----==_mimepart_69e77325c1f19_1534e22c65a87519a054733
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Hi,
Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.
6 new defect(s) introduced to Synchronet found with Coverity Scan.
2 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 6 of 6 defect(s)
** CID 645741: Data race undermines locking (LOCK_EVASION) /tmp/sbbs-Apr-21-2026/src/xpdev/xpbeep.c: 2092 in xp_audio_play()
_____________________________________________________________________________________________
*** CID 645741: Data race undermines locking (LOCK_EVASION) /tmp/sbbs-Apr-21-2026/src/xpdev/xpbeep.c: 2092 in xp_audio_play() 2086 if (!newring) {
2087 assert_pthread_mutex_unlock(&s->mutex);
2088 xp_audio_close(h);
2089 return -1;
2090 }
2091 s->ring = newring;
CID 645741: Data race undermines locking (LOCK_EVASION)
Thread1 sets "ring_frames" to a new value. Now the two threads have an inconsistent view of "ring_frames" and updates to fields correlated with "ring_frames" may be lost.
2092 s->ring_frames = nframes;
2093 assert_pthread_mutex_unlock(&s->mutex);
2094 }
2095 if (loop) {
2096 assert_pthread_mutex_lock(&s->mutex);
2097 s->loop = true;
** CID 645740: Null pointer dereferences (NULL_RETURNS) /tmp/sbbs-Apr-21-2026/src/xpdev/xpbeep.c: 2082 in xp_audio_play()
_____________________________________________________________________________________________
*** CID 645740: Null pointer dereferences (NULL_RETURNS) /tmp/sbbs-Apr-21-2026/src/xpdev/xpbeep.c: 2082 in xp_audio_play() 2076
2077 if (h < 0)
2078 return -1;
2079 s = stream_from_handle(h);
2080 /* Resize ring to fit exactly if larger than default. Loop mode requires
2081 * the ring to hold the full sample (read wraps to write_pos). */
CID 645740: Null pointer dereferences (NULL_RETURNS)
Dereferencing "s", which is known to be "NULL".
2082 if (nframes > s->ring_frames) {
2083 int16_t *newring;
2084 assert_pthread_mutex_lock(&s->mutex);
2085 newring = realloc(s->ring, nframes * S_CHANNELS * sizeof(int16_t));
2086 if (!newring) {
2087 assert_pthread_mutex_unlock(&s->mutex);
** CID 645739: Concurrent data access violations (MISSING_LOCK) /tmp/sbbs-Apr-21-2026/src/xpdev/xpbeep.c: 1862 in xp_audio_open()
_____________________________________________________________________________________________
*** CID 645739: Concurrent data access violations (MISSING_LOCK) /tmp/sbbs-Apr-21-2026/src/xpdev/xpbeep.c: 1862 in xp_audio_open() 1856
1857 assert_pthread_mutex_lock(&mixer_lock);
1858 /* Reap any done+auto_close streams first to free slots. Safe under
1859 * mixer_lock no mixer pull is in progress. */
1860 for (i = 0; i < XP_AUDIO_MAX_STREAMS; i++) {
1861 struct xp_audio_stream *r = mixer_streams[i];
CID 645739: Concurrent data access violations (MISSING_LOCK) >>> Accessing "r->done" without holding lock "xp_audio_stream.mutex". Elsewhere, "xp_audio_stream.done" is written to with "xp_audio_stream.mutex" held 4 out of 4 times (1 of these accesses strongly imply that it is necessary).
1862 if (r && r->auto_close && r->done) {
1863 mixer_streams[i] = NULL;
1864 free_stream_locked(r);
1865 }
1866 }
1867 for (i = 0; i < XP_AUDIO_MAX_STREAMS; i++) {
** CID 645738: Uninitialized variables (UNINIT)
_____________________________________________________________________________________________
*** CID 645738: Uninitialized variables (UNINIT) /tmp/sbbs-Apr-21-2026/src/conio/cterm_cterm.c: 1125 in play_music() 1119 if (buf) {
1120 if (note_frames > 0)
1121 xptone_makewave(freq, buf, note_frames, WAVE_SHAPE_SINE_SAW_HARM);
1122 if (pause_frames > 0)
1123 memset(buf + (size_t)note_frames * XPBEEP_CHANNELS, 0,
1124 (size_t)pause_frames * XPBEEP_FRAMESIZE);
CID 645738: Uninitialized variables (UNINIT)
Using uninitialized value "*buf" when calling "xp_audio_append".
