Forum: Kalgoorlie Retro BBS

New Defects reported by Coverity Scan for Synchronet

From scan-admin@coverity.com@VERT to All on Wed Jan 28 13:46:25 2026

----==_mimepart_697a13306f491_cf6782d0dbe50d9a0894b
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

3 new defect(s) introduced to Synchronet found with Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 3 of 3 defect(s)

** CID 642982: (FORWARD_NULL)
/prntfile.cpp: 263 in sbbs_t::printfile(const char *, int, int, JSObject *)()
/prntfile.cpp: 228 in sbbs_t::printfile(const char *, int, int, JSObject *)()

_____________________________________________________________________________________________
*** CID 642982: (FORWARD_NULL)
/prntfile.cpp: 263 in sbbs_t::printfile(const char *, int, int, JSObject *)()
257 default:
258 case TERM_KEY_DOWN:
259 nextline = line + 1; 260 break;
261 }
262 if (nextline != line + 1 && nextline < lines)

CID 642982: (FORWARD_NULL)
Dereferencing null pointer "offset".

263 fseeko(stream, offset[nextline], 0);
264 line = nextline;
265 }
266 else
267 ++line;
268 }
/prntfile.cpp: 228 in sbbs_t::printfile(const char *, int, int, JSObject *)()
222 else
223 nextline = line - (((term->rows - 1) * 2) - 1);
224 break;
225 case TERM_KEY_END:
226 {
227 bputs(text[SeekingFile]);

CID 642982: (FORWARD_NULL)
Dereferencing null pointer "offset".

228 fseeko(stream, offset[lines - 1], SEEK_SET);
229 if (fgets(buf, length + 1, stream) == NULL)
230 break;
231 off_t lastline = lines - 1;
232 while (!feof(stream) && !msgabort()) {
233 o = ftello(stream);

** CID 642981: Error handling issues (CHECKED_RETURN)
/prntfile.cpp: 228 in sbbs_t::printfile(const char *, int, int, JSObject *)()

_____________________________________________________________________________________________
*** CID 642981: Error handling issues (CHECKED_RETURN)
/prntfile.cpp: 228 in sbbs_t::printfile(const char *, int, int, JSObject *)()
222 else
223 nextline = line - (((term->rows - 1) * 2) - 1);
224 break;
225 case TERM_KEY_END:
226 {
227 bputs(text[SeekingFile]);

CID 642981: Error handling issues (CHECKED_RETURN)
Calling "fseeko(stream, offset[lines - 1UL], 0)" without checking return value. This library function may fail and return an error code.

228 fseeko(stream, offset[lines - 1], SEEK_SET);
229 if (fgets(buf, length + 1, stream) == NULL)
230 break;
231 off_t lastline = lines - 1;
232 while (!feof(stream) && !msgabort()) {
233 o = ftello(stream);

** CID 642980: Integer handling issues (INTEGER_OVERFLOW)
/prntfile.cpp: 228 in sbbs_t::printfile(const char *, int, int, JSObject *)()

_____________________________________________________________________________________________
*** CID 642980: Integer handling issues (INTEGER_OVERFLOW) /prntfile.cpp: 228 in sbbs_t::printfile(const char *, int, int, JSObject *)()
222 else
223 nextline = line - (((term->rows - 1) * 2) - 1);
224 break;
225 case TERM_KEY_END:
226 {
227 bputs(text[SeekingFile]);

CID 642980: Integer handling issues (INTEGER_OVERFLOW)
Expression "lines - 1UL", where "lines" is known to be equal to 0, underflows the type of "lines - 1UL", which is type "unsigned long".

