• New Defects reported by Coverity Scan for Synchronet

    From scan-admin@coverity.com@1:103/705 to All on Tue Jun 23 12:49:12 2026

    ----==_mimepart_6a3a80c7a20e1_66e5f2bc3001679a4406f9
    Content-Type: text/plain; charset=us-ascii
    Content-Transfer-Encoding: 7bit

    Hi,

    Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

    2 new defect(s) introduced to Synchronet found with Coverity Scan.


    New defect(s) Reported-by: Coverity Scan
    Showing 2 of 2 defect(s)


    ** CID 646963: Concurrent data access violations (MISSING_LOCK) /echocfg.c: 863 in main()


    _____________________________________________________________________________________________
    *** CID 646963: Concurrent data access violations (MISSING_LOCK) /echocfg.c: 863 in main()
    857 uifc.mode |= UIFC_COLOR;
    858 break;
    859 case 'V':
    860 video_mode = atoi(argv[i] + 2); 861 break;
    862 case 'S':
    CID 646963: Concurrent data access violations (MISSING_LOCK) >>> Accessing "ciolib_initial_scaling" without holding lock "vstatlock". Elsewhere, "ciolib_initial_scaling" is written to with "vstatlock" held 5 out of 7 times.
    863 ciolib_initial_scaling = strtod(argv[i] + 2, NULL);
    864 break;
    865 default:
    866 USAGE:
    867 #ifdef _WIN32
    868 uifc.size = sizeof(uifc);

    ** CID 646962: Concurrent data access violations (MISSING_LOCK) /tmp/sbbs-Jun-23-2026/src/conio/sdl_con.c: 408 in sdl_init()


    _____________________________________________________________________________________________
    *** CID 646962: Concurrent data access violations (MISSING_LOCK) /tmp/sbbs-Jun-23-2026/src/conio/sdl_con.c: 408 in sdl_init()
    402
    403 /* Called from main thread only (Passes Event) */
    404 int sdl_init(int mode)
    405 {
    406 load_vmode(&vstat, ciolib_initial_mode);
    407 if (vstat.scaling < 1.0)
    CID 646962: Concurrent data access violations (MISSING_LOCK) >>> Accessing "ciolib_initial_scaling" without holding lock "vstatlock". Elsewhere, "ciolib_initial_scaling" is written to with "vstatlock" held 5 out of 7 times.
    408 vstat.scaling = ciolib_initial_scaling;
    409 if (vstat.scaling < 1.0)
    410 vstat.scaling = 1.0;
    411 // TODO: This is gross, why do we need it?
    412 vstat.winwidth = vstat.scrnwidth * vstat.scaling;
    413 vstat.winheight = vstat.scrnheight * vstat.scaling;


    ________________________________________________________________________________________________________
    To view the defects in Coverity Scan visit, https://scan.coverity.com/projects/synchronet?tab=overview


    ----==_mimepart_6a3a80c7a20e1_66e5f2bc3001679a4406f9
    Content-Type: text/html; charset=us-ascii
    Content-Transfer-Encoding: 7bit

    <!DOCTYPE html>
    <html>
    <head>
    <meta charset="UTF-8">
    <title>New Defects Reported - Synchronet</title>
    <style>
    body { font-family: Arial, sans-serif; color: #222; line-height: 1.6; }
    .button {
    display: inline-block;
    padding: 10px 20px;
    margin: 20px 0;
    font-size: 16px;
    color: #fff !important;
    background-color: #0056b3;
    text-decoration: none;
    border-radius: 5px;
    }
    pre {
    background: #f8f9fa;
    padding: 10px;
    border-radius: 5px;
    font-size: 14px;
    overflow-x: auto;
    }
    </style>
    </head>
    <body>
    <p>Hi,</p>

    <p>
    Please find the latest report on new defect(s) introduced to <strong>Synchronet</strong>
    found with Coverity Scan.
    </p>

    <ul>
    <li><strong>New Defects Found:</strong> 2</li>
    <li><strong>Defects Shown:</strong> Showing 2 of 2 defect(s)</li>
    </ul>

    <h3>Defect Details</h3>
    <pre>
    ** CID 646963: Concurrent data access violations (MISSING_LOCK) /echocfg.c: 863 in main()