1125 xp_audio_append(cterm->music_stream, buf, total_frames);
1126 free(buf);
1127 if (cterm->musicfore) {
1128 xp_audio_wait(cterm->music_stream);
1129 had_foreground = 1;
1130 }
** CID 645737: Concurrent data access violations (MISSING_LOCK) /tmp/sbbs-Apr-21-2026/src/xpdev/xpbeep.c: 2082 in xp_audio_play()
_____________________________________________________________________________________________
*** CID 645737: Concurrent data access violations (MISSING_LOCK) /tmp/sbbs-Apr-21-2026/src/xpdev/xpbeep.c: 2082 in xp_audio_play() 2076
2077 if (h < 0)
2078 return -1;
2079 s = stream_from_handle(h);
2080 /* Resize ring to fit exactly if larger than default. Loop mode requires
2081 * the ring to hold the full sample (read wraps to write_pos). */
CID 645737: Concurrent data access violations (MISSING_LOCK) >>> Accessing "s->ring_frames" without holding lock "xp_audio_stream.mutex". Elsewhere, "xp_audio_stream.ring_frames" is written to with "xp_audio_stream.mutex" held 1 out of 1 times.
2082 if (nframes > s->ring_frames) {
2083 int16_t *newring;
2084 assert_pthread_mutex_lock(&s->mutex);
2085 newring = realloc(s->ring, nframes * S_CHANNELS * sizeof(int16_t));
2086 if (!newring) {
2087 assert_pthread_mutex_unlock(&s->mutex);
** CID 645736: Concurrent data access violations (MISSING_LOCK) /tmp/sbbs-Apr-21-2026/src/xpdev/xpbeep.c: 1862 in xp_audio_open()
_____________________________________________________________________________________________
*** CID 645736: Concurrent data access violations (MISSING_LOCK) /tmp/sbbs-Apr-21-2026/src/xpdev/xpbeep.c: 1862 in xp_audio_open() 1856
1857 assert_pthread_mutex_lock(&mixer_lock);
1858 /* Reap any done+auto_close streams first to free slots. Safe under
1859 * mixer_lock no mixer pull is in progress. */
1860 for (i = 0; i < XP_AUDIO_MAX_STREAMS; i++) {
1861 struct xp_audio_stream *r = mixer_streams[i];
CID 645736: Concurrent data access violations (MISSING_LOCK) >>> Accessing "r->auto_close" without holding lock "xp_audio_stream.mutex". Elsewhere, "xp_audio_stream.auto_close" is written to with "xp_audio_stream.mutex" held 1 out of 1 times (1 of these accesses strongly imply that it is necessary).
1862 if (r && r->auto_close && r->done) {
1863 mixer_streams[i] = NULL;
1864 free_stream_locked(r);
1865 }
1866 }
1867 for (i = 0; i < XP_AUDIO_MAX_STREAMS; i++) {
________________________________________________________________________________________________________
To view the defects in Coverity Scan visit,
https://scan.coverity.com/projects/synchronet?tab=overview
----==_mimepart_69e77325c1f19_1534e22c65a87519a054733
Content-Type: text/html; charset=us-ascii
Content-Transfer-Encoding: 7bit
<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<title>New Defects Reported - Synchronet</title>
<style>
body { font-family: Arial, sans-serif; color: #222; line-height: 1.6; }
.button {
display: inline-block;
padding: 10px 20px;
margin: 20px 0;
font-size: 16px;
color: #fff !important;
background-color: #0056b3;
text-decoration: none;
border-radius: 5px;
}
pre {
background: #f8f9fa;
padding: 10px;
border-radius: 5px;
font-size: 14px;
overflow-x: auto;
}
</style>
</head>
<body>
<p>Hi,</p>
<p>
Please find the latest report on new defect(s) introduced to <strong>Synchronet</strong>
found with Coverity Scan.
