%us) for transfer to complete "
5023 "(aborted=%d, lastactive=%" PRId64 "s, max_inactivity=%us) ..."
>>> CID 642992: API usage errors (PRINTF_ARGS) >>> Argument "count" to format specifier "%u" was expected to have type "unsigned int" but has type "unsigned long".
5024 , sock, count, transfer_aborted, (uint64_t)(time(NULL)-lastactive)
5025 , startup->max_inactivity);
5026 count++;
5027 mswait(1000);
5028 }
5029 lprintf(LOG_DEBUG, "%04d Done waiting for transfer to complete", sock);

** CID 642991: API usage errors (PW.PRINTF_ARG_MISMATCH)
/ftpsrvr.c: 5024 in ()

_____________________________________________________________________________________________
*** CID 642991: API usage errors (PW.PRINTF_ARG_MISMATCH)
/ftpsrvr.c: 5024 in ()
5018 transfer_aborted = TRUE;
5019 }
5020 }
5021 if (count && (count % 60) == 0)
5022 lprintf(LOG_WARNING, "%04d Still waiting (%us) for transfer to complete "
5023 "(aborted=%d, lastactive=%" PRId64 "s, max_inactivity=%us) ..."
>>> CID 642991: API usage errors (PW.PRINTF_ARG_MISMATCH) >>> argument is incompatible with corresponding format string conversion (expected type "unsigned int" but argument has type "unsigned long")
5024 , sock, count, transfer_aborted, (uint64_t)(time(NULL)-lastactive)
5025 , startup->max_inactivity);
5026 count++;
5027 mswait(1000);
5028 }
5029 lprintf(LOG_DEBUG, "%04d Done waiting for transfer to complete", sock);

</pre>

<p>
<a href="https://scan.coverity.com/projects/synchronet?tab=overview" class="button">View Defects in Coverity Scan</a>
</p>

<p>Best regards,</p>
<p>The Coverity Scan Admin Team</p>
<img class="logo" width="140" src="https://scan.coverity.com/assets/BlackDuckLogo-6697adc63e07340464201a2ad534d3d3e44f95d36edda20b140440d34f05372f.svg" />
</body>
</html>
----==_mimepart_697b64ac475f5_def0e2bd3c9d4b9a8620dd--

---
■ Synchronet ■ Vertrauen ■ Home of Synchronet ■ [vert/cvs/bbs].synchro.net

From scan-admin@coverity.com@VERT to All on Fri Feb 13 13:54:18 2026

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

18 new defect(s) introduced to Synchronet found with Coverity Scan.
12 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 18 of 18 defect(s)

** CID 643146: Program hangs (SLEEP)

_____________________________________________________________________________________________
*** CID 643146: Program hangs (SLEEP)
/filterfile.hpp: 56 in filterFile::listed(const char *, const char *, trash *)()
50 const std::lock_guard<std::mutex> lock(mutex); 51 if ((now - lastftime_check) >= fchk_interval) { 52 lastftime_check = now;
53 time_t latest = fdate(fname);
54 if (latest > timestamp) {
55 strListFree(&list);

CID 643146: Program hangs (SLEEP)
Call to "findstr_list" might sleep while holding lock "lock._M_device". 56 list = findstr_list(fname);

57 timestamp = latest;
58 ++fread_count;
59 }
60 }
61 result = trash_in_list(str1, str2, list, details);

** CID 643145: Security best practices violations (DC.WEAK_CRYPTO) /ftpsrvr.cpp: 1844 in ftp_tmpfname(char *, const char *, int)()

_____________________________________________________________________________________________
*** CID 643145: Security best practices violations (DC.WEAK_CRYPTO) /ftpsrvr.cpp: 1844 in ftp_tmpfname(char *, const char *, int)() 1838 return FALSE;
1839 }
1840
1841 static char* ftp_tmpfname(char* fname, const char* ext, SOCKET sock) 1842 {
1843 safe_snprintf(fname, MAX_PATH, "%sSBBS_FTP.%x%x%x%lx.%s"

CID 643145: Security best practices violations (DC.WEAK_CRYPTO)
"rand" should not be used for security-related applications, because linear congruential algorithms are too easy to break.

1844 , scfg.temp_dir, getpid(), sock, rand(), (ulong)clock(), ext);
1845 return fname;
1846 }
1847
1848 #if defined(__GNUC__) // Catch printf-format errors
1849 static BOOL send_mlsx(FILE *fp, SOCKET sock, CRYPT_SESSION sess, const char *format, ...) __attribute__ ((format (printf, 4, 5)));

** CID 643144: Memory - corruptions (OVERRUN)
/ftpsrvr.cpp: 1359 in filexfer(xp_sockaddr *, int, int, int, int, int *, int *, char *, long, volatile int *, volatile int *, int, int, long *, user_t *, client_t *, int, int, int, int, char *, int)()

_____________________________________________________________________________________________
*** CID 643144: Memory - corruptions (OVERRUN)
/ftpsrvr.cpp: 1359 in filexfer(xp_sockaddr *, int, int, int, int, int *, int *, char *, long, volatile int *, volatile int *, int, int, long *, user_t *, client_t *, int, int, int, int, char *, int)()
1353 }
1354
1355 addr_len = sizeof(*addr);
1356 #ifdef SOCKET_DEBUG_ACCEPT
1357 socket_debug[ctrl_sock] |= SOCKET_DEBUG_ACCEPT;
1358 #endif

CID 643144: Memory - corruptions (OVERRUN)
Overrunning struct type sockaddr of 16 bytes by passing it to a function which accesses it at byte offset 127 using argument "addr_len" (which evaluates to 128).

1359 *data_sock = accept(pasv_sock, &addr->addr, &addr_len); 1360 #ifdef SOCKET_DEBUG_ACCEPT
1361 socket_debug[ctrl_sock] &= ~SOCKET_DEBUG_ACCEPT;
1362 #endif
1363 if (*data_sock == INVALID_SOCKET) {
1364 lprintf(LOG_WARNING, "%04d <%s> PASV !DATA ERROR %d accepting connection on socket %d"

** CID 643143: Error handling issues (CHECKED_RETURN)
/ftpsrvr.cpp: 450 in sock_recvbyte(int, int, char *, long *)()

_____________________________________________________________________________________________
*** CID 643143: Error handling issues (CHECKED_RETURN)
/ftpsrvr.cpp: 450 in sock_recvbyte(int, int, char *, long *)()
444 /* Try a read with no timeout first. */
445 if ((ret = cryptSetAttribute(sess, CRYPT_OPTION_NET_READTIMEOUT, 0)) != CRYPT_OK)
446 GCES(ret, sock, sess, estr, "setting read timeout");
447 while (1) {
448 ret = cryptPopData(sess, buf, 1, &len);
449 /* Successive reads will be with the full timeout after a socket_readable() */

CID 643143: Error handling issues (CHECKED_RETURN)
Calling "cryptSetAttribute" without checking return value (as is done elsewhere 55 out of 68 times).

450 cryptSetAttribute(sess, CRYPT_OPTION_NET_READTIMEOUT, startup->max_inactivity);
451 switch (ret) {
452 case CRYPT_OK:
453 break;
454 case CRYPT_ERROR_TIMEOUT:
455 if (!first) {

** CID 643142: (CHECKED_RETURN)
/ftpsrvr.cpp: 663 in send_thread(void *)()
/ftpsrvr.cpp: 700 in send_thread(void *)()

_____________________________________________________________________________________________
*** CID 643142: (CHECKED_RETURN)
/ftpsrvr.cpp: 663 in send_thread(void *)()
657 if (xfer.filepos < 0)
658 xfer.filepos = 0;
659 if (startup->options & FTP_OPT_DEBUG_DATA || xfer.filepos)
660 lprintf(LOG_DEBUG, "%04d <%s> DATA socket %d sending %s from offset %" PRIdOFF
661 , xfer.ctrl_sock, xfer.user->alias, *xfer.data_sock, xfer.filename, xfer.filepos);
662

CID 643142: (CHECKED_RETURN)
Calling "fseeko(fp, xfer.filepos, 0)" without checking return value. This library function may fail and return an error code.

663 fseeko(fp, xfer.filepos, SEEK_SET);
664 last_report = start = time(NULL);
665 while ((xfer.filepos + total) < length) {
666
667 now = time(NULL);
668
/ftpsrvr.cpp: 700 in send_thread(void *)()
694 }
695
696 /* Check socket for writability */
697 if (!socket_writable(*xfer.data_sock, 1000))
698 continue;
699

CID 643142: (CHECKED_RETURN)
Calling "fseeko(fp, xfer.filepos + total, 0)" without checking return value. This library function may fail and return an error code.

700 fseeko(fp, xfer.filepos + total, SEEK_SET);
701 rd = fread(buf, sizeof(char), sizeof(buf), fp);
702 if (rd < 1) /* EOF or READ error */
703 break;
704
705 #ifdef SOCKET_DEBUG_SEND

** CID 643141: (Y2K38_SAFETY)
/websrvr.cpp: 7719 in web_server()
/websrvr.cpp: 7721 in web_server()

_____________________________________________________________________________________________
*** CID 643141: (Y2K38_SAFETY)
/websrvr.cpp: 7719 in web_server()
7713 std::string most_active = request_rate_limiter->most_active(&most_active_count);
7714 char str[sizeof rate_limit_report]; 7715 char tmp[128];
7716 snprintf(str, sizeof str, "Rate limiting current: clients=%zu, requests=%zu, most-active=%s (%zu), highest: %s (%u) on %s, limited: %u, last: %s on %s (repeat: %u)"
7717 , request_rate_limiter->client_count(), request_rate_limiter->total(), most_active.c_str(), most_active_count
7718 , request_rate_limiter->currHighwater.client.c_str(), request_rate_limiter->currHighwater.count

CID 643141: (Y2K38_SAFETY)
A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "request_rate_limiter->currHighwater.time" is cast to "time32_t".

7719 , timestr(&scfg, (time32_t)request_rate_limiter->currHighwater.time, logstr)
7720 , request_rate_limiter->disallowed.load()
7721 , request_rate_limiter->lastLimited.client.c_str(), timestr(&scfg, (time32_t)request_rate_limiter->lastLimited.time, tmp)
7722 , request_rate_limiter->repeat.load());
7723 if (strcmp(str, rate_limit_report) != 0) {
7724 SAFECOPY(rate_limit_report, str);
/websrvr.cpp: 7721 in web_server()
7715 char tmp[128];
7716 snprintf(str, sizeof str, "Rate limiting current: clients=%zu, requests=%zu, most-active=%s (%zu), highest: %s (%u) on %s, limited: %u, last: %s on %s (repeat: %u)"
7717 , request_rate_limiter->client_count(), request_rate_limiter->total(), most_active.c_str(), most_active_count
7718 , request_rate_limiter->currHighwater.client.c_str(), request_rate_limiter->currHighwater.count
7719 , timestr(&scfg, (time32_t)request_rate_limiter->currHighwater.time, logstr)
7720 , request_rate_limiter->disallowed.load()

CID 643141: (Y2K38_SAFETY)
A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "request_rate_limiter->lastLimited.time" is cast to "time32_t".

7721 , request_rate_limiter->lastLimited.client.c_str(), timestr(&scfg, (time32_t)request_rate_limiter->lastLimited.time, tmp)
7722 , request_rate_limiter->repeat.load());
7723 if (strcmp(str, rate_limit_report) != 0) {
7724 SAFECOPY(rate_limit_report, str);
7725 lprintf(LOG_DEBUG, "%s", rate_limit_report);
7726 }

** CID 643140: (CONSTANT_EXPRESSION_RESULT)
/ftpsrvr.cpp: 3431 in ctrl_thread(void *)()
/ftpsrvr.cpp: 2847 in ctrl_thread(void *)()
/ftpsrvr.cpp: 2557 in ctrl_thread(void *)()
/ftpsrvr.cpp: 3214 in ctrl_thread(void *)()
/ftpsrvr.cpp: 3490 in ctrl_thread(void *)()
/ftpsrvr.cpp: 3242 in ctrl_thread(void *)()
/ftpsrvr.cpp: 3174 in ctrl_thread(void *)()
/ftpsrvr.cpp: 3204 in ctrl_thread(void *)()
/ftpsrvr.cpp: 2885 in ctrl_thread(void *)()
/ftpsrvr.cpp: 2540 in ctrl_thread(void *)()
/ftpsrvr.cpp: 3192 in ctrl_thread(void *)()
/ftpsrvr.cpp: 3363 in ctrl_thread(void *)()
/ftpsrvr.cpp: 3366 in ctrl_thread(void *)()
/ftpsrvr.cpp: 3367 in ctrl_thread(void *)()
/ftpsrvr.cpp: 3283 in ctrl_thread(void *)()

_____________________________________________________________________________________________
*** CID 643140: (CONSTANT_EXPRESSION_RESULT)
/ftpsrvr.cpp: 3431 in ctrl_thread(void *)()
3425
3426 if (!strnicmp(cmd, "CWD ", 4) || !strnicmp(cmd, "XCWD ", 5)) {
3427 if (!strnicmp(cmd, "CWD ", 4))
3428 p = cmd + 4;
3429 else
3430 p = cmd + 5;

CID 643140: (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".

3431 SKIP_WHITESPACE(p);
3432 tp = p;
3433 if (*tp == '/' || *tp == '\\') /* /local: and /bbs: are valid */
3434 tp++;
3435 if (!strnicmp(tp, BBS_FSYS_DIR, strlen(BBS_FSYS_DIR))) {
3436 local_fsys = FALSE; /ftpsrvr.cpp: 2847 in ctrl_thread(void *)()
2841 refresh_cfg(&scfg);
2842 sockprintf(sock, sess, "211 ALL servers/nodes will recycle when not in-use");
2843 continue;
2844 }
2845 if (!strnicmp(cmd, "SITE EXEC ", 10) && sysop) {
2846 p = cmd + 10;

CID 643140: (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".

2847 SKIP_WHITESPACE(p);
2848 #ifdef __unix__
2849 fp = popen(p, "r");
2850 if (fp == NULL)
2851 sockprintf(sock, sess, "500 Error %d opening pipe to: %s", errno, p);
2852 else {
/ftpsrvr.cpp: 2557 in ctrl_thread(void *)()
2551 continue;
2552 }
2553 if (!strnicmp(cmd, "PASS ", 5) && user.alias[0]) {
2554 user.number = 0;
2555 fmutex_close(&mutex_file);
2556 p = cmd + 5;

CID 643140: (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".

2557 SKIP_WHITESPACE(p);
2558
2559 SAFECOPY(password, p);
2560 uint usernum = find_login_id(&scfg, user.alias);
2561 if (usernum == 0) {
2562 if (scfg.sys_misc & SM_ECHO_PW) /ftpsrvr.cpp: 3214 in ctrl_thread(void *)()
3208 sockprintf(sock, sess, "200 STREAM mode.");
3209 continue;
3210 }
3211
3212 if (!strnicmp(cmd, "STRU ", 5)) {
3213 p = cmd + 5;

CID 643140: (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".

3214 SKIP_WHITESPACE(p);
3215 if (toupper(*p) != 'F')
3216 sockprintf(sock, sess, "504 Only FILE structure supported.");
3217 else
3218 sockprintf(sock, sess, "200 FILE structure.");
3219 continue;
/ftpsrvr.cpp: 3490 in ctrl_thread(void *)()
3484 , local_dir);
3485 continue;
3486 } /* Local PWD */
3487
3488 if (!strnicmp(cmd, "MKD ", 4) || !strnicmp(cmd, "XMKD", 4)) {
3489 p = cmd + 4;

CID 643140: (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".

3490 SKIP_WHITESPACE(p);
3491 if (*p == '/') /* absolute */
3492 SAFEPRINTF2(fname, "%s%s", root_dir(local_dir), p + 1);
3493 else /* relative */
3494 SAFEPRINTF2(fname, "%s%s", local_dir, p);
3495
/ftpsrvr.cpp: 3242 in ctrl_thread(void *)()
3236 }
3237 continue;
3238 }
3239
3240 if (!strnicmp(cmd, "SMNT ", 5) && sysop && !(startup->options & FTP_OPT_NO_LOCAL_FSYS)) {
3241 p = cmd + 5;

CID 643140: (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".

3242 SKIP_WHITESPACE(p);
3243 if (!stricmp(p, BBS_FSYS_DIR))
3244 local_fsys = FALSE;
3245 else {
3246 if (!direxist(p)) {
3247 sockprintf(sock, sess, "550 Directory does not exist.");
/ftpsrvr.cpp: 3174 in ctrl_thread(void *)()
3168 sockprintf(sock, sess, "200 All files sent in BINARY mode.");
3169 continue;
3170 }
3171
3172 if (!strnicmp(cmd, "ALLO", 4)) {
3173 p = cmd + 5;

CID 643140: (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".

3174 SKIP_WHITESPACE(p);
3175 if (*p)
3176 l = atol(p);
3177 else
3178 l = 0;
3179 if (local_fsys)
/ftpsrvr.cpp: 3204 in ctrl_thread(void *)()
3198 , filepos);
3199 continue;
3200 }
3201
3202 if (!strnicmp(cmd, "MODE ", 5)) {
3203 p = cmd + 5;

CID 643140: (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".

3204 SKIP_WHITESPACE(p);
3205 if (toupper(*p) != 'S')
3206 sockprintf(sock, sess, "504 Only STREAM mode supported.");
3207 else
3208 sockprintf(sock, sess, "200 STREAM mode.");
3209 continue;
/ftpsrvr.cpp: 2885 in ctrl_thread(void *)()
2879
2880 if (pasv_sock != INVALID_SOCKET) {
2881 ftp_close_socket(&pasv_sock, &pasv_sess, __LINE__);
2882 }
2883 memcpy(&data_addr, &ftp.client_addr, ftp.client_addr_len);
2884 p = cmd + 5;

CID 643140: (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".

