----==_mimepart_69b94eebf2ddc_969e92cf51abf19a41186d
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Hi,
Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.
4 new defect(s) introduced to Synchronet found with Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 4 of 4 defect(s)
** CID 645010: Insecure data handling (INTEGER_OVERFLOW) /tmp/sbbs-Mar-17-2026/src/conio/wl_events.c: 1136 in ds_send()
_____________________________________________________________________________________________
*** CID 645010: Insecure data handling (INTEGER_OVERFLOW) /tmp/sbbs-Mar-17-2026/src/conio/wl_events.c: 1136 in ds_send()
1130 {
1131 assert_pthread_mutex_lock(&wl_copybuf_mutex);
1132 if (wl_copybuf) {
1133 size_t len = strlen(wl_copybuf);
1134 size_t sent = 0;
1135 while (sent < len) {
CID 645010: Insecure data handling (INTEGER_OVERFLOW)
"len - sent", which might have underflowed, is passed to "write(fd, wl_copybuf + sent, len - sent)".
1136 ssize_t rv = write(fd, wl_copybuf + sent, len - sent);
1137 if (rv <= 0)
1138 break;
1139 sent += rv;
1140 }
1141 }
** CID 645009: Insecure data handling (INTEGER_OVERFLOW) /tmp/sbbs-Mar-17-2026/src/conio/wl_events.c: 1459 in readev()
_____________________________________________________________________________________________
*** CID 645009: Insecure data handling (INTEGER_OVERFLOW) /tmp/sbbs-Mar-17-2026/src/conio/wl_events.c: 1459 in readev()
1453 readev(struct wl_local_event *lev)
1454 {
1455 size_t got = 0;
1456 char *buf = (char *)lev;
1457
1458 while (got < sizeof(*lev)) {
CID 645009: Insecure data handling (INTEGER_OVERFLOW)
"96UL - got", which might have underflowed, is passed to "read(wl_local_pipe[0], buf + got, 96UL - got)".
1459 int rv = read(wl_local_pipe[0], buf + got, sizeof(*lev) - got);
1460 if (rv > 0)
1461 got += rv;
1462 }
1463 }
1464
** CID 645008: Concurrent data access violations (MISSING_LOCK) /tmp/sbbs-Mar-17-2026/src/conio/wl_cio.c: 243 in wl_copytext()
_____________________________________________________________________________________________
*** CID 645008: Concurrent data access violations (MISSING_LOCK) /tmp/sbbs-Mar-17-2026/src/conio/wl_cio.c: 243 in wl_copytext()
237
238 assert_pthread_mutex_lock(&wl_copybuf_mutex);
239 FREE_AND_NULL(wl_copybuf);
240 wl_copybuf = strdup(text);
241 assert_pthread_mutex_unlock(&wl_copybuf_mutex);
242
CID 645008: Concurrent data access violations (MISSING_LOCK) >>> Accessing "wl_copybuf" without holding lock "wl_copybuf_mutex". Elsewhere, "wl_copybuf" is written to with "wl_copybuf_mutex" held 2 out of 2 times.
243 if (wl_copybuf) {
244 ev.type = WL_LOCAL_COPY;
245 write_event(&ev);
246 }
247 }
248
** CID 645007: Program hangs (SLEEP)
_____________________________________________________________________________________________
*** CID 645007: Program hangs (SLEEP) /tmp/sbbs-Mar-17-2026/src/conio/ciolib.c: 2754 in ciolib_add_hyperlink()
2748 }
2749 }
2750
2751 /* Run GC if free list is empty */
2752 if (hyperlink_free_head == 0)
2753 hyperlink_gc();
CID 645007: Program hangs (SLEEP)
Call to "hyperlink_gc" might sleep while holding lock "hyperlink_mutex".
2754
2755 /* Still empty after GC table is full */
2756 if (hyperlink_free_head == 0) {
2757 pthread_mutex_unlock(&hyperlink_mutex);
2758 return 0;
2759 }
________________________________________________________________________________________________________
To view the defects in Coverity Scan visit,
https://scan.coverity.com/projects/synchronet?tab=overview
----==_mimepart_69b94eebf2ddc_969e92cf51abf19a41186d
Content-Type: text/html; charset=us-ascii
Content-Transfer-Encoding: 7bit
<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<title>New Defects Reported - Synchronet</title>
<style>
body { font-family: Arial, sans-serif; color: #222; line-height: 1.6; }
.button {
display: inline-block;
padding: 10px 20px;
margin: 20px 0;
font-size: 16px;
color: #fff !important;
background-color: #0056b3;
text-decoration: none;
border-radius: 5px;
}
pre {
background: #f8f9fa;
padding: 10px;
border-radius: 5px;
font-size: 14px;
overflow-x: auto;
}
</style>
</head>
<body>
<p>Hi,</p>
<p>
Please find the latest report on new defect(s) introduced to <strong>Synchronet</strong>
found with Coverity Scan.
