New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
build: enable missing OpenSSF-recommended warnings, with fixes #12489
Closed
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
vszakats
changed the title
enable recommended OpenSSF warnings
build: enable recommended OpenSSF warnings
Dec 8, 2023
vszakats
commented
Dec 8, 2023
bagder
reviewed
Dec 8, 2023
vszakats
changed the title
build: enable recommended OpenSSF warnings
build: enable missing OpenSSF-recommended warnings, with fixes
Dec 8, 2023
vszakats
force-pushed
the
openssf
branch
6 times, most recently
from
December 9, 2023 00:16
8467031
to
722d4c8
Compare
This is ready now. |
bagder
reviewed
Dec 11, 2023
vszakats
added a commit
to vszakats/curl
that referenced
this pull request
Dec 11, 2023
vszakats
commented
Dec 11, 2023
Renamed to use Is there something else to address? |
also add `-Wsign-conversion` commented, with FIXME
mingw sets `__MINGW_PRINTF_FORMAT` to `printf` for clang. It means it hits curl's `printf` redefinition macro and breaks. Make sure to catch this combination and manually set `__printf__` instead. This isn't stricly needed for `curl/mprintf.h` but let's do it anyway for symmetry with `lib/curl_setup.h`.
Notes: Also apply some formatting for existing `CURL_TEMP_PRINTF()` macro. 1. Initially used the `__MINGW_PRINTF_FORMAT` macro. 2. This needed fixup for mingw-w64 releases 1.x and 2.x that didn't define this macro. 3. Another fixup needed for __clang__ because it mapped it to `printf` which conflicts in `lib/curl_setup.h` with curl macro `printf`. Fix was to use `__printf__` explicitly. 4. Another fallout was for gcc 9, 7, 6, because `__MINGW_PRINTF_FORMAT` mapped to `ms_printf` for them, which doesn't recognize `%z`. Fixed by using `gnu_printf`. 5. Next fallout is that SOME formats actually use the MS format.
when compiling curl itself (including tests.)
To allow using it from tests.
Instead of casting to `long`.
vszakats
added a commit
to vszakats/curl
that referenced
this pull request
Dec 16, 2023
- add `CURL_PRINTF()` to `imap_sendf()`. - update memdebug functions to no longer trigger `-Wformat-nonliteral` warnings. Follow-up to 3829759 curl#12489 Closes #xxxxx
vszakats
added a commit
to vszakats/curl
that referenced
this pull request
Dec 16, 2023
- add `CURL_PRINTF()` to `imap_sendf()`. - update memdebug functions to no longer trigger `-Wformat-nonliteral` warnings. Follow-up to 3829759 curl#12489 Closes #xxxxx
vszakats
added a commit
to vszakats/curl
that referenced
this pull request
Dec 16, 2023
- add `CURL_PRINTF()` to `imap_sendf()`. - update memdebug functions to no longer trigger `-Wformat-nonliteral` warnings. Follow-up to 3829759 curl#12489 Closes #xxxxx
vszakats
added a commit
that referenced
this pull request
Jan 27, 2024
- delete redundant warning suppressions for `-Wformat-nonliteral`. This now relies on `CURL_PRINTF()` and it's theoratically possible that this macro isn't active but the warning is. We're ignoring this as a corner-case here. - replace two pragmas with code changes to avoid the warnings. Follow-up to aee4ebe #12803 Follow-up to 0923012 #12540 Follow-up to 3829759 #12489 Reviewed-by: Daniel Stenberg Closes #12812
1 task
vszakats
added a commit
that referenced
this pull request
Jan 28, 2024
- tool_msgs: delete redundant `-Wformat-nonliteral` suppression pragma. - whitespace formatting in `mprintf.h`, lib518, lib537. - lib518: fix wrong variable in `sizeof()`. - lib518: bump variables to `rlim_t`. Follow-up to e2b3941 #1469 - lib518: sync error message with lib537 Follow-up to 365322b - lib518, lib537: replace `-Wformat-nonliteral` suppression pragmas by reworking test code. Follow-up to 5b286c2 #12812 Follow-up to aee4ebe #12803 Follow-up to 0923012 #12540 Follow-up to 3829759 #12489 Reviewed-by: Daniel Stenberg Closes #12814
vszakats
added a commit
to vszakats/curl
that referenced
this pull request
Apr 4, 2024
`-pedantic-errors` option throws a warning with GCC (all versions) in `check_symbol_exists()`, which makes feature checks fail. CMake v3.23.0 (2022-03-29) introduced a workaround: https://gitlab.kitware.com/cmake/cmake/-/issues/13208 https://gitlab.kitware.com/cmake/cmake/-/commit/eeb45401163d831b8c841ef6eba81466b4067b68 https://gitlab.kitware.com/cmake/cmake/-/commit/1ab7c3cd28b27ca162c4559e1026e5cad1898ade Make sure to not enable this option for CMake versions older than that. Follow-up to 3829759 curl#12489
vszakats
added a commit
to vszakats/curl
that referenced
this pull request
Apr 4, 2024
