build: enable missing OpenSSF-recommended warnings, with fixes

https://best.openssf.org/Compiler-Hardening-Guides/Compiler-Options-Hardening-Guide-for-C-and-C++.html
as of 2023-11-29 [1]

build: enable missing OpenSSF-recommended warnings, with fixes

https://best.openssf.org/Compiler-Hardening-Guides/Compiler-Options-Hardening-Guide-for-C-and-C++.html
as of 2023-11-29 [1].

Enable new recommended warnings (except `-Wsign-conversion`):

- enable `-Wformat=2` for clang (in both cmake and autotools).
- add `CURL_PRINTF()` internal attribute and mark functions accepting
printf arguments with it. This is a copy of existing
`CURL_TEMP_PRINTF()` but using `__printf__` to make it compatible
with redefinting the `printf` symbol:
https://gcc.gnu.org/onlinedocs/gcc-3.0.4/gcc_5.html#SEC94
- fix `CURL_PRINTF()` and existing `CURL_TEMP_PRINTF()` for
mingw-w64 and enable it on this platform.
- enable `-Wimplicit-fallthrough`.
- enable `-Wtrampolines`.
- add `-Wsign-conversion` commented with a FIXME.
- cmake: enable `-pedantic-errors` the way we do it with autotools.
Follow-up to d5c0351055d5709da8f3e16c91348092fdb481aa #2747
- lib/curl_trc.h: use `CURL_FORMAT()`, this also fixes it to enable format
checks. Previously it was always disabled due to the internal `printf`
macro.

Fix them:

- fix bug where an `set_ipv6_v6only()` call was missed in builds with
`--disable-verbose` / `CURL_DISABLE_VERBOSE_STRINGS=ON`.
- add internal `FALLTHROUGH()` macro.
- replace obsolete fall-through comments with `FALLTHROUGH()`.
- fix fallthrough markups: Delete redundant ones (showing up as
warnings in most cases). Add missing ones. Fix indentation.
- silence `-Wformat-nonliteral` warnings with llvm/clang.
- fix one `-Wformat-nonliteral` warning.
- fix new `-Wformat` and `-Wformat-security` warnings.
- fix `CURL_FORMAT_SOCKET_T` value for mingw-w64. Also move its
definition to `lib/curl_setup.h` allowing use in `tests/server`.
- lib: fix two wrongly passed string arguments in log outputs.
Co-authored-by: Jay Satiro
- fix new `-Wformat` warnings on mingw-w64.

[1] https://github.com/ossf/wg-best-practices-os-developers/blob/56c0fde3895bfc55c8a973ef49a2572c507b2ae1/docs/Compiler-Hardening-Guides/Compiler-Options-Hardening-Guide-for-C-and-C%2B%2B.md

Closes #12489

show more ...

tool: remove exclamation marks from error/warning messages

tool: use errorf() for error output

Convert a number of fprintf() calls.

tool: remove newlines from all helpf/notef/warnf/errorf calls

Make voutf() always add one.

Closes #11226

checksrc: disallow spaces before labels

Out of 415 labels throughout the code base, 86 of those labels were
not at the start of the line. Which means labels always at the start of
th

checksrc: disallow spaces before labels

Out of 415 labels throughout the code base, 86 of those labels were
not at the start of the line. Which means labels always at the start of
the line is the favoured style overall with 329 instances.

Out of the 86 labels not at the start of the line:
* 75 were indented with the same indentation level of the following line
* 8 were indented with exactly one space
* 2 were indented with one fewer indentation level then the following
line
* 1 was indented with the indentation level of the following line minus
three space (probably unintentional)

Co-Authored-By: Viktor Szakats

Closes #11134

show more ...

tool: improve --stderr handling

- freopen stderr with the user-specified file (--stderr file) instead of
using a separate 'errors' stream.

- In tool_setup.h override stdio.h's

tool: improve --stderr handling

- freopen stderr with the user-specified file (--stderr file) instead of
using a separate 'errors' stream.

- In tool_setup.h override stdio.h's stderr macro as global variable
tool_stderr.