</p>
<ul>
<li><strong>New Defects Found:</strong> 6</li>
<li>
2 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.
</li>
<li><strong>Defects Shown:</strong> Showing 6 of 6 defect(s)</li>
</ul>
<h3>Defect Details</h3>
<pre>
** CID 645741: Data race undermines locking (LOCK_EVASION) /tmp/sbbs-Apr-21-2026/src/xpdev/xpbeep.c: 2092 in xp_audio_play()
_____________________________________________________________________________________________
*** CID 645741: Data race undermines locking (LOCK_EVASION) /tmp/sbbs-Apr-21-2026/src/xpdev/xpbeep.c: 2092 in xp_audio_play() 2086 if (!newring) {
2087 assert_pthread_mutex_unlock(&s->mutex); 2088 xp_audio_close(h);
2089 return -1;
2090 }
2091 s->ring = newring;
>>> CID 645741: Data race undermines locking (LOCK_EVASION)
>>> Thread1 sets "ring_frames" to a new value. Now the two threads have an inconsistent view of "ring_frames" and updates to fields correlated with "ring_frames" may be lost.
2092 s->ring_frames = nframes;
2093 assert_pthread_mutex_unlock(&s->mutex);
2094 }
2095 if (loop) {
2096 assert_pthread_mutex_lock(&s->mutex);
2097 s->loop = true;
** CID 645740: Null pointer dereferences (NULL_RETURNS) /tmp/sbbs-Apr-21-2026/src/xpdev/xpbeep.c: 2082 in xp_audio_play()
_____________________________________________________________________________________________
*** CID 645740: Null pointer dereferences (NULL_RETURNS) /tmp/sbbs-Apr-21-2026/src/xpdev/xpbeep.c: 2082 in xp_audio_play() 2076
2077 if (h < 0)
2078 return -1;
2079 s = stream_from_handle(h);
2080 /* Resize ring to fit exactly if larger than default. Loop mode requires
2081 * the ring to hold the full sample (read wraps to write_pos). */
>>> CID 645740: Null pointer dereferences (NULL_RETURNS) >>> Dereferencing "s", which is known to be "NULL".
2082 if (nframes > s->ring_frames) {
2083 int16_t *newring;
2084 assert_pthread_mutex_lock(&s->mutex);
2085 newring = realloc(s->ring, nframes * S_CHANNELS * sizeof(int16_t));
2086 if (!newring) {
2087 assert_pthread_mutex_unlock(&s->mutex);
** CID 645739: Concurrent data access violations (MISSING_LOCK) /tmp/sbbs-Apr-21-2026/src/xpdev/xpbeep.c: 1862 in xp_audio_open()
_____________________________________________________________________________________________
*** CID 645739: Concurrent data access violations (MISSING_LOCK) /tmp/sbbs-Apr-21-2026/src/xpdev/xpbeep.c: 1862 in xp_audio_open() 1856
1857 assert_pthread_mutex_lock(&mixer_lock);
1858 /* Reap any done+auto_close streams first to free slots. Safe under
1859 * mixer_lock no mixer pull is in progress. */
1860 for (i = 0; i < XP_AUDIO_MAX_STREAMS; i++) {
1861 struct xp_audio_stream *r = mixer_streams[i]; >>> CID 645739: Concurrent data access violations (MISSING_LOCK)
>>> Accessing "r->done" without holding lock "xp_audio_stream.mutex". Elsewhere, "xp_audio_stream.done" is written to with "xp_audio_stream.mutex" held 4 out of 4 times (1 of these accesses strongly imply that it is necessary).
1862 if (r && r->auto_close && r->done) {
1863 mixer_streams[i] = NULL;
1864 free_stream_locked(r);
1865 }
1866 }
1867 for (i = 0; i < XP_AUDIO_MAX_STREAMS; i++) {
** CID 645738: Uninitialized variables (UNINIT)
_____________________________________________________________________________________________
*** CID 645738: Uninitialized variables (UNINIT) /tmp/sbbs-Apr-21-2026/src/conio/cterm_cterm.c: 1125 in play_music() 1119 if (buf) {
1120 if (note_frames > 0)
1121 xptone_makewave(freq, buf, note_frames, WAVE_SHAPE_SINE_SAW_HARM);
1122 if (pause_frames > 0)
1123 memset(buf + (size_t)note_frames * XPBEEP_CHANNELS, 0,
1124 (size_t)pause_frames * XPBEEP_FRAMESIZE);
>>> CID 645738: Uninitialized variables (UNINIT) >>> Using uninitialized value "*buf" when calling "xp_audio_append".
