89 fwrite(y2r, 4, 1 << 24, y);CID 453600: (NULL_RETURNS)
Dereferencing a pointer that might be "NULL" "r" when calling "fwrite". 88 fwrite(r2y, 4, 1 << 24, r);
90 fclose(s);CID 453600: (NULL_RETURNS)
Dereferencing a pointer that might be "NULL" "y" when calling "fwrite". 89 fwrite(y2r, 4, 1 << 24, y);
69 fprintf(s,CID 453600: (NULL_RETURNS)
Dereferencing a pointer that might be "NULL" "s" when calling "fprintf". [Note: The source code implementation of the function has been overridden by a builtin model.]
78 fprintf(h,CID 453600: (NULL_RETURNS)
Dereferencing a pointer that might be "NULL" "h" when calling "fprintf". [Note: The source code implementation of the function has been overridden by a builtin model.]
2135 sbbs->translate_input(wrbuf, wr);CID 453850: Memory - corruptions (OVERRUN)
Overrunning buffer pointed to by "wrbuf" of 4000 bytes by passing it to a function which accesses it at byte offset 4000 using argument "wr" (which evaluates to 4001).
72 sprintf(path, "%s/r2y.bin", argv[2]);CID 453849: (STRING_SIZE)
Passing string "argv[2]" of unknown size to "sprintf".
74 sprintf(path, "%s/y2r.bin", argv[2]);CID 453849: (STRING_SIZE)
Passing string "argv[2]" of unknown size to "sprintf".
68 sprintf(path, "%s/rgbmap.s", argv[2]);CID 453849: (STRING_SIZE)
Passing string "argv[2]" of unknown size to "sprintf".
70 sprintf(path, "%s/rgbmap.h", argv[2]);CID 453849: (STRING_SIZE)
Passing string "argv[2]" of unknown size to "sprintf".
562 x_cvstat = vstat;CID 453848: Concurrent data access violations (MISSING_LOCK)
Accessing "x_cvstat" without holding lock "vstatlock". Elsewhere, "x_cvstat" is accessed with "vstatlock" held 3 out of 4 times (1 of these accesses strongly imply that it is necessary).
336 if (x_cvstat.aspect_width != 0 && x_cvstat.aspect_height != 0) {CID 454698: Incorrect expression (IDENTICAL_BRANCHES)
The same code is executed regardless of whether "x_cvstat.aspect_width != 0 && x_cvstat.aspect_height != 0" is true, because the 'then' and 'else' branches are identical. Should one of the branches be modified, or the entire 'if' statement replaced?
565 return(-1);CID 454697: Program hangs (LOCK)
Returning without unlocking "vstatlock".
return true;".CID 454696: Control flow issues (UNREACHABLE)
This code cannot be reached: "if (fval == 0.)
904 x11.XPutImage(dpy, win, gc, xim, 0, 0, xoff, yoff, source->w, source->h);CID 462165: Null pointer dereferences (FORWARD_NULL)
Dereferencing null pointer "source".
448 vstat.scaling = sdl_getscaling();CID 462164: Concurrent data access violations (MISSING_LOCK)
Accessing "vstat.scaling" without holding lock "vstatlock". Elsewhere, "video_stats.scaling" is accessed with "vstatlock" held 13 out of 18 times (1 of these accesses strongly imply that it is necessary).
408 vstat.scaling = sdl_getscaling();CID 462163: Concurrent data access violations (MISSING_LOCK)
Accessing "vstat.scaling" without holding lock "vstatlock". Elsewhere, "video_stats.scaling" is accessed with "vstatlock" held 13 out of 18 times (1 of these accesses strongly imply that it is necessary).
657 vstat.scaling = sdl_getscaling();CID 462162: Concurrent data access violations (MISSING_LOCK)
Accessing "vstat.scaling" without holding lock "vstatlock". Elsewhere, "video_stats.scaling" is accessed with "vstatlock" held 13 out of 18 times (1 of these accesses strongly imply that it is necessary).
511 xp_dlclose(dl2);CID 462161: Null pointer dereferences (FORWARD_NULL)
Passing null pointer "dl2" to "dlclose", which dereferences it.
589 if(wmhints) {CID 462160: Null pointer dereferences (REVERSE_INULL)
Null-checking "wmhints" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
591 return(-1);CID 462159: (RESOURCE_LEAK)
Variable "dl2" going out of scope leaks the storage it points to.
552 return(-1);CID 462159: (RESOURCE_LEAK)
Variable "dl2" going out of scope leaks the storage it points to.
552 return(-1);CID 462159: (RESOURCE_LEAK)
Variable "dl2" going out of scope leaks the storage it points to.
557 return(-1);CID 462159: (RESOURCE_LEAK)
Variable "dl2" going out of scope leaks the storage it points to.
552 return(-1);CID 462159: (RESOURCE_LEAK)
Variable "dl2" going out of scope leaks the storage it points to.
563 return(-1);CID 462159: (RESOURCE_LEAK)
Variable "dl2" going out of scope leaks the storage it points to.
570 return(-1);CID 462159: (RESOURCE_LEAK)
Variable "dl2" going out of scope leaks the storage it points to.
1167 fwrite(&ch,1,1,tmp_shd);CID 462184: (RESOURCE_LEAK)
Variable "datoffset" going out of scope leaks the storage it points to. 1166 return;
1162 fwrite(&hdr,1,sizeof(smbhdr_t),tmp_shd);CID 462184: (RESOURCE_LEAK)
Variable "datoffset" going out of scope leaks the storage it points to. 1161 return;
1250 if(!m && *(ushort *)buf!=XLAT_NONE && *(ushort *)buf!=XLAT_LZH) {CID 462184: (RESOURCE_LEAK)
Variable "datoffset" going out of scope leaks the storage it points to. 1249 return;
564 xp_dlclose(dl3);CID 462183: Null pointer dereferences (FORWARD_NULL)
Passing null pointer "dl3" to "dlclose", which dereferences it.
619 return(-1);CID 462182: (RESOURCE_LEAK)
Variable "dl4" going out of scope leaks the storage it points to.
608 return(-1);CID 462182: (RESOURCE_LEAK)
Variable "dl4" going out of scope leaks the storage it points to.
613 return(-1);CID 462182: (RESOURCE_LEAK)
Variable "dl4" going out of scope leaks the storage it points to.
626 return(-1);CID 462182: (RESOURCE_LEAK)
Variable "dl4" going out of scope leaks the storage it points to.
647 return(-1);CID 462182: (RESOURCE_LEAK)
Variable "dl4" going out of scope leaks the storage it points to.
608 return(-1);CID 462181: Resource leaks (RESOURCE_LEAK)
Variable "dl3" going out of scope leaks the storage it points to.
579 xp_dlclose(dl4);CID 462180: Null pointer dereferences (FORWARD_NULL)
Passing null pointer "dl4" to "dlclose", which dereferences it.
305 }CID 462179: Control flow issues (DEADCODE)
Execution cannot reach this statement: "x11.XRRFreeCrtcInfo(xrrci);". 304 x11.XRRFreeCrtcInfo(xrrci);
428 ftruncate (execfd, offset);CID 462239: (CHECKED_RETURN)
Calling "ftruncate" without checking return value (as is done elsewhere 45 out of 52 times).
416 ftruncate (execfd, offset);CID 462239: (CHECKED_RETURN)
Calling "ftruncate" without checking return value (as is done elsewhere 45 out of 52 times).
1732 }CID 462238: (RESOURCE_LEAK)
Variable "instream" going out of scope leaks the storage it points to. 1731 return false;
1718 }CID 462238: (RESOURCE_LEAK)
Variable "instream" going out of scope leaks the storage it points to. 1717 return false;
244 return -4;CID 462237: Resource leaks (RESOURCE_LEAK)
Variable "buf" going out of scope leaks the storage it points to.
588 if (xinerama_found && ((x11.XRRQueryVersion = xp_dlsym(dl4, XRRQueryVersion)) == NULL)) {CID 462236: Null pointer dereferences (FORWARD_NULL)
Passing null pointer "dl4" to "dlsym", which dereferences it.
114 return __COUNTER__;CID 462235: Resource leaks (RESOURCE_LEAK)
Variable "body" going out of scope leaks the storage it points to.
303 return false;CID 462234: Resource leaks (RESOURCE_LEAK)
Variable "buf" going out of scope leaks the storage it points to.
3525 case 'a': /* Character Position Forward */CID 462300: Control flow issues (MISSING_BREAK)
The case for value "'a'" is not terminated by a "break" statement.
3533 case 'j': /* Character Position Backward */CID 462299: Control flow issues (MISSING_BREAK)
The case for value "'j'" is not terminated by a "break" statement.
