Forum: Telnix

New Defects reported by Coverity Scan for Synchronet

From scan-admin@coverity.com@VERT to All on Fri Dec 19 13:45:09 2025

----==_mimepart_694556e537c80_cf6232c07a52839ac1056
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

1 new defect(s) introduced to Synchronet found with Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 1 of 1 defect(s)

** CID 640043: (USE_AFTER_FREE)
/js_socket.cpp: 3566 in js_listening_socket_constructor(JSContext *, unsigned int, unsigned long *)()
/js_socket.cpp: 3540 in js_listening_socket_constructor(JSContext *, unsigned int, unsigned long *)()
/js_socket.cpp: 3593 in js_listening_socket_constructor(JSContext *, unsigned int, unsigned long *)()

_____________________________________________________________________________________________
*** CID 640043: (USE_AFTER_FREE)
/js_socket.cpp: 3566 in js_listening_socket_constructor(JSContext *, unsigned int, unsigned long *)()
3560 }
3561
3562 if (!js_DefineSocketOptionsArray(cx, obj, type)) {
3563 JS_ReportError(cx, "js_DefineSocketOptionsArray failed");
3564 xpms_destroy(set, sock_close_cb, nullptr);
3565 free(p);

CID 640043: (USE_AFTER_FREE)
Calling "free" frees pointer "set" which has already been freed.

3566 free(set);
3567 return JS_FALSE;
3568 }
3569
3570 #ifdef BUILD_JSDOCS
3571 js_DescribeSyncObject(cx, obj, "Class used for incoming TCP/IP socket communications", 317);
/js_socket.cpp: 3540 in js_listening_socket_constructor(JSContext *, unsigned int, unsigned long *)()
3534 JS_SET_RVAL(cx, arglist, OBJECT_TO_JSVAL(obj));
3535
3536 if ((p = (js_socket_private_t*)malloc(sizeof(js_socket_private_t))) == NULL) {
3537 JS_ReportError(cx, "malloc failed");
3538 free(protocol);
3539 xpms_destroy(set, sock_close_cb, nullptr);

CID 640043: (USE_AFTER_FREE)
Calling "free" frees pointer "set" which has already been freed.

3540 free(set);
3541 return JS_FALSE;
3542 }
3543 memset(p, 0, sizeof(js_socket_private_t));
3544 p->type = type;
3545 p->set = set;
/js_socket.cpp: 3593 in js_listening_socket_constructor(JSContext *, unsigned int, unsigned long *)()
3587
3588 return JS_TRUE;
3589
3590 fail:
3591 xpms_destroy(set, sock_close_cb, nullptr);
3592 free(protocol);

CID 640043: (USE_AFTER_FREE)
Calling "free" frees pointer "set" which has already been freed.

3593 free(set);
3594 return JS_FALSE;
3595 }
3596
3597 static JSBool
3598 js_socket_constructor(JSContext *cx, uintN argc, jsval *arglist)

________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://scan.coverity.com/projects/synchronet?tab=overview

----==_mimepart_694556e537c80_cf6232c07a52839ac1056
Content-Type: text/html; charset=us-ascii
Content-Transfer-Encoding: 7bit

<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<title>New Defects Reported - Synchronet</title>
<style>
body { font-family: Arial, sans-serif; color: #222; line-height: 1.6; }
.button {
display: inline-block;
padding: 10px 20px;
margin: 20px 0;
font-size: 16px;
color: #fff !important;
background-color: #0056b3;
text-decoration: none;
border-radius: 5px;
}
pre {
background: #f8f9fa;
padding: 10px;
border-radius: 5px;
font-size: 14px;
overflow-x: auto;
}
</style>
</head>
<body>
<p>Hi,</p>

<p>
Please find the latest report on new defect(s) introduced to <strong>Synchronet</strong>
found with Coverity Scan.
</p>

<ul>
<li><strong>New Defects Found:</strong> 1</li>
<li><strong>Defects Shown:</strong> Showing 1 of 1 defect(s)</li>
</ul>