228 fseeko(stream, offset[lines - 1], SEEK_SET);
229 if (fgets(buf, length + 1, stream) == NULL)
230 break;
231 off_t lastline = lines - 1;
232 while (!feof(stream) && !msgabort()) {
233 o = ftello(stream);

________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://scan.coverity.com/projects/synchronet?tab=overview

----==_mimepart_697a13306f491_cf6782d0dbe50d9a0894b
Content-Type: text/html; charset=us-ascii
Content-Transfer-Encoding: 7bit

<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<title>New Defects Reported - Synchronet</title>
<style>
body { font-family: Arial, sans-serif; color: #222; line-height: 1.6; }
.button {
display: inline-block;
padding: 10px 20px;
margin: 20px 0;
font-size: 16px;
color: #fff !important;
background-color: #0056b3;
text-decoration: none;
border-radius: 5px;
}
pre {
background: #f8f9fa;
padding: 10px;
border-radius: 5px;
font-size: 14px;
overflow-x: auto;
}
</style>
</head>
<body>
<p>Hi,</p>

<p>
Please find the latest report on new defect(s) introduced to <strong>Synchronet</strong>
found with Coverity Scan.
</p>

<ul>
<li><strong>New Defects Found:</strong> 3</li>
<li><strong>Defects Shown:</strong> Showing 3 of 3 defect(s)</li>
</ul>

<h3>Defect Details</h3>
<pre>
** CID 642982: (FORWARD_NULL)
/prntfile.cpp: 263 in sbbs_t::printfile(const char *, int, int, JSObject *)()
/prntfile.cpp: 228 in sbbs_t::printfile(const char *, int, int, JSObject *)()

_____________________________________________________________________________________________
*** CID 642982: (FORWARD_NULL)
/prntfile.cpp: 263 in sbbs_t::printfile(const char *, int, int, JSObject *)()
257 default:
258 case TERM_KEY_DOWN:
259 nextline = line + 1; 260 break;
261 }
262 if (nextline != line + 1 && nextline < lines)
>>> CID 642982: (FORWARD_NULL)
>>> Dereferencing null pointer "offset".
263 fseeko(stream, offset[nextline], 0);
264 line = nextline;
265 }
266 else
267 ++line;
268 }
/prntfile.cpp: 228 in sbbs_t::printfile(const char *, int, int, JSObject *)()
222 else
223 nextline = line - (((term->rows - 1) * 2) - 1);
224 break;
225 case TERM_KEY_END:
226 {
227 bputs(text[SeekingFile]);
>>> CID 642982: (FORWARD_NULL)
>>> Dereferencing null pointer "offset".
228 fseeko(stream, offset[lines - 1], SEEK_SET);
229 if (fgets(buf, length + 1, stream) == NULL)
230 break;
231 off_t lastline = lines - 1;
232 while (!feof(stream) && !msgabort()) {
233 o = ftello(stream);

** CID 642981: Error handling issues (CHECKED_RETURN)
/prntfile.cpp: 228 in sbbs_t::printfile(const char *, int, int, JSObject *)()

_____________________________________________________________________________________________
*** CID 642981: Error handling issues (CHECKED_RETURN)
/prntfile.cpp: 228 in sbbs_t::printfile(const char *, int, int, JSObject *)()
222 else
223 nextline = line - (((term->rows - 1) * 2) - 1);
224 break;
225 case TERM_KEY_END:
226 {
227 bputs(text[SeekingFile]);
>>> CID 642981: Error handling issues (CHECKED_RETURN) >>> Calling "fseeko(stream, offset[lines - 1UL], 0)" without checking return value. This library function may fail and return an error code.
228 fseeko(stream, offset[lines - 1], SEEK_SET);
229 if (fgets(buf, length + 1, stream) == NULL)
230 break;
231 off_t lastline = lines - 1;
232 while (!feof(stream) && !msgabort()) {
233 o = ftello(stream);

** CID 642980: Integer handling issues (INTEGER_OVERFLOW)
/prntfile.cpp: 228 in sbbs_t::printfile(const char *, int, int, JSObject *)()

_____________________________________________________________________________________________
*** CID 642980: Integer handling issues (INTEGER_OVERFLOW) /prntfile.cpp: 228 in sbbs_t::printfile(const char *, int, int, JSObject *)()
222 else
223 nextline = line - (((term->rows - 1) * 2) - 1);
224 break;
225 case TERM_KEY_END:
226 {
227 bputs(text[SeekingFile]);
>>> CID 642980: Integer handling issues (INTEGER_OVERFLOW)
>>> Expression "lines - 1UL", where "lines" is known to be equal to 0, underflows the type of "lines - 1UL", which is type "unsigned long".
228 fseeko(stream, offset[lines - 1], SEEK_SET);
229 if (fgets(buf, length + 1, stream) == NULL)
230 break;
231 off_t lastline = lines - 1;
232 while (!feof(stream) && !msgabort()) {
233 o = ftello(stream);