1893 return(0);CID 462298: (NEGATIVE_RETURNS)
"this->curdirnum" is passed to a parameter that cannot be negative. 1892 csi->logic=select_editor() ? LOGIC_TRUE:LOGIC_FALSE;
1881 && chk_ar(cfg.shell[i]->ar,&useron,&client))CID 462298: (NEGATIVE_RETURNS)
"this->curdirnum" is passed to a parameter that cannot be negative. 1880 if(!stricmp(csi->str,cfg.shell[i]->code)
1182CID 462298: (NEGATIVE_RETURNS)
"this->curdirnum" is passed to a parameter that cannot be negative. 1181 return(exec_function(csi));
1500 return(0);CID 462298: (NEGATIVE_RETURNS)
"this->curdirnum" is passed to a parameter that cannot be negative. 1499 user_event((user_event_t)*(csi->ip++));
1182CID 462298: (NEGATIVE_RETURNS)
"this->cursubnum" is passed to a parameter that cannot be negative. 1181 return(exec_function(csi));
1762 return(0);CID 462298: (NEGATIVE_RETURNS)
"this->curdirnum" is passed to a parameter that cannot be negative. 1761 logout();
1539 return(0);CID 462298: (NEGATIVE_RETURNS)
"this->curdirnum" is passed to a parameter that cannot be negative. 1538 multinodechat(*csi->ip++);
1876 return(0);CID 462298: (NEGATIVE_RETURNS)
"this->curdirnum" is passed to a parameter that cannot be negative. 1875 csi->logic=select_shell() ? LOGIC_TRUE:LOGIC_FALSE;
1898 && chk_ar(cfg.xedit[i]->ar,&useron,&client))CID 462298: (NEGATIVE_RETURNS)
"this->curdirnum" is passed to a parameter that cannot be negative. 1897 if(!stricmp(csi->str,cfg.xedit[i]->code)
218 if(!smb_getmsghdr(&smb,&msg)) {CID 462297: Uninitialized variables (UNINIT)
Using uninitialized value "msg.idx_offset" when calling "smb_getmsghdr".
296 if((buf=(char*)malloc((cfg.level_linespermsg[useron_level]*MAX_LINE_LEN) + 1))CID 462296: Integer handling issues (SIGN_EXTENSION)
Suspicious implicit sign extension: "this->cfg.level_linespermsg[useron_level]" with type "uint16_t" (16 bits, unsigned) is promoted in "this->cfg.level_linespermsg[useron_level] * (this->cols - 1 + 2) + 1" to type "int" (32 bits, signed), then sign-extended to type "unsigned long" (64 bits, unsigned). If "this->cfg.level_linespermsg[useron_level] * (this->cols - 1 + 2) + 1" is greater than 0x7FFFFFFF, the upper bits of the result will all be 1.
3509 case 'A': /* Cursor Up */CID 462295: Control flow issues (MISSING_BREAK)
The case for value "'A'" is not terminated by a "break" statement.
1038 if(!writemsg(msgpath,nulstr,title,WM_NETMAIL|mode,INVALID_SUB, to_list, /* from: */your_addr, &editor, &charset)) {CID 462294: Integer handling issues (NEGATIVE_RETURNS)
A negative constant "-1" is passed as an argument to a parameter that cannot be negative.
200 if(!writemsg(msgpath,nulstr,subj,WM_NETMAIL|mode,INVALID_SUB, to, from, &editor, &charset)) {CID 462293: Integer handling issues (NEGATIVE_RETURNS)
A negative constant "-1" is passed as an argument to a parameter that cannot be negative.
526 strcat(*pp1,*pp2);CID 462292: (NULL_RETURNS)
Dereferencing a pointer that might be "nullptr" "*pp1" when calling "strcat". [Note: The source code implementation of the function has been overridden by a builtin model.]
526 strcat(*pp1,*pp2);CID 462292: (NULL_RETURNS)
Dereferencing a pointer that might be "nullptr" "*pp1" when calling "strcat". [Note: The source code implementation of the function has been overridden by a builtin model.]
3517 case 'B': /* Cursor Down */CID 462291: Control flow issues (MISSING_BREAK)
The case for value "'B'" is not terminated by a "break" statement.
1316 if(!writemsg(msgpath,nulstr,title, (mode|WM_QWKNET|WM_NETMAIL) ,INVALID_SUB,to,/* from: */useron.alias, &editor, &charset)) {CID 462290: Integer handling issues (NEGATIVE_RETURNS)
A negative constant "-1" is passed as an argument to a parameter that cannot be negative.
53 if(!writemsg(msgpath,nulstr,title,wm_mode,INVALID_SUB,"Bulk Mailing"CID 462289: Integer handling issues (NEGATIVE_RETURNS)
A negative constant "-1" is passed as an argument to a parameter that cannot be negative.
351 SAFEPRINTF(str,"%s ",unixtodstr(&cfg,(time32_t)now,tmp));CID 462288: High impact quality (Y2K38_SAFETY)
A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "this->now" is cast to "time32_t".
762 cp437_to_utf8_str(str, buf, sizeof(buf) - 1, /* minval: */'\x02');CID 462287: Insecure data handling (TAINTED_SCALAR)
Passing tainted expression "str" to "cp437_to_utf8_str", which uses it as an offset.
1796 remove(outpath); // expected to fail (file does not exist) much of the timeCID 462777: Error handling issues (CHECKED_RETURN)
Calling "remove(outpath)" without checking return value. This library function may fail and return an error code.
2447 return NULL;CID 465170: Resource leaks (RESOURCE_LEAK)
Variable "item" going out of scope leaks the storage it points to.
544 if((cfg.ftest = (ftest_t**)new_item(cfg.ftest, sizeof(ftest_t), i, &cfg.total_ftests)) == NULL) {CID 465169: (SIZEOF_MISMATCH)
Passing argument "240UL /* sizeof (ftest_t) */" to function "new_item" and then casting the return value to "ftest_t **" is suspicious.
698 if((cfg.dlevent = (dlevent_t**)new_item(cfg.dlevent, sizeof(dlevent_t), i, &cfg.total_dlevents)) == NULL) {CID 465169: (SIZEOF_MISMATCH)
Passing argument "240UL /* sizeof (dlevent_t) */" to function "new_item" and then casting the return value to "dlevent_t **" is suspicious.
1124 if((cfg.prot = (prot_t**)new_item(cfg.prot, sizeof(prot_t), i, &cfg.total_prots)) == NULL) {CID 465169: (SIZEOF_MISMATCH)
Passing argument "720UL /* sizeof (prot_t) */" to function "new_item" and then casting the return value to "prot_t **" is suspicious.
844 if((cfg.fextr = (fextr_t**)new_item(cfg.fextr, sizeof(fextr_t), i, &cfg.total_fextrs)) == NULL) {CID 465169: (SIZEOF_MISMATCH)
Passing argument "199UL /* sizeof (fextr_t) */" to function "new_item" and then casting the return value to "fextr_t **" is suspicious.
412 if((cfg.fview = (fview_t**)new_item(cfg.fview, sizeof(fview_t), i, &cfg.total_fviews)) == NULL) {CID 465169: (SIZEOF_MISMATCH)
Passing argument "199UL /* sizeof (fview_t) */" to function "new_item" and then casting the return value to "fview_t **" is suspicious.
982 if((cfg.fcomp = (fcomp_t**)new_item(cfg.fcomp, sizeof(fcomp_t), i, &cfg.total_fcomps)) == NULL) {CID 465169: (SIZEOF_MISMATCH)
Passing argument "199UL /* sizeof (fcomp_t) */" to function "new_item" and then casting the return value to "fcomp_t **" is suspicious.
1344 return(unixtodstr(&cfg,(time32_t)ns_time,str));CID 465835: High impact quality (Y2K38_SAFETY)
A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "this->ns_time" is cast to "time32_t".
450 telnet_mode |= TELNET_MODE_OFF;CID 469141: Data race undermines locking (LOCK_EVASION)
Thread1 sets "telnet_mode" to a new value. Now the two threads have an inconsistent view of "telnet_mode" and updates to fields correlated with "telnet_mode" may be lost.
521 putnmsg(mqtt->cfg, i, msg->payload); 522 return;CID 469140: Error handling issues (CHECKED_RETURN)
Calling "putnmsg" without checking return value (as is done elsewhere 4 out of 5 times).
1376 return JS_LIKELY(!!p2) ? p2 : onOutOfMemory(p, newBytes, cx); 1377 }CID 469139: Resource leaks (RESOURCE_LEAK)
Failing to save or free storage allocated by "this->onOutOfMemory(p, newBytes, cx)" leaks it.
354 if(ch && !n && ((keys == NULL && !IS_DIGIT(ch)) || (strchr(str,ch)))) { /* return character if in string */CID 469138: Uninitialized variables (UNINIT)
Using uninitialized value "*str" when calling "strchr". [Note: The source code implementation of the function has been overridden by a builtin model.]
3549 m->magic = mparams.magic;CID 469137: Concurrent data access violations (MISSING_LOCK)
Accessing "mparams.magic" without holding lock "magic_init_mutex". Elsewhere, "malloc_params.magic" is written to with "magic_init_mutex" held 1 out of 1 times.
2175 return(JS_TRUE);CID 469136: Program hangs (LOCK)
Returning without unlocking "sbbs->input_thread_mutex".
35 listInit(&rt_list, 0);CID 469135: Concurrent data access violations (MISSING_LOCK)
Accessing "rt_list" without holding lock "jsrt_mutex". Elsewhere, "rt_list" is written to with "jsrt_mutex" held 4 out of 5 times.