1125 xp_audio_append(cterm->music_stream, buf, total_frames);
1126 free(buf);
1127 if (cterm->musicfore) {
1128 xp_audio_wait(cterm->music_stream);
1129 had_foreground = 1;
1130 }
** CID 645737: Concurrent data access violations (MISSING_LOCK) /tmp/sbbs-Apr-21-2026/src/xpdev/xpbeep.c: 2082 in xp_audio_play()
_____________________________________________________________________________________________
*** CID 645737: Concurrent data access violations (MISSING_LOCK) /tmp/sbbs-Apr-21-2026/src/xpdev/xpbeep.c: 2082 in xp_audio_play() 2076
2077 if (h < 0)
2078 return -1;
2079 s = stream_from_handle(h);
2080 /* Resize ring to fit exactly if larger than default. Loop mode requires
2081 * the ring to hold the full sample (read wraps to write_pos). */
>>> CID 645737: Concurrent data access violations (MISSING_LOCK)
>>> Accessing "s->ring_frames" without holding lock "xp_audio_stream.mutex". Elsewhere, "xp_audio_stream.ring_frames" is written to with "xp_audio_stream.mutex" held 1 out of 1 times.
2082 if (nframes > s->ring_frames) {
2083 int16_t *newring;
2084 assert_pthread_mutex_lock(&s->mutex);
2085 newring = realloc(s->ring, nframes * S_CHANNELS * sizeof(int16_t));
2086 if (!newring) {
2087 assert_pthread_mutex_unlock(&s->mutex);
** CID 645736: Concurrent data access violations (MISSING_LOCK) /tmp/sbbs-Apr-21-2026/src/xpdev/xpbeep.c: 1862 in xp_audio_open()
_____________________________________________________________________________________________
*** CID 645736: Concurrent data access violations (MISSING_LOCK) /tmp/sbbs-Apr-21-2026/src/xpdev/xpbeep.c: 1862 in xp_audio_open() 1856
1857 assert_pthread_mutex_lock(&mixer_lock);
1858 /* Reap any done+auto_close streams first to free slots. Safe under
1859 * mixer_lock no mixer pull is in progress. */
1860 for (i = 0; i < XP_AUDIO_MAX_STREAMS; i++) {
1861 struct xp_audio_stream *r = mixer_streams[i]; >>> CID 645736: Concurrent data access violations (MISSING_LOCK)
>>> Accessing "r->auto_close" without holding lock "xp_audio_stream.mutex". Elsewhere, "xp_audio_stream.auto_close" is written to with "xp_audio_stream.mutex" held 1 out of 1 times (1 of these accesses strongly imply that it is necessary).
1862 if (r && r->auto_close && r->done) {
1863 mixer_streams[i] = NULL;
1864 free_stream_locked(r);
1865 }
1866 }
1867 for (i = 0; i < XP_AUDIO_MAX_STREAMS; i++) {
</pre>
<p>
<a href="
https://scan.coverity.com/projects/synchronet?tab=overview" class="button">View Defects in Coverity Scan</a>
</p>
<p>Best regards,</p>
<p>The Coverity Scan Admin Team</p>
<img class="logo" width="140" src="
https://scan.coverity.com/assets/BlackDuckLogo-6697adc63e07340464201a2ad534d3d3e44f95d36edda20b140440d34f05372f.svg" />
</body>
</html>
----==_mimepart_69e77325c1f19_1534e22c65a87519a054733--
--- SBBSecho 3.37-Linux
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
![https://scan.coverity.com/assets/BlackDuckLogo-6697adc63e07340464201a2ad534d3d3e44f95d36edda20b140440d34f05372f.svg"](https://scan.coverity.com/assets/BlackDuckLogo-6697adc63e07340464201a2ad534d3d3e44f95d36edda20b140440d34f05372f.svg"){kind=link}