    _____________________________________________________________________________________________
    *** CID 646963: Concurrent data access violations (MISSING_LOCK) /echocfg.c: 863 in main()
    857 uifc.mode |= UIFC_COLOR;
    858 break;
    859 case &#39;V&#39;:
    860 video_mode = atoi(argv[i] + 2); 861 break;
    862 case &#39;S&#39;:
    &gt;&gt;&gt; CID 646963: Concurrent data access violations (MISSING_LOCK)
    &gt;&gt;&gt; Accessing &quot;ciolib_initial_scaling&quot; without holding lock &quot;vstatlock&quot;. Elsewhere, &quot;ciolib_initial_scaling&quot; is written to with &quot;vstatlock&quot; held 5 out of 7 times.
    863 ciolib_initial_scaling = strtod(argv[i] + 2, NULL);
    864 break;
    865 default:
    866 USAGE:
    867 #ifdef _WIN32
    868 uifc.size = sizeof(uifc);

    ** CID 646962: Concurrent data access violations (MISSING_LOCK) /tmp/sbbs-Jun-23-2026/src/conio/sdl_con.c: 408 in sdl_init()


    _____________________________________________________________________________________________
    *** CID 646962: Concurrent data access violations (MISSING_LOCK) /tmp/sbbs-Jun-23-2026/src/conio/sdl_con.c: 408 in sdl_init()
    402
    403 /* Called from main thread only (Passes Event) */
    404 int sdl_init(int mode)
    405 {
    406 load_vmode(&amp;vstat, ciolib_initial_mode);
    407 if (vstat.scaling &lt; 1.0)
    &gt;&gt;&gt; CID 646962: Concurrent data access violations (MISSING_LOCK)
    &gt;&gt;&gt; Accessing &quot;ciolib_initial_scaling&quot; without holding lock &quot;vstatlock&quot;. Elsewhere, &quot;ciolib_initial_scaling&quot; is written to with &quot;vstatlock&quot; held 5 out of 7 times.
    408 vstat.scaling = ciolib_initial_scaling;
    409 if (vstat.scaling &lt; 1.0)
    410 vstat.scaling = 1.0;
    411 // TODO: This is gross, why do we need it?
    412 vstat.winwidth = vstat.scrnwidth * vstat.scaling;
    413 vstat.winheight = vstat.scrnheight * vstat.scaling;

    </pre>

    <p>
    <a href="https://scan.coverity.com/projects/synchronet?tab=overview" class="button">View Defects in Coverity Scan</a>
    </p>

    <p>Best regards,</p>
    <p>The Coverity Scan Admin Team</p>
    <img class="logo" width="140" src="https://scan.coverity.com/assets/BlackDuckLogo-6697adc63e07340464201a2ad534d3d3e44f95d36edda20b140440d34f05372f.svg" />
    </body>
    </html>
    ----==_mimepart_6a3a80c7a20e1_66e5f2bc3001679a4406f9--

    --- SBBSecho 3.37-Linux
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From scan-admin@coverity.com@1:103/705 to All on Fri Jun 26 12:49:28 2026

    ----==_mimepart_6a3e755815a7c_97dd12bc3001679a440652
    Content-Type: text/plain; charset=us-ascii
    Content-Transfer-Encoding: 7bit

    Hi,

    Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

    1 new defect(s) introduced to Synchronet found with Coverity Scan.
    2 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

    New defect(s) Reported-by: Coverity Scan
    Showing 1 of 1 defect(s)


    ** CID 647057: High impact quality (Y2K38_SAFETY)
    /mime.c: 43 in mimegetboundary()


    _____________________________________________________________________________________________
    *** CID 647057: High impact quality (Y2K38_SAFETY)
    /mime.c: 43 in mimegetboundary()
    37 int i, num;
    38 char* boundaryString = (char*)malloc(SIZEOF_MIMEBOUNDARY + 1);
    39
    40 /* A nonzero seed yields a deterministic boundary, so a message rendered
    41 * more than once (e.g. the DKIM sign/send two-pass) gets an identical 42 * boundary both times; seed==0 preserves the original time-seeded behavior. */
    CID 647057: High impact quality (Y2K38_SAFETY)
    A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "time(NULL)" is cast to "unsigned int".
    43 srand(seed != 0 ? seed : (unsigned int)time(NULL));
    44 if (boundaryString == NULL)
    45 return NULL;
    46 for (i = 0; i < SIZEOF_MIMEBOUNDARY; i++) {
    47 num = (rand() % 62);
    48 if (num < 10)


    ________________________________________________________________________________________________________
    To view the defects in Coverity Scan visit, https://scan.coverity.com/projects/synchronet?tab=overview