1274 return false;CID 469134: Program hangs (LOCK)
Returning without unlocking "this->input_thread_mutex".
952 return NewNativeClassInstance(cx, clasp, proto, parent, kind);CID 469133: Memory - corruptions (OVERRUN)
Overrunning callee's array of size 11 by passing argument "kind" (which evaluates to 11) in call to "NewNativeClassInstance".
692 sdl.SetWindowFullscreen(win, fullscreen ? SDL_WINDOW_FULLSCREEN_DESKTOP : 0);CID 469132: Concurrent data access violations (MISSING_LOCK)
Accessing "win" without holding lock "win_mutex". Elsewhere, "win" is written to with "win_mutex" held 1 out of 1 times.
848 while(csi->ip<csi->cs+csi->length && ((inst&0x80) || *csi->ip!=inst)) {CID 469131: Concurrent data access violations (MISSING_LOCK)
Accessing "csi->cs" without holding lock "sbbs_t.input_thread_mutex". Elsewhere, "csi_t.cs" is written to with "sbbs_t.input_thread_mutex" held 3 out of 3 times.
628 return(false);CID 469130: Program hangs (LOCK)
Returning without unlocking "this->input_thread_mutex".
3908 ssh_mode = false;CID 469129: Data race undermines locking (LOCK_EVASION)
Thread1 sets "ssh_mode" to a new value. Now the two threads have an inconsistent view of "ssh_mode" and updates to fields correlated with "ssh_mode" may be lost.
716 j=0;CID 469128: Code maintainability issues (UNUSED_VALUE)
Assigning value "0" to "j" here, but that stored value is overwritten before it can be used.
873 j=0;CID 469127: Code maintainability issues (UNUSED_VALUE)
Assigning value "0" to "j" here, but that stored value is overwritten before it can be used.
1196 sdl_init_good=1;CID 469126: Data race undermines locking (LOCK_EVASION)
Thread1 sets "sdl_init_good" to a new value. Now the two threads have an inconsistent view of "sdl_init_good" and updates to fields correlated with "sdl_init_good" may be lost.
2149 }CID 469125: Program hangs (LOCK)
Returning without unlocking "sbbs->input_thread_mutex".
1387 return JS_LIKELY(!!p2) ? p2 : onOutOfMemory(p, bytes, cx); 1388 }CID 469124: Resource leaks (RESOURCE_LEAK)
Failing to save or free storage allocated by "this->onOutOfMemory(p, bytes, cx)" leaks it.
3642 insert_large_chunk(m, tp, psize);CID 469123: Memory - corruptions (USE_AFTER_FREE)
Dereferencing freed pointer "tp".
1945 callbacks.rects = 0;CID 469122: Concurrent data access violations (MISSING_LOCK)
Accessing "callbacks.rects" without holding lock "bitmap_callbacks.lock". Elsewhere, "bitmap_callbacks.rects" is written to with "bitmap_callbacks.lock" held 2 out of 3 times.
2495 ssh_errors++;CID 469167: (SLEEP)
Call to "lprintf" might sleep while holding lock "sbbs->ssh_mutex". 2494 GCESSTR(err, node, sbbs->ssh_session, "pushing data");
2480 ssh_errors++;CID 469167: (SLEEP)
Call to "lprintf" might sleep while holding lock "sbbs->ssh_mutex". 2479 GCESSTR(err, node, sbbs->ssh_session, "setting channel");
111 return false;CID 470390: Program hangs (LOCK)
Returning without unlocking "this->input_thread_mutex".
84 if(!SYSOP || yesno(text[DeleteFileQ]))CID 470389: (SLEEP)
Call to "yesno" might sleep while holding lock "this->input_thread_mutex".
76 clearline();CID 470389: (SLEEP)
Call to "clearline" might sleep while holding lock "this->input_thread_mutex".
203 restoreline();CID 470388: Program hangs (SLEEP)
Call to "restoreline" might sleep while holding lock "this->input_thread_mutex".
654 return(true);CID 470387: Program hangs (LOCK)
Returning without unlocking "this->input_thread_mutex".
86 return false;CID 470386: Program hangs (LOCK)
Returning without unlocking "this->input_thread_mutex".
201 switch(read(in,&ch,1)) {CID 470457: Incorrect expression (SIZEOF_MISMATCH)
Passing argument "&ch" of type "int *" and argument "1UL" to function "read" is suspicious because "sizeof (int) /*4*/" is expected.
3122 return false;CID 470557: Resource leaks (RESOURCE_LEAK)
Variable "spy" going out of scope leaks the storage it points to.
1157 rand(); /* throw-away first result */CID 470556: (DC.WEAK_CRYPTO)
"rand" should not be used for security-related applications, because linear congruential algorithms are too easy to break.
1159 ,rand(),socket,(ulong)time(NULL),(ulong)clock(), server_host_name());CID 470556: (DC.WEAK_CRYPTO)
"rand" should not be used for security-related applications, because linear congruential algorithms are too easy to break.
1089 setsockopt(socket,IPPROTO_TCP,TCP_NODELAY,(char*)&nodelay,sizeof(nodelay));CID 470555: Error handling issues (CHECKED_RETURN)
Calling "setsockopt(socket, IPPROTO_TCP, 1, (char *)&nodelay, 4U)" without checking return value. This library function may fail and return an error code.
3123 }CID 470554: Resource leaks (RESOURCE_LEAK)
Variable "rcptlst" going out of scope leaks the storage it points to. 3122 return false;
4204 ,rand(),socket,(ulong)time(NULL),(ulong)clock(),server_host_name());CID 470553: (DC.WEAK_CRYPTO)
"rand" should not be used for security-related applications, because linear congruential algorithms are too easy to break.
3078 rand(); /* throw-away first result */CID 470553: (DC.WEAK_CRYPTO)
"rand" should not be used for security-related applications, because linear congruential algorithms are too easy to break.
3079 SAFEPRINTF4(session_id,"%x%x%x%lx",getpid(),socket,rand(),(long)clock());CID 470553: (DC.WEAK_CRYPTO)
"rand" should not be used for security-related applications, because linear congruential algorithms are too easy to break.
1474 JS_ValueToInt32(cx, argv[i], &duration);CID 470929: Error handling issues (CHECKED_RETURN)
Calling "JS_ValueToInt32" without checking return value (as is done elsewhere 261 out of 293 times).
412 cert_entry->sess = -1;CID 471381: Null pointer dereferences (NULL_RETURNS)
Dereferencing "cert_entry", which is known to be "NULL".
367 strListCombine(list, auxdata, size - 1, "\r\n");CID 471656: Memory - corruptions (OVERRUN)
Calling "strListCombine" with "auxdata" and "size - 1UL" is suspicious because of the very large index, 18446744073709551615. The index may be due to a negative parameter being interpreted as unsigned.
505 if( isNullChannel( writeChannelInfoPtr ) )CID 476254: (NULL_RETURNS)
Dereferencing "writeChannelInfoPtr", which is known to be "NULL".
517 if( isNullChannel( writeChannelInfoPtr ) )CID 476254: (NULL_RETURNS)
Dereferencing "writeChannelInfoPtr", which is known to be "NULL".
511 if( isNullChannel( writeChannelInfoPtr ) )CID 476254: (NULL_RETURNS)
Dereferencing "writeChannelInfoPtr", which is known to be "NULL".
525 if( isNullChannel( writeChannelInfoPtr ) )CID 476254: (NULL_RETURNS)
Dereferencing "writeChannelInfoPtr", which is known to be "NULL".
335 return (DEBUG_EXIT);CID 476253: Resource leaks (RESOURCE_LEAK)
Variable "line" going out of scope leaks the storage it points to.
413 ssl_sync(cfg, lprintf);CID 477525: Error handling issues (CHECKED_RETURN)
Calling "ssl_sync" without checking return value (as is done elsewhere 6 out of 7 times).
753 return(false);CID 479110: Program hangs (LOCK)
Returning without unlocking "this->input_thread_mutex".
349 return( status ); /* Residual error from peekTag() */CID 479109: (DEADCODE)
Execution cannot reach this statement: "return status;".
364 return( status ); /* Residual error from peekTag() */CID 479109: (DEADCODE)
Execution cannot reach this statement: "return status;".
425 case CRYPT_CTXINFO_SSH_PUBLIC_KEY:CID 479108: Control flow issues (MISSING_BREAK)
The case for value "CRYPT_CTXINFO_SSH_PUBLIC_KEY" is not terminated by a "break" statement.
857 status = activateSubprotocolFunction( sessionInfoPtr );CID 479107: Control flow issues (DEADCODE)
Execution cannot reach this statement: "status = activateSubprotoco...".
621 readShortInteger( stream, &value );CID 479106: Error handling issues (CHECKED_RETURN)
Calling "readShortIntegerTag" without checking return value (as is done elsewhere 36 out of 45 times).
1030 const SES_CLOSESUBPROTOCOL_FUNCTION closeSubprotocolFunction = \CID 479105: Control flow issues (DEADCODE)
Execution cannot reach the expression "sessionInfoPtr->closeInnerSubprotocolFunction.fnPtr" inside this statement: "closeSubprotocolFunction = ...".
