New Defects reported by Coverity Scan for Synchronet

BBS:      TELESC.NET.BR
Assunto:  New Defects reported by Coverity Scan for Synchronet
De:       scan-admin@coverity.com
Data:     Tue, 21 Apr 2026 12:52:54 +0000
-----------------------------------------------------------
Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

6 new defect(s) introduced to Synchronet found with Coverity Scan.
2 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 6 of 6 defect(s)


** CID 645741:       Data race undermines locking  (LOCK_EVASION)
/tmp/sbbs-Apr-21-2026/src/xpdev/xpbeep.c: 2092           in xp_audio_play()


_____________________________________________________________________________________________
*** CID 645741:         Data race undermines locking  (LOCK_EVASION)
/tmp/sbbs-Apr-21-2026/src/xpdev/xpbeep.c: 2092             in xp_audio_play()
2086     		if (!newring) {
2087     			assert_pthread_mutex_unlock(&s->mutex);
2088     			xp_audio_close(h);
2089     			return -1;
2090     		}
2091     		s->ring        = newring;
>>>     CID 645741:         Data race undermines locking  (LOCK_EVASION)
>>>     Thread1 sets "ring_frames" to a new value. Now the two threads have an inconsistent view of "ring_frames" and updates to fields correlated with "ring_frames" may be lost.
2092     		s->ring_frames = nframes;
2093     		assert_pthread_mutex_unlock(&s->mutex);
2094     	}
2095     	if (loop) {
2096     		assert_pthread_mutex_lock(&s->mutex);
2097     		s->loop = true;

** CID 645740:       Null pointer dereferences  (NULL_RETURNS)
/tmp/sbbs-Apr-21-2026/src/xpdev/xpbeep.c: 2082           in xp_audio_play()


_____________________________________________________________________________________________
*** CID 645740:         Null pointer dereferences  (NULL_RETURNS)
/tmp/sbbs-Apr-21-2026/src/xpdev/xpbeep.c: 2082             in xp_audio_play()
2076
2077     	if (h < 0)
2078     		return -1;
2079     	s = stream_from_handle(h);
2080     	/* Resize ring to fit exactly if larger than default. Loop mode requires
2081     	 * the ring to hold the full sample (read wraps to write_pos). */
>>>     CID 645740:         Null pointer dereferences  (NULL_RETURNS)
>>>     Dereferencing "s", which is known to be "NULL".
2082     	if (nframes > s->ring_frames) {
2083     		int16_t *newring;
2084     		assert_pthread_mutex_lock(&s->mutex);
2085     		newring = realloc(s->ring, nframes * S_CHANNELS * sizeof(int16_t));
2086     		if (!newring) {
2087     			assert_pthread_mutex_unlock(&s->mutex);

** CID 645739:       Concurrent data access violations  (MISSING_LOCK)
/tmp/sbbs-Apr-21-2026/src/xpdev/xpbeep.c: 1862           in xp_audio_open()


_____________________________________________________________________________________________
*** CID 645739:         Concurrent data access violations  (MISSING_LOCK)
/tmp/sbbs-Apr-21-2026/src/xpdev/xpbeep.c: 1862             in xp_audio_open()
1856
1857     	assert_pthread_mutex_lock(&mixer_lock);
1858     	/* Reap any done+auto_close streams first to free slots. Safe under
1859     	 * mixer_lock  no mixer pull is in progress. */
1860     	for (i = 0; i < XP_AUDIO_MAX_STREAMS; i++) {
1861     		struct xp_audio_stream *r = mixer_streams[i];
>>>     CID 645739:         Concurrent data access violations  (MISSING_LOCK)
>>>     Accessing "r->done" without holding lock "xp_audio_stream.mutex". Elsewhere, "xp_audio_stream.done" is written to with "xp_audio_stream.mutex" held 4 out of 4 times (1 of these accesses strongly imply that it is necessary).
1862     		if (r && r->auto_close && r->done) {
1863     			mixer_streams[i] = NULL;
1864     			free_stream_locked(r);
1865     		}
1866     	}
1867     	for (i = 0; i < XP_AUDIO_MAX_STREAMS; i++) {