</pre>

<p>
<a href="https://scan.coverity.com/projects/synchronet?tab=overview" class="button">View Defects in Coverity Scan</a>
</p>

<p>Best regards,</p>
<p>The Coverity Scan Admin Team</p>
<img class="logo" width="140" src="https://scan.coverity.com/assets/BlackDuckLogo-6697adc63e07340464201a2ad534d3d3e44f95d36edda20b140440d34f05372f.svg" />
</body>
</html>
----==_mimepart_697a13306f491_cf6782d0dbe50d9a0894b--

---
� Synchronet � Vertrauen � Home of Synchronet � [vert/cvs/bbs].synchro.net

From scan-admin@coverity.com@VERT to All on Thu Jan 29 13:46:20 2026

----==_mimepart_697b64ac475f5_def0e2bd3c9d4b9a8620dd
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

2 new defect(s) introduced to Synchronet found with Coverity Scan.
5 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 2 of 2 defect(s)

** CID 642992: API usage errors (PRINTF_ARGS)

_____________________________________________________________________________________________
*** CID 642992: API usage errors (PRINTF_ARGS)
/ftpsrvr.c: 5024 in ctrl_thread()
5018 transfer_aborted = TRUE;
5019 }
5020 }
5021 if (count && (count % 60) == 0)
5022 lprintf(LOG_WARNING, "%04d Still waiting (%us) for transfer to complete "
5023 "(aborted=%d, lastactive=%" PRId64 "s, max_inactivity=%us) ..."

CID 642992: API usage errors (PRINTF_ARGS)
Argument "count" to format specifier "%u" was expected to have type "unsigned int" but has type "unsigned long".

5024 , sock, count, transfer_aborted, (uint64_t)(time(NULL)-lastactive)
5025 , startup->max_inactivity);
5026 count++;
5027 mswait(1000);
5028 }
5029 lprintf(LOG_DEBUG, "%04d Done waiting for transfer to complete", sock);

** CID 642991: API usage errors (PW.PRINTF_ARG_MISMATCH)
/ftpsrvr.c: 5024 in ()

_____________________________________________________________________________________________
*** CID 642991: API usage errors (PW.PRINTF_ARG_MISMATCH)
/ftpsrvr.c: 5024 in ()
5018 transfer_aborted = TRUE;
5019 }
5020 }
5021 if (count && (count % 60) == 0)
5022 lprintf(LOG_WARNING, "%04d Still waiting (%us) for transfer to complete "
5023 "(aborted=%d, lastactive=%" PRId64 "s, max_inactivity=%us) ..."

CID 642991: API usage errors (PW.PRINTF_ARG_MISMATCH)
argument is incompatible with corresponding format string conversion (expected type "unsigned int" but argument has type "unsigned long")

5024 , sock, count, transfer_aborted, (uint64_t)(time(NULL)-lastactive)
5025 , startup->max_inactivity);
5026 count++;
5027 mswait(1000);
5028 }
5029 lprintf(LOG_DEBUG, "%04d Done waiting for transfer to complete", sock);

________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://scan.coverity.com/projects/synchronet?tab=overview

----==_mimepart_697b64ac475f5_def0e2bd3c9d4b9a8620dd
Content-Type: text/html; charset=us-ascii
Content-Transfer-Encoding: 7bit

<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<title>New Defects Reported - Synchronet</title>
<style>
body { font-family: Arial, sans-serif; color: #222; line-height: 1.6; }
.button {
display: inline-block;
padding: 10px 20px;
margin: 20px 0;
font-size: 16px;
color: #fff !important;
background-color: #0056b3;
text-decoration: none;
border-radius: 5px;
}
pre {
background: #f8f9fa;
padding: 10px;
border-radius: 5px;
font-size: 14px;
overflow-x: auto;
}
</style>
</head>
<body>
<p>Hi,</p>