220 ch |= string[ i ] << shiftAmt;CID 479104: (BAD_SHIFT)
In expression "string[i] << shiftAmt", left shifting by more than 31 bits has undefined behavior. The shift amount, "shiftAmt", is at least 72.
220 ch |= string[ i ] << shiftAmt;CID 479104: (BAD_SHIFT)
In expression "string[i] << shiftAmt", left shifting by more than 31 bits has undefined behavior. The shift amount, "shiftAmt", is at least 72.
120 if((i=smb_open(&smb))!=0) {CID 479103: (SLEEP)
Call to "smb_open" might sleep while holding lock "this->input_thread_mutex".
112 errormsg(WHERE,ERR_CREATE,str,0);CID 479103: (SLEEP)
Call to "errormsg" might sleep while holding lock "this->input_thread_mutex".
106 errormsg(WHERE,ERR_CREATE,str,0);CID 479103: (SLEEP)
Call to "errormsg" might sleep while holding lock "this->input_thread_mutex".
662 readShortInteger( stream, NULL );CID 479102: Error handling issues (CHECKED_RETURN)
Calling "readShortIntegerTag" without checking return value (as is done elsewhere 36 out of 45 times).
353 asprintf(&cryptfail, "Incorrect cryptlib patch set %.32s (expected %s)", patches, CRYPTLIB_PATCHES);CID 479101: (CHECKED_RETURN)
Calling "asprintf" without checking return value (as is done elsewhere 19 out of 21 times).
345 asprintf(&cryptfail, "Incorrect cryptlib version %d (expected %d)", tmp, CRYPTLIB_VERSION);CID 479101: (CHECKED_RETURN)
Calling "asprintf" without checking return value (as is done elsewhere 19 out of 21 times).
659 cert_list = sess;CID 479100: (ATOMICITY)
Using an unreliable value of "sess" inside the second locked section. If the data that "sess" depends on was changed by another thread, this use might be incorrect.
659 cert_list = sess;CID 479100: (ATOMICITY)
Using an unreliable value of "sess" inside the second locked section. If the data that "sess" depends on was changed by another thread, this use might be incorrect.
495 return( status ); /* Residual error from checkStatusPeekTag() */CID 479099: Control flow issues (DEADCODE)
Execution cannot reach this statement: "return status;".
95 return false;CID 479098: Program hangs (LOCK)
Returning without unlocking "this->input_thread_mutex".
1035 ( void ) closeSubprotocolFunction( sessionInfoPtr );CID 479097: Control flow issues (DEADCODE)
Execution cannot reach this statement: "(void)closeSubprotocolFunct...".
685 const SES_ACTIVATESUBPROTOCOL_FUNCTION activateSubprotocolFunction = \CID 479096: Control flow issues (DEADCODE)
Execution cannot reach the expression "sessionInfoPtr->activateOuterSubprotocolFunction.fnPtr" inside this statement: "activateSubprotocolFunction...".
130 return( FALSE );CID 479095: Control flow issues (DEADCODE)
Execution cannot reach this statement: "return 0;".
720 return( status ); /* Residual error from peekTag() */CID 479094: (DEADCODE)
Execution cannot reach this statement: "return status;".
668 return( status ); /* Residual error from peekTag() */CID 479094: (DEADCODE)
Execution cannot reach this statement: "return status;".
641 return( status ); /* Residual error from peekTag() */CID 479094: (DEADCODE)
Execution cannot reach this statement: "return status;".
1779 case CRYPT_KEYSET_LDAP:CID 479093: (DEADCODE)
Execution cannot reach this statement: "case CRYPT_KEYSET_LDAP:".
1771 case CRYPT_KEYSET_DATABASE_STORE:CID 479093: (DEADCODE)
Execution cannot reach this statement: "case CRYPT_KEYSET_DATABASE:". 1770 case CRYPT_KEYSET_DATABASE:
1771 case CRYPT_KEYSET_DATABASE_STORE:CID 479093: (DEADCODE)
Execution cannot reach this statement: "case CRYPT_KEYSET_DATABASE_...".
285 insertDoubleListElement( newAttributeHeadPtr, newAttributeListTail,Variable "newAttributeField" going out of scope leaks the storage it points to.
707 if ( TRUE || channelNo == 0 || !waitforWindow )CID 479091: Integer handling issues (CONSTANT_EXPRESSION_RESULT)
"255612575 || channelNo == 0 || !waitforWindow" is always true regardless of the values of its operands. This occurs as the logical operand of "if".
CID 480410: Uninitialized variables (UNINIT)
Using uninitialized value "bestf".
349 if (cryptStatusError(ret) || stp != 32 || memcmp(patches, CRYPTLIB_PATCHES, 32) != 0) {CID 483188: Memory - corruptions (OVERRUN)
Overrunning array """" of 1 bytes by passing it to a function which accesses it at byte offset 31 using argument "32UL".
3570 remove(str);CID 483249: Error handling issues (CHECKED_RETURN)
Calling "remove(str)" without checking return value. This library function may fail and return an error code.
1731 if(!js_GetMsgHeaderObjectPrivates(cx, hdrobj, /* smb_t: */NULL, &msg, /* post: */NULL))CID 486181: (RESOURCE_LEAK)
Variable "instr" going out of scope leaks the storage it points to. 1730 return JS_FALSE;
1733 }CID 486181: (RESOURCE_LEAK)
Variable "instr" going out of scope leaks the storage it points to. 1732 return JS_FALSE;
1379 return(NULL);CID 486276: (USE_AFTER_FREE)
Calling "free" frees pointer "working" which has already been freed. 1378 free(working);
1379 return(NULL);CID 486276: (USE_AFTER_FREE)
Calling "free" frees pointer "working" which has already been freed. 1378 free(working);
1379 return(NULL);CID 486276: (USE_AFTER_FREE)
Calling "free" frees pointer "working" which has already been freed. 1378 free(working);
1379 return(NULL);CID 486276: (USE_AFTER_FREE)
Calling "free" frees pointer "working" which has already been freed. 1378 free(working);
1379 return(NULL);CID 486276: (USE_AFTER_FREE)
Calling "free" frees pointer "working" which has already been freed. 1378 free(working);
1379 return(NULL);CID 486276: (USE_AFTER_FREE)
Calling "free" frees pointer "working" which has already been freed. 1378 free(working);
1379 return(NULL);CID 486276: (USE_AFTER_FREE)
Calling "free" frees pointer "working" which has already been freed. 1378 free(working);
1379 return(NULL);CID 486276: (USE_AFTER_FREE)
Calling "free" frees pointer "working" which has already been freed. 1378 free(working);
1379 return(NULL);CID 486276: (USE_AFTER_FREE)
Calling "free" frees pointer "working" which has already been freed. 1378 free(working);
1379 return(NULL);CID 486276: (USE_AFTER_FREE)
Calling "free" frees pointer "working" which has already been freed. 1378 free(working);
1379 return(NULL);CID 486276: (USE_AFTER_FREE)
Calling "free" frees pointer "working" which has already been freed. 1378 free(working);
1379 return(NULL);CID 486276: (USE_AFTER_FREE)
Calling "free" frees pointer "working" which has already been freed. 1378 free(working);
1379 return(NULL);CID 486276: (USE_AFTER_FREE)
Calling "free" frees pointer "working" which has already been freed. 1378 free(working);
1379 return(NULL);CID 486276: (USE_AFTER_FREE)
Calling "free" frees pointer "working" which has already been freed. 1378 free(working);
1379 return(NULL);CID 486276: (USE_AFTER_FREE)
Calling "free" frees pointer "working" which has already been freed. 1378 free(working);
416 fseek(stream,l,SEEK_SET);CID 486477: Error handling issues (CHECKED_RETURN)
Calling "fseek(stream, l, 0)" without checking return value. This library function may fail and return an error code.
382 fexistcase(path);CID 486496: (CHECKED_RETURN)
Calling "fexistcase" without checking return value (as is done elsewhere 117 out of 130 times).
344 fexistcase(path);CID 486496: (CHECKED_RETURN)
Calling "fexistcase" without checking return value (as is done elsewhere 117 out of 130 times).
1073 return ret;CID 486966: Memory - illegal accesses (RETURN_LOCAL)
Returning pointer "ret" which points to local variable "fval".
503 if(callbacks.drawrect) {Accessing "callbacks.drawrect" without holding lock "bitmap_callbacks.lock". Elsewhere, "bitmap_callbacks.drawrect" is written to with "bitmap_callbacks.lock" held 1 out of 1 times (1 of these accesses strongly imply that it is necessary).
97 useron.laston=(time32_t)now;CID 487089: High impact quality (Y2K38_SAFETY)
A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "this->now" is cast to "time32_t".
89 remove(path);CID 487088: Error handling issues (CHECKED_RETURN)
Calling "remove(path)" without checking return value. This library function may fail and return an error code.
1388 strcat(tmppath, dir);CID 487180: Memory - corruptions (BUFFER_SIZE)
Buffer "tmppath" has a size of 4097 characters, and its string length (null character not included) is 4095 characters, leaving an available space of 2 characters. Appending "dir", whose string length (null character not included) is 2 characters, plus the null character overruns "tmppath".