2885 SKIP_WHITESPACE(p);
2886 if (strnicmp(cmd, "PORT ", 5) == 0 && sscanf(p, "%u,%u,%u,%u,%hd,%hd", &h1, &h2, &h3, &h4, &p1, &p2) == 6) {
2887 data_addr.in.sin_family = AF_INET;
2888 data_addr.in.sin_addr.s_addr = htonl((h1 << 24) | (h2 << 16) | (h3 << 8) | h4);
2889 data_port = (p1 << 8) | p2;
2890 } else if (strnicmp(cmd, "EPRT ", 5) == 0) { /* EPRT */
/ftpsrvr.cpp: 2540 in ctrl_thread(void *)()
2534 }
2535 if (!strnicmp(cmd, "USER ", 5)) {
2536 sysop = FALSE;
2537 user.number = 0;
2538 fmutex_close(&mutex_file);
2539 p = cmd + 5;

CID 643140: (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".

2540 SKIP_WHITESPACE(p);
2541 truncsp(p);
2542 SAFECOPY(user.alias, p);
2543 user.number = find_login_id(&scfg, user.alias); 2544 if (!user.number && (stricmp(user.alias, "anonymous") == 0 || stricmp(user.alias, "ftp") == 0))
2545 user.number = matchuser(&scfg, "guest", FALSE);
/ftpsrvr.cpp: 3192 in ctrl_thread(void *)()
3186 sockprintf(sock, sess, "200 %" PRIu64 " bytes available.", avail);
3187 continue;
3188 }
3189
3190 if (!strnicmp(cmd, "REST", 4)) {
3191 p = cmd + 4;

CID 643140: (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".

3192 SKIP_WHITESPACE(p);
3193 if (*p)
3194 filepos = atol(p);
3195 else
3196 filepos = 0;
3197 sockprintf(sock, sess, "350 Restarting at %ld. Send STORE or RETRIEVE to initiate transfer."
/ftpsrvr.cpp: 3363 in ctrl_thread(void *)()
3357 , sock, user.alias, errno, safe_strerror(errno, error, sizeof error), __LINE__, fname);
3358 sockprintf(sock, sess, "451 Insufficient system storage");
3359 continue;
3360 }
3361
3362 p = cmd + 4;

CID 643140: (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".

3363 SKIP_WHITESPACE(p);
3364
3365 if (*p == '-') { /* -Letc */
3366 FIND_WHITESPACE(p);
3367 SKIP_WHITESPACE(p);
3368 }
/ftpsrvr.cpp: 3366 in ctrl_thread(void *)()
3360 }
3361
3362 p = cmd + 4;
3363 SKIP_WHITESPACE(p);
3364
3365 if (*p == '-') { /* -Letc */

CID 643140: (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".

3366 FIND_WHITESPACE(p);
3367 SKIP_WHITESPACE(p);
3368 }
3369
3370 filespec = p;
3371 if (*filespec == 0)
/ftpsrvr.cpp: 3367 in ctrl_thread(void *)()
3361
3362 p = cmd + 4;
3363 SKIP_WHITESPACE(p);
3364
3365 if (*p == '-') { /* -Letc */
3366 FIND_WHITESPACE(p);

CID 643140: (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".

3367 SKIP_WHITESPACE(p);
3368 }
3369
3370 filespec = p;
3371 if (*filespec == 0)
3372 filespec = "*";
/ftpsrvr.cpp: 3283 in ctrl_thread(void *)()
3277 sockprintf(sock, sess, "451 Insufficient system storage");
3278 continue;
3279 }
3280 }
3281
3282 p = cmd + 4;

CID 643140: (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".

3283 SKIP_WHITESPACE(p);
3284
3285 filespec = p;
3286 if (!local_dir[0])
3287 strcpy(local_dir, "/"); 3288 SAFEPRINTF2(path, "%s%s", local_dir, filespec);

** CID 643139: (CONSTANT_EXPRESSION_RESULT)
/ftpsrvr.cpp: 1557 in ftpalias(char *, char *, user_t *, client_t *, int *)()
/ftpsrvr.cpp: 1544 in ftpalias(char *, char *, user_t *, client_t *, int *)()

_____________________________________________________________________________________________
*** CID 643139: (CONSTANT_EXPRESSION_RESULT)
/ftpsrvr.cpp: 1557 in ftpalias(char *, char *, user_t *, client_t *, int *)()
1551 *tp = 0;
1552
1553 if (stricmp(p, alias)) /* Not a match */
1554 continue;
1555
1556 p = tp + 1; /* filename */

CID 643139: (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".

1557 SKIP_WHITESPACE(p);
1558
1559 tp = p; /* terminator */
1560 FIND_WHITESPACE(tp);
1561 if (*tp)
1562 *tp = 0;
/ftpsrvr.cpp: 1544 in ftpalias(char *, char *, user_t *, client_t *, int *)()
1538
1539 while (!feof(fp)) {
1540 if (!fgets(line, sizeof(line), fp))
1541 break;
1542
1543 p = line; /* alias */

CID 643139: (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".

1544 SKIP_WHITESPACE(p);
1545 if (*p == ';') /* comment */
1546 continue;
1547
1548 tp = p; /* terminator */
1549 FIND_WHITESPACE(tp);

** CID 643138: (Y2K38_SAFETY)
/services.cpp: 2230 in services_thread()
/services.cpp: 2232 in services_thread()

_____________________________________________________________________________________________
*** CID 643138: (Y2K38_SAFETY)
/services.cpp: 2230 in services_thread()
2224 std::string most_active = connect_rate_limiter->most_active(&most_active_count);
2225 char str[sizeof rate_limit_report]; 2226 char tmp[128], tmp2[128];
2227 snprintf(str, sizeof str, "Connect limiting current: clients=%zu, requests=%zu, most-active=%s (%zu), highest: %s (%u) on %s, limited: %u, last: %s on %s (repeat: %u)"
2228 , connect_rate_limiter->client_count(), connect_rate_limiter->total(), most_active.c_str(), most_active_count
2229 , connect_rate_limiter->currHighwater.client.c_str(), connect_rate_limiter->currHighwater.count

CID 643138: (Y2K38_SAFETY)
A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "connect_rate_limiter->currHighwater.time" is cast to "time32_t".

2230 , timestr(&scfg, (time32_t)connect_rate_limiter->currHighwater.time, tmp)
2231 , connect_rate_limiter->disallowed.load()
2232 , connect_rate_limiter->lastLimited.client.c_str(), timestr(&scfg, (time32_t)connect_rate_limiter->lastLimited.time, tmp2)
2233 , connect_rate_limiter->repeat.load());
2234 if (strcmp(str, rate_limit_report) != 0) {
2235 SAFECOPY(rate_limit_report, str);
/services.cpp: 2232 in services_thread()
2226 char tmp[128], tmp2[128];
2227 snprintf(str, sizeof str, "Connect limiting current: clients=%zu, requests=%zu, most-active=%s (%zu), highest: %s (%u) on %s, limited: %u, last: %s on %s (repeat: %u)"
2228 , connect_rate_limiter->client_count(), connect_rate_limiter->total(), most_active.c_str(), most_active_count
2229 , connect_rate_limiter->currHighwater.client.c_str(), connect_rate_limiter->currHighwater.count
2230 , timestr(&scfg, (time32_t)connect_rate_limiter->currHighwater.time, tmp)
2231 , connect_rate_limiter->disallowed.load()

CID 643138: (Y2K38_SAFETY)
A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "connect_rate_limiter->lastLimited.time" is cast to "time32_t".

2232 , connect_rate_limiter->lastLimited.client.c_str(), timestr(&scfg, (time32_t)connect_rate_limiter->lastLimited.time, tmp2)
2233 , connect_rate_limiter->repeat.load());
2234 if (strcmp(str, rate_limit_report) != 0) {
2235 SAFECOPY(rate_limit_report, str);
2236 lprintf(LOG_DEBUG, "%s", rate_limit_report);
2237 }

** CID 643137: (CONSTANT_EXPRESSION_RESULT)
/ftpsrvr.cpp: 4105 in ctrl_thread(void *)()
/ftpsrvr.cpp: 3782 in ctrl_thread(void *)()

_____________________________________________________________________________________________
*** CID 643137: (CONSTANT_EXPRESSION_RESULT)
/ftpsrvr.cpp: 4105 in ctrl_thread(void *)()
4099 tp = np; /* terminator pointer */
4100 FIND_WHITESPACE(tp); 4101 if (*tp)
4102 *tp = 0;
4103
4104 dp = tp + 1; /* description pointer */

CID 643137: (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*dp == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".

4105 SKIP_WHITESPACE(dp); 4106 truncsp(dp);
4107
4108 if (stricmp(dp, BBS_HIDDEN_ALIAS) == 0)
4109 continue;
4110
/ftpsrvr.cpp: 3782 in ctrl_thread(void *)()
3776 tp = np; /* terminator pointer */
3777 FIND_WHITESPACE(tp);
3778 if (*tp)
3779 *tp = 0;
3780
3781 dp = tp + 1; /* description pointer */

CID 643137: (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*dp == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".

3782 SKIP_WHITESPACE(dp);
3783 truncsp(dp);
3784
3785 if (stricmp(dp, BBS_HIDDEN_ALIAS) == 0)
3786 continue;
3787

** CID 643136: (Y2K38_SAFETY)
/ftpsrvr.cpp: 5417 in ftp_server()
/ftpsrvr.cpp: 5416 in ftp_server()

_____________________________________________________________________________________________
*** CID 643136: (Y2K38_SAFETY)
/ftpsrvr.cpp: 5417 in ftp_server()
5411 std::string most_active = request_rate_limiter->most_active(&most_active_count);
5412 char tmp[128], tmp2[128];
5413 snprintf(str, sizeof str, "Rate limiting current: clients=%zu, requests=%zu, most-active=%s (%zu), highest: %s (%u) on %s, limited: %u, last: %s on %s"
5414 , request_rate_limiter->client_count(), request_rate_limiter->total(), most_active.c_str(), most_active_count
5415 , request_rate_limiter->currHighwater.client.c_str(), request_rate_limiter->currHighwater.count
5416 , timestr(&scfg, (time32_t)request_rate_limiter->currHighwater.time, tmp), request_rate_limiter->disallowed.load()

CID 643136: (Y2K38_SAFETY)
A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "request_rate_limiter->lastLimited.time" is cast to "time32_t".

5417 , request_rate_limiter->lastLimited.client.c_str(), timestr(&scfg, (time32_t)request_rate_limiter->lastLimited.time, tmp2));
5418 if (strcmp(str, rate_limit_report) != 0) {
5419 SAFECOPY(rate_limit_report, str);
5420 lprintf(LOG_DEBUG, "%s", rate_limit_report);
5421 }
5422 }
/ftpsrvr.cpp: 5416 in ftp_server()
5410 size_t most_active_count = 0;
5411 std::string most_active = request_rate_limiter->most_active(&most_active_count);
5412 char tmp[128], tmp2[128];
5413 snprintf(str, sizeof str, "Rate limiting current: clients=%zu, requests=%zu, most-active=%s (%zu), highest: %s (%u) on %s, limited: %u, last: %s on %s"
5414 , request_rate_limiter->client_count(), request_rate_limiter->total(), most_active.c_str(), most_active_count
5415 , request_rate_limiter->currHighwater.client.c_str(), request_rate_limiter->currHighwater.count

CID 643136: (Y2K38_SAFETY)
A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "request_rate_limiter->currHighwater.time" is cast to "time32_t".

5416 , timestr(&scfg, (time32_t)request_rate_limiter->currHighwater.time, tmp), request_rate_limiter->disallowed.load()
5417 , request_rate_limiter->lastLimited.client.c_str(), timestr(&scfg, (time32_t)request_rate_limiter->lastLimited.time, tmp2));
5418 if (strcmp(str, rate_limit_report) != 0) {
5419 SAFECOPY(rate_limit_report, str);
5420 lprintf(LOG_DEBUG, "%s", rate_limit_report);
5421 }

** CID 643135: Program hangs (LOCK)
/services.cpp: 2476 in services_thread()

_____________________________________________________________________________________________
*** CID 643135: Program hangs (LOCK)
/services.cpp: 2476 in services_thread()
2470 close_socket(client_socket);
2471 continue;
2472 }
2473
2474 if (!host_exempt->listed(host_ip, nullptr)) {
2475 login_attempt_t attempted;

CID 643135: Program hangs (LOCK)
"loginBanned" locks "startup->login_attempt_list->mutex" while it is locked.

2476 ulong banned = loginBanned(&scfg, startup->login_attempt_list, client_socket, /* host_name: */ NULL, startup->login_attempt, &attempted);
2477 if (banned) {
2478 char ban_duration[128];
2479 lprintf(LOG_NOTICE, "%04d [%s] !TEMPORARY BAN (%lu login attempts, last: %s) - remaining: %s"
2480 , client_socket, host_ip, attempted.count - attempted.dupes, attempted.user
2481 , duration_estimate_to_str(banned, ban_duration, sizeof ban_duration, 1, 1));

** CID 643134: Uninitialized members (UNINIT_CTOR)
/filterfile.hpp: 44 in filterFile::filterFile()()

_____________________________________________________________________________________________
*** CID 643134: Uninitialized members (UNINIT_CTOR)
/filterfile.hpp: 44 in filterFile::filterFile()()
38 filterFile() = default;
39 ~filterFile() {
40 strListFree(&list);
41 }
42 std::atomic<uint> fread_count{};
43 std::atomic<uint> total_found{};

CID 643134: Uninitialized members (UNINIT_CTOR)
The compiler-generated constructor for this class does not initialize "fchk_interval".

44 time_t fchk_interval; // seconds
45 char fname[MAX_PATH + 1];
46 bool listed(const char* str1, const char* str2 = nullptr, struct trash* details = nullptr) {
47 bool result;
48 time_t now = time(nullptr);
49 if (fchk_interval) {

** CID 643133: (CONSTANT_EXPRESSION_RESULT)
/ftpsrvr.cpp: 4476 in ctrl_thread(void *)()
/ftpsrvr.cpp: 4473 in ctrl_thread(void *)()
/ftpsrvr.cpp: 4097 in ctrl_thread(void *)()
/ftpsrvr.cpp: 3774 in ctrl_thread(void *)()

_____________________________________________________________________________________________
*** CID 643133: (CONSTANT_EXPRESSION_RESULT)
/ftpsrvr.cpp: 4476 in ctrl_thread(void *)()
4470 *tp = 0;
4471
4472 np = tp + 1; /* filename pointer */
4473 SKIP_WHITESPACE(np);
4474
4475 np++; /* description pointer */

CID 643133: (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*np == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".

4476 FIND_WHITESPACE(np);
4477
4478 while (*np && *np < ' ') np++;
4479
4480 truncsp(np);
4481
/ftpsrvr.cpp: 4473 in ctrl_thread(void *)()
4467 tp = p; /* terminator pointer */
4468 FIND_WHITESPACE(tp);
4469 if (*tp)
4470 *tp = 0;
4471
4472 np = tp + 1; /* filename pointer */

CID 643133: (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*np == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".

4473 SKIP_WHITESPACE(np);
4474
4475 np++; /* description pointer */
4476 FIND_WHITESPACE(np);
4477
4478 while (*np && *np < ' ') np++;
/ftpsrvr.cpp: 4097 in ctrl_thread(void *)()
4091 tp = p; /* terminator pointer */
4092 FIND_WHITESPACE(tp); 4093 if (*tp)
4094 *tp = 0;
4095
4096 np = tp + 1; /* filename pointer */

CID 643133: (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*np == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".

4097 SKIP_WHITESPACE(np); 4098
4099 tp = np; /* terminator pointer */
4100 FIND_WHITESPACE(tp); 4101 if (*tp)
4102 *tp = 0; /ftpsrvr.cpp: 3774 in ctrl_thread(void *)()
3768 tp = p; /* terminator pointer */
3769 FIND_WHITESPACE(tp);
3770 if (*tp)
3771 *tp = 0;
3772
3773 np = tp + 1; /* filename pointer */

CID 643133: (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*np == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".

3774 SKIP_WHITESPACE(np);
3775
3776 tp = np; /* terminator pointer */
3777 FIND_WHITESPACE(tp);
3778 if (*tp)
3779 *tp = 0;

** CID 643132: (CONSTANT_EXPRESSION_RESULT)
/ftpsrvr.cpp: 1560 in ftpalias(char *, char *, user_t *, client_t *, int *)()
/ftpsrvr.cpp: 1549 in ftpalias(char *, char *, user_t *, client_t *, int *)()

_____________________________________________________________________________________________
*** CID 643132: (CONSTANT_EXPRESSION_RESULT)
/ftpsrvr.cpp: 1560 in ftpalias(char *, char *, user_t *, client_t *, int *)()
1554 continue;
1555
1556 p = tp + 1; /* filename */
1557 SKIP_WHITESPACE(p);
1558
1559 tp = p; /* terminator */

CID 643132: (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*tp == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".

1560 FIND_WHITESPACE(tp);
1561 if (*tp)
1562 *tp = 0;
1563
1564 if (filename == NULL /* CWD? */ && (*lastchar(p) != '/' || (*fname != 0 && strcmp(fname, alias)))) {
1565 fclose(fp);
/ftpsrvr.cpp: 1549 in ftpalias(char *, char *, user_t *, client_t *, int *)()
1543 p = line; /* alias */
1544 SKIP_WHITESPACE(p);
1545 if (*p == ';') /* comment */
1546 continue;
1547
1548 tp = p; /* terminator */

CID 643132: (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*tp == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".

1549 FIND_WHITESPACE(tp);
1550 if (*tp)
1551 *tp = 0;
1552
1553 if (stricmp(p, alias)) /* Not a match */
1554 continue;

** CID 643131: (CONSTANT_EXPRESSION_RESULT)
/ftpsrvr.cpp: 3769 in ctrl_thread(void *)()
/ftpsrvr.cpp: 3777 in ctrl_thread(void *)()
/ftpsrvr.cpp: 4100 in ctrl_thread(void *)()
/ftpsrvr.cpp: 4092 in ctrl_thread(void *)()
/ftpsrvr.cpp: 4468 in ctrl_thread(void *)()

_____________________________________________________________________________________________
*** CID 643131: (CONSTANT_EXPRESSION_RESULT)
/ftpsrvr.cpp: 3769 in ctrl_thread(void *)()
3763 SKIP_WHITESPACE(p);
3764
3765 if (*p == ';') /* comment */
3766 continue;
3767
3768 tp = p; /* terminator pointer */

CID 643131: (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*tp == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".

