BBS: TELESC.NET.BR
Assunto: New Defects reported by Coverity Scan for Synchronet
De: scan-admin@coverity.com
Data: Mon, 11 May 2026 15:35:32 +0000
-----------------------------------------------------------
Hi,
Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.
4 new defect(s) introduced to Synchronet found with Coverity Scan.
1 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 4 of 4 defect(s)
** CID 646038: Performance inefficiencies (COPY_INSTEAD_OF_MOVE)
/mqtt_broker.cpp: 292 in mqtt5::Broker::publish_sys(const char *, const void *, unsigned long, const mqtt5::Properties *)()
_____________________________________________________________________________________________
*** CID 646038: Performance inefficiencies (COPY_INSTEAD_OF_MOVE)
/mqtt_broker.cpp: 292 in mqtt5::Broker::publish_sys(const char *, const void *, unsigned long, const mqtt5::Properties *)()
286 static_cast(payload) + len);
287 if (props)
288 msg->props = *props;
289 msg->created_at = time(nullptr);
290
291 std::lock_guard lock(m_mutex);
>>> CID 646038: Performance inefficiencies (COPY_INSTEAD_OF_MOVE)
>>> "msg" is passed-by-value as parameter to "std::shared_ptr::shared_ptr(std::shared_ptr const &) /*explicit =default*/", when it could be moved instead.
292 route_publish("$SYS", msg);
293 for (auto it_s = m_sessions.begin(); it_s != m_sessions.end(); ++it_s)
294 if (!it_s->second.send_buf.empty())
295 flush_network(it_s->second);
296 }
297
** CID 646037: Error handling issues (CHECKED_RETURN)
/mqtt_client.cpp: 323 in mqtt5::Client::connect(const char *, unsigned short, const char *, const char *, const char *, int, int, int, const char *, const char *, const char *, const char *, const char *, const char *, scfg_t *, int (*)(int, const char *, ...))()
_____________________________________________________________________________________________
*** CID 646037: Error handling issues (CHECKED_RETURN)
/mqtt_client.cpp: 323 in mqtt5::Client::connect(const char *, unsigned short, const char *, const char *, const char *, int, int, int, const char *, const char *, const char *, const char *, const char *, const char *, scfg_t *, int (*)(int, const char *, ...))()
317
318 cryptSetAttribute(m_tls_sess, CRYPT_SESSINFO_NETWORKSOCKET, m_sock);
319 if (tls_mode == MQTT_TLS_PSK || tls_mode == MQTT_TLS_SBBS) {
320 cryptSetAttribute(m_tls_sess, CRYPT_SESSINFO_TLS_OPTIONS, CRYPT_TLSOPTION_DISABLE_CERTVERIFY);
321 cryptSetAttribute(m_tls_sess, CRYPT_SESSINFO_TLS_OPTIONS, CRYPT_TLSOPTION_DISABLE_NAMEVERIFY);
322 }
>>> CID 646037: Error handling issues (CHECKED_RETURN)
>>> Calling "cryptSetAttributeString" without checking return value (as is done elsewhere 18 out of 21 times).
323 cryptSetAttributeString(m_tls_sess, CRYPT_SESSINFO_SERVER_NAME, host, strlen(host));
324 ret = cryptSetAttribute(m_tls_sess, CRYPT_SESSINFO_ACTIVE, 1);
325 if (ret != CRYPT_OK) {
326 if (lprintf) {
327 char *estr = NULL;
328 get_crypt_error_string(ret, m_tls_sess, &estr, "TLS handshake", NULL);
** CID 646036: Performance inefficiencies (COPY_INSTEAD_OF_MOVE)
_____________________________________________________________________________________________
*** CID 646036: Performance inefficiencies (COPY_INSTEAD_OF_MOVE)
/mqtt_client.cpp: 162 in mqtt5::Client::handle_packet(unsigned char, unsigned char, const unsigned char *, unsigned long)()
156 ReceivedMessage rm;
157 rm.topic = msg->topic;
158 rm.payload = msg->payload;
159 rm.mid = pid;
160 rm.qos = msg->qos();
161 rm.retain = msg->retain();
>>> CID 646036: Performance inefficiencies (COPY_INSTEAD_OF_MOVE)
>>> "rm" is copied and then passed-by-reference as parameter to STL insertion function "std::deque >::push_back(std::deque >::value_type const &)", when it could be moved instead.
162 m_queue.push_back(rm);
163 if (msg->qos() == 1)
164 send_packet(build_ack(PUBACK, pid, 0));
165 else if (msg->qos() == 2) {
166 send_packet(build_ack(PUBREC, pid, 0));
167 }
** CID 646035: Error handling issues (CHECKED_RETURN)
/mqtt_client.cpp: 264 in mqtt5::Client::connect(const char *, unsigned short, const char *, const char *, const char *, int, int, int, const char *, const char *, const char *, const char *, const char *, const char *, scfg_t *, int (*)(int, const char *, ...))()
_____________________________________________________________________________________________
*** CID 646035: Error handling issues (CHECKED_RETURN)
/mqtt_client.cpp: 264 in mqtt5::Client::connect(const char *, unsigned short, const char *, const char *, const char *, int, int, int, const char *, const char *, const char *, const char *, const char *, const char *, scfg_t *, int (*)(int, const char *, ...))()
258 if (m_sock == INVALID_SOCKET) {
259 m_last_error = -1;
260 return -1;
261 }
262
263 int nodelay = 1;
>>> CID 646035: Error handling issues (CHECKED_RETURN)
>>> Calling "setsockopt(this->m_sock, IPPROTO_TCP, 1, (char *)&nodelay, 4U)" without checking return value. This library function may fail and return an error code.
264 setsockopt(m_sock, IPPROTO_TCP, TCP_NODELAY, (char *)&nodelay, sizeof(nodelay));
265
266 if (tls_mode != MQTT_TLS_DISABLED) {
267 if (!do_cryptInit(lprintf)) {
268 closesocket(m_sock);
269 m_sock = INVALID_SOCKET;
________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://scan.coverity.com/projects/synchronet?tab=overview
n
---
* mSynchronetn * hgVertrauen n hHome of Synchronet n gh[vert/cvs/bbs].synchro.net
-----------------------------------------------------------
[Voltar]