63 state->running--;CID 487179: (MISSING_LOCK)
Accessing "state->running" without holding lock "sftp_client_state.mtx". Elsewhere, "sftp_client_state.running" is written to with "sftp_client_state.mtx" held 1 out of 2 times (1 of these accesses strongly imply that it is necessary).
63 state->running--;CID 487179: (MISSING_LOCK)
Accessing "state->running" without holding lock "sftp_server_state.mtx". Elsewhere, "sftp_server_state.running" is written to with "sftp_server_state.mtx" held 1 out of 2 times (1 of these accesses strongly imply that it is necessary).
78 return true;CID 487178: (RESOURCE_LEAK)
Variable "fname" going out of scope leaks the storage it points to.
72 return true;CID 487178: (RESOURCE_LEAK)
Variable "fname" going out of scope leaks the storage it points to.
82 return true;CID 487178: (RESOURCE_LEAK)
Variable "fname" going out of scope leaks the storage it points to.
68 return true;CID 487178: (RESOURCE_LEAK)
Variable "fname" going out of scope leaks the storage it points to.
433 sftp_fattr_set_times(attr, fd, fd);CID 487177: (Y2K38_SAFETY)
A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "fd" is cast to "uint32_t".
433 sftp_fattr_set_times(attr, fd, fd);CID 487177: (Y2K38_SAFETY)
A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "fd" is cast to "uint32_t".
741 return -1;CID 487176: (RESOURCE_LEAK)
Variable "p" going out of scope leaks the storage it points to.
741 return -1;CID 487176: (RESOURCE_LEAK)
Variable "p" going out of scope leaks the storage it points to.
1517 return sftps_send_error(sbbs->sftp_state, SSH_FX_FAILURE, "EName allocation failure");CID 487175: Resource leaks (RESOURCE_LEAK)
Variable "attr" going out of scope leaks the storage it points to.
1993 cname = nullptr;CID 487174: Code maintainability issues (UNUSED_VALUE)
Assigning value "NULL" to "cname" here, but that stored value is overwritten before it can be used.
987 return false;CID 487173: Program hangs (LOCK)
Returning without unlocking "sbbs->ssh_mutex".
171 if (this->sftp_path[files_path_len] == 0 || this->sftp_path[files_path_len] == 0) {CID 487172: Incorrect expression (CONSTANT_EXPRESSION_RESULT)
The expression "this->sftp_path[6UL /* files_path_len */] == 0 || this->sftp_path[6UL /* files_path_len */] == 0" does not accomplish anything because it evaluates to either of its identical operands, "this->sftp_path[6UL /* files_path_len */] == 0".
324 for (ext = 0; ext < extcnt; ext++) {CID 487171: Insecure data handling (TAINTED_SCALAR)
Using tainted variable "extcnt" as a loop boundary.
1147 if (access(pmap.local_path, F_OK) != 0) {CID 487170: Security best practices violations (TOCTOU)
Calling function "access" to perform check on "pmap.local_path".
1044 remove(sbbs->sftp_filedes[i]->local_path);CID 487169: Error handling issues (CHECKED_RETURN)
Calling "remove(sbbs->sftp_filedes[i]->local_path)" without checking return value. This library function may fail and return an error code.
679 status = setChannelAttributeS( sessionInfoPtr, 680 CRYPT_SESSINFO_SSH_CHANNEL_TYPE,CID 487168: (UNUSED_VALUE)
Assigning value from "setChannelAttributeS(sessionInfoPtr, CRYPT_SESSINFO_SSH_CHANNEL_TYPE, "shell", 5)" to "status" here, but that stored value is overwritten before it can be used.
691 status = setChannelAttributeS( sessionInfoPtr, 692 CRYPT_SESSINFO_SSH_CHANNEL_TYPE,CID 487168: (UNUSED_VALUE)
Assigning value from "setChannelAttributeS(sessionInfoPtr, CRYPT_SESSINFO_SSH_CHANNEL_TYPE, "exec", 4)" to "status" here, but that stored value is overwritten before it can be used.
2048 return ret;CID 487167: Program hangs (LOCK)
Returning without unlocking "sbbs->sftp_state->mtx".
2036 cryptSetAttribute(sbbs->ssh_session, CRYPT_SESSINFO_SSH_CHANNEL_ACTIVE, 0);CID 487166: (CHECKED_RETURN)
Calling "cryptSetAttribute" without checking return value (as is done elsewhere 50 out of 61 times).
2028 cryptSetAttribute(sbbs->ssh_session, CRYPT_SESSINFO_SSH_CHANNEL_ACTIVE, 0);CID 487166: (CHECKED_RETURN)
Calling "cryptSetAttribute" without checking return value (as is done elsewhere 50 out of 61 times).
1984 if (cname && sbbs->session_channel == -1 && strcmp(cname, "shell") == 0) {CID 487165: (REVERSE_INULL)
Null-checking "cname" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
1975 if (((startup->options & (BBS_OPT_ALLOW_SFTP | BBS_OPT_SSH_ANYAUTH)) == BBS_OPT_ALLOW_SFTP) && ssname && cname && sbbs->sftp_channel == -1 && strcmp(ssname, "sftp") == 0) {CID 487165: (REVERSE_INULL)
Null-checking "cname" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
1424 return sftps_send_error(sbbs->sftp_state, SSH_FX_FAILURE, "Attributes allocation failure");CID 487164: Resource leaks (RESOURCE_LEAK)
Variable "link" going out of scope leaks the storage it points to.
373 return false;CID 487163: Program hangs (LOCK)
Returning without unlocking "state->mtx".
871 sftp_fattr_free(ret);CID 487162: Control flow issues (DEADCODE)
Execution cannot reach this statement: "sftp_fattr_free(ret);".
448 sftp_fattr_set_times(attr, fd, fd);CID 487161: (Y2K38_SAFETY)
A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "fd" is cast to "uint32_t".
448 sftp_fattr_set_times(attr, fd, fd);CID 487161: (Y2K38_SAFETY)
A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "fd" is cast to "uint32_t".
1625 fn.add_name(strdup(vpath), lname, attr);CID 487600: Error handling issues (CHECKED_RETURN)
Calling "add_name" without checking return value (as is done elsewhere 4 out of 5 times).
36 return mktime(&tm) - mktime(gmtime_r(&t,&gmt));CID 487672: Null pointer dereferences (NULL_RETURNS)
Dereferencing a pointer that might be "NULL" "gmtime_r(&t, &gmt)" when calling "mktime".
6243 if(!session->send_failed) {CID 488122: Concurrent data access violations (MISSING_LOCK)
Accessing "session->send_failed" without holding lock "http_session_t.outbuf_write". Elsewhere, "http_session_t.send_failed" is written to with "http_session_t.outbuf_write" held 1 out of 1 times.
344 answers[a++]=(char)getkeys((char *)buf+m,0);CID 488309: Memory - illegal accesses (STRING_NULL)
Passing unterminated string "(char *)buf + m" to "getkeys", which expects a null-terminated string.
3666 faddr=atofaddr(buf+i+1);CID 488308: (STRING_NULL)
Passing unterminated string "buf + i + 1" to "atofaddr", which expects a null-terminated string.
3660 faddr=atofaddr(buf+i+6);CID 488308: (STRING_NULL)
Passing unterminated string "buf + i + 6" to "atofaddr", which expects a null-terminated string.
1085 set_convenience_ptr(msg,msg->hfield[i].type,msg->hfield[i].length,msg->hfield_dat[i]);CID 488307: Memory - illegal accesses (STRING_NULL)
Passing unterminated string "msg->hfield_dat[i]" to "set_convenience_ptr", which expects a null-terminated string.
60 SAFECOPY(info->author, record.author); truncsp(info->author); 61 SAFECOPY(info->group, record.group); truncsp(info->group);CID 488306: (STRING_NULL)
Passing unterminated string "record.author" to "strlcpy", which expects a null-terminated string. [Note: The source code implementation of the function has been overridden by a builtin model.]
62 SAFECOPY(info->date, record.date); truncsp(info->date);CID 488306: (STRING_NULL)
Passing unterminated string "record.date" to "strlcpy", which expects a null-terminated string. [Note: The source code implementation of the function has been overridden by a builtin model.]
59 SAFECOPY(info->title, record.title); truncsp(info->title);CID 488306: (STRING_NULL)
Passing unterminated string "record.title" to "strlcpy", which expects a null-terminated string. [Note: The source code implementation of the function has been overridden by a builtin model.]
61 SAFECOPY(info->group, record.group); truncsp(info->group);Passing unterminated string "record.group" to "strlcpy", which expects a null-terminated string. [Note: The source code implementation of the function has been overridden by a builtin model.]
1908 strcpy(bbs_startup.ctrl_dir,ctrl_dir);CID 488305: Memory - corruptions (STRING_OVERFLOW)
You might overrun the 1024-character destination string "bbs_startup.ctrl_dir" by writing 4097 characters from "ctrl_dir".
950 if(array == NULL && !JS_GetArrayLength(cx, array, &len)) {CID 508260: Null pointer dereferences (FORWARD_NULL)
Passing null pointer "array" to "JS_GetArrayLength", which dereferences it.