3769 FIND_WHITESPACE(tp);
3770 if (*tp)
3771 *tp = 0;
3772
3773 np = tp + 1; /* filename pointer */
3774 SKIP_WHITESPACE(np);
/ftpsrvr.cpp: 3777 in ctrl_thread(void *)()
3771 *tp = 0;
3772
3773 np = tp + 1; /* filename pointer */
3774 SKIP_WHITESPACE(np);
3775
3776 tp = np; /* terminator pointer */

CID 643131: (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*tp == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".

3777 FIND_WHITESPACE(tp);
3778 if (*tp)
3779 *tp = 0;
3780
3781 dp = tp + 1; /* description pointer */
3782 SKIP_WHITESPACE(dp);
/ftpsrvr.cpp: 4100 in ctrl_thread(void *)()
4094 *tp = 0;
4095
4096 np = tp + 1; /* filename pointer */
4097 SKIP_WHITESPACE(np); 4098
4099 tp = np; /* terminator pointer */

CID 643131: (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*tp == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".

4100 FIND_WHITESPACE(tp); 4101 if (*tp)
4102 *tp = 0;
4103
4104 dp = tp + 1; /* description pointer */
4105 SKIP_WHITESPACE(dp); /ftpsrvr.cpp: 4092 in ctrl_thread(void *)()
4086 SKIP_WHITESPACE(p); 4087
4088 if (*p == ';') /* comment */
4089 continue;
4090
4091 tp = p; /* terminator pointer */

CID 643131: (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*tp == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".

4092 FIND_WHITESPACE(tp); 4093 if (*tp)
4094 *tp = 0;
4095
4096 np = tp + 1; /* filename pointer */
4097 SKIP_WHITESPACE(np); /ftpsrvr.cpp: 4468 in ctrl_thread(void *)()
4462 SKIP_WHITESPACE(p);
4463
4464 if (*p == ';') /* comment */
4465 continue;
4466
4467 tp = p; /* terminator pointer */

CID 643131: (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*tp == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".

4468 FIND_WHITESPACE(tp);
4469 if (*tp)
4470 *tp = 0;
4471
4472 np = tp + 1; /* filename pointer */
4473 SKIP_WHITESPACE(np);

** CID 643130: Error handling issues (CHECKED_RETURN)
/ftpsrvr.cpp: 929 in receive_thread(void *)()

_____________________________________________________________________________________________
*** CID 643130: Error handling issues (CHECKED_RETURN)
/ftpsrvr.cpp: 929 in receive_thread(void *)()
923
924 *xfer.aborted = FALSE;
925 if (xfer.filepos || startup->options & FTP_OPT_DEBUG_DATA)
926 lprintf(LOG_DEBUG, "%04d <%s> DATA socket %d receiving %s from offset %" PRIdOFF
927 , xfer.ctrl_sock, xfer.user->alias, *xfer.data_sock, xfer.filename, xfer.filepos);
928

CID 643130: Error handling issues (CHECKED_RETURN)
Calling "fseeko(fp, xfer.filepos, 0)" without checking return value. This library function may fail and return an error code.

929 fseeko(fp, xfer.filepos, SEEK_SET);
930
931 // Determine the maximum file size to allow, accounting for minimum free space
932 char path[MAX_PATH + 1];
933 SAFECOPY(path, xfer.filename);
934 *getfname(path) = '\0';

** CID 643129: (Y2K38_SAFETY)
/mailsrvr.cpp: 6497 in mail_server()
/mailsrvr.cpp: 6496 in mail_server()

_____________________________________________________________________________________________
*** CID 643129: (Y2K38_SAFETY)
/mailsrvr.cpp: 6497 in mail_server()
6491 std::string most_active = request_rate_limiter->most_active(&most_active_count);
6492 char tmp[128], tmp2[128];
6493 snprintf(str, sizeof str, "Rate limiting current; clients=%zu, requests=%zu, most-active=%s (%zu), highest: %s (%u) on %s, limited: %u, last: %s on %s"
6494 , request_rate_limiter->client_count(), request_rate_limiter->total(), most_active.c_str(), most_active_count
6495 , request_rate_limiter->currHighwater.client.c_str(), request_rate_limiter->currHighwater.count
6496 , timestr(&scfg, (time32_t)request_rate_limiter->currHighwater.time, tmp), request_rate_limiter->disallowed.load()

CID 643129: (Y2K38_SAFETY)
A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "request_rate_limiter->lastLimited.time" is cast to "time32_t".

6497 , request_rate_limiter->lastLimited.client.c_str(), timestr(&scfg, (time32_t)request_rate_limiter->lastLimited.time, tmp2));
6498 if (strcmp(str, rate_limit_report) != 0) {
6499 SAFECOPY(rate_limit_report, str);
6500 lprintf(LOG_DEBUG, "%s", rate_limit_report);
6501 }
6502 }
/mailsrvr.cpp: 6496 in mail_server()
6490 size_t most_active_count = 0;
6491 std::string most_active = request_rate_limiter->most_active(&most_active_count);
6492 char tmp[128], tmp2[128];
6493 snprintf(str, sizeof str, "Rate limiting current; clients=%zu, requests=%zu, most-active=%s (%zu), highest: %s (%u) on %s, limited: %u, last: %s on %s"
6494 , request_rate_limiter->client_count(), request_rate_limiter->total(), most_active.c_str(), most_active_count
6495 , request_rate_limiter->currHighwater.client.c_str(), request_rate_limiter->currHighwater.count

CID 643129: (Y2K38_SAFETY)
A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "request_rate_limiter->currHighwater.time" is cast to "time32_t".

6496 , timestr(&scfg, (time32_t)request_rate_limiter->currHighwater.time, tmp), request_rate_limiter->disallowed.load()
6497 , request_rate_limiter->lastLimited.client.c_str(), timestr(&scfg, (time32_t)request_rate_limiter->lastLimited.time, tmp2));
6498 if (strcmp(str, rate_limit_report) != 0) {
6499 SAFECOPY(rate_limit_report, str);
6500 lprintf(LOG_DEBUG, "%s", rate_limit_report);
6501 }

________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://scan.coverity.com/projects/synchronet?tab=overview

---
* Synchronet * Vertrauen ■ Home of Synchronet ■ [vert/cvs/bbs].synchro.net

From scan-admin@coverity.com@VERT to All on Tue Feb 17 13:48:48 2026

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

1 new defect(s) introduced to Synchronet found with Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 1 of 1 defect(s)

** CID 644193: Memory - corruptions (REVERSE_NEGATIVE)
/websrvr.cpp: 1186 in close_request(http_session_t *)()

_____________________________________________________________________________________________
*** CID 644193: Memory - corruptions (REVERSE_NEGATIVE)
/websrvr.cpp: 1186 in close_request(http_session_t *)()
1180 * This causes all active http_session_threads to terminate. 1181 */
1182 if ((!session->req.keep_alive) || terminate_server) {
1183 drain_outbuf(session);
1184 close_session_socket(session);
1185 }

CID 644193: Memory - corruptions (REVERSE_NEGATIVE)
You might be using variable "session->socket" before verifying that it is >= 0.

1186 if (session->socket == INVALID_SOCKET)
1187 session->finished = true;
1188
1189 if (session->js_cx != NULL && (session->req.dynamic == IS_SSJS)) {
1190 JS_BEGINREQUEST(session->js_cx);
1191 JS_GC(session->js_cx);

________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://scan.coverity.com/projects/synchronet?tab=overview

---
* Synchronet * Vertrauen ■ Home of Synchronet ■ [vert/cvs/bbs].synchro.net

From scan-admin@coverity.com@VERT to All on Wed Feb 18 13:50:52 2026

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

2 new defect(s) introduced to Synchronet found with Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 2 of 2 defect(s)

** CID 644273: Resource leaks (RESOURCE_LEAK)
/js_console.cpp: 422 in js_console_set(JSContext *, JSObject *, long, int, unsigned long *)()

_____________________________________________________________________________________________
*** CID 644273: Resource leaks (RESOURCE_LEAK)
/js_console.cpp: 422 in js_console_set(JSContext *, JSObject *, long, int, unsigned long *)()
416 break;
417
418 default:
419 return JS_TRUE;
420 }
421

CID 644273: Resource leaks (RESOURCE_LEAK)
Variable "sval" going out of scope leaks the storage it points to.

422 return JS_TRUE;
423 }
424
425 #define CON_PROP_FLAGS JSPROP_ENUMERATE
426
427 static jsSyncPropertySpec js_console_properties[] = {

** CID 644272: Performance inefficiencies (COPY_INSTEAD_OF_MOVE)

_____________________________________________________________________________________________
*** CID 644272: Performance inefficiencies (COPY_INSTEAD_OF_MOVE) /con_hi.cpp: 61 in sbbs_t::uselect(bool, unsigned int, const char *, const char *, const unsigned char *)()
55 if (add) {
56 if (name == nullptr)
57 return -1;
58 if (ar != nullptr && !chk_ar(ar, &useron, &client))
59 return 0;
60 uselect_item item = { name, num };

CID 644272: Performance inefficiencies (COPY_INSTEAD_OF_MOVE) >>> "item" is copied and then passed-by-reference as parameter to STL insertion function "std::vector<sbbs_t::uselect_item, std::allocator<sbbs_t::uselect_item> >::push_back(std::vector<sbbs_t::uselect_item, std::allocator<sbbs_t::uselect_item> >::value_type const &)", when it could be moved instead.

61 uselect_items.push_back(item);
62 return 0;
63 }
64
65 if (uselect_items.size() < 1)
66 return -1;

________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://scan.coverity.com/projects/synchronet?tab=overview

---
* Synchronet * Vertrauen ■ Home of Synchronet ■ [vert/cvs/bbs].synchro.net

From scan-admin@coverity.com@VERT to cov-scan@synchro.net on Wed Mar 11 13:28:10 2026

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

1 new defect(s) introduced to Synchronet found with Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 1 of 1 defect(s)

** CID 644869: Code maintainability issues (UNUSED_VALUE)
/main.cpp: 5548 in bbs_thread()

_____________________________________________________________________________________________
*** CID 644869: Code maintainability issues (UNUSED_VALUE)
/main.cpp: 5548 in bbs_thread()
5542 client_socket = xpms_accept(ts_set, &client_addr
5543 , &client_addr_len, startup->sem_chk_freq * 1000, (startup->options & BBS_OPT_HAPROXY_PROTO) ? XPMS_ACCEPT_FLAG_HAPROXY : XPMS_FLAGS_NONE, &ts_cb);
5544
5545 if (terminate_server) { /* terminated */
5546 if (client_socket != INVALID_SOCKET) 5547 close_socket(client_socket); >>> CID 644869: Code maintainability issues (UNUSED_VALUE)

Assigning value "-1" to "client_socket" here, but that stored value is overwritten before it can be used.

5548 client_socket = INVALID_SOCKET;
5549 break;
5550 }
5551
5552 if ((p = semfile_list_check(&initialized, clear_attempts_semfiles)) != NULL) {
5553 lprintf(LOG_INFO, "Clear Failed Login Attempts semaphore file (%s) detected", p);

________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://scan.coverity.com/projects/synchronet?tab=overview

---
* Synchronet * Vertrauen ■ Home of Synchronet ■ [vert/cvs/bbs].synchro.net

From scan-admin@coverity.com@VERT to cov-scan@synchro.net on Fri Mar 13 13:00:05 2026

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

1 new defect(s) introduced to Synchronet found with Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 1 of 1 defect(s)

** CID 644892: Resource leaks (RESOURCE_LEAK)
/smbutil.c: 836 in maint()

_____________________________________________________________________________________________
*** CID 644892: Resource leaks (RESOURCE_LEAK)
/smbutil.c: 836 in maint()
830 l = fread(idxbuf, idxreclen, smb.status.total_msgs, smb.sid_fp);
831
832 printf("\nDone.\n\n");
833 printf("Scanning for pre-flagged messages...\n");
834 for (m = 0; m < l; m++) {
835 if (terminated)

CID 644892: Resource leaks (RESOURCE_LEAK)
Variable "idxbuf" going out of scope leaks the storage it points to. 836 return;

837 idx = (idxrec_t*)(idxbuf + (m * idxreclen));
838 // printf("\r%2lu%%",m ? (long)(100.0/((float)l/m)) : 0); 839 if (idx->attr & MSG_DELETE)
840 flagged++;
841 }

________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://scan.coverity.com/projects/synchronet?tab=overview

---
* Synchronet * Vertrauen ■ Home of Synchronet ■ [vert/cvs/bbs].synchro.net

From scan-admin@coverity.com@VERT to All on Sun Mar 15 14:04:34 2026

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

3 new defect(s) introduced to Synchronet found with Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 3 of 3 defect(s)

** CID 644904: Concurrent data access violations (MISSING_LOCK) /tmp/sbbs-Mar-15-2026/src/conio/bitmap_con.c: 1139 in blinker_thread()

_____________________________________________________________________________________________
*** CID 644904: Concurrent data access violations (MISSING_LOCK) /tmp/sbbs-Mar-15-2026/src/conio/bitmap_con.c: 1139 in blinker_thread()
1133 assert_pthread_mutex_unlock(&screenlock);
1134 assert_rwlock_unlock(&vstatlock);
1135 continue;
1136 }
1137 assert_pthread_mutex_unlock(&screenlock);
1138 if (curs_changed || blink_changed || lfc)

CID 644904: Concurrent data access violations (MISSING_LOCK) >>> Accessing "vstat.vmem->changed" without holding lock "vstat_chlock". Elsewhere, "vstat_vmem.changed" is written to with "vstat_chlock" held 7 out of 8 times (6 of these accesses strongly imply that it is necessary).

1139 vstat.vmem->changed = true;
1140 assert_rwlock_unlock(&vstatlock);
1141
1142 if (check_redraw()) {
1143 if (update_from_vmem(TRUE))
1144 request_redraw();

** CID 644903: Concurrent data access violations (MISSING_LOCK) /tmp/sbbs-Mar-15-2026/src/conio/bitmap_con.c: 861 in draw_char_row_slow()

_____________________________________________________________________________________________
*** CID 644903: Concurrent data access violations (MISSING_LOCK) /tmp/sbbs-Mar-15-2026/src/conio/bitmap_con.c: 861 in draw_char_row_slow()
855 ac = cs->bg;
856 bc = cs->bg;
857 }
858
859 if (screena.rect->data[pixeloffset] != ac) {
860 screena.rect->data[pixeloffset] = ac;

CID 644903: Concurrent data access violations (MISSING_LOCK) >>> Accessing "screena.update_pixels" without holding lock "screenlock". Elsewhere, "bitmap_screen.update_pixels" is written to with "screenlock" held 18 out of 24 times.

861 screena.update_pixels = 1;
862 }
863 if (screenb.rect->data[pixeloffset] != bc) {
864 screenb.rect->data[pixeloffset] = bc;
865 screenb.update_pixels = 1;
866 }

** CID 644905: Concurrent data access violations (MISSING_LOCK) /tmp/sbbs-Mar-15-2026/src/conio/bitmap_con.c: 988 in bitmap_draw_vmem_locked()

_____________________________________________________________________________________________
*** CID 644905: Concurrent data access violations (MISSING_LOCK) /tmp/sbbs-Mar-15-2026/src/conio/bitmap_con.c: 988 in bitmap_draw_vmem_locked()
982 bs.pixeloffset += rsz;
983 if (bs.pixeloffset >= bs.maxpix)
984 bs.pixeloffset -= bs.maxpix; 985 }
986 }
987 if (didfast) {

CID 644905: Concurrent data access violations (MISSING_LOCK) >>> Accessing "screena.update_pixels" without holding lock "screenlock". Elsewhere, "bitmap_screen.update_pixels" is written to with "screenlock" held 18 out of 24 times.

988 screena.update_pixels = true;
989 screenb.update_pixels = true;
990 }
991 }
992 }
993

________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://scan.coverity.com/projects/synchronet?tab=overview

---
* Synchronet * Vertrauen ■ Home of Synchronet ■ [vert/cvs/bbs].synchro.net

From scan-admin@coverity.com@VERT to cov-scan@synchro.net on Mon Mar 16 15:28:31 2026

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

1 new defect(s) introduced to Synchronet found with Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 1 of 1 defect(s)

** CID 644927: (RESOURCE_LEAK)
/tmp/sbbs-Mar-16-2026/src/conio/scale.c: 462 in do_scale() /tmp/sbbs-Mar-16-2026/src/conio/scale.c: 462 in do_scale() /tmp/sbbs-Mar-16-2026/src/conio/scale.c: 462 in do_scale() /tmp/sbbs-Mar-16-2026/src/conio/scale.c: 462 in do_scale() /tmp/sbbs-Mar-16-2026/src/conio/scale.c: 462 in do_scale()

_____________________________________________________________________________________________
*** CID 644927: (RESOURCE_LEAK) /tmp/sbbs-Mar-16-2026/src/conio/scale.c: 462 in do_scale()
456 ctarget = ret2;
457 else
458 ctarget = ret1;
459 }
460
461 release_buffer(ctarget);

CID 644927: (RESOURCE_LEAK)
Variable "nt" going out of scope leaks the storage it points to.

462 return csrc;
463 }
464
465 static void
466 pointy_scale_odd(const uint32_t* src, uint32_t* dest, const int width, const int height, const int mult)
467 {
/tmp/sbbs-Mar-16-2026/src/conio/scale.c: 462 in do_scale()
456 ctarget = ret2;
457 else
458 ctarget = ret1;
459 }
460
461 release_buffer(ctarget);

CID 644927: (RESOURCE_LEAK)
Variable "nt" going out of scope leaks the storage it points to.

462 return csrc;
463 }
464
465 static void
466 pointy_scale_odd(const uint32_t* src, uint32_t* dest, const int width, const int height, const int mult)
467 {
/tmp/sbbs-Mar-16-2026/src/conio/scale.c: 462 in do_scale()
456 ctarget = ret2;
457 else
458 ctarget = ret1;
459 }
460
461 release_buffer(ctarget);

CID 644927: (RESOURCE_LEAK)
Variable "nt" going out of scope leaks the storage it points to.