<h3>Defect Details</h3>
<pre>
** CID 640043: (USE_AFTER_FREE)
/js_socket.cpp: 3566 in js_listening_socket_constructor(JSContext *, unsigned int, unsigned long *)()
/js_socket.cpp: 3540 in js_listening_socket_constructor(JSContext *, unsigned int, unsigned long *)()
/js_socket.cpp: 3593 in js_listening_socket_constructor(JSContext *, unsigned int, unsigned long *)()

_____________________________________________________________________________________________
*** CID 640043: (USE_AFTER_FREE)
/js_socket.cpp: 3566 in js_listening_socket_constructor(JSContext *, unsigned int, unsigned long *)()
3560 }
3561
3562 if (!js_DefineSocketOptionsArray(cx, obj, type)) {
3563 JS_ReportError(cx, "js_DefineSocketOptionsArray failed");
3564 xpms_destroy(set, sock_close_cb, nullptr);
3565 free(p);
>>> CID 640043: (USE_AFTER_FREE)
>>> Calling "free" frees pointer "set" which has already been freed.
3566 free(set);
3567 return JS_FALSE;
3568 }
3569
3570 #ifdef BUILD_JSDOCS
3571 js_DescribeSyncObject(cx, obj, "Class used for incoming TCP/IP socket communications", 317);
/js_socket.cpp: 3540 in js_listening_socket_constructor(JSContext *, unsigned int, unsigned long *)()
3534 JS_SET_RVAL(cx, arglist, OBJECT_TO_JSVAL(obj));
3535
3536 if ((p = (js_socket_private_t*)malloc(sizeof(js_socket_private_t))) == NULL) {
3537 JS_ReportError(cx, "malloc failed");
3538 free(protocol);
3539 xpms_destroy(set, sock_close_cb, nullptr);
>>> CID 640043: (USE_AFTER_FREE)
>>> Calling "free" frees pointer "set" which has already been freed.
3540 free(set);
3541 return JS_FALSE;
3542 }
3543 memset(p, 0, sizeof(js_socket_private_t));
3544 p->type = type;
3545 p->set = set;
/js_socket.cpp: 3593 in js_listening_socket_constructor(JSContext *, unsigned int, unsigned long *)()
3587
3588 return JS_TRUE;
3589
3590 fail:
3591 xpms_destroy(set, sock_close_cb, nullptr);
3592 free(protocol);
>>> CID 640043: (USE_AFTER_FREE)
>>> Calling "free" frees pointer "set" which has already been freed.
3593 free(set);
3594 return JS_FALSE;
3595 }
3596
3597 static JSBool
3598 js_socket_constructor(JSContext *cx, uintN argc, jsval *arglist)

</pre>

<p>
<a href="https://scan.coverity.com/projects/synchronet?tab=overview" class="button">View Defects in Coverity Scan</a>
</p>

<p>Best regards,</p>
<p>The Coverity Scan Admin Team</p>
<img class="logo" width="140" src="https://scan.coverity.com/assets/BlackDuckLogo-6697adc63e07340464201a2ad534d3d3e44f95d36edda20b140440d34f05372f.svg" />
</body>
</html>
----==_mimepart_694556e537c80_cf6232c07a52839ac1056--

---
� Synchronet � Vertrauen � Home of Synchronet � [vert/cvs/bbs].synchro.net

From scan-admin@coverity.com@VERT to All on Sat Dec 27 13:44:41 2025

----==_mimepart_694fe2c8bcbb0_14b1952c2daae15998453b2
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

1 new defect(s) introduced to Synchronet found with Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 1 of 1 defect(s)

** CID 640112: (RESOURCE_LEAK)
/js_bbs.cpp: 1875 in js_logline(JSContext *, unsigned int, unsigned long *)()
/js_bbs.cpp: 1880 in js_logline(JSContext *, unsigned int, unsigned long *)()

_____________________________________________________________________________________________
*** CID 640112: (RESOURCE_LEAK)
/js_bbs.cpp: 1875 in js_logline(JSContext *, unsigned int, unsigned long *)()
1869
1870 JSSTRING_TO_MSTRING(cx, js_str, code, NULL);
1871 if (code == NULL)
1872 return JS_FALSE;
1873
1874 if ((js_str = JS_ValueToString(cx, argv[argn])) == NULL)

CID 640112: (RESOURCE_LEAK)
Variable "code" going out of scope leaks the storage it points to.