491 JS_ReportError(cx, "Unable to get parent js object"); 492 return JS_FALSE;CID 508259: Control flow issues (DEADCODE)
Execution cannot reach this statement: "JS_ReportError(cx, "Unable ...".
387 SAFECAT(buf,crlf);CID 508288: (STRING_NULL)
Passing unterminated string "buf" to "strlen", which expects a null-terminated string.
387 SAFECAT(buf,crlf);CID 508288: (STRING_NULL)
Passing unterminated string "buf" to "strlen", which expects a null-terminated string.
3127 HANDLE_PENDING(cx, tmp);CID 508287: Resource leaks (RESOURCE_LEAK)
Variable "server_user_name" going out of scope leaks the storage it points to.
3127 HANDLE_PENDING(cx, tmp);CID 508286: Resource leaks (RESOURCE_LEAK)
Variable "addr" going out of scope leaks the storage it points to.
3128 strListPush(&send_strings, tmp);CID 508285: Resource leaks (RESOURCE_LEAK)
Variable "term_type" going out of scope leaks the storage it points to. 3127 HANDLE_PENDING(cx, tmp);
3041 HANDLE_PENDING(cx, tmp);CID 508284: Resource leaks (RESOURCE_LEAK)
Variable "addr" going out of scope leaks the storage it points to.
3127 HANDLE_PENDING(cx, tmp);CID 508283: Resource leaks (RESOURCE_LEAK)
Variable "client_user_name" going out of scope leaks the storage it points to.
1308 && strcmp(filename, file.name) != 0 && smb_findfile(&p->smb, file.name, NULL) == SMB_SUCCESS) {CID 509555: Null pointer dereferences (FORWARD_NULL)
Passing null pointer "file.name" to "strcmp", which dereferences it. 1307 if(p->smb_result == SMB_SUCCESS
633 printf(" %02X %.*s", fidx.hash.flags, (int)sizeof(fidx.name), fidx.name);CID 509554: Memory - illegal accesses (STRING_NULL)
Passing unterminated string "fidx.name" to "printf", which expects a null-terminated string. [Note: The source code implementation of the function has been overridden by a builtin model.]
1335 if(p->smb_result != SMB_SUCCESS)CID 509553: Control flow issues (NESTING_INDENT_MISMATCH)
This 'if' statement is indented to column 41, as if it were nested within the preceding parent statement, but it is not.
244 if(stricmp(fidx.name, fname) != 0)CID 509552: Memory - illegal accesses (STRING_NULL)
Passing unterminated string "fidx.name" to "strcasecmp", which expects a null-terminated string.
441 if(stricmp(fidx[i].name, fname) == 0) {Passing unterminated string "fidx[i].name" to "strcasecmp", which expects a null-terminated string.
139 return 0;CID 509721: Resource leaks (RESOURCE_LEAK)
Variable "ini" going out of scope leaks the storage it points to.
670 return(0);CID 509720: (RESOURCE_LEAK)
Variable "csts" going out of scope leaks the storage it points to.
676 return(0);CID 509720: (RESOURCE_LEAK)
Variable "csts" going out of scope leaks the storage it points to.
649 if((csts = fopen_cstats(&cfg, i, /* for_write: */TRUE)) == NULL) {CID 509720: (RESOURCE_LEAK)
Overwriting "csts" in "csts = fopen_cstats(&this->cfg, i, true)" leaks the storage that "csts" points to.
673 return(0);CID 509720: (RESOURCE_LEAK)
Variable "csts" going out of scope leaks the storage it points to.
682 return(0L);CID 509720: (RESOURCE_LEAK)
Variable "csts" going out of scope leaks the storage it points to.
361 SAFEPRINTF(str,"%s ",unixtodstr(&cfg,(time32_t)now,tmp));CID 510624: High impact quality (Y2K38_SAFETY)
A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "this->now" is cast to "time32_t".
540 DO("getting private key", ssl_keyset, cryptGetPrivateKey(ssl_keyset, &cert_entry->cert, CRYPT_KEYID_NAME, "ssl_cert", cfg->sys_pass));CID 544155: Error handling issues (CHECKED_RETURN)
Calling "log_cryptlib_error" without checking return value (as is done elsewhere 16 out of 17 times).
709 if (read(file, buf, l) != l)CID 548252: Error handling issues (NEGATIVE_RETURNS)
"l" is passed to a parameter that cannot be negative. [Note: The source code implementation of the function has been overridden by a builtin model.]
1621 memset(&termio, 0, sizeof(term));CID 548251: Incorrect expression (SIZEOF_MISMATCH)
Passing argument "&termio" of type "termios *" and argument "8UL" ("sizeof (this->term)") to function "memset" is suspicious because "sizeof (termios) /*60*/" is expected.
31 if (spot->y >= 0)CID 548250: Control flow issues (NO_EFFECT)
This greater-than-or-equal-to-zero comparison of an unsigned value is always true. "spot->y >= 0U".
89 bprintf(text[UeditRealNamePhone]CID 548249: (DEADCODE)
Execution cannot reach the expression ""XXXXXXXX"" inside this statement: "this->bprintf(this->text[Ue...".
89 bprintf(text[UeditRealNamePhone]CID 548249: (DEADCODE)
Execution cannot reach the expression ""XXX-XXX-XXXX"" inside this statement: "this->bprintf(this->text[Ue...".
1836 fseek(smb.sdt_fp, msg->hdr.offset, SEEK_SET);CID 548248: Error handling issues (CHECKED_RETURN)
Calling "fseek(this->smb.sdt_fp, msg->hdr.offset, 0)" without checking return value. This library function may fail and return an error code.
437 sys_status |= SS_USERON;CID 548912: Data race undermines locking (LOCK_EVASION)
Thread1 sets "sys_status" to a new value. Now the two threads have an inconsistent view of "sys_status" and updates to fields correlated with "sys_status" may be lost.
1194 ch = in;CID 549016: Integer handling issues (INTEGER_OVERFLOW)
Expression "ch", where "in" is known to be equal to 256, overflows the type of "ch", which is type "char".
2089 bool result = check_pass(sys->cfg, str, /* user: */NULL, /* unique: */false, /* reason: */NULL)CID 549015: Uninitialized variables (UNINIT)
Using uninitialized value "*str" when calling "check_pass".
1875 return JS_FALSE;CID 640112: (RESOURCE_LEAK)
Variable "code" going out of scope leaks the storage it points to.
1880 return JS_FALSE;CID 640112: (RESOURCE_LEAK)
Variable "code" going out of scope leaks the storage it points to.
463 fseek(stream, l, SEEK_SET);CID 640333: (NEGATIVE_RETURNS)
"l" is passed to a parameter that cannot be negative.
428 fseek(stream, l, SEEK_SET);CID 640333: (NEGATIVE_RETURNS)
"l" is passed to a parameter that cannot be negative.
440 fseek(stream, l, SEEK_SET);CID 640333: (NEGATIVE_RETURNS)
"l" is passed to a parameter that cannot be negative.
576CID 640376: (SLEEP)
Call to "try_ansi_init" might sleep while holding lock "init_mutex". 575 break;
549 if(!try_conio_init(mode));CID 640376: (SLEEP)
Call to "try_ansi_init" might sleep while holding lock "init_mutex". 548 #ifdef _WIN32
543 #endifCID 640376: (SLEEP)
Call to "try_sdl_init" might sleep while holding lock "init_mutex".
581 break;CID 640376: (SLEEP)
Call to "try_sdl_init" might sleep while holding lock "init_mutex".
127 stats->date = (time32_t)iniGetDateTime(ini, NULL, strStatsDate, 0);CID 640406: High impact quality (Y2K38_SAFETY)
A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "iniGetDateTime(ini, NULL, "Date", 0L)" is cast to "time32_t".
844 snprintf(str, maxlen, "%f", xp_timer());CID 640405: API usage errors (PW.PRINTF_ARG_MISMATCH)
argument is incompatible with corresponding format string conversion (expected type "double" but argument has type "long double")
844 snprintf(str, maxlen, "%f", xp_timer());CID 640404: API usage errors (PRINTF_ARGS)
Argument "xp_timer()" to format specifier "%f" was expected to have type "double" but has type "long double". [Note: The source code implementation of the function has been overridden by a builtin model.]
1351 JS_ValueToECMAUint32(cx, argv[0], &t);CID 640403: Error handling issues (CHECKED_RETURN)
Calling "JS_ValueToECMAUint32" without checking return value (as is done elsewhere 96 out of 102 times).
60 user_private_t(scfg_t* cfg, user_t user)CID 640928: Performance inefficiencies (PASS_BY_VALUE)
Passing parameter user of type "user_t" (size 784 bytes) by value, which exceeds the high threshold of 512 bytes.
301 , tm->tm_hour, tm->tm_min, tm->tm_sec);CID 640927: API usage errors (PRINTF_ARGS)
This argument was not used by the format string: "tm->tm_sec".
301 , tm->tm_hour, tm->tm_min, tm->tm_sec);CID 640926: API usage errors (PW.TOO_MANY_PRINTF_ARGS)
the format string ends before this argument
1664 return byte_count(user_available_credits(&useron), str, maxlen, param, BYTE_COUNT_VERBAL);CID 640932: Insecure data handling (INTEGER_OVERFLOW)
The cast of "user_available_credits(&this->useron)" to a signed type could result in a negative number.
