https://gitlab.synchro.net/main/sbbs/-/issues/276#note_2122

Hi Rob, Sorry for the late reply. This issue is scanned by a static analysis scanner. Since in function scansubs(), it initializes str[256]="". Thus, in function scanallsub(), str[256] is better to initialize when it gets allocated.According to my analysis of the code, str[256] only gets initialized if SCAN_FIND mode is set. However, when str gets used in scanposts(), scanallsub() doesn't check what mode it is. At least, str will be somehow in the uninitialized stage if it is not initialized by getstr(). In scanposts, find parameter not only use in:safe_snprintf(cmdline, sizeof(cmdline), "%s %s %ld %s", cfg.scanposts_mod, cfg.sub[subnum]->code, mode, find);but also use in: if(strcasestr(buf,find) == NULL && strcasestr(msg.subj, find) == NULL && (msg.tags == NULL || strcasestr(msg.tags, find) == NULL)) {to determine if condition.
--- SBBSecho 3.14-Linux
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

https://gitlab.synchro.net/main/sbbs/-/issues/276#note_2123

What static analysis scanner? Can you share those analysis results?
--- SBBSecho 3.14-Linux
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

https://gitlab.synchro.net/main/sbbs/-/issues/276#note_2124

I'm not clear why you reopened this issue. I thought it was addressed with https://gitlab.synchro.net/main/sbbs/-/commit/ff7c73d863508d22c0a224eb3e460082af3b7fa9
--- SBBSecho 3.14-Linux
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

https://gitlab.synchro.net/main/sbbs/-/issues/276#note_2312

This issue has been resolved.
--- SBBSecho 3.14-Linux
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)