Both freopen and overriding the stderr macro are necessary because if
the user-specified filename is "-" then stdout is assigned to
tool_stderr and no freopen takes place. See the PR for more information.

Ref: https://github.com/curl/curl/issues/10491

Closes https://github.com/curl/curl/pull/10673

show more ...

copyright: update all copyright lines and remove year ranges

- they are mostly pointless in all major jurisdictions
- many big corporations and projects already don't use them
- save

copyright: update all copyright lines and remove year ranges

- they are mostly pointless in all major jurisdictions
- many big corporations and projects already don't use them
- saves us from pointless churn
- git keeps history for us
- the year range is kept in COPYING

checksrc is updated to allow non-year using copyright statements

Closes #10205

show more ...

tool_formparse: avoid clobbering on function params

While perfectly legal to do, clobbering function parameters and using
them as local variables is confusing at best and rarely improves

tool_formparse: avoid clobbering on function params

While perfectly legal to do, clobbering function parameters and using
them as local variables is confusing at best and rarely improves code
readability. Fix by using a local variable instead, no functionality
is changed.

This also renames the parameter from data to mime_data since the term
data is (soft) reserved for the easy handle struct.

Closes: #10046
Reviewed-by: Daniel Stenberg <daniel@haxx.se>

show more ...

tool_formparse: unroll the NULL_CHECK and CONST_FREE macros

To make the code read more obvious

Assisted-by: Jay Satiro

Closes #9710

curl_ctype: convert to macros-only

This no longer provide functions, only macros. Runs faster and produces
smaller output.

The biggest precaution this change brings:

DO

curl_ctype: convert to macros-only

This no longer provide functions, only macros. Runs faster and produces
smaller output.

The biggest precaution this change brings:

DO NOT use post/pre-increments when passing arguments to the macros.

Closes #9429

show more ...

tool_formparse: fix variable may be used before its value is set

Warning by icc

Closes #9179

copyright: make repository REUSE compliant

Add licensing and copyright information for all files in this repository. This
either happens in the file itself as a comment header or in the

copyright: make repository REUSE compliant

Add licensing and copyright information for all files in this repository. This
either happens in the file itself as a comment header or in the file
`.reuse/dep5`.

This commit also adds a Github workflow to check pull requests and adapts
copyright.pl to the changes.

Closes #8869

show more ...

tool_paramhlp: use feof(3) to identify EOF correctly when using fread(3)

This loop was using the number of bytes read from the file as condition
to keep reading.

From Linux's fr

tool_paramhlp: use feof(3) to identify EOF correctly when using fread(3)

This loop was using the number of bytes read from the file as condition
to keep reading.

From Linux's fread(3) man page:
> On success, fread() and fwrite() return the number of items read or
> written. This number equals the number of bytes transferred only when
> size is 1. If an error occurs, or the end of the file is reached, the
> return value is a short item count (or zero).
>
> The file position indicator for the stream is advanced by the number
> of bytes successfully read or written.
>
> fread() does not distinguish between end-of-file and error, and
> callers must use feof(3) and ferror(3) to determine which occurred.

This means that nread!=0 doesn't make much sense as an end condition for
the loop: nread==0 doesn't necessarily mean that EOF has been reached or
an error has occured (but that is usually the case) and nread!=0 doesn't
necessarily mean that EOF has not been reached or that no read errors
have occured. feof(3) and ferror(3) should be uses when using fread(3).

Currently curl has to performs an extra fread(3) call to get a return
value equal to 0 to stop looping.

