• New Defects reported by Coverity Scan for Synchronet

    From scan-admin@coverity.com@VERT to All on Tue Jun 23 12:49:12 2026
    Hi,

    Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

    2 new defect(s) introduced to Synchronet found with Coverity Scan.


    New defect(s) Reported-by: Coverity Scan
    Showing 2 of 2 defect(s)


    ** CID 646963: Concurrent data access violations (MISSING_LOCK) /echocfg.c: 863 in main()


    _____________________________________________________________________________________________
    *** CID 646963: Concurrent data access violations (MISSING_LOCK) /echocfg.c: 863 in main()
    857 uifc.mode |= UIFC_COLOR;
    858 break;
    859 case 'V':
    860 video_mode = atoi(argv[i] + 2); 861 break;
    862 case 'S':
    CID 646963: Concurrent data access violations (MISSING_LOCK) >>> Accessing "ciolib_initial_scaling" without holding lock "vstatlock". Elsewhere, "ciolib_initial_scaling" is written to with "vstatlock" held 5 out of 7 times.
    863 ciolib_initial_scaling = strtod(argv[i] + 2, NULL);
    864 break;
    865 default:
    866 USAGE:
    867 #ifdef _WIN32
    868 uifc.size = sizeof(uifc);

    ** CID 646962: Concurrent data access violations (MISSING_LOCK) /tmp/sbbs-Jun-23-2026/src/conio/sdl_con.c: 408 in sdl_init()


    _____________________________________________________________________________________________
    *** CID 646962: Concurrent data access violations (MISSING_LOCK) /tmp/sbbs-Jun-23-2026/src/conio/sdl_con.c: 408 in sdl_init()
    402
    403 /* Called from main thread only (Passes Event) */
    404 int sdl_init(int mode)
    405 {
    406 load_vmode(&vstat, ciolib_initial_mode);
    407 if (vstat.scaling < 1.0)
    CID 646962: Concurrent data access violations (MISSING_LOCK) >>> Accessing "ciolib_initial_scaling" without holding lock "vstatlock". Elsewhere, "ciolib_initial_scaling" is written to with "vstatlock" held 5 out of 7 times.
    408 vstat.scaling = ciolib_initial_scaling;
    409 if (vstat.scaling < 1.0)
    410 vstat.scaling = 1.0;
    411 // TODO: This is gross, why do we need it?
    412 vstat.winwidth = vstat.scrnwidth * vstat.scaling;
    413 vstat.winheight = vstat.scrnheight * vstat.scaling;


    ________________________________________________________________________________________________________
    To view the defects in Coverity Scan visit, https://scan.coverity.com/projects/synchronet?tab=overview



    ---
    * Synchronet * Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
  • From scan-admin@coverity.com@VERT to All on Fri Jun 26 12:49:28 2026
    Hi,

    Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

    1 new defect(s) introduced to Synchronet found with Coverity Scan.
    2 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

    New defect(s) Reported-by: Coverity Scan
    Showing 1 of 1 defect(s)


    ** CID 647057: High impact quality (Y2K38_SAFETY)
    /mime.c: 43 in mimegetboundary()


    _____________________________________________________________________________________________
    *** CID 647057: High impact quality (Y2K38_SAFETY)
    /mime.c: 43 in mimegetboundary()
    37 int i, num;
    38 char* boundaryString = (char*)malloc(SIZEOF_MIMEBOUNDARY + 1);
    39
    40 /* A nonzero seed yields a deterministic boundary, so a message rendered
    41 * more than once (e.g. the DKIM sign/send two-pass) gets an identical 42 * boundary both times; seed==0 preserves the original time-seeded behavior. */
    CID 647057: High impact quality (Y2K38_SAFETY)
    A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "time(NULL)" is cast to "unsigned int".
    43 srand(seed != 0 ? seed : (unsigned int)time(NULL));
    44 if (boundaryString == NULL)
    45 return NULL;
    46 for (i = 0; i < SIZEOF_MIMEBOUNDARY; i++) {
    47 num = (rand() % 62);
    48 if (num < 10)


    ________________________________________________________________________________________________________
    To view the defects in Coverity Scan visit, https://scan.coverity.com/projects/synchronet?tab=overview



    ---
    * Synchronet * Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
  • From scan-admin@coverity.com@VERT to All on Tue Jun 30 12:45:51 2026
    Hi,

    Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

    1 new defect(s) introduced to Synchronet found with Coverity Scan.


    New defect(s) Reported-by: Coverity Scan
    Showing 1 of 1 defect(s)


    ** CID 647297: Concurrent data access violations (MISSING_LOCK) /tmp/sbbs-Jun-30-2026/src/conio/key.c: 34 in ciokey_init()


    _____________________________________________________________________________________________
    *** CID 647297: Concurrent data access violations (MISSING_LOCK) /tmp/sbbs-Jun-30-2026/src/conio/key.c: 34 in ciokey_init()
    28 static pthread_once_t ciokey_initialized = PTHREAD_ONCE_INIT;
    29
    30 static void
    31 ciokey_init(void)
    32 {
    33 memset(&state, 0, sizeof(state));
    CID 647297: Concurrent data access violations (MISSING_LOCK) >>> Accessing "state.events" without holding lock "ciokey_state.mutex". Elsewhere, "ciokey_state.events" is written to with "ciokey_state.mutex" held 6 out of 8 times.
    34 listInit(&state.events, 0);
    35 assert_pthread_mutex_init(&state.mutex, NULL);
    36 state.wake_event = CreateEvent(NULL, FALSE, FALSE, NULL);
    37 }
    38
    39 static void


    ________________________________________________________________________________________________________
    To view the defects in Coverity Scan visit, https://scan.coverity.com/projects/synchronet?tab=overview



    ---
    * Synchronet * Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net