462 return csrc;
463 }
464
465 static void
466 pointy_scale_odd(const uint32_t* src, uint32_t* dest, const int width, const int height, const int mult)
467 {
/tmp/sbbs-Mar-16-2026/src/conio/scale.c: 462 in do_scale()
456 ctarget = ret2;
457 else
458 ctarget = ret1;
459 }
460
461 release_buffer(ctarget);

CID 644927: (RESOURCE_LEAK)
Variable "nt" going out of scope leaks the storage it points to.

462 return csrc;
463 }
464
465 static void
466 pointy_scale_odd(const uint32_t* src, uint32_t* dest, const int width, const int height, const int mult)
467 {
/tmp/sbbs-Mar-16-2026/src/conio/scale.c: 462 in do_scale()
456 ctarget = ret2;
457 else
458 ctarget = ret1;
459 }
460
461 release_buffer(ctarget);

CID 644927: (RESOURCE_LEAK)
Variable "nt" going out of scope leaks the storage it points to.

462 return csrc;
463 }
464
465 static void
466 pointy_scale_odd(const uint32_t* src, uint32_t* dest, const int width, const int height, const int mult)
467 {

________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://scan.coverity.com/projects/synchronet?tab=overview

---
* Synchronet * Vertrauen ■ Home of Synchronet ■ [vert/cvs/bbs].synchro.net

From scan-admin@coverity.com@VERT to All on Tue Mar 17 12:54:04 2026

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

4 new defect(s) introduced to Synchronet found with Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 4 of 4 defect(s)

** CID 645010: Insecure data handling (INTEGER_OVERFLOW) /tmp/sbbs-Mar-17-2026/src/conio/wl_events.c: 1136 in ds_send()

_____________________________________________________________________________________________
*** CID 645010: Insecure data handling (INTEGER_OVERFLOW) /tmp/sbbs-Mar-17-2026/src/conio/wl_events.c: 1136 in ds_send()
1130 {
1131 assert_pthread_mutex_lock(&wl_copybuf_mutex);
1132 if (wl_copybuf) {
1133 size_t len = strlen(wl_copybuf);
1134 size_t sent = 0;
1135 while (sent < len) {

CID 645010: Insecure data handling (INTEGER_OVERFLOW)
"len - sent", which might have underflowed, is passed to "write(fd, wl_copybuf + sent, len - sent)".

1136 ssize_t rv = write(fd, wl_copybuf + sent, len - sent);
1137 if (rv <= 0)
1138 break;
1139 sent += rv;
1140 }
1141 }

** CID 645009: Insecure data handling (INTEGER_OVERFLOW) /tmp/sbbs-Mar-17-2026/src/conio/wl_events.c: 1459 in readev()

_____________________________________________________________________________________________
*** CID 645009: Insecure data handling (INTEGER_OVERFLOW) /tmp/sbbs-Mar-17-2026/src/conio/wl_events.c: 1459 in readev()
1453 readev(struct wl_local_event *lev)
1454 {
1455 size_t got = 0;
1456 char *buf = (char *)lev;
1457
1458 while (got < sizeof(*lev)) {

CID 645009: Insecure data handling (INTEGER_OVERFLOW)
"96UL - got", which might have underflowed, is passed to "read(wl_local_pipe[0], buf + got, 96UL - got)".

1459 int rv = read(wl_local_pipe[0], buf + got, sizeof(*lev) - got);
1460 if (rv > 0)
1461 got += rv;
1462 }
1463 }
1464

** CID 645008: Concurrent data access violations (MISSING_LOCK) /tmp/sbbs-Mar-17-2026/src/conio/wl_cio.c: 243 in wl_copytext()

_____________________________________________________________________________________________
*** CID 645008: Concurrent data access violations (MISSING_LOCK) /tmp/sbbs-Mar-17-2026/src/conio/wl_cio.c: 243 in wl_copytext()
237
238 assert_pthread_mutex_lock(&wl_copybuf_mutex);
239 FREE_AND_NULL(wl_copybuf);
240 wl_copybuf = strdup(text);
241 assert_pthread_mutex_unlock(&wl_copybuf_mutex);
242

CID 645008: Concurrent data access violations (MISSING_LOCK) >>> Accessing "wl_copybuf" without holding lock "wl_copybuf_mutex". Elsewhere, "wl_copybuf" is written to with "wl_copybuf_mutex" held 2 out of 2 times.

243 if (wl_copybuf) {
244 ev.type = WL_LOCAL_COPY;
245 write_event(&ev);
246 }
247 }
248

** CID 645007: Program hangs (SLEEP)

_____________________________________________________________________________________________
*** CID 645007: Program hangs (SLEEP) /tmp/sbbs-Mar-17-2026/src/conio/ciolib.c: 2754 in ciolib_add_hyperlink()
2748 }
2749 }
2750
2751 /* Run GC if free list is empty */
2752 if (hyperlink_free_head == 0)
2753 hyperlink_gc();

CID 645007: Program hangs (SLEEP)
Call to "hyperlink_gc" might sleep while holding lock "hyperlink_mutex".

2754
2755 /* Still empty after GC table is full */
2756 if (hyperlink_free_head == 0) {
2757 pthread_mutex_unlock(&hyperlink_mutex);
2758 return 0;
2759 }

________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://scan.coverity.com/projects/synchronet?tab=overview

---
* Synchronet * Vertrauen ■ Home of Synchronet ■ [vert/cvs/bbs].synchro.net

From scan-admin@coverity.com@VERT to cov-scan@synchro.net on Wed Mar 18 13:09:05 2026

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

1 new defect(s) introduced to Synchronet found with Coverity Scan.
4 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 1 of 1 defect(s)

** CID 645069: Control flow issues (DEADCODE) /tmp/sbbs-Mar-18-2026/src/conio/cterm.c: 2702 in sgr_diff()

_____________________________________________________________________________________________
*** CID 645069: Control flow issues (DEADCODE) /tmp/sbbs-Mar-18-2026/src/conio/cterm.c: 2702 in sgr_diff()
2696 else {
2697 int params = 0;
2698 char sgrbuf[128];
2699 sgrbuf[0] = '\0';
2700
2701 if ((na & 0x08) && !(pa & 0x08)) {

CID 645069: Control flow issues (DEADCODE)
Execution cannot reach the expression "";1"" inside this statement: "strcat(sgrbuf, (params++ ? ...".

2702 strcat(sgrbuf, params++ ? ";1" : "1");
2703 }
2704 if ((na & 0x80) && !(pa & 0x80)) {
2705 strcat(sgrbuf, params++ ? ";5" : "5");
2706 }
2707 if ((na & 0x07) != (pa & 0x07)) {

________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://scan.coverity.com/projects/synchronet?tab=overview

---
* Synchronet * Vertrauen ■ Home of Synchronet ■ [vert/cvs/bbs].synchro.net

From scan-admin@coverity.com@VERT to All on Sun Apr 19 12:52:21 2026

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

3 new defect(s) introduced to Synchronet found with Coverity Scan.
3 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 3 of 3 defect(s)

** CID 645706: Error handling issues (NEGATIVE_RETURNS) /tmp/sbbs-Apr-19-2026/src/conio/cterm_cterm.c: 635 in cterm_cterm_handle_font_dcs()

_____________________________________________________________________________________________
*** CID 645706: Error handling issues (NEGATIVE_RETURNS) /tmp/sbbs-Apr-19-2026/src/conio/cterm_cterm.c: 635 in cterm_cterm_handle_font_dcs()
629 return;
630 if (cterm->font_slot > 255)
631 return;
632 if (p && *p == ':') {
633 p++;
634 i = b64_decode(cterm->fontbuf, sizeof(cterm->fontbuf), p, 0);

CID 645706: Error handling issues (NEGATIVE_RETURNS)
"i" is passed to a parameter that cannot be negative.

635 p2 = malloc(i);
636 if (p2) {
637 memcpy(p2, cterm->fontbuf, i);
638 replace_font(cterm->font_slot,
639 strdup("Remote Defined Font"), p2, i);
640 }

** CID 645705: Memory - corruptions (OVERRUN) /tmp/sbbs-Apr-19-2026/src/conio/cterm_cterm.c: 637 in cterm_cterm_handle_font_dcs()

_____________________________________________________________________________________________
*** CID 645705: Memory - corruptions (OVERRUN) /tmp/sbbs-Apr-19-2026/src/conio/cterm_cterm.c: 637 in cterm_cterm_handle_font_dcs()
631 return;
632 if (p && *p == ':') {
633 p++;
634 i = b64_decode(cterm->fontbuf, sizeof(cterm->fontbuf), p, 0);
635 p2 = malloc(i);
636 if (p2) {

CID 645705: Memory - corruptions (OVERRUN)
Calling "memcpy" with "p2" and "i" is suspicious because of the very large index, 18446744073709551615. The index may be due to a negative parameter being interpreted as unsigned.

637 memcpy(p2, cterm->fontbuf, i);
638 replace_font(cterm->font_slot,
639 strdup("Remote Defined Font"), p2, i);
640 }
641 }
642 }

** CID 645704: (STRING_OVERFLOW) /tmp/sbbs-Apr-19-2026/src/conio/cterm_dec.c: 2139 in cterm_dec_dcs_finish()
/tmp/sbbs-Apr-19-2026/src/conio/cterm_dec.c: 2135 in cterm_dec_dcs_finish()

_____________________________________________________________________________________________
*** CID 645704: (STRING_OVERFLOW) /tmp/sbbs-Apr-19-2026/src/conio/cterm_dec.c: 2139 in cterm_dec_dcs_finish()
2133 if (cterm->fg_tc_str) {
2134 strcat(tmp, ";");
2135 strcat(tmp, cterm->fg_tc_str);
2136 }
2137 if (cterm->bg_tc_str) {
2138 strcat(tmp, ";");

CID 645704: (STRING_OVERFLOW)
You might overrun the 3072-character fixed-size string "tmp" by copying "cterm->bg_tc_str" without checking the length.

2139 strcat(tmp, cterm->bg_tc_str);
2140 }
2141 strcat(tmp, "m\x1b\\");
2142 cterm_respond(cterm, tmp, strlen(tmp));
2143 }
2144 else { /tmp/sbbs-Apr-19-2026/src/conio/cterm_dec.c: 2135 in cterm_dec_dcs_finish()
2129 case 6: strcat(tmp, ";43"); break;
2130 case 7: strcat(tmp, ";47"); break;
2131 }
2132 }
2133 if (cterm->fg_tc_str) {
2134 strcat(tmp, ";");

CID 645704: (STRING_OVERFLOW)
You might overrun the 3072-character fixed-size string "tmp" by copying "cterm->fg_tc_str" without checking the length.

2135 strcat(tmp, cterm->fg_tc_str);
2136 }
2137 if (cterm->bg_tc_str) {
2138 strcat(tmp, ";");
2139 strcat(tmp, cterm->bg_tc_str);
2140 }

________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://scan.coverity.com/projects/synchronet?tab=overview

---
* Synchronet * Vertrauen ■ Home of Synchronet ■ [vert/cvs/bbs].synchro.net

From scan-admin@coverity.com@VERT to All on Tue Apr 21 12:52:54 2026

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

6 new defect(s) introduced to Synchronet found with Coverity Scan.
2 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 6 of 6 defect(s)

** CID 645741: Data race undermines locking (LOCK_EVASION) /tmp/sbbs-Apr-21-2026/src/xpdev/xpbeep.c: 2092 in xp_audio_play()

_____________________________________________________________________________________________
*** CID 645741: Data race undermines locking (LOCK_EVASION) /tmp/sbbs-Apr-21-2026/src/xpdev/xpbeep.c: 2092 in xp_audio_play() 2086 if (!newring) {
2087 assert_pthread_mutex_unlock(&s->mutex);
2088 xp_audio_close(h);
2089 return -1;
2090 }
2091 s->ring = newring;

CID 645741: Data race undermines locking (LOCK_EVASION)
Thread1 sets "ring_frames" to a new value. Now the two threads have an inconsistent view of "ring_frames" and updates to fields correlated with "ring_frames" may be lost.

2092 s->ring_frames = nframes;
2093 assert_pthread_mutex_unlock(&s->mutex);
2094 }
2095 if (loop) {
2096 assert_pthread_mutex_lock(&s->mutex);
2097 s->loop = true;

** CID 645740: Null pointer dereferences (NULL_RETURNS) /tmp/sbbs-Apr-21-2026/src/xpdev/xpbeep.c: 2082 in xp_audio_play()

_____________________________________________________________________________________________
*** CID 645740: Null pointer dereferences (NULL_RETURNS) /tmp/sbbs-Apr-21-2026/src/xpdev/xpbeep.c: 2082 in xp_audio_play() 2076
2077 if (h < 0)
2078 return -1;
2079 s = stream_from_handle(h);
2080 /* Resize ring to fit exactly if larger than default. Loop mode requires
2081 * the ring to hold the full sample (read wraps to write_pos). */

CID 645740: Null pointer dereferences (NULL_RETURNS)
Dereferencing "s", which is known to be "NULL".

2082 if (nframes > s->ring_frames) {
2083 int16_t *newring;
2084 assert_pthread_mutex_lock(&s->mutex);
2085 newring = realloc(s->ring, nframes * S_CHANNELS * sizeof(int16_t));
2086 if (!newring) {
2087 assert_pthread_mutex_unlock(&s->mutex);

** CID 645739: Concurrent data access violations (MISSING_LOCK) /tmp/sbbs-Apr-21-2026/src/xpdev/xpbeep.c: 1862 in xp_audio_open()

_____________________________________________________________________________________________
*** CID 645739: Concurrent data access violations (MISSING_LOCK) /tmp/sbbs-Apr-21-2026/src/xpdev/xpbeep.c: 1862 in xp_audio_open() 1856
1857 assert_pthread_mutex_lock(&mixer_lock);
1858 /* Reap any done+auto_close streams first to free slots. Safe under
1859 * mixer_lock no mixer pull is in progress. */
1860 for (i = 0; i < XP_AUDIO_MAX_STREAMS; i++) {
1861 struct xp_audio_stream *r = mixer_streams[i];

CID 645739: Concurrent data access violations (MISSING_LOCK) >>> Accessing "r->done" without holding lock "xp_audio_stream.mutex". Elsewhere, "xp_audio_stream.done" is written to with "xp_audio_stream.mutex" held 4 out of 4 times (1 of these accesses strongly imply that it is necessary).

1862 if (r && r->auto_close && r->done) {
1863 mixer_streams[i] = NULL;
1864 free_stream_locked(r);
1865 }
1866 }
1867 for (i = 0; i < XP_AUDIO_MAX_STREAMS; i++) {

** CID 645738: Uninitialized variables (UNINIT)

_____________________________________________________________________________________________
*** CID 645738: Uninitialized variables (UNINIT) /tmp/sbbs-Apr-21-2026/src/conio/cterm_cterm.c: 1125 in play_music() 1119 if (buf) {
1120 if (note_frames > 0)
1121 xptone_makewave(freq, buf, note_frames, WAVE_SHAPE_SINE_SAW_HARM);
1122 if (pause_frames > 0)
1123 memset(buf + (size_t)note_frames * XPBEEP_CHANNELS, 0,
1124 (size_t)pause_frames * XPBEEP_FRAMESIZE);

CID 645738: Uninitialized variables (UNINIT)
Using uninitialized value "*buf" when calling "xp_audio_append".

1125 xp_audio_append(cterm->music_stream, buf, total_frames);
1126 free(buf);
1127 if (cterm->musicfore) {
1128 xp_audio_wait(cterm->music_stream);
1129 had_foreground = 1;
1130 }

** CID 645737: Concurrent data access violations (MISSING_LOCK) /tmp/sbbs-Apr-21-2026/src/xpdev/xpbeep.c: 2082 in xp_audio_play()

_____________________________________________________________________________________________
*** CID 645737: Concurrent data access violations (MISSING_LOCK) /tmp/sbbs-Apr-21-2026/src/xpdev/xpbeep.c: 2082 in xp_audio_play() 2076
2077 if (h < 0)
2078 return -1;
2079 s = stream_from_handle(h);
2080 /* Resize ring to fit exactly if larger than default. Loop mode requires
2081 * the ring to hold the full sample (read wraps to write_pos). */

CID 645737: Concurrent data access violations (MISSING_LOCK) >>> Accessing "s->ring_frames" without holding lock "xp_audio_stream.mutex". Elsewhere, "xp_audio_stream.ring_frames" is written to with "xp_audio_stream.mutex" held 1 out of 1 times.

2082 if (nframes > s->ring_frames) {
2083 int16_t *newring;
2084 assert_pthread_mutex_lock(&s->mutex);
2085 newring = realloc(s->ring, nframes * S_CHANNELS * sizeof(int16_t));
2086 if (!newring) {
2087 assert_pthread_mutex_unlock(&s->mutex);

** CID 645736: Concurrent data access violations (MISSING_LOCK) /tmp/sbbs-Apr-21-2026/src/xpdev/xpbeep.c: 1862 in xp_audio_open()

_____________________________________________________________________________________________
*** CID 645736: Concurrent data access violations (MISSING_LOCK) /tmp/sbbs-Apr-21-2026/src/xpdev/xpbeep.c: 1862 in xp_audio_open() 1856
1857 assert_pthread_mutex_lock(&mixer_lock);
1858 /* Reap any done+auto_close streams first to free slots. Safe under
1859 * mixer_lock no mixer pull is in progress. */
1860 for (i = 0; i < XP_AUDIO_MAX_STREAMS; i++) {
1861 struct xp_audio_stream *r = mixer_streams[i];

CID 645736: Concurrent data access violations (MISSING_LOCK) >>> Accessing "r->auto_close" without holding lock "xp_audio_stream.mutex". Elsewhere, "xp_audio_stream.auto_close" is written to with "xp_audio_stream.mutex" held 1 out of 1 times (1 of these accesses strongly imply that it is necessary).

