Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

3 new defect(s) introduced to Synchronet found with Coverity Scan.
3 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 3 of 3 defect(s)


** CID 645706: Error handling issues (NEGATIVE_RETURNS) /tmp/sbbs-Apr-19-2026/src/conio/cterm_cterm.c: 635 in cterm_cterm_handle_font_dcs()


_____________________________________________________________________________________________
*** CID 645706: Error handling issues (NEGATIVE_RETURNS) /tmp/sbbs-Apr-19-2026/src/conio/cterm_cterm.c: 635 in cterm_cterm_handle_font_dcs()
629 return;
630 if (cterm->font_slot > 255)
631 return;
632 if (p && *p == ':') {
633 p++;
634 i = b64_decode(cterm->fontbuf, sizeof(cterm->fontbuf), p, 0);

CID 645706: Error handling issues (NEGATIVE_RETURNS)
"i" is passed to a parameter that cannot be negative.

635 p2 = malloc(i);
636 if (p2) {
637 memcpy(p2, cterm->fontbuf, i);
638 replace_font(cterm->font_slot,
639 strdup("Remote Defined Font"), p2, i);
640 }

** CID 645705: Memory - corruptions (OVERRUN) /tmp/sbbs-Apr-19-2026/src/conio/cterm_cterm.c: 637 in cterm_cterm_handle_font_dcs()


_____________________________________________________________________________________________
*** CID 645705: Memory - corruptions (OVERRUN) /tmp/sbbs-Apr-19-2026/src/conio/cterm_cterm.c: 637 in cterm_cterm_handle_font_dcs()
631 return;
632 if (p && *p == ':') {
633 p++;
634 i = b64_decode(cterm->fontbuf, sizeof(cterm->fontbuf), p, 0);
635 p2 = malloc(i);
636 if (p2) {

CID 645705: Memory - corruptions (OVERRUN)
Calling "memcpy" with "p2" and "i" is suspicious because of the very large index, 18446744073709551615. The index may be due to a negative parameter being interpreted as unsigned.

637 memcpy(p2, cterm->fontbuf, i);
638 replace_font(cterm->font_slot,
639 strdup("Remote Defined Font"), p2, i);
640 }
641 }
642 }

** CID 645704: (STRING_OVERFLOW) /tmp/sbbs-Apr-19-2026/src/conio/cterm_dec.c: 2139 in cterm_dec_dcs_finish()
/tmp/sbbs-Apr-19-2026/src/conio/cterm_dec.c: 2135 in cterm_dec_dcs_finish()


_____________________________________________________________________________________________
*** CID 645704: (STRING_OVERFLOW) /tmp/sbbs-Apr-19-2026/src/conio/cterm_dec.c: 2139 in cterm_dec_dcs_finish()
2133 if (cterm->fg_tc_str) {
2134 strcat(tmp, ";");
2135 strcat(tmp, cterm->fg_tc_str);
2136 }
2137 if (cterm->bg_tc_str) {
2138 strcat(tmp, ";");

CID 645704: (STRING_OVERFLOW)
You might overrun the 3072-character fixed-size string "tmp" by copying "cterm->bg_tc_str" without checking the length.

2139 strcat(tmp, cterm->bg_tc_str);
2140 }
2141 strcat(tmp, "m\x1b\\");
2142 cterm_respond(cterm, tmp, strlen(tmp));
2143 }
2144 else { /tmp/sbbs-Apr-19-2026/src/conio/cterm_dec.c: 2135 in cterm_dec_dcs_finish()
2129 case 6: strcat(tmp, ";43"); break;
2130 case 7: strcat(tmp, ";47"); break;
2131 }
2132 }
2133 if (cterm->fg_tc_str) {
2134 strcat(tmp, ";");

CID 645704: (STRING_OVERFLOW)
You might overrun the 3072-character fixed-size string "tmp" by copying "cterm->fg_tc_str" without checking the length.

2135 strcat(tmp, cterm->fg_tc_str);
2136 }
2137 if (cterm->bg_tc_str) {
2138 strcat(tmp, ";");
2139 strcat(tmp, cterm->bg_tc_str);
2140 }


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://scan.coverity.com/projects/synchronet?tab=overview



---
* Synchronet * Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net