    ----==_mimepart_6a3e755815a7c_97dd12bc3001679a440652
    Content-Type: text/html; charset=us-ascii
    Content-Transfer-Encoding: 7bit

    <!DOCTYPE html>
    <html>
    <head>
    <meta charset="UTF-8">
    <title>New Defects Reported - Synchronet</title>
    <style>
    body { font-family: Arial, sans-serif; color: #222; line-height: 1.6; }
    .button {
    display: inline-block;
    padding: 10px 20px;
    margin: 20px 0;
    font-size: 16px;
    color: #fff !important;
    background-color: #0056b3;
    text-decoration: none;
    border-radius: 5px;
    }
    pre {
    background: #f8f9fa;
    padding: 10px;
    border-radius: 5px;
    font-size: 14px;
    overflow-x: auto;
    }
    </style>
    </head>
    <body>
    <p>Hi,</p>

    <p>
    Please find the latest report on new defect(s) introduced to <strong>Synchronet</strong>
    found with Coverity Scan.
    </p>

    <ul>
    <li><strong>New Defects Found:</strong> 1</li>
    <li>
    2 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.
    </li>
    <li><strong>Defects Shown:</strong> Showing 1 of 1 defect(s)</li>
    </ul>

    <h3>Defect Details</h3>
    <pre>
    ** CID 647057: High impact quality (Y2K38_SAFETY)
    /mime.c: 43 in mimegetboundary()


    _____________________________________________________________________________________________
    *** CID 647057: High impact quality (Y2K38_SAFETY)
    /mime.c: 43 in mimegetboundary()
    37 int i, num;
    38 char* boundaryString = (char*)malloc(SIZEOF_MIMEBOUNDARY + 1);
    39
    40 /* A nonzero seed yields a deterministic boundary, so a message rendered
    41 * more than once (e.g. the DKIM sign/send two-pass) gets an identical 42 * boundary both times; seed==0 preserves the original time-seeded behavior. */
    &gt;&gt;&gt; CID 647057: High impact quality (Y2K38_SAFETY) &gt;&gt;&gt; A &quot;time_t&quot; value is stored in an integer with too few bits to accommodate it. The expression &quot;time(NULL)&quot; is cast to &quot;unsigned int&quot;.
    43 srand(seed != 0 ? seed : (unsigned int)time(NULL));
    44 if (boundaryString == NULL)
    45 return NULL;
    46 for (i = 0; i &lt; SIZEOF_MIMEBOUNDARY; i++) {
    47 num = (rand() % 62);
    48 if (num &lt; 10)

    </pre>

    <p>
    <a href="https://scan.coverity.com/projects/synchronet?tab=overview" class="button">View Defects in Coverity Scan</a>
    </p>

    <p>Best regards,</p>
    <p>The Coverity Scan Admin Team</p>
    <img class="logo" width="140" src="https://scan.coverity.com/assets/BlackDuckLogo-6697adc63e07340464201a2ad534d3d3e44f95d36edda20b140440d34f05372f.svg" />
    </body>
    </html>
    ----==_mimepart_6a3e755815a7c_97dd12bc3001679a440652--

    --- SBBSecho 3.37-Linux
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From scan-admin@coverity.com@1:103/705 to All on Tue Jun 30 12:45:51 2026

    ----==_mimepart_6a43ba7ee4202_10fd2d07606579a05205c
    Content-Type: text/plain; charset=us-ascii
    Content-Transfer-Encoding: 7bit

    Hi,

    Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

    1 new defect(s) introduced to Synchronet found with Coverity Scan.


    New defect(s) Reported-by: Coverity Scan
    Showing 1 of 1 defect(s)


    ** CID 647297: Concurrent data access violations (MISSING_LOCK) /tmp/sbbs-Jun-30-2026/src/conio/key.c: 34 in ciokey_init()


    _____________________________________________________________________________________________
    *** CID 647297: Concurrent data access violations (MISSING_LOCK) /tmp/sbbs-Jun-30-2026/src/conio/key.c: 34 in ciokey_init()
    28 static pthread_once_t ciokey_initialized = PTHREAD_ONCE_INIT;
    29
    30 static void
    31 ciokey_init(void)
    32 {
    33 memset(&state, 0, sizeof(state));
    CID 647297: Concurrent data access violations (MISSING_LOCK) >>> Accessing "state.events" without holding lock "ciokey_state.mutex". Elsewhere, "ciokey_state.events" is written to with "ciokey_state.mutex" held 6 out of 8 times.
    34 listInit(&state.events, 0);
    35 assert_pthread_mutex_init(&state.mutex, NULL);
    36 state.wake_event = CreateEvent(NULL, FALSE, FALSE, NULL);
    37 }
    38
    39 static void