1875 return JS_FALSE;
1876 argn++;
1877
1878 JSSTRING_TO_MSTRING(cx, js_str, str, NULL);
1879 if (str == NULL)
1880 return JS_FALSE;
/js_bbs.cpp: 1880 in js_logline(JSContext *, unsigned int, unsigned long *)()
1874 if ((js_str = JS_ValueToString(cx, argv[argn])) == NULL)
1875 return JS_FALSE;
1876 argn++;
1877
1878 JSSTRING_TO_MSTRING(cx, js_str, str, NULL);
1879 if (str == NULL)

CID 640112: (RESOURCE_LEAK)
Variable "code" going out of scope leaks the storage it points to.

1880 return JS_FALSE;
1881
1882 rc = JS_SUSPENDREQUEST(cx);
1883 sbbs->logline(level, code, str);
1884 free(code);
1885 free(str);

________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://scan.coverity.com/projects/synchronet?tab=overview

----==_mimepart_694fe2c8bcbb0_14b1952c2daae15998453b2
Content-Type: text/html; charset=us-ascii
Content-Transfer-Encoding: 7bit

<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<title>New Defects Reported - Synchronet</title>
<style>
body { font-family: Arial, sans-serif; color: #222; line-height: 1.6; }
.button {
display: inline-block;
padding: 10px 20px;
margin: 20px 0;
font-size: 16px;
color: #fff !important;
background-color: #0056b3;
text-decoration: none;
border-radius: 5px;
}
pre {
background: #f8f9fa;
padding: 10px;
border-radius: 5px;
font-size: 14px;
overflow-x: auto;
}
</style>
</head>
<body>
<p>Hi,</p>

<p>
Please find the latest report on new defect(s) introduced to <strong>Synchronet</strong>
found with Coverity Scan.
</p>

<ul>
<li><strong>New Defects Found:</strong> 1</li>
<li><strong>Defects Shown:</strong> Showing 1 of 1 defect(s)</li>
</ul>

<h3>Defect Details</h3>
<pre>
** CID 640112: (RESOURCE_LEAK)
/js_bbs.cpp: 1875 in js_logline(JSContext *, unsigned int, unsigned long *)()
/js_bbs.cpp: 1880 in js_logline(JSContext *, unsigned int, unsigned long *)()

_____________________________________________________________________________________________
*** CID 640112: (RESOURCE_LEAK)
/js_bbs.cpp: 1875 in js_logline(JSContext *, unsigned int, unsigned long *)()
1869
1870 JSSTRING_TO_MSTRING(cx, js_str, code, NULL);
1871 if (code == NULL)
1872 return JS_FALSE;
1873
1874 if ((js_str = JS_ValueToString(cx, argv[argn])) == NULL) >>> CID 640112: (RESOURCE_LEAK)
>>> Variable "code" going out of scope leaks the storage it points to.
1875 return JS_FALSE;
1876 argn++;
1877
1878 JSSTRING_TO_MSTRING(cx, js_str, str, NULL);
1879 if (str == NULL)
1880 return JS_FALSE;
/js_bbs.cpp: 1880 in js_logline(JSContext *, unsigned int, unsigned long *)()
1874 if ((js_str = JS_ValueToString(cx, argv[argn])) == NULL)
1875 return JS_FALSE;
1876 argn++;
1877
1878 JSSTRING_TO_MSTRING(cx, js_str, str, NULL);
1879 if (str == NULL)
>>> CID 640112: (RESOURCE_LEAK)
>>> Variable "code" going out of scope leaks the storage it points to.
1880 return JS_FALSE;
1881
1882 rc = JS_SUSPENDREQUEST(cx);
1883 sbbs->logline(level, code, str);
1884 free(code);
1885 free(str);

</pre>

<p>
<a href="https://scan.coverity.com/projects/synchronet?tab=overview" class="button">View Defects in Coverity Scan</a>
</p>

