open
https://gitlab.synchro.net/main/sbbs/-/issues/1127
```
3. ini_file.c:443 — iniRemoveValue: while (*vp != '\0' && isspace(*(vp-1))) --vp; dereferences *(vp-1) with no lower bound.
Walks backward past '=' / key start if the value begins with whitespace. Buffer underread. Fix: pass a start pointer and
guard vp > start.
4. ini_file.c:934 — sprintf(value + strlen(value), "%u", val_list[i]) into char value[1024]. With enough list items (each
up to 11 chars + sep) this overflows. Real overflow under pathological input. Fix: compute remaining space, use snprintf or
SAFEPRINTF.
5. ini_file.c:1012 — same pattern; severity depends on caller's str size. Suspicious.
6. named_str_list.c:36 — unchecked malloc (TODO comment admits it); leaves list with a NULL slot. No crash, but
inconsistent state. Fix: propagate error.
```
--- SBBSecho 3.37-Linux
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)