1862 if (r && r->auto_close && r->done) {
1863 mixer_streams[i] = NULL;
1864 free_stream_locked(r);
1865 }
1866 }
1867 for (i = 0; i < XP_AUDIO_MAX_STREAMS; i++) {

________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://scan.coverity.com/projects/synchronet?tab=overview

---
* Synchronet * Vertrauen ■ Home of Synchronet ■ [vert/cvs/bbs].synchro.net

From scan-admin@coverity.com@VERT to All on Wed Apr 22 13:18:50 2026

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

1 new defect(s) introduced to Synchronet found with Coverity Scan.
4 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 1 of 1 defect(s)

** CID 645757: Control flow issues (DEADCODE) /tmp/sbbs-Apr-22-2026/src/conio/cterm_cterm.c: 1228 in cterm_play_fx_tone()

_____________________________________________________________________________________________
*** CID 645757: Control flow issues (DEADCODE) /tmp/sbbs-Apr-22-2026/src/conio/cterm_cterm.c: 1228 in cterm_play_fx_tone()
1222 if (!cterm || duration_ms == 0)
1223 return false;
1224 if (!cterm_fx_ensure_open(cterm))
1225 return false;
1226 nframes = (size_t)XPBEEP_SAMPLE_RATE * duration_ms / 1000;
1227 if (nframes == 0)

CID 645757: Control flow issues (DEADCODE)
Execution cannot reach this statement: "return true;".

1228 return true;
1229 buf = (int16_t *)malloc(nframes * XPBEEP_FRAMESIZE);
1230 if (!buf)
1231 return false;
1232 xptone_makewave(freq, buf, (int)nframes, shape);
1233 return xp_audio_append(cterm->fx_stream, buf, nframes, NULL);

________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://scan.coverity.com/projects/synchronet?tab=overview

---
* Synchronet * Vertrauen ■ Home of Synchronet ■ [vert/cvs/bbs].synchro.net

From scan-admin@coverity.com@VERT to All on Sat Apr 25 12:52:12 2026

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

15 new defect(s) introduced to Synchronet found with Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 15 of 15 defect(s)

** CID 645808: (TAINTED_SCALAR)

_____________________________________________________________________________________________
*** CID 645808: (TAINTED_SCALAR) /tmp/sbbs-Apr-25-2026/src/sftp/sftp_server.c: 424 in s_id_str_str() 418 {
419 bool ret;
420 sftp_str_t str1;
421 sftp_str_t str2;
422
423 state->priv->id = get32(state->priv->rxp);

CID 645808: (TAINTED_SCALAR)
Passing tainted expression "state->priv" to "getcstring", which uses it as an allocation size.

424 str1 = getcstring(state);
425 if (str1 == NULL) {
426 sftps_outcome_record(out, SFTP_ERR_REPLY_BAD_STRING, 427 "id_str_str: first getcstring failed");
428 return false;
429 }
/tmp/sbbs-Apr-25-2026/src/sftp/sftp_server.c: 424 in s_id_str_str() 418 {
419 bool ret;
420 sftp_str_t str1;
421 sftp_str_t str2;
422
423 state->priv->id = get32(state->priv->rxp);

CID 645808: (TAINTED_SCALAR)
Passing tainted expression "state->priv" to "getcstring", which uses it as an offset.

424 str1 = getcstring(state);
425 if (str1 == NULL) {
426 sftps_outcome_record(out, SFTP_ERR_REPLY_BAD_STRING, 427 "id_str_str: first getcstring failed");
428 return false;
429 }

** CID 645807: (TAINTED_SCALAR)

_____________________________________________________________________________________________
*** CID 645807: (TAINTED_SCALAR) /tmp/sbbs-Apr-25-2026/src/sftp/sftp_server.c: 727 in sftps_recv() 721 }
722 if (!handled) {
723 lprintf(state, SSH_FX_FAILURE, "Unhandled request type: %s (%d)",
724 sftp_get_type_name(state->priv->rxp->type), 725 state->priv->rxp->type);
726 state->priv->id = get32(state->priv->rxp);

CID 645807: (TAINTED_SCALAR)
Passing tainted expression "state->priv" to "sftps_send_error", which uses it as an allocation size.

727 if (!sftps_send_error(state, SSH_FX_OP_UNSUPPORTED,
728 "Operation not implemented", out))
729 return server_exit(state, false);
730 }
731 remove_packet(state->priv->rxp);
732 }
/tmp/sbbs-Apr-25-2026/src/sftp/sftp_server.c: 706 in sftps_recv() 700 handled = true;
701 }
702 break;
703 case SSH_FXP_EXTENDED:
704 if (state->version >= 3 && state->extended) {
705 state->priv->id = get32(state->priv->rxp);

CID 645807: (TAINTED_SCALAR)
Passing tainted expression "state->priv" to "getcstring", which uses it as an allocation size.

706 sftp_str_t request = getcstring(state);
707 if (request == NULL) {
708 sftps_outcome_record(out, SFTP_ERR_REPLY_BAD_STRING,
709 "EXTENDED: request getcstring failed");
710 return server_exit(state, false);
711 } /tmp/sbbs-Apr-25-2026/src/sftp/sftp_server.c: 727 in sftps_recv() 721 }
722 if (!handled) {
723 lprintf(state, SSH_FX_FAILURE, "Unhandled request type: %s (%d)",
724 sftp_get_type_name(state->priv->rxp->type), 725 state->priv->rxp->type);
726 state->priv->id = get32(state->priv->rxp);

CID 645807: (TAINTED_SCALAR)
Passing tainted expression "state->priv" to "sftps_send_error", which uses it as an offset.

727 if (!sftps_send_error(state, SSH_FX_OP_UNSUPPORTED,
728 "Operation not implemented", out))
729 return server_exit(state, false);
730 }
731 remove_packet(state->priv->rxp);
732 }
/tmp/sbbs-Apr-25-2026/src/sftp/sftp_server.c: 706 in sftps_recv() 700 handled = true;
701 }
702 break;
703 case SSH_FXP_EXTENDED:
704 if (state->version >= 3 && state->extended) {
705 state->priv->id = get32(state->priv->rxp);

CID 645807: (TAINTED_SCALAR)
Passing tainted expression "state->priv" to "getcstring", which uses it as an offset.

706 sftp_str_t request = getcstring(state);
707 if (request == NULL) {
708 sftps_outcome_record(out, SFTP_ERR_REPLY_BAD_STRING,
709 "EXTENDED: request getcstring failed");
710 return server_exit(state, false);
711 }

** CID 645806: (TAINTED_SCALAR)

_____________________________________________________________________________________________
*** CID 645806: (TAINTED_SCALAR) /tmp/sbbs-Apr-25-2026/src/sftp/sftp_server.c: 361 in s_id_str_attr()
355 {
356 bool ret;
357 sftp_str_t str;
358 sftp_file_attr_t attrs;
359
360 state->priv->id = get32(state->priv->rxp);

CID 645806: (TAINTED_SCALAR)
Passing tainted expression "state->priv" to "getcstring", which uses it as an offset.

361 str = getcstring(state);
362 if (str == NULL) {
363 sftps_outcome_record(out, SFTP_ERR_REPLY_BAD_STRING, 364 "id_str_attr: getcstring failed");
365 return false;
366 }
/tmp/sbbs-Apr-25-2026/src/sftp/sftp_server.c: 361 in s_id_str_attr()
355 {
356 bool ret;
357 sftp_str_t str;
358 sftp_file_attr_t attrs;
359
360 state->priv->id = get32(state->priv->rxp);

CID 645806: (TAINTED_SCALAR)
Passing tainted expression "state->priv" to "getcstring", which uses it as an allocation size.

361 str = getcstring(state);
362 if (str == NULL) {
363 sftps_outcome_record(out, SFTP_ERR_REPLY_BAD_STRING, 364 "id_str_attr: getcstring failed");
365 return false;
366 }

** CID 645805: Insecure data handling (TAINTED_SCALAR)

_____________________________________________________________________________________________
*** CID 645805: Insecure data handling (TAINTED_SCALAR) /tmp/sbbs-Apr-25-2026/src/sftp/sftp_pkt.c: 261 in getstring()
255 uint32_t sz = get32(pkt);
256 /* Does `sz` bytes fit in the remaining allocation past cur? */ 257 if ((size_t)pkt->cur + offsetof(struct sftp_rx_pkt, data) + sz > pkt->sz) {
258 pkt->cur = saved_cur;
259 return NULL;
260 }

CID 645805: Insecure data handling (TAINTED_SCALAR)
Passing tainted expression "sz" to "sftp_memdup", which uses it as an allocation size.

261 sftp_str_t ret = sftp_memdup(&pkt->data[pkt->cur], sz);
262 if (ret == NULL)
263 pkt->cur = saved_cur;
264 else
265 pkt->cur += sz;
266 return ret;

** CID 645804: (TAINTED_SCALAR)

_____________________________________________________________________________________________
*** CID 645804: (TAINTED_SCALAR) /tmp/sbbs-Apr-25-2026/src/sftp/sftp_server.c: 142 in s_open()
136 bool ret;
137 sftp_str_t fname;
138 uint32_t flags;
139 sftp_file_attr_t attrs;
140
141 state->priv->id = get32(state->priv->rxp);

CID 645804: (TAINTED_SCALAR)
Passing tainted expression "state->priv" to "getcstring", which uses it as an allocation size.

142 fname = getcstring(state);
143 if (fname == NULL) {
144 sftps_outcome_record(out, SFTP_ERR_REPLY_BAD_STRING, 145 "OPEN: filename getcstring failed");
146 return false;
147 }
/tmp/sbbs-Apr-25-2026/src/sftp/sftp_server.c: 142 in s_open()
136 bool ret;
137 sftp_str_t fname;
138 uint32_t flags;
139 sftp_file_attr_t attrs;
140
141 state->priv->id = get32(state->priv->rxp);

CID 645804: (TAINTED_SCALAR)
Passing tainted expression "state->priv" to "getcstring", which uses it as an offset.

142 fname = getcstring(state);
143 if (fname == NULL) {
144 sftps_outcome_record(out, SFTP_ERR_REPLY_BAD_STRING, 145 "OPEN: filename getcstring failed");
146 return false;
147 }

** CID 645803: (TAINTED_SCALAR) /tmp/sbbs-Apr-25-2026/src/sftp/sftp_pkt.c: 211 in extract_packet() /tmp/sbbs-Apr-25-2026/src/sftp/sftp_pkt.c: 217 in extract_packet()

_____________________________________________________________________________________________
*** CID 645803: (TAINTED_SCALAR) /tmp/sbbs-Apr-25-2026/src/sftp/sftp_pkt.c: 211 in extract_packet() 205 extract_packet(sftp_rx_pkt_t stream)
206 {
207 if (!stream || !have_full_pkt(stream))
208 return NULL;
209 uint32_t sz = pkt_sz(stream);
210 size_t alloc_sz = offsetof(struct sftp_rx_pkt, len) + sizeof(uint32_t) + sz;

CID 645803: (TAINTED_SCALAR)
Passing tainted expression "alloc_sz" to "malloc", which uses it as an allocation size.

211 sftp_rx_pkt_t out = (sftp_rx_pkt_t)malloc(alloc_sz);
212 if (out == NULL)
213 return NULL;
214 out->cur = 0;
215 out->sz = alloc_sz;
216 out->used = sizeof(uint32_t) + sz; /tmp/sbbs-Apr-25-2026/src/sftp/sftp_pkt.c: 217 in extract_packet() 211 sftp_rx_pkt_t out = (sftp_rx_pkt_t)malloc(alloc_sz);
212 if (out == NULL)
213 return NULL;
214 out->cur = 0;
215 out->sz = alloc_sz;
216 out->used = sizeof(uint32_t) + sz;

CID 645803: (TAINTED_SCALAR)
Passing tainted expression "out->used" to "memcpy", which uses it as an offset.

217 memcpy(&out->len, &stream->len, out->used);
218 remove_packet(stream);
219 return out;
220 }
221
222 #define GET_FUNC_BODY \

** CID 645802: Insecure data handling (TAINTED_SCALAR) /tmp/sbbs-Apr-25-2026/src/sftp/sftp_server.c: 85 in getcstring()

_____________________________________________________________________________________________
*** CID 645802: Insecure data handling (TAINTED_SCALAR) /tmp/sbbs-Apr-25-2026/src/sftp/sftp_server.c: 85 in getcstring()
79 static sftp_str_t
80 getcstring(sftps_state_t state)
81 {
82 sftp_str_t str = getstring(state->priv->rxp);
83 if (str == NULL)
84 return NULL;

CID 645802: Insecure data handling (TAINTED_SCALAR)
Passing tainted expression "str->len" to "memchr", which uses it as an offset.

85 if (memchr(str->c_str, 0, str->len) != NULL) {
86 free_sftp_str(str);
87 return NULL;
88 }
89 return str;
90 }

** CID 645801: Insecure data handling (TAINTED_SCALAR) /tmp/sbbs-Apr-25-2026/src/sftp/sftp_server.c: 103 in init()

_____________________________________________________________________________________________
*** CID 645801: Insecure data handling (TAINTED_SCALAR) /tmp/sbbs-Apr-25-2026/src/sftp/sftp_server.c: 103 in init()
97 state->version = SFTP_VERSION;
98 /* Intersect client's advertised extensions with the ones we support. 99 * The result is what we enable for this session AND what we echo
100 * back to the client in VERSION. */
101 state->extensions = 0;
102 uint32_t payload_len = pkt_sz(state->priv->rxp) - 1;

CID 645801: Insecure data handling (TAINTED_SCALAR)
Using tainted variable "payload_len" as a loop boundary.

103 while (state->priv->rxp->cur + sizeof(uint32_t) <= payload_len) {
104 sftp_str_t ext_name = getstring(state->priv->rxp);
105 sftp_str_t ext_data = getstring(state->priv->rxp);
106 if (ext_name == NULL || ext_data == NULL) {
107 free_sftp_str(ext_name);
108 free_sftp_str(ext_data);

** CID 645800: (TAINTED_SCALAR)
/sftp.cpp: 2184 in sftp_extended(sftp_string *, sftp_rx_pkt *, void *)()
/sftp.cpp: 2190 in sftp_extended(sftp_string *, sftp_rx_pkt *, void *)()

_____________________________________________________________________________________________
*** CID 645800: (TAINTED_SCALAR)
/sftp.cpp: 2184 in sftp_extended(sftp_string *, sftp_rx_pkt *, void *)()
2178 if (request->len == nlen &&
2179 memcmp(request->c_str, SFTP_EXT_NAME_DESCS, nlen) == 0) { 2180 sftp_str_t path = sftp_rx_get_string(pkt);
2181 if (path == nullptr)
2182 return sftps_send_error(sbbs->sftp_state,
2183 SSH_FX_BAD_MESSAGE, "Missing path", nullptr);

CID 645800: (TAINTED_SCALAR)
Passing tainted expression "path->len + 1U" to "malloc", which uses it as an allocation size.

2184 char *cpath = (char *)malloc(path->len + 1);
2185 if (cpath == nullptr) {
2186 free_sftp_str(path);
2187 return sftps_send_error(sbbs->sftp_state,
2188 SSH_FX_FAILURE, "Out of memory", nullptr); 2189 }
/sftp.cpp: 2190 in sftp_extended(sftp_string *, sftp_rx_pkt *, void *)()
2184 char *cpath = (char *)malloc(path->len + 1);
2185 if (cpath == nullptr) {
2186 free_sftp_str(path);
2187 return sftps_send_error(sbbs->sftp_state,
2188 SSH_FX_FAILURE, "Out of memory", nullptr); 2189 }

CID 645800: (TAINTED_SCALAR)
Passing tainted expression "path->len" to "memcpy", which uses it as an offset.

2190 memcpy(cpath, path->c_str, path->len);
2191 cpath[path->len] = '\0';
2192 free_sftp_str(path);
2193 sbbs->lprintf(LOG_DEBUG, "SFTP descs(%s)", cpath);
2194 bool ret = sftp_ext_descs(sbbs, cpath);
2195 free(cpath);

** CID 645799: (TAINTED_SCALAR)

_____________________________________________________________________________________________
*** CID 645799: (TAINTED_SCALAR) /tmp/sbbs-Apr-25-2026/src/sftp/sftp_server.c: 315 in s_id_str()
309 struct sftps_outcome *out)
310 {
311 bool ret;
312 sftp_str_t str;
313
314 state->priv->id = get32(state->priv->rxp);

CID 645799: (TAINTED_SCALAR)
Passing tainted expression "state->priv" to "getcstring", which uses it as an allocation size.

315 str = getcstring(state);
316 if (str == NULL) {
317 sftps_outcome_record(out, SFTP_ERR_REPLY_BAD_STRING, 318 "id_str: getcstring failed");
319 return false;
320 }
/tmp/sbbs-Apr-25-2026/src/sftp/sftp_server.c: 315 in s_id_str()
309 struct sftps_outcome *out)
310 {
311 bool ret;
312 sftp_str_t str;
313
314 state->priv->id = get32(state->priv->rxp);

CID 645799: (TAINTED_SCALAR)
Passing tainted expression "state->priv" to "getcstring", which uses it as an offset.

315 str = getcstring(state);
316 if (str == NULL) {
317 sftps_outcome_record(out, SFTP_ERR_REPLY_BAD_STRING, 318 "id_str: getcstring failed");
319 return false;
320 }

** CID 645798: Concurrent data access violations (MISSING_LOCK) /tmp/sbbs-Apr-25-2026/src/sftp/sftp_server.c: 69 in server_exit()

_____________________________________________________________________________________________
*** CID 645798: Concurrent data access violations (MISSING_LOCK) /tmp/sbbs-Apr-25-2026/src/sftp/sftp_server.c: 69 in server_exit() 63 }
64
65 static bool
66 server_exit(sftps_state_t state, bool retval)
67 {
68 assert(state->priv->running > 0);

CID 645798: Concurrent data access violations (MISSING_LOCK) >>> Accessing "state->priv->running" without holding lock "sftp_server_state_private.mtx". Elsewhere, "sftp_server_state_private.running" is written to with "sftp_server_state_private.mtx" held 1 out of 2 times (1 of these accesses strongly imply that it is necessary).