    ________________________________________________________________________________________________________
    To view the defects in Coverity Scan visit, https://scan.coverity.com/projects/synchronet?tab=overview


    ----==_mimepart_6a43ba7ee4202_10fd2d07606579a05205c
    Content-Type: text/html; charset=us-ascii
    Content-Transfer-Encoding: 7bit

    <!DOCTYPE html>
    <html>
    <head>
    <meta charset="UTF-8">
    <title>New Defects Reported - Synchronet</title>
    <style>
    body { font-family: Arial, sans-serif; color: #222; line-height: 1.6; }
    .button {
    display: inline-block;
    padding: 10px 20px;
    margin: 20px 0;
    font-size: 16px;
    color: #fff !important;
    background-color: #0056b3;
    text-decoration: none;
    border-radius: 5px;
    }
    pre {
    background: #f8f9fa;
    padding: 10px;
    border-radius: 5px;
    font-size: 14px;
    overflow-x: auto;
    }
    </style>
    </head>
    <body>
    <p>Hi,</p>

    <p>
    Please find the latest report on new defect(s) introduced to <strong>Synchronet</strong>
    found with Coverity Scan.
    </p>

    <ul>
    <li><strong>New Defects Found:</strong> 1</li>
    <li><strong>Defects Shown:</strong> Showing 1 of 1 defect(s)</li>
    </ul>

    <h3>Defect Details</h3>
    <pre>
    ** CID 647297: Concurrent data access violations (MISSING_LOCK) /tmp/sbbs-Jun-30-2026/src/conio/key.c: 34 in ciokey_init()


    _____________________________________________________________________________________________
    *** CID 647297: Concurrent data access violations (MISSING_LOCK) /tmp/sbbs-Jun-30-2026/src/conio/key.c: 34 in ciokey_init()
    28 static pthread_once_t ciokey_initialized = PTHREAD_ONCE_INIT;
    29
    30 static void
    31 ciokey_init(void)
    32 {
    33 memset(&amp;state, 0, sizeof(state));
    &gt;&gt;&gt; CID 647297: Concurrent data access violations (MISSING_LOCK)
    &gt;&gt;&gt; Accessing &quot;state.events&quot; without holding lock &quot;ciokey_state.mutex&quot;. Elsewhere, &quot;ciokey_state.events&quot; is written to with &quot;ciokey_state.mutex&quot; held 6 out of 8 times.
    34 listInit(&amp;state.events, 0);
    35 assert_pthread_mutex_init(&amp;state.mutex, NULL);
    36 state.wake_event = CreateEvent(NULL, FALSE, FALSE, NULL);
    37 }
    38
    39 static void

    </pre>

    <p>
    <a href="https://scan.coverity.com/projects/synchronet?tab=overview" class="button">View Defects in Coverity Scan</a>
    </p>

    <p>Best regards,</p>
    <p>The Coverity Scan Admin Team</p>
    <img class="logo" width="140" src="https://scan.coverity.com/assets/BlackDuckLogo-6697adc63e07340464201a2ad534d3d3e44f95d36edda20b140440d34f05372f.svg" />
    </body>
    </html>
    ----==_mimepart_6a43ba7ee4202_10fd2d07606579a05205c--

    --- SBBSecho 3.37-Linux
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From scan-admin@coverity.com@1:103/705 to All on Mon Jul 6 12:49:33 2026

    ----==_mimepart_6a4ba45cb5511_60e5c2d07606579a0520e1
    Content-Type: text/plain; charset=us-ascii
    Content-Transfer-Encoding: 7bit

    Hi,

    Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

    1 new defect(s) introduced to Synchronet found with Coverity Scan.
    1 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

    New defect(s) Reported-by: Coverity Scan
    Showing 1 of 1 defect(s)


    ** CID 648908: Resource leaks (RESOURCE_LEAK)
    /prntfile.cpp: 747 in sbbs_t::menu_exists_in(const char *, const char *, const char *, bool, char *)()


