lib, src: delete stray `curl_` prefix from printf calls

Also:
- unit1398: delete redundant `curl/mprintf.h` include.

Closes #14664

src: delete `curlx_m*printf()` aliases

A couple of seemingly random calls used them.
They were all mapped to `curl_m*printf()`.

Closes #14647

src: fix potential macro confusion in cmake unity builds

Sources used `lib/curlx.h` with both `ENABLE_CURLX_PRINTF` set and unset
before including it.

In a cmake "unity" batch w

src: fix potential macro confusion in cmake unity builds

Sources used `lib/curlx.h` with both `ENABLE_CURLX_PRINTF` set and unset
before including it.

In a cmake "unity" batch where the first included source had it unset,
the next sources did not get the macros requested with
`ENABLE_CURLX_PRINTF` because `lib/curl.x` had already been included
without them.

Fix it by by making the macros enabled permanently and globally for
internal sources, and dropping `ENABLE_CURLX_PRINTF`.

This came up while testing unity builds with smaller batches. The full,
default unity build where all `src` is bundled up in a single unit, was
not affected.

Fixes:
```
$ cmake -B build -DCMAKE_UNITY_BUILD=ON -DCMAKE_UNITY_BUILD_BATCH_SIZE=15
$ make -C build
...
curl/src/tool_getparam.c: In function ‘getparameter’:
curl/src/tool_getparam.c:2409:11: error: implicit declaration of function ‘msnprintf’; did you mean ‘vsnprintf’? [-Wimplicit-function-declaration]
2409 | msnprintf(buffer, sizeof(buffer), "%" CURL_FORMAT_CURL_OFF_T "-",
| ^~~~~~~~~
| vsnprintf
curl/src/tool_getparam.c:2409:11: warning: nested extern declaration of ‘msnprintf’ [-Wnested-externs]
[...]
```

Reported-by: Daniel Stenberg
Bug: https://github.com/curl/curl/pull/14626#issuecomment-2301663491

Closes #14632

show more ...

tool_paramhlp: bump maximum post data size in memory to 16GB

- stick to 2GB for 32bit systems.

Reported-by: Tim Yuer
Fixes #14521
Closes #14523

code: language cleanup in comments

Based on the standards and guidelines we use for our documentation.

- expand contractions (they're => they are etc)
- host name = > hostname

code: language cleanup in comments

Based on the standards and guidelines we use for our documentation.

- expand contractions (they're => they are etc)
- host name = > hostname
- file name => filename
- user name = username
- man page => manpage
- run-time => runtime
- set-up => setup
- back-end => backend
- a HTTP => an HTTP
- Two spaces after a period => one space after period

Closes #14073

show more ...

tool_paramhlp: remove duplicate assign

Spotted by CodeSonar

Closes #13433

paramhlp: fix CRLF-stripping files with "-d @file"

All CR and LF bytes should be stripped, as documented, and all other
bytes are inluded in the data. Starting now, it also excludes null

paramhlp: fix CRLF-stripping files with "-d @file"

All CR and LF bytes should be stripped, as documented, and all other
bytes are inluded in the data. Starting now, it also excludes null bytes
as they would otherwise also cut the data short.

Reported-by: Simon K
Fixes #13063
Closes #13064

show more ...

tool_getparam: replace malloc + copy by dynbuf for --data

tool: make parser reject blank arguments if not supported

Already in the getstr() function that clones the input argument.

Closes #12620

build: enable missing OpenSSF-recommended warnings, with fixes

https://best.openssf.org/Compiler-Hardening-Guides/Compiler-Options-Hardening-Guide-for-C-and-C++.html
as of 2023-11-29 [1]

build: enable missing OpenSSF-recommended warnings, with fixes

https://best.openssf.org/Compiler-Hardening-Guides/Compiler-Options-Hardening-Guide-for-C-and-C++.html
as of 2023-11-29 [1].