69 state->priv->running--;
70 pthread_mutex_unlock(&state->priv->mtx);
71 return retval;
72 }
73
74 /*

** CID 645797: Insecure data handling (TAINTED_SCALAR)

_____________________________________________________________________________________________
*** CID 645797: Insecure data handling (TAINTED_SCALAR) /tmp/sbbs-Apr-25-2026/src/sftp/sftp_client.c: 190 in parse_status() 184 if (reply->type != SSH_FXP_STATUS)
185 return false;
186 uint32_t code = get32(reply);
187 if (out != NULL)
188 out->result = code;
189 sftp_str_t msg = getstring(reply);

CID 645797: Insecure data handling (TAINTED_SCALAR)
Passing tainted expression "reply->cur" to "getstring", which uses it as an offset.

190 sftp_str_t lang = getstring(reply);
191 if (msg != NULL && msg->len > 0) {
192 sftpc_outcome_reply(out,
193 (const char *)msg->c_str, msg->len,
194 lang ? (const char *)lang->c_str : "",
195 lang ? lang->len : 0);

** CID 645796: Integer handling issues (INTEGER_OVERFLOW) /tmp/sbbs-Apr-25-2026/src/sftp/sftp_server.c: 102 in init()

_____________________________________________________________________________________________
*** CID 645796: Integer handling issues (INTEGER_OVERFLOW) /tmp/sbbs-Apr-25-2026/src/sftp/sftp_server.c: 102 in init()
96 if (state->version > SFTP_VERSION)
97 state->version = SFTP_VERSION;
98 /* Intersect client's advertised extensions with the ones we support. 99 * The result is what we enable for this session AND what we echo
100 * back to the client in VERSION. */
101 state->extensions = 0;

CID 645796: Integer handling issues (INTEGER_OVERFLOW)
Expression "pkt_sz(state->priv->rxp) - 1U", where "pkt_sz(state->priv->rxp)" is known to be equal to 0, underflows the type of "pkt_sz(state->priv->rxp) - 1U", which is type "unsigned int".

102 uint32_t payload_len = pkt_sz(state->priv->rxp) - 1;
103 while (state->priv->rxp->cur + sizeof(uint32_t) <= payload_len) {
104 sftp_str_t ext_name = getstring(state->priv->rxp);
105 sftp_str_t ext_data = getstring(state->priv->rxp);
106 if (ext_name == NULL || ext_data == NULL) {
107 free_sftp_str(ext_name);

** CID 645795: Concurrent data access violations (MISSING_LOCK) /tmp/sbbs-Apr-25-2026/src/sftp/sftp_client.c: 87 in client_exit()

_____________________________________________________________________________________________
*** CID 645795: Concurrent data access violations (MISSING_LOCK) /tmp/sbbs-Apr-25-2026/src/sftp/sftp_client.c: 87 in client_exit() 81 }
82
83 static bool
84 client_exit(sftpc_state_t state, bool retval)
85 {
86 assert(state->running > 0);

CID 645795: Concurrent data access violations (MISSING_LOCK) >>> Accessing "state->running" without holding lock "sftp_client_state.mtx". Elsewhere, "sftp_client_state.running" is written to with "sftp_client_state.mtx" held 1 out of 2 times (1 of these accesses strongly imply that it is necessary).

87 state->running--;
88 pthread_mutex_unlock(&state->mtx);
89 return retval;
90 }
91
92 /* Pending-list helpers; state->mtx must be held. */

** CID 645794: (TAINTED_SCALAR)

_____________________________________________________________________________________________
*** CID 645794: (TAINTED_SCALAR) /tmp/sbbs-Apr-25-2026/src/sftp/sftp_attr.c: 338 in getfattr()
332 */
333 extcnt &= 0x3FFFFFFF;
334 for (ext = 0; ext < extcnt; ext++) {
335 sftp_str_t type = getstring(pkt);
336 if (type == NULL)
337 break;

CID 645794: (TAINTED_SCALAR)
Passing tainted expression "pkt->cur" to "getstring", which uses it as an offset.

338 sftp_str_t data = getstring(pkt);
339 if (data == NULL) {
340 free_sftp_str(type);
341 break;
342 }
343 if (!sftp_fattr_add_ext(&ret, type, data)) { /tmp/sbbs-Apr-25-2026/src/sftp/sftp_attr.c: 335 in getfattr()
329 * size of the buffer since getstring()
330 * will fail long before we reach extcnt if
331 * it has a maliciously high value.
332 */
333 extcnt &= 0x3FFFFFFF;
334 for (ext = 0; ext < extcnt; ext++) {

CID 645794: (TAINTED_SCALAR)
Passing tainted expression "pkt->cur" to "getstring", which uses it as an offset.

335 sftp_str_t type = getstring(pkt);
336 if (type == NULL)
337 break;
338 sftp_str_t data = getstring(pkt);
339 if (data == NULL) {
340 free_sftp_str(type); /tmp/sbbs-Apr-25-2026/src/sftp/sftp_attr.c: 343 in getfattr()
337 break;
338 sftp_str_t data = getstring(pkt);
339 if (data == NULL) {
340 free_sftp_str(type);
341 break;
342 }

CID 645794: (TAINTED_SCALAR)
Passing tainted expression "type->len" to "sftp_fattr_add_ext", which uses it as an allocation size.

343 if (!sftp_fattr_add_ext(&ret, type, data)) { 344 free_sftp_str(type);
345 free_sftp_str(data);
346 break;
347 }
348 free_sftp_str(type); /tmp/sbbs-Apr-25-2026/src/sftp/sftp_attr.c: 343 in getfattr()
337 break;
338 sftp_str_t data = getstring(pkt);
339 if (data == NULL) {
340 free_sftp_str(type);
341 break;
342 }

CID 645794: (TAINTED_SCALAR)
Passing tainted expression "data->len" to "sftp_fattr_add_ext", which uses it as an allocation size.

343 if (!sftp_fattr_add_ext(&ret, type, data)) { 344 free_sftp_str(type);
345 free_sftp_str(data);
346 break;
347 }
348 free_sftp_str(type);

________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://scan.coverity.com/projects/synchronet?tab=overview

---
* Synchronet * Vertrauen ■ Home of Synchronet ■ [vert/cvs/bbs].synchro.net

From scan-admin@coverity.com@VERT to cov-scan@synchro.net on Mon Apr 27 14:33:50 2026

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

3 new defect(s) introduced to Synchronet found with Coverity Scan.
3 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 3 of 3 defect(s)

** CID 645832: Memory - illegal accesses (STRING_NULL)
/netmail.cpp: 417 in sbbs_t::qwktonetmail(_IO_FILE *, char *, char *, unsigned int)()

_____________________________________________________________________________________________
*** CID 645832: Memory - illegal accesses (STRING_NULL)
/netmail.cpp: 417 in sbbs_t::qwktonetmail(_IO_FILE *, char *, char *, unsigned int)()
411
412 size_t kludge_hdrlen = 0;
413 char* beg = qwkbuf + QWK_BLOCK_LEN;
414 char* end = qwkbuf + (n * QWK_BLOCK_LEN);
415 p = beg;
416 if (into == NULL) {

CID 645832: Memory - illegal accesses (STRING_NULL)
Passing unterminated string "p" to "strlcpy", which expects a null-terminated string. [Note: The source code implementation of the function has been overridden by a builtin model.]

417 SAFECOPY(to, p); /* To user on first line */
418 char* tp = strchr(to, QWK_NEWLINE); /* chop off at first CR */
419 if (tp != NULL)
420 *tp = 0;
421 p += strlen(to) + 1;
422 }

** CID 645831: (TAINTED_SCALAR)
/netmail.cpp: 512 in sbbs_t::qwktonetmail(_IO_FILE *, char *, char *, unsigned int)()
/netmail.cpp: 544 in sbbs_t::qwktonetmail(_IO_FILE *, char *, char *, unsigned int)()

_____________________________________________________________________________________________
*** CID 645831: (TAINTED_SCALAR)
/netmail.cpp: 512 in sbbs_t::qwktonetmail(_IO_FILE *, char *, char *, unsigned int)()
506 snprintf(str, sizeof str, "%.128s", qwkbuf + l + 5);
507 cp = strchr(str, QWK_NEWLINE);
508 if (cp)
509 *cp = 0;
510 l += strlen(str) + 1;
511 cp = str;

CID 645831: (TAINTED_SCALAR)
Using tainted variable "*cp" as a loop boundary.

512 while (*cp && *cp <= ' ') cp++;
513 safe_snprintf(senderaddr, sizeof(senderaddr), "%s/%s", sender_id, cp);
514 strupr(senderaddr);
515 smb_hfield(&msg, SENDERNETADDR, strlen(senderaddr), senderaddr);
516 }
517 else {
/netmail.cpp: 544 in sbbs_t::qwktonetmail(_IO_FILE *, char *, char *, unsigned int)()
538 snprintf(str, sizeof str, "%.128s", qwkbuf + l);
539 cp = strchr(str, QWK_NEWLINE);
540 if (cp)
541 *cp = 0;
542 l += strlen(str) + 1;
543 cp = str + 4;

CID 645831: (TAINTED_SCALAR)
Using tainted variable "*cp" as a loop boundary.

544 while (*cp && *cp <= ' ') cp++;
545 msg.hdr.when_written.zone = (short)ahtoul(cp); 546 }
547 else
548 msg.hdr.when_written.zone = sys_timezone(&cfg); 549 memset(&tm, 0, sizeof(tm));

** CID 645830: (STRING_NULL)
/qwktomsg.cpp: 340 in sbbs_t::qwk_import_msg(_IO_FILE *, char *, unsigned int, unsigned int, smb_t *, unsigned int, smbmsg_t *, bool *)()
/qwktomsg.cpp: 333 in sbbs_t::qwk_import_msg(_IO_FILE *, char *, unsigned int, unsigned int, smb_t *, unsigned int, smbmsg_t *, bool *)()

_____________________________________________________________________________________________
*** CID 645830: (STRING_NULL)
/qwktomsg.cpp: 339 in sbbs_t::qwk_import_msg(_IO_FILE *, char *, unsigned int, unsigned int, smb_t *, unsigned int, smbmsg_t *, bool *)()
333 if ((p = strchr(qwkbuf + k, '\r')) == NULL
334 && (p = strchr(qwkbuf + k, qwk_newline)) == NULL) {
335 body[bodylen++] = qwkbuf[k];
336 continue;
337 }
338 *p = 0; /* Converts QWK_NEWLINE to NUL */

CID 645830: (STRING_NULL)
Passing unterminated string "qwkbuf + k" to "strListAppend", which expects a null-terminated string.

339 strListPush(&kludges, qwkbuf + k);
340 k += strlen(qwkbuf + k);
341 continue;
342 }
343 if (!taillen && qwkbuf[k] == ' ' && col == 3 && bodylen >= 3
344 && body[bodylen - 3] == '-' && body[bodylen - 2] == '-'
/qwktomsg.cpp: 340 in sbbs_t::qwk_import_msg(_IO_FILE *, char *, unsigned int, unsigned int, smb_t *, unsigned int, smbmsg_t *, bool *)()
334 && (p = strchr(qwkbuf + k, qwk_newline)) == NULL) {
335 body[bodylen++] = qwkbuf[k];
336 continue;
337 }
338 *p = 0; /* Converts QWK_NEWLINE to NUL */
339 strListPush(&kludges, qwkbuf + k);

CID 645830: (STRING_NULL)
Passing unterminated string "qwkbuf + k" to "strlen", which expects a null-terminated string.

340 k += strlen(qwkbuf + k);
341 continue;
342 }
343 if (!taillen && qwkbuf[k] == ' ' && col == 3 && bodylen >= 3
344 && body[bodylen - 3] == '-' && body[bodylen - 2] == '-'
345 && body[bodylen - 1] == '-') {
/qwktomsg.cpp: 333 in sbbs_t::qwk_import_msg(_IO_FILE *, char *, unsigned int, unsigned int, smb_t *, unsigned int, smbmsg_t *, bool *)()
327 if (bodylen == 0
328 && (qwkbuf[k] == '@'
329 || ((fromhub || (useron.qwk & QWK_EXT) || subnum == INVALID_SUB)
330 && (strnicmp(qwkbuf + k, "To:", 3) == 0
331 || strnicmp(qwkbuf + k, "From:", 5) == 0
332 || strnicmp(qwkbuf + k, "Subject:", 8) == 0)))) {

CID 645830: (STRING_NULL)
Passing unterminated string "qwkbuf + k" to "strchr", which expects a null-terminated string. [Note: The source code implementation of the function has been overridden by a builtin model.]

333 if ((p = strchr(qwkbuf + k, '\r')) == NULL
334 && (p = strchr(qwkbuf + k, qwk_newline)) == NULL) {
335 body[bodylen++] = qwkbuf[k];
336 continue;
337 }
338 *p = 0; /* Converts QWK_NEWLINE to NUL */

________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://scan.coverity.com/projects/synchronet?tab=overview

---
* Synchronet * Vertrauen ■ Home of Synchronet ■ [vert/cvs/bbs].synchro.net

From scan-admin@coverity.com@VERT to cov-scan@synchro.net on Wed Apr 29 13:42:50 2026

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

3 new defect(s) introduced to Synchronet found with Coverity Scan.
1 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 3 of 3 defect(s)

** CID 645868: (TAINTED_SCALAR) /tmp/sbbs-Apr-29-2026/src/sftp/sftp_client.c: 440 in parse_init() /tmp/sbbs-Apr-29-2026/src/sftp/sftp_client.c: 438 in parse_init() /tmp/sbbs-Apr-29-2026/src/sftp/sftp_client.c: 419 in parse_init()

_____________________________________________________________________________________________
*** CID 645868: (TAINTED_SCALAR) /tmp/sbbs-Apr-29-2026/src/sftp/sftp_client.c: 440 in parse_init() 434 if (p->state->pubdir == NULL &&
435 ext_name->len == strlen(SFTP_EXT_NAME_PUBDIR) && 436 memcmp(ext_name->c_str, SFTP_EXT_NAME_PUBDIR,
437 ext_name->len) == 0) {
438 char *s = malloc((size_t)ext_data->len + 1); 439 if (s != NULL) {

CID 645868: (TAINTED_SCALAR)
Passing tainted expression "ext_data->len" to "memcpy", which uses it as an offset.

440 memcpy(s, ext_data->c_str, ext_data->len);
441 s[ext_data->len] = '\0';
442 p->state->pubdir = s;
443 p->state->extensions |= SFTP_EXT_PUBDIR;
444 }
445 }
/tmp/sbbs-Apr-29-2026/src/sftp/sftp_client.c: 438 in parse_init() 432 * name and capture the data as a NUL-terminated C string,
433 * setting the bit explicitly. */
434 if (p->state->pubdir == NULL &&
435 ext_name->len == strlen(SFTP_EXT_NAME_PUBDIR) && 436 memcmp(ext_name->c_str, SFTP_EXT_NAME_PUBDIR,
437 ext_name->len) == 0) {

CID 645868: (TAINTED_SCALAR)
Passing tainted expression "(size_t)ext_data->len + 1UL" to "malloc", which uses it as an allocation size.

438 char *s = malloc((size_t)ext_data->len + 1); 439 if (s != NULL) {
440 memcpy(s, ext_data->c_str, ext_data->len);
441 s[ext_data->len] = '\0';
442 p->state->pubdir = s;
443 p->state->extensions |= SFTP_EXT_PUBDIR;
/tmp/sbbs-Apr-29-2026/src/sftp/sftp_client.c: 421 in parse_init() 415 }
416 p->state->version = get32(reply);
417 p->state->extensions = 0;
418 uint32_t payload_len = pkt_sz(reply) - 1;
419 while (reply->cur + sizeof(uint32_t) <= payload_len) {
420 sftp_str_t ext_name = getstring(reply);

CID 645868: (TAINTED_SCALAR)
Passing tainted expression "reply->cur" to "getstring", which uses it as an offset.

421 sftp_str_t ext_data = getstring(reply);
422 if (ext_name == NULL || ext_data == NULL) {
423 free_sftp_str(ext_name);
424 free_sftp_str(ext_data);
425 break;
426 }
/tmp/sbbs-Apr-29-2026/src/sftp/sftp_client.c: 419 in parse_init() 413 sftp_get_type_name(reply->type));
414 return;
415 }
416 p->state->version = get32(reply);
417 p->state->extensions = 0;
418 uint32_t payload_len = pkt_sz(reply) - 1;

CID 645868: (TAINTED_SCALAR)
Using tainted variable "payload_len" as a loop boundary.

419 while (reply->cur + sizeof(uint32_t) <= payload_len) {
420 sftp_str_t ext_name = getstring(reply);
421 sftp_str_t ext_data = getstring(reply);
422 if (ext_name == NULL || ext_data == NULL) {
423 free_sftp_str(ext_name);
424 free_sftp_str(ext_data);

** CID 645867: Insecure data handling (TAINTED_SCALAR)

_____________________________________________________________________________________________
*** CID 645867: Insecure data handling (TAINTED_SCALAR) /tmp/sbbs-Apr-29-2026/src/sftp/sftp_client.c: 123 in parse_status_into_pending()
117 {
118 sftp_rx_pkt_t reply = p->reply;
119 if (reply->type != SSH_FXP_STATUS)
120 return false;
121 p->result = get32(reply);
122 sftp_str_t msg = getstring(reply);

CID 645867: Insecure data handling (TAINTED_SCALAR)
Passing tainted expression "reply->cur" to "getstring", which uses it as an offset.

123 sftp_str_t lang = getstring(reply);
124 if (msg != NULL && msg->len > 0) {
125 pending_record_reply(p,
126 (const char *)msg->c_str, msg->len,
127 lang ? (const char *)lang->c_str : "",
128 lang ? lang->len : 0);

** CID 645866: (TAINTED_SCALAR) /tmp/sbbs-Apr-29-2026/src/sftp/sftp_client.c: 1144 in parse_readdir()

_____________________________________________________________________________________________
*** CID 645866: (TAINTED_SCALAR) /tmp/sbbs-Apr-29-2026/src/sftp/sftp_client.c: 1144 in parse_readdir()
1138 if (reply->type == SSH_FXP_NAME) {
1139 uint32_t n = get32(reply);
1140 if (n == 0) {
1141 base->result = SSH_FX_OK;
1142 return;
1143 }

CID 645866: (TAINTED_SCALAR)
Passing tainted expression "n" to "calloc", which uses it as an allocation size.