479 strlcat(str, " ", size);CID 640959: (CHECKED_RETURN)
Calling "strlcat" without checking return value (as is done elsewhere 29 out of 33 times).
481 strlcat(str, plural, size);CID 640959: (CHECKED_RETURN)
Calling "strlcat" without checking return value (as is done elsewhere 29 out of 33 times).
483 strlcat(str, suffix, size);CID 640959: (CHECKED_RETURN)
Calling "strlcat" without checking return value (as is done elsewhere 29 out of 33 times).
480 strlcat(str, suffix, size);CID 640959: (CHECKED_RETURN)
Calling "strlcat" without checking return value (as is done elsewhere 29 out of 33 times).
401 return false;CID 640963: Resource leaks (RESOURCE_LEAK)
Variable "list" going out of scope leaks the storage it points to.
442 return false;CID 640962: Resource leaks (RESOURCE_LEAK)
Variable "global_interfaces" going out of scope leaks the storage it points to.
620 return duration((uint)up, str, maxlen, param, DURATION_MINIMAL_VERBAL);CID 640971: High impact quality (Y2K38_SAFETY)
A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "up" is cast to "uint".
1695 return byte_count(static_cast<int64_t>(user_available_credits(&useron)), str, maxlen, param, BYTE_COUNT_VERBAL);CID 640970: Insecure data handling (INTEGER_OVERFLOW)
The cast of "user_available_credits(&this->useron)" to a signed type could result in a negative number.
752 SKIP_WHITESPACE(*ptrptr);CID 640989: (CONSTANT_EXPRESSION_RESULT)
"**ptrptr == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
763 SKIP_WHITESPACE(*ptrptr);CID 640989: (CONSTANT_EXPRESSION_RESULT)
"**ptrptr == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
4878 iniCloseFile(fp);CID 640988: Null pointer dereferences (FORWARD_NULL)
Passing null pointer "key" to "iniReadBool", which dereferences it. 4877 bool result = iniReadBool(fp, section, key, deflt);
2740 SKIP_WHITESPACE(*ptrptr);CID 640987: (CONSTANT_EXPRESSION_RESULT)
"**ptrptr == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
2729 SKIP_WHITESPACE(*ptrptr);CID 640987: (CONSTANT_EXPRESSION_RESULT)
"**ptrptr == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
3499 SKIP_WHITESPACE(vp);CID 641219: Integer handling issues (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*vp == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
3761 SKIP_WHITESPACE(dp);CID 641218: (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*dp == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
4084 SKIP_WHITESPACE(dp); 4085 truncsp(dp);CID 641218: (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*dp == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
353 SKIP_WHITESPACE(p);CID 641217: (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
343 SKIP_WHITESPACE(p);CID 641217: (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
6561 FIND_WHITESPACE(tp);CID 641216: Integer handling issues (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*tp == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
567 SKIP_WHITESPACE(p);CID 641215: (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
554 FIND_WHITESPACE(p);CID 641215: (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
570 SKIP_WHITESPACE(p);CID 641215: (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
569 FIND_WHITESPACE(p);CID 641215: (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
552 SKIP_WHITESPACE(p);CID 641215: (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
555 SKIP_WHITESPACE(p);CID 641215: (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
1603 FIND_WHITESPACE(tp); 1604 *tp = '\0';CID 641214: Integer handling issues (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*tp == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
3492 FIND_WHITESPACE(tp);CID 641213: Integer handling issues (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*tp == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
1531 FIND_WHITESPACE(tp);"(unsigned char)*tp == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
232 SKIP_WHITESPACE(p);CID 641211: Integer handling issues (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
211 if (!IS_WHITESPACE(buf[ret.bytes]))CID 641210: Integer handling issues (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)buf[ret.bytes] == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
83 SKIP_WHITESPACE(p);CID 641209: (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
87 SKIP_WHITESPACE(p);CID 641209: (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
1989 SKIP_WHITESPACE(tp);CID 641208: Integer handling issues (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*tp == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
2496 while (*(p + l) && IS_WHITESPACE(*(p + l))) l++;CID 641207: Integer handling issues (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)p[l] == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
118 SKIP_WHITESPACE(c);CID 641206: Integer handling issues (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*c == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
2225 SKIP_WHITESPACE(p);CID 641205: (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
2191 FIND_WHITESPACE(p);CID 641205: (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
2224 FIND_WHITESPACE(p);CID 641205: (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
2335 FIND_WHITESPACE(p);CID 641205: (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
2156 SKIP_WHITESPACE(p);CID 641205: (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
2273 FIND_WHITESPACE(p);CID 641205: (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
2192 SKIP_WHITESPACE(p);CID 641205: (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
2336 SKIP_WHITESPACE(p);CID 641205: (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
2250 SKIP_WHITESPACE(p);CID 641205: (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
2155 FIND_WHITESPACE(p);CID 641205: (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
2274 SKIP_WHITESPACE(p);CID 641205: (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
2306 SKIP_WHITESPACE(p);CID 641205: (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
2249 FIND_WHITESPACE(p);CID 641205: (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
5749 SKIP_WHITESPACE(identity);CID 641204: Integer handling issues (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*identity == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
432 SKIP_WHITESPACE(p);CID 641203: (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
422 SKIP_WHITESPACE(p);CID 641203: (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
1960 FIND_WHITESPACE(tp);CID 641202: Integer handling issues (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*tp == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
1185 SKIP_WHITESPACE(p);CID 641201: (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
1195 SKIP_WHITESPACE(p);CID 641201: (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
975 SKIP_WHITESPACE(p);CID 641201: (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
1202 SKIP_WHITESPACE(p);CID 641201: (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
1534 SKIP_WHITESPACE(p);CID 641200: (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
1547 SKIP_WHITESPACE(p);CID 641200: (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
263 fseeko(stream, offset[nextline], 0);CID 642982: (FORWARD_NULL)
Dereferencing null pointer "offset".
228 fseeko(stream, offset[lines - 1], SEEK_SET);CID 642982: (FORWARD_NULL)
Dereferencing null pointer "offset".
228 fseeko(stream, offset[lines - 1], SEEK_SET);CID 642981: Error handling issues (CHECKED_RETURN)
Calling "fseeko(stream, offset[lines - 1UL], 0)" without checking return value. This library function may fail and return an error code.
228 fseeko(stream, offset[lines - 1], SEEK_SET);CID 642980: Integer handling issues (INTEGER_OVERFLOW)
Expression "lines - 1UL", where "lines" is known to be equal to 0, underflows the type of "lines - 1UL", which is type "unsigned long".
5024 , sock, count, transfer_aborted, (uint64_t)(time(NULL)-lastactive)CID 642992: API usage errors (PRINTF_ARGS)
Argument "count" to format specifier "%u" was expected to have type "unsigned int" but has type "unsigned long".
5024 , sock, count, transfer_aborted, (uint64_t)(time(NULL)-lastactive)CID 642991: API usage errors (PW.PRINTF_ARG_MISMATCH)
argument is incompatible with corresponding format string conversion (expected type "unsigned int" but argument has type "unsigned long")
57 timestamp = latest;CID 643146: Program hangs (SLEEP)
Call to "findstr_list" might sleep while holding lock "lock._M_device". 56 list = findstr_list(fname);
1844 , scfg.temp_dir, getpid(), sock, rand(), (ulong)clock(), ext);CID 643145: Security best practices violations (DC.WEAK_CRYPTO)
"rand" should not be used for security-related applications, because linear congruential algorithms are too easy to break.
1359 *data_sock = accept(pasv_sock, &addr->addr, &addr_len); 1360 #ifdef SOCKET_DEBUG_ACCEPTCID 643144: Memory - corruptions (OVERRUN)
Overrunning struct type sockaddr of 16 bytes by passing it to a function which accesses it at byte offset 127 using argument "addr_len" (which evaluates to 128).
450 cryptSetAttribute(sess, CRYPT_OPTION_NET_READTIMEOUT, startup->max_inactivity);CID 643143: Error handling issues (CHECKED_RETURN)
Calling "cryptSetAttribute" without checking return value (as is done elsewhere 55 out of 68 times).
663 fseeko(fp, xfer.filepos, SEEK_SET);CID 643142: (CHECKED_RETURN)
Calling "fseeko(fp, xfer.filepos, 0)" without checking return value. This library function may fail and return an error code.
700 fseeko(fp, xfer.filepos + total, SEEK_SET);CID 643142: (CHECKED_RETURN)
Calling "fseeko(fp, xfer.filepos + total, 0)" without checking return value. This library function may fail and return an error code.
7719 , timestr(&scfg, (time32_t)request_rate_limiter->currHighwater.time, logstr)CID 643141: (Y2K38_SAFETY)
A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "request_rate_limiter->currHighwater.time" is cast to "time32_t".
7721 , request_rate_limiter->lastLimited.client.c_str(), timestr(&scfg, (time32_t)request_rate_limiter->lastLimited.time, tmp)CID 643141: (Y2K38_SAFETY)
A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "request_rate_limiter->lastLimited.time" is cast to "time32_t".