Enable new recommended warnings (except `-Wsign-conversion`):

- enable `-Wformat=2` for clang (in both cmake and autotools).
- add `CURL_PRINTF()` internal attribute and mark functions accepting
printf arguments with it. This is a copy of existing
`CURL_TEMP_PRINTF()` but using `__printf__` to make it compatible
with redefinting the `printf` symbol:
https://gcc.gnu.org/onlinedocs/gcc-3.0.4/gcc_5.html#SEC94
- fix `CURL_PRINTF()` and existing `CURL_TEMP_PRINTF()` for
mingw-w64 and enable it on this platform.
- enable `-Wimplicit-fallthrough`.
- enable `-Wtrampolines`.
- add `-Wsign-conversion` commented with a FIXME.
- cmake: enable `-pedantic-errors` the way we do it with autotools.
Follow-up to d5c0351055d5709da8f3e16c91348092fdb481aa #2747
- lib/curl_trc.h: use `CURL_FORMAT()`, this also fixes it to enable format
checks. Previously it was always disabled due to the internal `printf`
macro.

Fix them:

- fix bug where an `set_ipv6_v6only()` call was missed in builds with
`--disable-verbose` / `CURL_DISABLE_VERBOSE_STRINGS=ON`.
- add internal `FALLTHROUGH()` macro.
- replace obsolete fall-through comments with `FALLTHROUGH()`.
- fix fallthrough markups: Delete redundant ones (showing up as
warnings in most cases). Add missing ones. Fix indentation.
- silence `-Wformat-nonliteral` warnings with llvm/clang.
- fix one `-Wformat-nonliteral` warning.
- fix new `-Wformat` and `-Wformat-security` warnings.
- fix `CURL_FORMAT_SOCKET_T` value for mingw-w64. Also move its
definition to `lib/curl_setup.h` allowing use in `tests/server`.
- lib: fix two wrongly passed string arguments in log outputs.
Co-authored-by: Jay Satiro
- fix new `-Wformat` warnings on mingw-w64.

[1] https://github.com/ossf/wg-best-practices-os-developers/blob/56c0fde3895bfc55c8a973ef49a2572c507b2ae1/docs/Compiler-Hardening-Guides/Compiler-Options-Hardening-Guide-for-C-and-C%2B%2B.md

Closes #12489

show more ...

tool_paramhlp: improve str2num(): avoid unnecessary call to strlen()

Closes #11742

tool: remove newlines from all helpf/notef/warnf/errorf calls

Make voutf() always add one.

Closes #11226

checksrc: fix SPACEBEFOREPAREN for conditions starting with "*"

The open paren check wants to warn for spaces before open parenthesis
for if/while/for but also for any function call. In

checksrc: fix SPACEBEFOREPAREN for conditions starting with "*"

The open paren check wants to warn for spaces before open parenthesis
for if/while/for but also for any function call. In order to avoid
catching function pointer declarations, the logic allows a space if the
first character after the open parenthesis is an asterisk.

I also spotted what we did not include "switch" in the check but we should.

This check is a little lame, but we reduce this problem by not allowing
that space for if/while/for/switch.

Reported-by: Emanuele Torre
Closes #11044

show more ...

copyright: update all copyright lines and remove year ranges

- they are mostly pointless in all major jurisdictions
- many big corporations and projects already don't use them
- save

copyright: update all copyright lines and remove year ranges

- they are mostly pointless in all major jurisdictions
- many big corporations and projects already don't use them
- saves us from pointless churn
- git keeps history for us
- the year range is kept in COPYING

checksrc is updated to allow non-year using copyright statements

Closes #10205

show more ...

tool_paramhlp: free the proto strings on exit

And also make sure that repeated use of the options free the previous
string before it stores a new.

Follow-up from e6f8445edef8e79

tool_paramhlp: free the proto strings on exit

And also make sure that repeated use of the options free the previous
string before it stores a new.

Follow-up from e6f8445edef8e7996d

Closes #10098

show more ...

lib: parse numbers with fixed known base 10

... instead of using 0 argument that allows decimal, hex or octal when
the number is documented and assumed to use base 10.