1144 p->entries = calloc(n, sizeof(*p->entries));
1145 if (p->entries == NULL) {
1146 PENDING_RECORD(base, SFTP_ERR_OOM,
1147 "calloc(%" PRIu32 " entries) failed", n); 1148 return;
1149 }
/tmp/sbbs-Apr-29-2026/src/sftp/sftp_client.c: 1153 in parse_readdir()
1147 "calloc(%" PRIu32 " entries) failed", n); 1148 return;
1149 }
1150 for (uint32_t i = 0; i < n; i++) {
1151 p->entries[i].filename = getstring(reply);
1152 p->entries[i].longname = getstring(reply);

CID 645866: (TAINTED_SCALAR)
Passing tainted expression "reply->cur" to "getfattr", which uses it as an offset.

1153 p->entries[i].attrs = getfattr(reply);
1154 if (p->entries[i].filename == NULL ||
1155 p->entries[i].longname == NULL ||
1156 p->entries[i].attrs == NULL) {
1157 PENDING_RECORD(base, SFTP_ERR_REPLY_BAD_STRING,
1158 "getstring/getfattr failed at entry %"

________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://scan.coverity.com/projects/synchronet?tab=overview

---
* Synchronet * Vertrauen ■ Home of Synchronet ■ [vert/cvs/bbs].synchro.net

From scan-admin@coverity.com@VERT to All on Tue May 5 17:44:15 2026

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

4 new defect(s) introduced to Synchronet found with Coverity Scan.
1 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 4 of 4 defect(s)

** CID 645973: Error handling issues (NEGATIVE_RETURNS)
/prntfile.cpp: 447 in sbbs_t::printfile(const char *, int, int, JSObject *)()

_____________________________________________________________________________________________
*** CID 645973: Error handling issues (NEGATIVE_RETURNS) /prntfile.cpp: 447 in sbbs_t::printfile(const char *, int, int, JSObject *)()
441 last_match = i;
442 break;
443 }
444 }
445 bputs(text[SeekingFileDone]);
446 if (!found) { >>> CID 645973: Error handling issues (NEGATIVE_RETURNS)

"saved_pos" is passed to a parameter that cannot be negative.

447 (void)fseeko(stream, saved_pos, SEEK_SET);
448 clearerr(stream);
449 bputs(text[FindStringNotFound]);
450 reprompt = true;
451 }
452 break;

** CID 645972: Memory - illegal accesses (OVERRUN) /tmp/sbbs-May-04-2026/src/hash/sha256.c: 141 in SHA256Final()

_____________________________________________________________________________________________
*** CID 645972: Memory - illegal accesses (OVERRUN) /tmp/sbbs-May-04-2026/src/hash/sha256.c: 141 in SHA256Final()
135 size_t buf_off = (size_t)(ctx->count % SHA256_BLOCK_SIZE); 136 int i;
137
138 /* Append 0x80, pad with zeros to leave 8 bytes for the length. */
139 ctx->buffer[buf_off++] = 0x80;
140 if (buf_off > SHA256_BLOCK_SIZE - 8) {

CID 645972: Memory - illegal accesses (OVERRUN)
Overrunning array of 64 bytes at byte offset 64 by dereferencing pointer "ctx->buffer + buf_off".

141 memset(ctx->buffer + buf_off, 0, SHA256_BLOCK_SIZE - buf_off);
142 SHA256Transform(ctx->state, ctx->buffer);
143 buf_off = 0;
144 }
145 memset(ctx->buffer + buf_off, 0, (SHA256_BLOCK_SIZE - 8) - buf_off);
146 /* 64-bit BE bit count. */

** CID 645971: Memory - corruptions (OVERRUN)
/ftpsrvr.cpp: 1360 in filexfer(xp_sockaddr *, int, int, int, int, int *, int *, char *, long, volatile bool *, volatile bool *, bool, bool, long *, user_t *, client_t *, int, bool, bool, bool, char *, bool)()

_____________________________________________________________________________________________
*** CID 645971: Memory - corruptions (OVERRUN)
/ftpsrvr.cpp: 1360 in filexfer(xp_sockaddr *, int, int, int, int, int *, int *, char *, long, volatile bool *, volatile bool *, bool, bool, long *, user_t *, client_t *, int, bool, bool, bool, char *, bool)()
1354 }
1355
1356 addr_len = sizeof(*addr);
1357 #ifdef SOCKET_DEBUG_ACCEPT
1358 socket_debug[ctrl_sock] |= SOCKET_DEBUG_ACCEPT;
1359 #endif

CID 645971: Memory - corruptions (OVERRUN)
Overrunning struct type sockaddr of 16 bytes by passing it to a function which accesses it at byte offset 127 using argument "addr_len" (which evaluates to 128).

1360 *data_sock = accept(pasv_sock, &addr->addr, &addr_len); 1361 #ifdef SOCKET_DEBUG_ACCEPT
1362 socket_debug[ctrl_sock] &= ~SOCKET_DEBUG_ACCEPT;
1363 #endif
1364 if (*data_sock == INVALID_SOCKET) {
1365 lprintf(LOG_WARNING, "%04d <%s> PASV !DATA ERROR %d accepting connection on socket %d"

** CID 645970: Program hangs (NEGATIVE_RETURNS)
/main.cpp: 4476 in node_thread(void *)()

_____________________________________________________________________________________________
*** CID 645970: Program hangs (NEGATIVE_RETURNS)
/main.cpp: 4476 in node_thread(void *)()
4470 #endif
4471
4472 if (startup->login_attempt.throttle
4473 && (login_attempts = loginAttempts(startup->login_attempt_list, &sbbs->client_addr)) > 1) {
4474 lprintf(LOG_DEBUG, "Node %d Throttling suspicious connection from: %s (%u login attempts)"
4475 , sbbs->cfg.node_num, sbbs->client_ipaddr, login_attempts);

CID 645970: Program hangs (NEGATIVE_RETURNS)
Using unsigned variable "login_attempts" in a loop exit condition.

4476 for (uint i = 0; i < login_attempts; ++i) {
4477 mswait(startup->login_attempt.throttle);
4478 sbbs->socket_inactive = 0;
4479 }
4480 }
4481

________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://scan.coverity.com/projects/synchronet?tab=overview

---
* Synchronet * Vertrauen ■ Home of Synchronet ■ [vert/cvs/bbs].synchro.net

From scan-admin@coverity.com@VERT to All on Thu May 7 19:14:31 2026

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

1 new defect(s) introduced to Synchronet found with Coverity Scan.
40 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 1 of 1 defect(s)

** CID 645990: Control flow issues (NO_EFFECT)
/writemsg.cpp: 414 in sbbs_t::writemsg(const char *, const char *, char *, int, int, const char *, const char *, const char **, const char **)()

_____________________________________________________________________________________________
*** CID 645990: Control flow issues (NO_EFFECT)
/writemsg.cpp: 414 in sbbs_t::writemsg(const char *, const char *, char *, int, int, const char *, const char *, const char **, const char **)()
408 free(buf);
409 fclose(stream);
410 return false;
411 }
412
413 l = (long)ftell(stream); /* l now points to start of message */

CID 645990: Control flow issues (NO_EFFECT)
This less-than-zero comparison of an unsigned value is never true. "l < 0U".

414 if (l < 0) {
415 errormsg(WHERE, ERR_LEN, msgtmp, 0); 416 fclose(stream);
417 close(file);
418 free(buf);
419 return false;

________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://scan.coverity.com/projects/synchronet?tab=overview

---
* Synchronet * Vertrauen ■ Home of Synchronet ■ [vert/cvs/bbs].synchro.net

From scan-admin@coverity.com@VERT to cov-scan@synchro.net on Sat May 9 12:48:58 2026

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

15 new defect(s) introduced to Synchronet found with Coverity Scan.
1 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 15 of 15 defect(s)

** CID 646018: Error handling issues (CHECKED_RETURN)
/mqtt_broker.cpp: 561 in mqtt5::Broker::broker_thread()()

_____________________________________________________________________________________________
*** CID 646018: Error handling issues (CHECKED_RETURN) /mqtt_broker.cpp: 561 in mqtt5::Broker::broker_thread()()
555 break;
556 }
557
558 #ifndef _WIN32
559 if (m_wakeup_pipe[0] >= 0 && FD_ISSET(m_wakeup_pipe[0], &rfds)) {
560 char buf[64];

CID 646018: Error handling issues (CHECKED_RETURN)
"read(int, void *, size_t)" returns the number of bytes read, but it is ignored.

561 (void)read(m_wakeup_pipe[0], buf, sizeof(buf)); 562 }
563 #endif
564
565 if (m_listen_sock >= 0 && FD_ISSET(m_listen_sock, &rfds))
566 accept_connection(m_listen_sock);

** CID 646017: (CHECKED_RETURN)
/mqtt_broker.cpp: 175 in mqtt5::Broker::start(scfg_t *, unsigned short, int (*)(void *, int, const char *), void *)()
/mqtt_broker.cpp: 181 in mqtt5::Broker::start(scfg_t *, unsigned short, int (*)(void *, int, const char *), void *)()
/mqtt_broker.cpp: 166 in mqtt5::Broker::start(scfg_t *, unsigned short, int (*)(void *, int, const char *), void *)()

_____________________________________________________________________________________________
*** CID 646017: (CHECKED_RETURN)
/mqtt_broker.cpp: 175 in mqtt5::Broker::start(scfg_t *, unsigned short, int (*)(void *, int, const char *), void *)()
169 closesocket(m_listen_sock);
170 m_listen_sock = -1;
171 return false;
172 }
173 } else {
174 int off = 0;

CID 646017: (CHECKED_RETURN)
Calling "setsockopt(this->m_listen_sock, IPPROTO_IPV6, 26, (char const *)&off, 4U)" without checking return value. This library function may fail and return an error code.

175 setsockopt(m_listen_sock, IPPROTO_IPV6, IPV6_V6ONLY, (const char *)&off, sizeof(off));
176 struct sockaddr_in6 addr = {};
177 addr.sin6_family = AF_INET6;
178 addr.sin6_port = htons(port);
179 addr.sin6_addr = in6addr_any;
180 int opt = 1;
/mqtt_broker.cpp: 181 in mqtt5::Broker::start(scfg_t *, unsigned short, int (*)(void *, int, const char *), void *)()
175 setsockopt(m_listen_sock, IPPROTO_IPV6, IPV6_V6ONLY, (const char *)&off, sizeof(off));
176 struct sockaddr_in6 addr = {};
177 addr.sin6_family = AF_INET6;
178 addr.sin6_port = htons(port);
179 addr.sin6_addr = in6addr_any;
180 int opt = 1;

CID 646017: (CHECKED_RETURN)
Calling "setsockopt(this->m_listen_sock, 1, 2, (char const *)&opt, 4U)" without checking return value. This library function may fail and return an error code.

181 setsockopt(m_listen_sock, SOL_SOCKET, SO_REUSEADDR, (const char *)&opt, sizeof(opt));
182 if (bind(m_listen_sock, (struct sockaddr *)&addr, sizeof(addr)) < 0) {
183 log(LOG_ERR, "MQTT broker: bind() port %u failed: %d", port, ERROR_VALUE);
184 closesocket(m_listen_sock);
185 m_listen_sock = -1;
186 return false;
/mqtt_broker.cpp: 166 in mqtt5::Broker::start(scfg_t *, unsigned short, int (*)(void *, int, const char *), void *)()
160 }
161 struct sockaddr_in addr = {};
162 addr.sin_family = AF_INET;
163 addr.sin_port = htons(port);
164 addr.sin_addr.s_addr = INADDR_ANY;
165 int opt = 1;

CID 646017: (CHECKED_RETURN)
Calling "setsockopt(this->m_listen_sock, 1, 2, (char const *)&opt, 4U)" without checking return value. This library function may fail and return an error code.

166 setsockopt(m_listen_sock, SOL_SOCKET, SO_REUSEADDR, (const char *)&opt, sizeof(opt));
167 if (bind(m_listen_sock, (struct sockaddr *)&addr, sizeof(addr)) < 0) {
168 log(LOG_ERR, "MQTT broker: bind() port %u failed: %d", port, ERROR_VALUE);
169 closesocket(m_listen_sock);
170 m_listen_sock = -1;
171 return false;

** CID 646016: Performance inefficiencies (COPY_INSTEAD_OF_MOVE) /mqtt_broker.cpp: 347 in mqtt5::Broker::local_subscribe(mqtt5::LocalClient *, const std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> &, int)::[lambda(const std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> &, std::shared_ptr<mqtt5::Message>) (instance 1)]::operator ()(const std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> &, std::shared_ptr<mqtt5::Message>) const()

_____________________________________________________________________________________________
*** CID 646016: Performance inefficiencies (COPY_INSTEAD_OF_MOVE) /mqtt_broker.cpp: 347 in mqtt5::Broker::local_subscribe(mqtt5::LocalClient *, const std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> &, int)::[lambda(const std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> &, std::shared_ptr<mqtt5::Message>) (instance 1)]::operator ()(const std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> &, std::shared_ptr<mqtt5::Message>) const()
341 {
342 std::lock_guard<std::mutex> slock(client->sub_mutex); 343 client->subscriptions.push_back(topic);
344 }
345
346 m_topics.match_retained(topic, [&](const std::string &, std::shared_ptr<Message> msg) {

CID 646016: Performance inefficiencies (COPY_INSTEAD_OF_MOVE) >>> "msg" is passed-by-value as parameter to "std::shared_ptr<mqtt5::Message>::shared_ptr(std::shared_ptr<mqtt5::Message> const &) /*explicit =default*/", when it could be moved instead.

347 if (msg) deliver_to_local(client, msg);
348 });
349
350 return 0;
351 }
352

** CID 646015: Error handling issues (CHECKED_RETURN)
/mqtt_broker.cpp: 636 in mqtt5::Broker::accept_connection(int)()

_____________________________________________________________________________________________
*** CID 646015: Error handling issues (CHECKED_RETURN) /mqtt_broker.cpp: 636 in mqtt5::Broker::accept_connection(int)() 630 struct sockaddr_storage addr;
631 socklen_t addrlen = sizeof(addr);
632 int sock = accept(listen_sock, (struct sockaddr *)&addr, &addrlen);
633 if (sock < 0) return;
634
635 int nodelay = 1;

CID 646015: Error handling issues (CHECKED_RETURN)
Calling "setsockopt(sock, IPPROTO_TCP, 1, (char *)&nodelay, 4U)" without checking return value. This library function may fail and return an error code.

636 setsockopt(sock, IPPROTO_TCP, TCP_NODELAY, (char *)&nodelay, sizeof(nodelay));
637
638 CRYPT_SESSION tls_sess = CRYPT_UNUSED;
639 int ret;
640
641 if (!do_cryptInit(broker_lprintf)) {

** CID 646029: Insecure data handling (TAINTED_SCALAR) /mqtt_protocol.cpp: 174 in mqtt5::Reader::read_utf8(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> &)()

_____________________________________________________________________________________________
*** CID 646029: Insecure data handling (TAINTED_SCALAR) /mqtt_protocol.cpp: 174 in mqtt5::Reader::read_utf8(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> &)()
168
169 bool Reader::read_utf8(std::string &out)
170 {
171 uint16_t len;
172 if (!read_u16(len)) return false;
173 if (m_pos + len > m_len) return false;

CID 646029: Insecure data handling (TAINTED_SCALAR)
Passing tainted expression "len" to "assign", which uses it as an offset. [Note: The source code implementation of the function has been overridden by a builtin model.]

174 out.assign(reinterpret_cast<const char *>(m_data + m_pos), len);
175 m_pos += len;
176 return true;
177 }
178
179 bool Reader::read_binary(std::vector<uint8_t> &out)

** CID 646028: Performance inefficiencies (AUTO_CAUSES_COPY) /mqtt_broker.cpp: 365 in mqtt5::Broker::route_publish(const std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> &, std::shared_ptr<mqtt5::Message>)::[lambda(const mqtt5::Subscriber &) (instance 1)]::operator ()(const mqtt5::Subscriber &) const()

_____________________________________________________________________________________________
*** CID 646028: Performance inefficiencies (AUTO_CAUSES_COPY) /mqtt_broker.cpp: 365 in mqtt5::Broker::route_publish(const std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> &, std::shared_ptr<mqtt5::Message>)::[lambda(const mqtt5::Subscriber &) (instance 1)]::operator ()(const mqtt5::Subscriber &) const()
359
360 std::unordered_map<std::string, const SubscriptionOptions *> delivered;
361
362 m_topics.publish(msg->topic, [&](const Subscriber &sub) {
363 if (sub.opts.no_local && sub.client_id == sender_id) 364 return;

CID 646028: Performance inefficiencies (AUTO_CAUSES_COPY)
Using the "auto" keyword without an "&" causes the copy of an object of type "std::string".

365 auto key = sub.client_id;
366 if (delivered.count(key))
367 return;
368 delivered[key] = &sub.opts;
369
370 for (const auto &lc : m_local_clients) {

** CID 646027: Performance inefficiencies (COPY_INSTEAD_OF_MOVE) /mqtt_broker.cpp: 303 in mqtt5::Broker::publish_sys(const char *, const void *, unsigned long)()

_____________________________________________________________________________________________
*** CID 646027: Performance inefficiencies (COPY_INSTEAD_OF_MOVE) /mqtt_broker.cpp: 303 in mqtt5::Broker::publish_sys(const char *, const void *, unsigned long)()
297 if (payload && len > 0)
298 msg->payload.assign(static_cast<const uint8_t *>(payload),
299 static_cast<const uint8_t *>(payload) + len);
300 msg->created_at = time(nullptr);
301
302 std::lock_guard<std::recursive_mutex> lock(m_mutex);

CID 646027: Performance inefficiencies (COPY_INSTEAD_OF_MOVE) >>> "msg" is passed-by-value as parameter to "std::shared_ptr<mqtt5::Message>::shared_ptr(std::shared_ptr<mqtt5::Message> const &) /*explicit =default*/", when it could be moved instead.