`-pedantic-errors` option throws a warning with GCC (all versions) in `check_symbol_exists()`, which makes feature checks fail. CMake v3.23.0 (2022-03-29) introduced a workaround: https://gitlab.kitware.com/cmake/cmake/-/issues/13208 https://gitlab.kitware.com/cmake/cmake/-/commit/eeb45401163d831b8c841ef6eba81466b4067b68 https://gitlab.kitware.com/cmake/cmake/-/commit/1ab7c3cd28b27ca162c4559e1026e5cad1898ade Make sure to not enable this option for CMake versions older than that. Follow-up to 3829759 curl#12489
vszakats
added a commit
to vszakats/curl
that referenced
this pull request
Apr 5, 2024
`-pedantic-errors` option throws a warning with GCC (all versions) in `check_symbol_exists()`, which makes feature checks fail. CMake v3.23.0 (2022-03-29) introduced a workaround: https://gitlab.kitware.com/cmake/cmake/-/issues/13208 https://gitlab.kitware.com/cmake/cmake/-/commit/eeb45401163d831b8c841ef6eba81466b4067b68 https://gitlab.kitware.com/cmake/cmake/-/commit/1ab7c3cd28b27ca162c4559e1026e5cad1898ade Make sure to not enable this option for CMake versions older than that. Follow-up to 3829759 curl#12489
vszakats
added a commit
to vszakats/curl
that referenced
this pull request
Apr 5, 2024
`-pedantic-errors` option throws a warning with GCC (all versions) in `check_symbol_exists()`, which makes feature checks fail. CMake v3.23.0 (2022-03-29) introduced a workaround: https://gitlab.kitware.com/cmake/cmake/-/issues/13208 https://gitlab.kitware.com/cmake/cmake/-/commit/eeb45401163d831b8c841ef6eba81466b4067b68 https://gitlab.kitware.com/cmake/cmake/-/commit/1ab7c3cd28b27ca162c4559e1026e5cad1898ade Make sure to not enable this option for CMake versions older than that. Follow-up to 3829759 curl#12489
vszakats
added a commit
that referenced
this pull request
Apr 5, 2024
- cmake: fix `-pedantic-errors` for old CMake with `CURL_WERROR=ON` set. `-pedantic-errors` option throws a warning with GCC (all versions) and makes `check_symbol_exists()` fail in CMake versions older than v3.23.0 (2022-03-29), when CMake introduced a workaround: https://gitlab.kitware.com/cmake/cmake/-/issues/13208 https://gitlab.kitware.com/cmake/cmake/-/commit/eeb45401163d831b8c841ef6eba81466b4067b68 https://gitlab.kitware.com/cmake/cmake/-/commit/1ab7c3cd28b27ca162c4559e1026e5cad1898ade Follow-up to 3829759 #12489 - set `CURL_WERROR=ON` for the `linux-old` job in CI. Closes #13282
vszakats
added a commit
to vszakats/curl
that referenced
this pull request
Apr 27, 2024
Warn by default in all builds, but without triggering error. Once all new warnings revealed by CI are cleared, we can drop the `-Wno-error=sign-conversion` options in cmake/autotools. Follow-up to3829759bd042c03225ae862062560f568ba1a231 curl#12489 Closes #xxxxx
vszakats
added a commit
to vszakats/curl
that referenced
this pull request
Apr 27, 2024
Before this patch, cmake/autotools builds made an exception for this warning to not cause an error. The codebase is warning-free now, so this patch deletes this exception. Follow-up [...] Follow-up to3829759bd042c03225ae862062560f568ba1a231 curl#12489 Closes #xxxxx
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
https://best.openssf.org/Compiler-Hardening-Guides/Compiler-Options-Hardening-Guide-for-C-and-C++.html
[as of 2023-11-29]
Enable new recommended warnings (except
-Wsign-conversion
):-Wformat=2
for clang (in both cmake and autotools).CURL_PRINTF()
internal attribute and mark functions acceptingprintf arguments with it. This is a copy of existing
CURL_TEMP_PRINTF()
but using__printf__
to make it compatiblewith redefinting the
printf
symbol:https://gcc.gnu.org/onlinedocs/gcc-3.0.4/gcc_5.html#SEC94
CURL_PRINTF()
and existingCURL_TEMP_PRINTF()
formingw-w64 and enable it on this platform.
-Wimplicit-fallthrough
.-Wtrampolines
.-Wsign-conversion
commented with a FIXME.-pedantic-errors
the way we do it with autotools.Follow-up to d5c0351 Enable and fix more GCC warnings #2747
CURL_FORMAT()
, this also fixes it to enable formatchecks. Previously it was always disabled due to the internal
printf
macro.
Fix them:
set_ipv6_v6only()
call was missed in builds with--disable-verbose
/CURL_DISABLE_VERBOSE_STRINGS=ON
.FALLTHROUGH()
macro.FALLTHROUGH()
.warnings in most cases). Add missing ones. Fix indentation.
-Wformat-nonliteral
warnings with llvm/clang.-Wformat-nonliteral
warning.-Wformat
and-Wformat-security
warnings.CURL_FORMAT_SOCKET_T
value for mingw-w64. Also move itsdefinition to
lib/curl_setup.h
allowing use intests/server
.Co-authored-by: Jay Satiro
-Wformat
warnings on mingw-w64.Closes #12489
TODO:
-Warith-conversion
warnings. [other PR]-Wsign-conversion
warnings. [other PR]