    _____________________________________________________________________________________________
    *** CID 648908: Resource leaks (RESOURCE_LEAK)
    /prntfile.cpp: 747 in sbbs_t::menu_exists_in(const char *, const char *, const char *, bool, char *)()
    741 if (*code == '.')
    742 *sub = '\0';
    743 if (mods)
    744 SAFEPRINTF3(prefix, "%stext/menu/%s%s", cfg.mods_dir, sub, code);
    745 else
    746 SAFEPRINTF3(prefix, "%smenu/%s%s", cfg.text_dir, sub, code);
    CID 648908: Resource leaks (RESOURCE_LEAK)
    Ignoring storage allocated by "_fullpath(path, prefix, 4096UL)" leaks it.
    747 FULLPATH(path, prefix, MAX_PATH);
    748 SAFECOPY(prefix, path);
    749 }
    750 // Display specified EXACT width file
    751 safe_snprintf(path, MAX_PATH, "%s.%ucol.%s", prefix, term->cols, ext);
    752 if (fexistcase(path))


    ________________________________________________________________________________________________________
    To view the defects in Coverity Scan visit, https://scan.coverity.com/projects/synchronet?tab=overview


    ----==_mimepart_6a4ba45cb5511_60e5c2d07606579a0520e1
    Content-Type: text/html; charset=us-ascii
    Content-Transfer-Encoding: 7bit

    <!DOCTYPE html>
    <html>
    <head>
    <meta charset="UTF-8">
    <title>New Defects Reported - Synchronet</title>
    <style>
    body { font-family: Arial, sans-serif; color: #222; line-height: 1.6; }
    .button {
    display: inline-block;
    padding: 10px 20px;
    margin: 20px 0;
    font-size: 16px;
    color: #fff !important;
    background-color: #0056b3;
    text-decoration: none;
    border-radius: 5px;
    }
    pre {
    background: #f8f9fa;
    padding: 10px;
    border-radius: 5px;
    font-size: 14px;
    overflow-x: auto;
    }
    </style>
    </head>
    <body>
    <p>Hi,</p>

    <p>
    Please find the latest report on new defect(s) introduced to <strong>Synchronet</strong>
    found with Coverity Scan.
    </p>

    <ul>
    <li><strong>New Defects Found:</strong> 1</li>
    <li>
    1 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.
    </li>
    <li><strong>Defects Shown:</strong> Showing 1 of 1 defect(s)</li>
    </ul>

    <h3>Defect Details</h3>
    <pre>
    ** CID 648908: Resource leaks (RESOURCE_LEAK)
    /prntfile.cpp: 747 in sbbs_t::menu_exists_in(const char *, const char *, const char *, bool, char *)()


    _____________________________________________________________________________________________
    *** CID 648908: Resource leaks (RESOURCE_LEAK)
    /prntfile.cpp: 747 in sbbs_t::menu_exists_in(const char *, const char *, const char *, bool, char *)()
    741 if (*code == &#39;.&#39;)
    742 *sub = &#39;\0&#39;;
    743 if (mods)
    744 SAFEPRINTF3(prefix, &quot;%stext/menu/%s%s&quot;, cfg.mods_dir, sub, code);
    745 else
    746 SAFEPRINTF3(prefix, &quot;%smenu/%s%s&quot;, cfg.text_dir, sub, code);
    &gt;&gt;&gt; CID 648908: Resource leaks (RESOURCE_LEAK) &gt;&gt;&gt; Ignoring storage allocated by &quot;_fullpath(path, prefix, 4096UL)&quot; leaks it.
    747 FULLPATH(path, prefix, MAX_PATH);
    748 SAFECOPY(prefix, path);
    749 }
    750 // Display specified EXACT width file
    751 safe_snprintf(path, MAX_PATH, &quot;%s.%ucol.%s&quot;, prefix, term-&gt;cols, ext);
    752 if (fexistcase(path))

    </pre>

    <p>
    <a href="https://scan.coverity.com/projects/synchronet?tab=overview" class="button">View Defects in Coverity Scan</a>
    </p>

    <p>Best regards,</p>
    <p>The Coverity Scan Admin Team</p>
    <img class="logo" width="140" src="https://scan.coverity.com/assets/BlackDuckLogo-6697adc63e07340464201a2ad534d3d3e44f95d36edda20b140440d34f05372f.svg" />
    </body>
    </html>
    ----==_mimepart_6a4ba45cb5511_60e5c2d07606579a0520e1--

    --- SBBSecho 3.37-Linux
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)