303 route_publish("$SYS", msg);
304 }
305
306 void Broker::deregister_local(LocalClient *client)
307 {
308 std::lock_guard<std::recursive_mutex> lock(m_mutex);

** CID 646026: Performance inefficiencies (COPY_INSTEAD_OF_MOVE) /mqtt_broker.cpp: 101 in mqtt5::Broker::build_psk_table()()

_____________________________________________________________________________________________
*** CID 646026: Performance inefficiencies (COPY_INSTEAD_OF_MOVE) /mqtt_broker.cpp: 101 in mqtt5::Broker::build_psk_table()()
95 if (user.misc & (DELETED | INACTIVE))
96 continue;
97 std::string alias(user.alias);
98 std::string pass(user.pass);
99 std::transform(alias.begin(), alias.end(), alias.begin(), ::tolower);
100 std::transform(pass.begin(), pass.end(), pass.begin(), ::tolower);

CID 646026: Performance inefficiencies (COPY_INSTEAD_OF_MOVE) >>> "pass" is copied in call to copy assignment for class "std::string", when it could be moved instead.

101 m_psk_table[alias] = pass;
102 }
103 log(LOG_DEBUG, "MQTT broker: loaded %zu PSK identities", m_psk_table.size());
104 }
105
106 bool Broker::authenticate_psk(const std::string &identity, const std::string &password)

** CID 646025: Performance inefficiencies (COPY_INSTEAD_OF_MOVE) /mqtt_broker.cpp: 971 in mqtt5::Broker::handle_subscribe(mqtt5::NetworkSession &, const unsigned char *, unsigned long)::[lambda(const std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> &, std::shared_ptr<mqtt5::Message>) (instance 1)]::operator ()(const std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> &, std::shared_ptr<mqtt5::Message>) const()

_____________________________________________________________________________________________
*** CID 646025: Performance inefficiencies (COPY_INSTEAD_OF_MOVE) /mqtt_broker.cpp: 971 in mqtt5::Broker::handle_subscribe(mqtt5::NetworkSession &, const unsigned char *, unsigned long)::[lambda(const std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> &, std::shared_ptr<mqtt5::Message>) (instance 1)]::operator ()(const std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> &, std::shared_ptr<mqtt5::Message>) const()
965 if (!msg) return;
966 if (msg->props.has(PROP_MESSAGE_EXPIRY)) {
967 uint32_t expiry = msg->props.get_u32(PROP_MESSAGE_EXPIRY, 0);
968 if (time(nullptr) - msg->created_at > (time_t)expiry)
969 return;
970 }

CID 646025: Performance inefficiencies (COPY_INSTEAD_OF_MOVE) >>> "msg" is passed-by-value as parameter to "std::shared_ptr<mqtt5::Message>::shared_ptr(std::shared_ptr<mqtt5::Message> const &) /*explicit =default*/", when it could be moved instead.

971 deliver_to_network(session, msg, opts); 972 });
973 }
974
975 reason_codes.push_back(tf.qos());
976 }

** CID 646024: Performance inefficiencies (COPY_INSTEAD_OF_MOVE) /mqtt_broker.cpp: 224 in mqtt5::Broker::start(scfg_t *, unsigned short, int (*)(void *, int, const char *), void *)()

_____________________________________________________________________________________________
*** CID 646024: Performance inefficiencies (COPY_INSTEAD_OF_MOVE) /mqtt_broker.cpp: 224 in mqtt5::Broker::start(scfg_t *, unsigned short, int (*)(void *, int, const char *), void *)()
218 auto msg = std::make_shared<Message>();
219 msg->type = PUBLISH;
220 msg->flags = 1;
221 msg->topic = "$SYS/broker/version";
222 msg->payload.assign(ver, ver + strlen(ver));
223 msg->created_at = time(nullptr);

CID 646024: Performance inefficiencies (COPY_INSTEAD_OF_MOVE) >>> "msg" is passed-by-value as parameter to "std::shared_ptr<mqtt5::Message>::shared_ptr(std::shared_ptr<mqtt5::Message> const &) /*explicit =default*/", when it could be moved instead.

224 m_topics.set_retained("$SYS/broker/version", msg);
225 }
226
227 log(LOG_INFO, "MQTT broker: listening on port %u", port);
228 return true;
229 }

** CID 646023: (CHECKED_RETURN)
/mqtt_broker.cpp: 204 in mqtt5::Broker::start(scfg_t *, unsigned short, int (*)(void *, int, const char *), void *)()
/mqtt_broker.cpp: 205 in mqtt5::Broker::start(scfg_t *, unsigned short, int (*)(void *, int, const char *), void *)()

_____________________________________________________________________________________________
*** CID 646023: (CHECKED_RETURN)
/mqtt_broker.cpp: 204 in mqtt5::Broker::start(scfg_t *, unsigned short, int (*)(void *, int, const char *), void *)()
198 if (pipe(m_wakeup_pipe) < 0) {
199 log(LOG_ERR, "MQTT broker: pipe() failed: %d", errno); 200 closesocket(m_listen_sock);
201 m_listen_sock = -1;
202 return false;
203 }

CID 646023: (CHECKED_RETURN)
Calling "fcntl(this->m_wakeup_pipe[0], 4, 2048)" without checking return value. This library function may fail and return an error code.

204 fcntl(m_wakeup_pipe[0], F_SETFL, O_NONBLOCK);
205 fcntl(m_wakeup_pipe[1], F_SETFL, O_NONBLOCK);
206 #endif
207
208 m_running = true;
209 m_thread = std::thread(&Broker::broker_thread, this); /mqtt_broker.cpp: 205 in mqtt5::Broker::start(scfg_t *, unsigned short, int (*)(void *, int, const char *), void *)()
199 log(LOG_ERR, "MQTT broker: pipe() failed: %d", errno); 200 closesocket(m_listen_sock);
201 m_listen_sock = -1;
202 return false;
203 }
204 fcntl(m_wakeup_pipe[0], F_SETFL, O_NONBLOCK);

CID 646023: (CHECKED_RETURN)
Calling "fcntl(this->m_wakeup_pipe[1], 4, 2048)" without checking return value. This library function may fail and return an error code.

205 fcntl(m_wakeup_pipe[1], F_SETFL, O_NONBLOCK);
206 #endif
207
208 m_running = true;
209 m_thread = std::thread(&Broker::broker_thread, this);
210

** CID 646022: Performance inefficiencies (COPY_INSTEAD_OF_MOVE) /mqtt_broker.cpp: 715 in mqtt5::Broker::accept_connection(int)()

_____________________________________________________________________________________________
*** CID 646022: Performance inefficiencies (COPY_INSTEAD_OF_MOVE) /mqtt_broker.cpp: 715 in mqtt5::Broker::accept_connection(int)() 709
710 std::string temp_id = "pending-" + std::to_string(sock);
711 std::lock_guard<std::recursive_mutex> lock(m_mutex);
712 auto &session = m_sessions[temp_id];
713 session.socket = sock;
714 session.tls_sess = tls_sess;

CID 646022: Performance inefficiencies (COPY_INSTEAD_OF_MOVE) >>> "psk_id" is copied in call to copy assignment for class "std::string", when it could be moved instead.

715 session.tls_psk_id = psk_id;
716 session.last_activity = time(nullptr);
717 log(LOG_DEBUG, "MQTT broker: new TLS connection on socket %d", sock);
718 }
719
720 // Network data handling

** CID 646021: Concurrent data access violations (MISSING_LOCK) /mqtt_broker.cpp: 57 in mqtt5::Broker::instance()()

_____________________________________________________________________________________________
*** CID 646021: Concurrent data access violations (MISSING_LOCK) /mqtt_broker.cpp: 57 in mqtt5::Broker::instance()()
51
52 Broker *Broker::s_instance = nullptr;
53 std::mutex Broker::s_instance_mutex;
54
55 Broker *Broker::instance()
56 {

CID 646021: Concurrent data access violations (MISSING_LOCK) >>> Accessing "mqtt5::Broker::s_instance" without holding lock "mqtt5::Broker::s_instance_mutex". Elsewhere, "mqtt5::Broker::s_instance" is written to with "mqtt5::Broker::s_instance_mutex" held 2 out of 2 times (1 of these accesses strongly imply that it is necessary).

57 return s_instance;
58 }
59
60 Broker::Broker()
61 {
62 }

** CID 646020: Performance inefficiencies (COPY_INSTEAD_OF_MOVE) /mqtt_broker.cpp: 915 in mqtt5::Broker::handle_publish(mqtt5::NetworkSession &, unsigned char, const unsigned char *, unsigned long)()

_____________________________________________________________________________________________
*** CID 646020: Performance inefficiencies (COPY_INSTEAD_OF_MOVE) /mqtt_broker.cpp: 915 in mqtt5::Broker::handle_publish(mqtt5::NetworkSession &, unsigned char, const unsigned char *, unsigned long)()
909 teardown_network(session, 0x81);
910 return;
911 }
912
913 uint8_t qos = msg->qos();
914

CID 646020: Performance inefficiencies (COPY_INSTEAD_OF_MOVE) >>> "msg" is passed-by-value as parameter to "std::shared_ptr<mqtt5::Message>::shared_ptr(std::shared_ptr<mqtt5::Message> const &) /*explicit =default*/", when it could be moved instead.

915 route_publish(session.client_id, msg);
916
917 if (qos == 1) {
918 send_to_network(session, build_ack(PUBACK, pid, 0)); 919 } else if (qos == 2) {
920 session.rx_unacked[pid] = true;

** CID 646019: Performance inefficiencies (COPY_INSTEAD_OF_MOVE) /mqtt_broker.cpp: 413 in mqtt5::Broker::deliver_to_network(mqtt5::NetworkSession &, std::shared_ptr<mqtt5::Message>, const mqtt5::SubscriptionOptions &)()

_____________________________________________________________________________________________
*** CID 646019: Performance inefficiencies (COPY_INSTEAD_OF_MOVE) /mqtt_broker.cpp: 413 in mqtt5::Broker::deliver_to_network(mqtt5::NetworkSession &, std::shared_ptr<mqtt5::Message>, const mqtt5::SubscriptionOptions &)()
407 auto pkt = build_publish(*msg, pid, false, qos,
408 extra.empty() ? nullptr : &extra); 409 send_to_network(session, pkt);
410
411 if (qos > 0) {
412 Queued q;

CID 646019: Performance inefficiencies (COPY_INSTEAD_OF_MOVE) >>> "msg" is copied in call to copy assignment for class "std::shared_ptr<mqtt5::Message>", when it could be moved instead.

413 q.msg = msg;
414 q.pid = pid;
415 session.tx_unacked[pid] = std::move(q);
416 }
417 }
418

________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://scan.coverity.com/projects/synchronet?tab=overview

---
* Synchronet * Vertrauen ■ Home of Synchronet ■ [vert/cvs/bbs].synchro.net

From scan-admin@coverity.com@VERT to cov-scan@synchro.net on Mon May 11 15:35:32 2026

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

4 new defect(s) introduced to Synchronet found with Coverity Scan.
1 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 4 of 4 defect(s)

** CID 646038: Performance inefficiencies (COPY_INSTEAD_OF_MOVE) /mqtt_broker.cpp: 292 in mqtt5::Broker::publish_sys(const char *, const void *, unsigned long, const mqtt5::Properties *)()

_____________________________________________________________________________________________
*** CID 646038: Performance inefficiencies (COPY_INSTEAD_OF_MOVE) /mqtt_broker.cpp: 292 in mqtt5::Broker::publish_sys(const char *, const void *, unsigned long, const mqtt5::Properties *)()
286 static_cast<const uint8_t *>(payload) + len);
287 if (props)
288 msg->props = *props;
289 msg->created_at = time(nullptr);
290
291 std::lock_guard<std::recursive_mutex> lock(m_mutex);

CID 646038: Performance inefficiencies (COPY_INSTEAD_OF_MOVE) >>> "msg" is passed-by-value as parameter to "std::shared_ptr<mqtt5::Message>::shared_ptr(std::shared_ptr<mqtt5::Message> const &) /*explicit =default*/", when it could be moved instead.

292 route_publish("$SYS", msg);
293 for (auto it_s = m_sessions.begin(); it_s != m_sessions.end(); ++it_s)
294 if (!it_s->second.send_buf.empty())
295 flush_network(it_s->second);
296 }
297

** CID 646037: Error handling issues (CHECKED_RETURN)
/mqtt_client.cpp: 323 in mqtt5::Client::connect(const char *, unsigned short, const char *, const char *, const char *, int, int, int, const char *, const char *, const char *, const char *, const char *, const char *, scfg_t *, int (*)(int, const char *, ...))()

_____________________________________________________________________________________________
*** CID 646037: Error handling issues (CHECKED_RETURN) /mqtt_client.cpp: 323 in mqtt5::Client::connect(const char *, unsigned short, const char *, const char *, const char *, int, int, int, const char *, const char *, const char *, const char *, const char *, const char *, scfg_t *, int (*)(int, const char *, ...))()
317
318 cryptSetAttribute(m_tls_sess, CRYPT_SESSINFO_NETWORKSOCKET, m_sock);
319 if (tls_mode == MQTT_TLS_PSK || tls_mode == MQTT_TLS_SBBS) {
320 cryptSetAttribute(m_tls_sess, CRYPT_SESSINFO_TLS_OPTIONS, CRYPT_TLSOPTION_DISABLE_CERTVERIFY);
321 cryptSetAttribute(m_tls_sess, CRYPT_SESSINFO_TLS_OPTIONS, CRYPT_TLSOPTION_DISABLE_NAMEVERIFY);
322 }

CID 646037: Error handling issues (CHECKED_RETURN)
Calling "cryptSetAttributeString" without checking return value (as is done elsewhere 18 out of 21 times).

323 cryptSetAttributeString(m_tls_sess, CRYPT_SESSINFO_SERVER_NAME, host, strlen(host));
324 ret = cryptSetAttribute(m_tls_sess, CRYPT_SESSINFO_ACTIVE, 1);
325 if (ret != CRYPT_OK) {
326 if (lprintf) {
327 char *estr = NULL;
328 get_crypt_error_string(ret, m_tls_sess, &estr, "TLS handshake", NULL);

** CID 646036: Performance inefficiencies (COPY_INSTEAD_OF_MOVE)

_____________________________________________________________________________________________
*** CID 646036: Performance inefficiencies (COPY_INSTEAD_OF_MOVE) /mqtt_client.cpp: 162 in mqtt5::Client::handle_packet(unsigned char, unsigned char, const unsigned char *, unsigned long)()
156 ReceivedMessage rm;
157 rm.topic = msg->topic;
158 rm.payload = msg->payload;
159 rm.mid = pid;
160 rm.qos = msg->qos();
161 rm.retain = msg->retain();

CID 646036: Performance inefficiencies (COPY_INSTEAD_OF_MOVE) >>> "rm" is copied and then passed-by-reference as parameter to STL insertion function "std::deque<mqtt5::ReceivedMessage, std::allocator<mqtt5::ReceivedMessage> >::push_back(std::deque<mqtt5::ReceivedMessage, std::allocator<mqtt5::ReceivedMessage> >::value_type const &)", when it could be moved instead.

162 m_queue.push_back(rm);
163 if (msg->qos() == 1)
164 send_packet(build_ack(PUBACK, pid, 0));
165 else if (msg->qos() == 2) {
166 send_packet(build_ack(PUBREC, pid, 0));
167 }

** CID 646035: Error handling issues (CHECKED_RETURN)
/mqtt_client.cpp: 264 in mqtt5::Client::connect(const char *, unsigned short, const char *, const char *, const char *, int, int, int, const char *, const char *, const char *, const char *, const char *, const char *, scfg_t *, int (*)(int, const char *, ...))()

_____________________________________________________________________________________________
*** CID 646035: Error handling issues (CHECKED_RETURN) /mqtt_client.cpp: 264 in mqtt5::Client::connect(const char *, unsigned short, const char *, const char *, const char *, int, int, int, const char *, const char *, const char *, const char *, const char *, const char *, scfg_t *, int (*)(int, const char *, ...))()
258 if (m_sock == INVALID_SOCKET) {
259 m_last_error = -1;
260 return -1;
261 }
262
263 int nodelay = 1;

CID 646035: Error handling issues (CHECKED_RETURN)
Calling "setsockopt(this->m_sock, IPPROTO_TCP, 1, (char *)&nodelay, 4U)" without checking return value. This library function may fail and return an error code.

264 setsockopt(m_sock, IPPROTO_TCP, TCP_NODELAY, (char *)&nodelay, sizeof(nodelay));
265
266 if (tls_mode != MQTT_TLS_DISABLED) {
267 if (!do_cryptInit(lprintf)) {
268 closesocket(m_sock);
269 m_sock = INVALID_SOCKET;

________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://scan.coverity.com/projects/synchronet?tab=overview

---
* Synchronet * Vertrauen ■ Home of Synchronet ■ [vert/cvs/bbs].synchro.net

From scan-admin@coverity.com@VERT to All on Tue May 12 12:53:38 2026

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

1 new defect(s) introduced to Synchronet found with Coverity Scan.
2 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 1 of 1 defect(s)

** CID 646043: Null pointer dereferences (FORWARD_NULL)
/mqtt.cpp: 1095 in mqtt_startup()

_____________________________________________________________________________________________
*** CID 646043: Null pointer dereferences (FORWARD_NULL)
/mqtt.cpp: 1095 in mqtt_startup()
1089 }
1090 broker = mqtt5::Broker::instance();
1091 }
1092 }
1093
1094 char client_id[256];

CID 646043: Null pointer dereferences (FORWARD_NULL)
Dereferencing null pointer "startup".

1095 snprintf(client_id, sizeof(client_id), "sbbs-%s-%s-%s",
1096 cfg->sys_id, mqtt->host, server_type_desc((enum server_type)startup->type));
1097
1098 auto *lc = broker->register_local(client_id, mqtt_local_message_callback, mqtt);
1099 mqtt->local = lc;
1100 mqtt->connected = true;

________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://scan.coverity.com/projects/synchronet?tab=overview

---
* Synchronet * Vertrauen ■ Home of Synchronet ■ [vert/cvs/bbs].synchro.net

System Info

Who's Online

New Defects reported by Coverity Scan for Synchronet