1. Forum
  2. DOVE-Net
  3. Synchronet Programming

  • src/sbbs3/netmail.cpp qwktomsg.cpp

    From Rob Swindell (on Debian Linux)@VERT to Git commit to main/sbbs/master on Wed May 6 19:41:53 2026
    https://gitlab.synchro.net/main/sbbs/-/commit/22d5c8a53a3577b45978b6b1
    Modified Files:
    src/sbbs3/netmail.cpp qwktomsg.cpp
    Log Message:
    qwk: make sentinel NUL after fread explicit (CIDs 645830, 645831, 645832)

    Both qwktomsg.cpp and netmail.cpp over-allocate the QWK message buffer
    by one block (calloc-zeroed, never written by fread) so downstream strchr/strlen/strlcpy/SAFECOPY scans always terminate within the
    allocation. Coverity can't see the over-allocation invariant and flags SAFECOPY/strListPush/whitespace-loop on the buffer as STRING_NULL or TAINTED_SCALAR. Write the trailing NUL explicitly after each fread so
    the sentinel action is visible. No runtime change (calloc already
    zeroed it).

    Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

    ---
    ■ Synchronet ■ Vertrauen ■ Home of Synchronet ■ [vert/cvs/bbs].synchro.net