BBS: TELESC.NET.BR
Assunto: New Defects reported by Coverity Scan for Synchronet
De: scan-admin@coverity.com
Data: Sun, 19 Apr 2026 12:52:21 +0000
-----------------------------------------------------------
Hi,
Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.
3 new defect(s) introduced to Synchronet found with Coverity Scan.
3 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 3 of 3 defect(s)
** CID 645706: Error handling issues (NEGATIVE_RETURNS)
/tmp/sbbs-Apr-19-2026/src/conio/cterm_cterm.c: 635 in cterm_cterm_handle_font_dcs()
_____________________________________________________________________________________________
*** CID 645706: Error handling issues (NEGATIVE_RETURNS)
/tmp/sbbs-Apr-19-2026/src/conio/cterm_cterm.c: 635 in cterm_cterm_handle_font_dcs()
629 return;
630 if (cterm->font_slot > 255)
631 return;
632 if (p && *p == ':') {
633 p++;
634 i = b64_decode(cterm->fontbuf, sizeof(cterm->fontbuf), p, 0);
>>> CID 645706: Error handling issues (NEGATIVE_RETURNS)
>>> "i" is passed to a parameter that cannot be negative.
635 p2 = malloc(i);
636 if (p2) {
637 memcpy(p2, cterm->fontbuf, i);
638 replace_font(cterm->font_slot,
639 strdup("Remote Defined Font"), p2, i);
640 }
** CID 645705: Memory - corruptions (OVERRUN)
/tmp/sbbs-Apr-19-2026/src/conio/cterm_cterm.c: 637 in cterm_cterm_handle_font_dcs()
_____________________________________________________________________________________________
*** CID 645705: Memory - corruptions (OVERRUN)
/tmp/sbbs-Apr-19-2026/src/conio/cterm_cterm.c: 637 in cterm_cterm_handle_font_dcs()
631 return;
632 if (p && *p == ':') {
633 p++;
634 i = b64_decode(cterm->fontbuf, sizeof(cterm->fontbuf), p, 0);
635 p2 = malloc(i);
636 if (p2) {
>>> CID 645705: Memory - corruptions (OVERRUN)
>>> Calling "memcpy" with "p2" and "i" is suspicious because of the very large index, 18446744073709551615. The index may be due to a negative parameter being interpreted as unsigned.
637 memcpy(p2, cterm->fontbuf, i);
638 replace_font(cterm->font_slot,
639 strdup("Remote Defined Font"), p2, i);
640 }
641 }
642 }
** CID 645704: (STRING_OVERFLOW)
/tmp/sbbs-Apr-19-2026/src/conio/cterm_dec.c: 2139 in cterm_dec_dcs_finish()
/tmp/sbbs-Apr-19-2026/src/conio/cterm_dec.c: 2135 in cterm_dec_dcs_finish()
_____________________________________________________________________________________________
*** CID 645704: (STRING_OVERFLOW)
/tmp/sbbs-Apr-19-2026/src/conio/cterm_dec.c: 2139 in cterm_dec_dcs_finish()
2133 if (cterm->fg_tc_str) {
2134 strcat(tmp, ";");
2135 strcat(tmp, cterm->fg_tc_str);
2136 }
2137 if (cterm->bg_tc_str) {
2138 strcat(tmp, ";");
>>> CID 645704: (STRING_OVERFLOW)
>>> You might overrun the 3072-character fixed-size string "tmp" by copying "cterm->bg_tc_str" without checking the length.
2139 strcat(tmp, cterm->bg_tc_str);
2140 }
2141 strcat(tmp, "m\x1b\\");
2142 cterm_respond(cterm, tmp, strlen(tmp));
2143 }
2144 else {
/tmp/sbbs-Apr-19-2026/src/conio/cterm_dec.c: 2135 in cterm_dec_dcs_finish()
2129 case 6: strcat(tmp, ";43"); break;
2130 case 7: strcat(tmp, ";47"); break;
2131 }
2132 }
2133 if (cterm->fg_tc_str) {
2134 strcat(tmp, ";");
>>> CID 645704: (STRING_OVERFLOW)
>>> You might overrun the 3072-character fixed-size string "tmp" by copying "cterm->fg_tc_str" without checking the length.
2135 strcat(tmp, cterm->fg_tc_str);
2136 }
2137 if (cterm->bg_tc_str) {
2138 strcat(tmp, ";");
2139 strcat(tmp, cterm->bg_tc_str);
2140 }
________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://scan.coverity.com/projects/synchronet?tab=overview
n
---
* mSynchronetn * hgVertrauen n hHome of Synchronet n gh[vert/cvs/bbs].synchro.net
-----------------------------------------------------------
[Voltar]