** CID 645738:       Uninitialized variables  (UNINIT)


_____________________________________________________________________________________________
*** CID 645738:         Uninitialized variables  (UNINIT)
/tmp/sbbs-Apr-21-2026/src/conio/cterm_cterm.c: 1125             in play_music()
1119     						if (buf) {
1120     							if (note_frames > 0)
1121     								xptone_makewave(freq, buf, note_frames, WAVE_SHAPE_SINE_SAW_HARM);
1122     							if (pause_frames > 0)
1123     								memset(buf + (size_t)note_frames * XPBEEP_CHANNELS, 0,
1124     								       (size_t)pause_frames * XPBEEP_FRAMESIZE);
>>>     CID 645738:         Uninitialized variables  (UNINIT)
>>>     Using uninitialized value "*buf" when calling "xp_audio_append".
1125     							xp_audio_append(cterm->music_stream, buf, total_frames);
1126     							free(buf);
1127     							if (cterm->musicfore) {
1128     								xp_audio_wait(cterm->music_stream);
1129     								had_foreground = 1;
1130     							}

** CID 645737:       Concurrent data access violations  (MISSING_LOCK)
/tmp/sbbs-Apr-21-2026/src/xpdev/xpbeep.c: 2082           in xp_audio_play()


_____________________________________________________________________________________________
*** CID 645737:         Concurrent data access violations  (MISSING_LOCK)
/tmp/sbbs-Apr-21-2026/src/xpdev/xpbeep.c: 2082             in xp_audio_play()
2076
2077     	if (h < 0)
2078     		return -1;
2079     	s = stream_from_handle(h);
2080     	/* Resize ring to fit exactly if larger than default. Loop mode requires
2081     	 * the ring to hold the full sample (read wraps to write_pos). */
>>>     CID 645737:         Concurrent data access violations  (MISSING_LOCK)
>>>     Accessing "s->ring_frames" without holding lock "xp_audio_stream.mutex". Elsewhere, "xp_audio_stream.ring_frames" is written to with "xp_audio_stream.mutex" held 1 out of 1 times.
2082     	if (nframes > s->ring_frames) {
2083     		int16_t *newring;
2084     		assert_pthread_mutex_lock(&s->mutex);
2085     		newring = realloc(s->ring, nframes * S_CHANNELS * sizeof(int16_t));
2086     		if (!newring) {
2087     			assert_pthread_mutex_unlock(&s->mutex);

** CID 645736:       Concurrent data access violations  (MISSING_LOCK)
/tmp/sbbs-Apr-21-2026/src/xpdev/xpbeep.c: 1862           in xp_audio_open()


_____________________________________________________________________________________________
*** CID 645736:         Concurrent data access violations  (MISSING_LOCK)
/tmp/sbbs-Apr-21-2026/src/xpdev/xpbeep.c: 1862             in xp_audio_open()
1856
1857     	assert_pthread_mutex_lock(&mixer_lock);
1858     	/* Reap any done+auto_close streams first to free slots. Safe under
1859     	 * mixer_lock  no mixer pull is in progress. */
1860     	for (i = 0; i < XP_AUDIO_MAX_STREAMS; i++) {
1861     		struct xp_audio_stream *r = mixer_streams[i];
>>>     CID 645736:         Concurrent data access violations  (MISSING_LOCK)
>>>     Accessing "r->auto_close" without holding lock "xp_audio_stream.mutex". Elsewhere, "xp_audio_stream.auto_close" is written to with "xp_audio_stream.mutex" held 1 out of 1 times (1 of these accesses strongly imply that it is necessary).
1862     		if (r && r->auto_close && r->done) {
1863     			mixer_streams[i] = NULL;
1864     			free_stream_locked(r);
1865     		}
1866     	}
1867     	for (i = 0; i < XP_AUDIO_MAX_STREAMS; i++) {


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://scan.coverity.com/projects/synchronet?tab=overview


n
---
 * mSynchronetn * hgVertrauen n hHome of Synchronet n gh[vert/cvs/bbs].synchro.net

-----------------------------------------------------------
[Voltar]