Closes #9

lib: parse numbers with fixed known base 10

... instead of using 0 argument that allows decimal, hex or octal when
the number is documented and assumed to use base 10.

Closes #9933

show more ...

curl: timeout in the read callback

The read callback can timeout if there's nothing to read within the
given maximum period. Example use case is when doing "curl -m 3
telnet://exampl

curl: timeout in the read callback

The read callback can timeout if there's nothing to read within the
given maximum period. Example use case is when doing "curl -m 3
telnet://example.com" or anything else that expects input on stdin or
similar that otherwise would "hang" until something happens and then not
respect the timeout.

This fixes KNOWN_BUG 8.1, first filed in July 2009.

Bug: https://sourceforge.net/p/curl/bugs/846/

Closes #9815

show more ...

tool_paramhlp: make the max argument a 'double'

To fix compiler warnings "Implicit conversion from 'long' to 'double'
may lose precision"

Closes #9700

tool_paramhelp: asserts verify maximum sizes for string loading

The two defines MAX_FILE2MEMORY and MAX_FILE2STRING define the largest
strings accepted when loading files into memory, bu

tool_paramhelp: asserts verify maximum sizes for string loading

The two defines MAX_FILE2MEMORY and MAX_FILE2STRING define the largest
strings accepted when loading files into memory, but as the size is
later used as input to functions that take the size as 'int' as
argument, the sizes must not be larger than INT_MAX.

These two new assert()s make the code error out if someone would bump
the sizes without this consideration.

Reported-by Trail of Bits

Closes #9719

show more ...

tool: remove dead code

Add a debug assertion to verify protocols included/excluded in a set
are always tokenized.

Follow-up to commit 677266c.

Closes #9576

tool: remove protocol count limitation

Replace bit mask protocol sets by null-terminated arrays of protocol
tokens. These are the addresses of the protocol names returned by
curl_ver

tool: remove protocol count limitation

Replace bit mask protocol sets by null-terminated arrays of protocol
tokens. These are the addresses of the protocol names returned by
curl_version_info().

Protocol names are sorted case-insensitively before output to satisfy CI
tests matches consistency.

The protocol list returned by curl_version_info() is augmented with all
RTMP protocol variants.

Test 1401 adjusted for new alpha ordered output.

Closes #9546

show more ...

cli tool: do not use disabled protocols

As they are now rejected by the library, take care of not passing
disabled protocol names to CURLOPT_PROTOCOLS_STR and
CURLOPT_REDIR_PROTOCOLS

cli tool: do not use disabled protocols

As they are now rejected by the library, take care of not passing
disabled protocol names to CURLOPT_PROTOCOLS_STR and
CURLOPT_REDIR_PROTOCOLS_STR.

Rather than using the CURLPROTO_* constants, dynamically assign protocol
numbers based on the order they are listed by curl_version_info().

New type proto_set_t implements prototype bit masks: it should therefore
be large enough to accomodate all library-enabled protocols. If not,
protocol numbers beyond the bit count of proto_set_t are recognized but
"inaccessible": when used, a warning is displayed and the value is
ignored. Should proto_set_t overflows, enabled protocols are reordered to
force those having a public CURLPROTO_* representation to be accessible.

Code has been added to subordinate RTMP?* protocols to the presence of
RTMP in the enabled protocol list, being returned by curl_version_info()
or not.

show more ...

tool_paramhlp: fix "enumerated type mixed with another type"

Warning by icc

Closes #9179

tool_paramhlp: make check_protocol return ParameterError

"enumerated type mixed with another type"

Closes #9179

tool_getparam: repair cleanarg

Regression since 9e5669f.

Make sure the "cleaning" of command line arguments is done on the
original argv[] pointers. As a bonus, it also exits be

tool_getparam: repair cleanarg

Regression since 9e5669f.

Make sure the "cleaning" of command line arguments is done on the
original argv[] pointers. As a bonus, it also exits better on out of
memory error.

Reported-by: Litter White
Fixes #9128
Closes #9130

show more ...