<p>Best regards,</p>
<p>The Coverity Scan Admin Team</p>
<img class="logo" width="140" src="https://scan.coverity.com/assets/BlackDuckLogo-6697adc63e07340464201a2ad534d3d3e44f95d36edda20b140440d34f05372f.svg" />
</body>
</html>
----==_mimepart_694fe2c8bcbb0_14b1952c2daae15998453b2--

---
� Synchronet � Vertrauen � Home of Synchronet � [vert/cvs/bbs].synchro.net

From scan-admin@coverity.com@VERT to All on Wed Dec 31 13:45:24 2025

----==_mimepart_695528f458f41_188c5a2c2daae1599845314
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

1 new defect(s) introduced to Synchronet found with Coverity Scan.
4 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 1 of 1 defect(s)

** CID 640333: (NEGATIVE_RETURNS)
/writemsg.cpp: 463 in sbbs_t::writemsg(const char *, const char *, char *, int, int, const char *, const char *, const char **, const char **)()
/writemsg.cpp: 428 in sbbs_t::writemsg(const char *, const char *, char *, int, int, const char *, const char *, const char **, const char **)()
/writemsg.cpp: 440 in sbbs_t::writemsg(const char *, const char *, char *, int, int, const char *, const char *, const char **, const char **)()

_____________________________________________________________________________________________
*** CID 640333: (NEGATIVE_RETURNS)
/writemsg.cpp: 463 in sbbs_t::writemsg(const char *, const char *, char *, int, int, const char *, const char *, const char **, const char **)()
457 while (p) {
458 if (*p == ',' || *p == ' ')
459 p++;
460 i = atoi(p);
461 if (!i)
462 break;

CID 640333: (NEGATIVE_RETURNS)
"l" is passed to a parameter that cannot be negative.

463 fseek(stream, l, SEEK_SET);
464 j = 1;
465 while (!feof(stream) && !ferror(stream) && j < i) {
466 if (!fgets(tmp, sizeof(tmp), stream))
467 break;
468 j++; /* skip beginning */
/writemsg.cpp: 428 in sbbs_t::writemsg(const char *, const char *, char *, int, int, const char *, const char *, const char **, const char **)()
422 free(buf);
423 return false;
424 }
425 if (!i && linesquoted)
426 break;
427 if (!i || quote[0] == all_key()) { /* Quote all */

CID 640333: (NEGATIVE_RETURNS)
"l" is passed to a parameter that cannot be negative.

428 fseek(stream, l, SEEK_SET);
429 while (!feof(stream) && !ferror(stream)) {
430 if (!fgets(str, sizeof(str), stream))
431 break;
432 quotestr(str);
433 SAFEPRINTF2(tmp, quote_fmt, term->cols - 4, str);
/writemsg.cpp: 440 in sbbs_t::writemsg(const char *, const char *, char *, int, int, const char *, const char *, const char **, const char **)()
434 if (write(file, tmp, strlen(tmp)) > 0)
435 linesquoted++; 436 }
437 break;
438 }
439 if (quote[0] == list_key()) {

CID 640333: (NEGATIVE_RETURNS)
"l" is passed to a parameter that cannot be negative.

440 fseek(stream, l, SEEK_SET);
441 i = 1;
442 term->newline();
443 attr(LIGHTGRAY);
444 while (!feof(stream) && !ferror(stream) && !msgabort()) {
445 if (!fgets(str, sizeof(str), stream))

________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://scan.coverity.com/projects/synchronet?tab=overview

----==_mimepart_695528f458f41_188c5a2c2daae1599845314
Content-Type: text/html; charset=us-ascii
Content-Transfer-Encoding: 7bit

<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<title>New Defects Reported - Synchronet</title>
<style>
body { font-family: Arial, sans-serif; color: #222; line-height: 1.6; }
.button {
display: inline-block;
padding: 10px 20px;
margin: 20px 0;
font-size: 16px;
color: #fff !important;
background-color: #0056b3;
text-decoration: none;
border-radius: 5px;
}
pre {
background: #f8f9fa;
padding: 10px;
border-radius: 5px;
font-size: 14px;
overflow-x: auto;
}
</style>
</head>
<body>
<p>Hi,</p>