This usually "works" (even though nread==0 shouldn't be interpreted as
EOF) if stdin is a pipe because EOF usually marks the "real" end of the
stream, so the extra fread(3) call will return immediately and the extra
read syscall won't be noticeable:

bash-5.1$ strace -e read curl -s -F file=@- 0x0.st <<< a 2>&1 |
> tail -n 5
read(0, "a\n", 4096) = 2
read(0, "", 4096) = 0
read(0, "", 4096) = 0
http://0x0.st/oRs.txt
+++ exited with 0 +++
bash-5.1$

But this doesn't work if curl is reading from stdin, stdin is a
terminal, and the EOF is being emulated using a shell with ^D. Two
consecutive ^D will be required in this case to actually make curl stop
reading:

bash-5.1$ curl -F file=@- 0x0.st
a
^D^D
http://0x0.st/oRs.txt
bash-5.1$

A possible workaround to this issue is to use a program that handles EOF
correctly to indirectly send data to curl's stdin:

bash-5.1$ cat - | curl -F file=@- 0x0.st
a
^D
http://0x0.st/oRs.txt
bash-5.1$

This patch makes curl handle EOF properly when using fread(3) in
file2memory() so that the workaround is not necessary.

Since curl was previously ignoring read errors caused by this fread(3),
ferror(3) is also used in the condition of the loop: read errors and EOF
will have the same meaning; this is done to somewhat preserve the old
behaviour instead of making the command fail when a read error occurs.

Closes #8701

show more ...

lib: remove support for CURL_DOES_CONVERSIONS

TPF was the only user and support for that was dropped.

Closes #8378

curl: add warning for ignored data after quoted form parameter

In an argument like `-F 'x=@/etc/hostname;filename="foo"abc'` the `abc`
is ignored. This adds a warning if the ignored data

curl: add warning for ignored data after quoted form parameter

In an argument like `-F 'x=@/etc/hostname;filename="foo"abc'` the `abc`
is ignored. This adds a warning if the ignored data isn't all
whitespace.

Closes #7394

show more ...

misc: fix "warning: empty expression statement has no effect"

Turned several macros into do-while(0) style to allow their use to work
find with semicolon.

Bug: https://github.co

misc: fix "warning: empty expression statement has no effect"

Turned several macros into do-while(0) style to allow their use to work
find with semicolon.

Bug: https://github.com/curl/curl/commit/08e8455dddc5e48e58a12ade3815c01ae3da3b64#commitcomment-45433279
Follow-up to 08e8455dddc5e4
Reported-by: Gisle Vanem
Closes #6376

show more ...

curl.se: new home

Closes #6172

source cleanup: remove all custom typedef structs

- Stick to a single unified way to use structs
- Make checksrc complain on 'typedef struct {'
- Allow them in tests, public heade

source cleanup: remove all custom typedef structs

- Stick to a single unified way to use structs
- Make checksrc complain on 'typedef struct {'
- Allow them in tests, public headers and examples

- Let MD4_CTX, MD5_CTX, and SHA256_CTX typedefs remain as they actually
typedef different types/structs depending on build conditions.

Closes #5338

show more ...

tool_formparse: remove redundant assignment

Just initialize word_begin with the correct value.

Closes https://github.com/curl/curl/pull/3873

cleanup: remove FIXME and TODO comments

They serve very little purpose and mostly just add noise. Most of them
have been around for a very long time. I read them all before removing

cleanup: remove FIXME and TODO comments

They serve very little purpose and mostly just add noise. Most of them
have been around for a very long time. I read them all before removing
or rephrasing them.

Ref: #3876
Closes #3883

show more ...

cli tool: fix mime post with --disable-libcurl-option configure option

Reported-by: Marcel Raad
Fixes #3576
Closes #3583

curl: "Dereference of null pointer"

Rephrase to satisfy scan-build.

cli tool: do not use mime.h private structures.

Option -F generates an intermediate representation of the mime structure
that is used later to create the libcurl mime structure and gener

cli tool: do not use mime.h private structures.

Option -F generates an intermediate representation of the mime structure
that is used later to create the libcurl mime structure and generate
the --libcurl statements.

Reported-by: Daniel Stenberg
Fixes #3532
Closes #3546

show more ...

cppcheck: fix warnings

- Get rid of variable that was generating false positive warning
(unitialized)

- Fix issues in tests

- Reduce scope of several variables all over

cppcheck: fix warnings

- Get rid of variable that was generating false positive warning
(unitialized)

- Fix issues in tests

- Reduce scope of several variables all over

etc

Closes #2631

show more ...

checksrc: make sure sizeof() is used *with* parentheses

... and unify the source code to adhere.

Closes #2563