3431 SKIP_WHITESPACE(p);CID 643140: (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
2847 SKIP_WHITESPACE(p);CID 643140: (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
2557 SKIP_WHITESPACE(p);CID 643140: (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
3214 SKIP_WHITESPACE(p);CID 643140: (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
3490 SKIP_WHITESPACE(p);CID 643140: (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
3242 SKIP_WHITESPACE(p);CID 643140: (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
3174 SKIP_WHITESPACE(p);CID 643140: (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
3204 SKIP_WHITESPACE(p);CID 643140: (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
2885 SKIP_WHITESPACE(p);CID 643140: (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
2540 SKIP_WHITESPACE(p);CID 643140: (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
3192 SKIP_WHITESPACE(p);CID 643140: (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
3363 SKIP_WHITESPACE(p);CID 643140: (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
3366 FIND_WHITESPACE(p);CID 643140: (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
3367 SKIP_WHITESPACE(p);CID 643140: (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
3283 SKIP_WHITESPACE(p);CID 643140: (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
1557 SKIP_WHITESPACE(p);CID 643139: (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
1544 SKIP_WHITESPACE(p);CID 643139: (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
2230 , timestr(&scfg, (time32_t)connect_rate_limiter->currHighwater.time, tmp)CID 643138: (Y2K38_SAFETY)
A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "connect_rate_limiter->currHighwater.time" is cast to "time32_t".
2232 , connect_rate_limiter->lastLimited.client.c_str(), timestr(&scfg, (time32_t)connect_rate_limiter->lastLimited.time, tmp2)CID 643138: (Y2K38_SAFETY)
A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "connect_rate_limiter->lastLimited.time" is cast to "time32_t".
4105 SKIP_WHITESPACE(dp); 4106 truncsp(dp);CID 643137: (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*dp == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
3782 SKIP_WHITESPACE(dp);CID 643137: (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*dp == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
5417 , request_rate_limiter->lastLimited.client.c_str(), timestr(&scfg, (time32_t)request_rate_limiter->lastLimited.time, tmp2));CID 643136: (Y2K38_SAFETY)
A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "request_rate_limiter->lastLimited.time" is cast to "time32_t".
5416 , timestr(&scfg, (time32_t)request_rate_limiter->currHighwater.time, tmp), request_rate_limiter->disallowed.load()CID 643136: (Y2K38_SAFETY)
A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "request_rate_limiter->currHighwater.time" is cast to "time32_t".
2476 ulong banned = loginBanned(&scfg, startup->login_attempt_list, client_socket, /* host_name: */ NULL, startup->login_attempt, &attempted);CID 643135: Program hangs (LOCK)
"loginBanned" locks "startup->login_attempt_list->mutex" while it is locked.
44 time_t fchk_interval; // secondsCID 643134: Uninitialized members (UNINIT_CTOR)
The compiler-generated constructor for this class does not initialize "fchk_interval".
4476 FIND_WHITESPACE(np);CID 643133: (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*np == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
4473 SKIP_WHITESPACE(np);CID 643133: (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*np == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
4097 SKIP_WHITESPACE(np); 4098CID 643133: (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*np == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
3774 SKIP_WHITESPACE(np);CID 643133: (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*np == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
1560 FIND_WHITESPACE(tp);CID 643132: (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*tp == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
1549 FIND_WHITESPACE(tp);CID 643132: (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*tp == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
3769 FIND_WHITESPACE(tp);CID 643131: (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*tp == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
3777 FIND_WHITESPACE(tp);CID 643131: (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*tp == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
4100 FIND_WHITESPACE(tp); 4101 if (*tp)CID 643131: (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*tp == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
4092 FIND_WHITESPACE(tp); 4093 if (*tp)CID 643131: (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*tp == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
4468 FIND_WHITESPACE(tp);CID 643131: (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*tp == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
929 fseeko(fp, xfer.filepos, SEEK_SET);CID 643130: Error handling issues (CHECKED_RETURN)
Calling "fseeko(fp, xfer.filepos, 0)" without checking return value. This library function may fail and return an error code.
6497 , request_rate_limiter->lastLimited.client.c_str(), timestr(&scfg, (time32_t)request_rate_limiter->lastLimited.time, tmp2));CID 643129: (Y2K38_SAFETY)
A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "request_rate_limiter->lastLimited.time" is cast to "time32_t".
6496 , timestr(&scfg, (time32_t)request_rate_limiter->currHighwater.time, tmp), request_rate_limiter->disallowed.load()CID 643129: (Y2K38_SAFETY)
A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "request_rate_limiter->currHighwater.time" is cast to "time32_t".
1186 if (session->socket == INVALID_SOCKET)CID 644193: Memory - corruptions (REVERSE_NEGATIVE)
You might be using variable "session->socket" before verifying that it is >= 0.
422 return JS_TRUE;CID 644273: Resource leaks (RESOURCE_LEAK)
Variable "sval" going out of scope leaks the storage it points to.
61 uselect_items.push_back(item);CID 644272: Performance inefficiencies (COPY_INSTEAD_OF_MOVE) >>> "item" is copied and then passed-by-reference as parameter to STL insertion function "std::vector<sbbs_t::uselect_item, std::allocator<sbbs_t::uselect_item> >::push_back(std::vector<sbbs_t::uselect_item, std::allocator<sbbs_t::uselect_item> >::value_type const &)", when it could be moved instead.
5548 client_socket = INVALID_SOCKET;Assigning value "-1" to "client_socket" here, but that stored value is overwritten before it can be used.
837 idx = (idxrec_t*)(idxbuf + (m * idxreclen));CID 644892: Resource leaks (RESOURCE_LEAK)
Variable "idxbuf" going out of scope leaks the storage it points to. 836 return;
1139 vstat.vmem->changed = true;CID 644904: Concurrent data access violations (MISSING_LOCK) >>> Accessing "vstat.vmem->changed" without holding lock "vstat_chlock". Elsewhere, "vstat_vmem.changed" is written to with "vstat_chlock" held 7 out of 8 times (6 of these accesses strongly imply that it is necessary).
861 screena.update_pixels = 1;CID 644903: Concurrent data access violations (MISSING_LOCK) >>> Accessing "screena.update_pixels" without holding lock "screenlock". Elsewhere, "bitmap_screen.update_pixels" is written to with "screenlock" held 18 out of 24 times.
988 screena.update_pixels = true;CID 644905: Concurrent data access violations (MISSING_LOCK) >>> Accessing "screena.update_pixels" without holding lock "screenlock". Elsewhere, "bitmap_screen.update_pixels" is written to with "screenlock" held 18 out of 24 times.
462 return csrc;CID 644927: (RESOURCE_LEAK)
Variable "nt" going out of scope leaks the storage it points to.
462 return csrc;CID 644927: (RESOURCE_LEAK)
Variable "nt" going out of scope leaks the storage it points to.
462 return csrc;CID 644927: (RESOURCE_LEAK)
Variable "nt" going out of scope leaks the storage it points to.
462 return csrc;CID 644927: (RESOURCE_LEAK)
Variable "nt" going out of scope leaks the storage it points to.
462 return csrc;CID 644927: (RESOURCE_LEAK)
Variable "nt" going out of scope leaks the storage it points to.
1136 ssize_t rv = write(fd, wl_copybuf + sent, len - sent);CID 645010: Insecure data handling (INTEGER_OVERFLOW)
"len - sent", which might have underflowed, is passed to "write(fd, wl_copybuf + sent, len - sent)".
1459 int rv = read(wl_local_pipe[0], buf + got, sizeof(*lev) - got);CID 645009: Insecure data handling (INTEGER_OVERFLOW)
"96UL - got", which might have underflowed, is passed to "read(wl_local_pipe[0], buf + got, 96UL - got)".
243 if (wl_copybuf) {CID 645008: Concurrent data access violations (MISSING_LOCK) >>> Accessing "wl_copybuf" without holding lock "wl_copybuf_mutex". Elsewhere, "wl_copybuf" is written to with "wl_copybuf_mutex" held 2 out of 2 times.
2754CID 645007: Program hangs (SLEEP)
Call to "hyperlink_gc" might sleep while holding lock "hyperlink_mutex".
2702 strcat(sgrbuf, params++ ? ";1" : "1");CID 645069: Control flow issues (DEADCODE)
Execution cannot reach the expression "";1"" inside this statement: "strcat(sgrbuf, (params++ ? ...".
| Sysop: | Denn |
|---|---|
| Location: | Clearfield, Utah |
| Users: | 48 |
| Nodes: | 15 (0 / 15) |
| Uptime: | 144:58:14 |
| Calls: | 1,044 |
| Files: | 38,178 |
| D/L today: |
186 files (63,107K bytes) |
| Messages: | 34,408 |
![https://scan.coverity.com/assets/BlackDuckLogo-6697adc63e07340464201a2ad534d3d3e44f95d36edda20b140440d34f05372f.svg"](https://scan.coverity.com/assets/BlackDuckLogo-6697adc63e07340464201a2ad534d3d3e44f95d36edda20b140440d34f05372f.svg"){kind=link}