</p>
<ul>
<li><strong>New Defects Found:</strong> 4</li>
<li><strong>Defects Shown:</strong> Showing 4 of 4 defect(s)</li>
</ul>
<h3>Defect Details</h3>
<pre>
** CID 645010: Insecure data handling (INTEGER_OVERFLOW) /tmp/sbbs-Mar-17-2026/src/conio/wl_events.c: 1136 in ds_send()
_____________________________________________________________________________________________
*** CID 645010: Insecure data handling (INTEGER_OVERFLOW) /tmp/sbbs-Mar-17-2026/src/conio/wl_events.c: 1136 in ds_send()
1130 {
1131 assert_pthread_mutex_lock(&wl_copybuf_mutex);
1132 if (wl_copybuf) {
1133 size_t len = strlen(wl_copybuf);
1134 size_t sent = 0;
1135 while (sent < len) {
>>> CID 645010: Insecure data handling (INTEGER_OVERFLOW) >>> "len - sent", which might have underflowed, is passed to "write(fd, wl_copybuf + sent, len - sent)".
1136 ssize_t rv = write(fd, wl_copybuf + sent, len - sent);
1137 if (rv <= 0)
1138 break;
1139 sent += rv;
1140 }
1141 }
** CID 645009: Insecure data handling (INTEGER_OVERFLOW) /tmp/sbbs-Mar-17-2026/src/conio/wl_events.c: 1459 in readev()
_____________________________________________________________________________________________
*** CID 645009: Insecure data handling (INTEGER_OVERFLOW) /tmp/sbbs-Mar-17-2026/src/conio/wl_events.c: 1459 in readev()
1453 readev(struct wl_local_event *lev)
1454 {
1455 size_t got = 0;
1456 char *buf = (char *)lev;
1457
1458 while (got < sizeof(*lev)) {
>>> CID 645009: Insecure data handling (INTEGER_OVERFLOW) >>> "96UL - got", which might have underflowed, is passed to "read(wl_local_pipe[0], buf + got, 96UL - got)".
1459 int rv = read(wl_local_pipe[0], buf + got, sizeof(*lev) - got);
1460 if (rv > 0)
1461 got += rv;
1462 }
1463 }
1464
** CID 645008: Concurrent data access violations (MISSING_LOCK) /tmp/sbbs-Mar-17-2026/src/conio/wl_cio.c: 243 in wl_copytext()
_____________________________________________________________________________________________
*** CID 645008: Concurrent data access violations (MISSING_LOCK) /tmp/sbbs-Mar-17-2026/src/conio/wl_cio.c: 243 in wl_copytext()
237
238 assert_pthread_mutex_lock(&wl_copybuf_mutex);
239 FREE_AND_NULL(wl_copybuf);
240 wl_copybuf = strdup(text);
241 assert_pthread_mutex_unlock(&wl_copybuf_mutex);
242
>>> CID 645008: Concurrent data access violations (MISSING_LOCK)
>>> Accessing "wl_copybuf" without holding lock "wl_copybuf_mutex". Elsewhere, "wl_copybuf" is written to with "wl_copybuf_mutex" held 2 out of 2 times.
243 if (wl_copybuf) {
244 ev.type = WL_LOCAL_COPY;
245 write_event(&ev);
246 }
247 }
248
** CID 645007: Program hangs (SLEEP)
_____________________________________________________________________________________________
*** CID 645007: Program hangs (SLEEP) /tmp/sbbs-Mar-17-2026/src/conio/ciolib.c: 2754 in ciolib_add_hyperlink()
2748 }
2749 }
2750
2751 /* Run GC if free list is empty */
2752 if (hyperlink_free_head == 0)
2753 hyperlink_gc();
>>> CID 645007: Program hangs (SLEEP)
>>> Call to "hyperlink_gc" might sleep while holding lock "hyperlink_mutex".
2754
2755 /* Still empty after GC table is full */
2756 if (hyperlink_free_head == 0) {
2757 pthread_mutex_unlock(&hyperlink_mutex);
2758 return 0;
2759 }
</pre>
<p>
<a href="
https://scan.coverity.com/projects/synchronet?tab=overview" class="button">View Defects in Coverity Scan</a>
</p>
<p>Best regards,</p>
<p>The Coverity Scan Admin Team</p>
<img class="logo" width="140" src="
https://scan.coverity.com/assets/BlackDuckLogo-6697adc63e07340464201a2ad534d3d3e44f95d36edda20b140440d34f05372f.svg" />
</body>
</html>
----==_mimepart_69b94eebf2ddc_969e92cf51abf19a41186d--
--- SBBSecho 3.37-Linux
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
![https://scan.coverity.com/assets/BlackDuckLogo-6697adc63e07340464201a2ad534d3d3e44f95d36edda20b140440d34f05372f.svg"](https://scan.coverity.com/assets/BlackDuckLogo-6697adc63e07340464201a2ad534d3d3e44f95d36edda20b140440d34f05372f.svg"){kind=link}