<p>
Please find the latest report on new defect(s) introduced to <strong>Synchronet</strong>
found with Coverity Scan.
</p>

<ul>
<li><strong>New Defects Found:</strong> 2</li>
<li>
5 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.
</li>
<li><strong>Defects Shown:</strong> Showing 2 of 2 defect(s)</li>
</ul>

<h3>Defect Details</h3>
<pre>
** CID 642992: API usage errors (PRINTF_ARGS)

_____________________________________________________________________________________________
*** CID 642992: API usage errors (PRINTF_ARGS)
/ftpsrvr.c: 5024 in ctrl_thread()
5018 transfer_aborted = TRUE;
5019 }
5020 }
5021 if (count && (count % 60) == 0)
5022 lprintf(LOG_WARNING, "%04d Still waiting (%us) for transfer to complete "
5023 "(aborted=%d, lastactive=%" PRId64 "s, max_inactivity=%us) ..."
>>> CID 642992: API usage errors (PRINTF_ARGS) >>> Argument "count" to format specifier "%u" was expected to have type "unsigned int" but has type "unsigned long".
5024 , sock, count, transfer_aborted, (uint64_t)(time(NULL)-lastactive)
5025 , startup->max_inactivity);
5026 count++;
5027 mswait(1000);
5028 }
5029 lprintf(LOG_DEBUG, "%04d Done waiting for transfer to complete", sock);

** CID 642991: API usage errors (PW.PRINTF_ARG_MISMATCH)
/ftpsrvr.c: 5024 in ()

_____________________________________________________________________________________________
*** CID 642991: API usage errors (PW.PRINTF_ARG_MISMATCH)
/ftpsrvr.c: 5024 in ()
5018 transfer_aborted = TRUE;
5019 }
5020 }
5021 if (count && (count % 60) == 0)
5022 lprintf(LOG_WARNING, "%04d Still waiting (%us) for transfer to complete "
5023 "(aborted=%d, lastactive=%" PRId64 "s, max_inactivity=%us) ..."
>>> CID 642991: API usage errors (PW.PRINTF_ARG_MISMATCH) >>> argument is incompatible with corresponding format string conversion (expected type "unsigned int" but argument has type "unsigned long")
5024 , sock, count, transfer_aborted, (uint64_t)(time(NULL)-lastactive)
5025 , startup->max_inactivity);
5026 count++;
5027 mswait(1000);
5028 }
5029 lprintf(LOG_DEBUG, "%04d Done waiting for transfer to complete", sock);

</pre>

<p>
<a href="https://scan.coverity.com/projects/synchronet?tab=overview" class="button">View Defects in Coverity Scan</a>
</p>

<p>Best regards,</p>
<p>The Coverity Scan Admin Team</p>
<img class="logo" width="140" src="https://scan.coverity.com/assets/BlackDuckLogo-6697adc63e07340464201a2ad534d3d3e44f95d36edda20b140440d34f05372f.svg" />
</body>
</html>
----==_mimepart_697b64ac475f5_def0e2bd3c9d4b9a8620dd--

---
� Synchronet � Vertrauen � Home of Synchronet � [vert/cvs/bbs].synchro.net

Who's Online
Recent Visitors
- Tim Whitson
  Sun Feb 1 03:34:30 2026
  from West Linn, Or via Telnet
- Dan
  Sat Jan 31 14:33:52 2026
  from Kalgoorlie, Wa via Telnet
- Tim Whitson
  Sat Jan 31 04:12:32 2026
  from West Linn, Or via Telnet
- Dan
  Fri Jan 30 11:50:05 2026
  from Kalgoorlie, Wa via Telnet

System Info

Sysop:	Heisenberg
Location:	Kalgoorlie, Western Australia
Users:	7
Nodes:	4 (0 / 4)
Uptime:	00:56:42
Calls:	11
Messages:	1,506

New Defects reported by Coverity Scan for Synchronet

Who's Online

Recent Visitors

System Info