<p>
Please find the latest report on new defect(s) introduced to <strong>Synchronet</strong>
found with Coverity Scan.
</p>

<ul>
<li><strong>New Defects Found:</strong> 1</li>
<li>
4 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.
</li>
<li><strong>Defects Shown:</strong> Showing 1 of 1 defect(s)</li>
</ul>

<h3>Defect Details</h3>
<pre>
** CID 640333: (NEGATIVE_RETURNS)
/writemsg.cpp: 463 in sbbs_t::writemsg(const char *, const char *, char *, int, int, const char *, const char *, const char **, const char **)()
/writemsg.cpp: 428 in sbbs_t::writemsg(const char *, const char *, char *, int, int, const char *, const char *, const char **, const char **)()
/writemsg.cpp: 440 in sbbs_t::writemsg(const char *, const char *, char *, int, int, const char *, const char *, const char **, const char **)()

_____________________________________________________________________________________________
*** CID 640333: (NEGATIVE_RETURNS)
/writemsg.cpp: 463 in sbbs_t::writemsg(const char *, const char *, char *, int, int, const char *, const char *, const char **, const char **)()
457 while (p) {
458 if (*p == ',' || *p == ' ')
459 p++;
460 i = atoi(p);
461 if (!i)
462 break;
>>> CID 640333: (NEGATIVE_RETURNS)
>>> "l" is passed to a parameter that cannot be negative.
463 fseek(stream, l, SEEK_SET);
464 j = 1;
465 while (!feof(stream) && !ferror(stream) && j < i) {
466 if (!fgets(tmp, sizeof(tmp), stream))
467 break;
468 j++; /* skip beginning */
/writemsg.cpp: 428 in sbbs_t::writemsg(const char *, const char *, char *, int, int, const char *, const char *, const char **, const char **)()
422 free(buf);
423 return false;
424 }
425 if (!i && linesquoted)
426 break;
427 if (!i || quote[0] == all_key()) { /* Quote all */
>>> CID 640333: (NEGATIVE_RETURNS)
>>> "l" is passed to a parameter that cannot be negative.
428 fseek(stream, l, SEEK_SET);
429 while (!feof(stream) && !ferror(stream)) {
430 if (!fgets(str, sizeof(str), stream))
431 break;
432 quotestr(str);
433 SAFEPRINTF2(tmp, quote_fmt, term->cols - 4, str);
/writemsg.cpp: 440 in sbbs_t::writemsg(const char *, const char *, char *, int, int, const char *, const char *, const char **, const char **)()
434 if (write(file, tmp, strlen(tmp)) > 0)
435 linesquoted++; 436 }
437 break;
438 }
439 if (quote[0] == list_key()) { >>> CID 640333: (NEGATIVE_RETURNS)
>>> "l" is passed to a parameter that cannot be negative.
440 fseek(stream, l, SEEK_SET);
441 i = 1;
442 term->newline();
443 attr(LIGHTGRAY);
444 while (!feof(stream) && !ferror(stream) && !msgabort()) {
445 if (!fgets(str, sizeof(str), stream))

</pre>

<p>
<a href="https://scan.coverity.com/projects/synchronet?tab=overview" class="button">View Defects in Coverity Scan</a>
</p>

<p>Best regards,</p>
<p>The Coverity Scan Admin Team</p>
<img class="logo" width="140" src="https://scan.coverity.com/assets/BlackDuckLogo-6697adc63e07340464201a2ad534d3d3e44f95d36edda20b140440d34f05372f.svg" />
</body>
</html>
----==_mimepart_695528f458f41_188c5a2c2daae1599845314--

---
� Synchronet � Vertrauen � Home of Synchronet � [vert/cvs/bbs].synchro.net

Sysop:	datGSguy
Location:	Eugene, OR
Users:	3
Nodes:	4 (0 / 4)
Uptime:	21:12:28
Calls:	2
Messages:	1,534
Posted today:	1

New Defects reported by Coverity Scan for Synchronet

Who's Online

System Info