#
3829759b |
| 08-Dec-2023 |
Viktor Szakats |
build: enable missing OpenSSF-recommended warnings, with fixes https://best.openssf.org/Compiler-Hardening-Guides/Compiler-Options-Hardening-Guide-for-C-and-C++.html as of 2023-11-29 [1]
build: enable missing OpenSSF-recommended warnings, with fixes https://best.openssf.org/Compiler-Hardening-Guides/Compiler-Options-Hardening-Guide-for-C-and-C++.html as of 2023-11-29 [1]. Enable new recommended warnings (except `-Wsign-conversion`): - enable `-Wformat=2` for clang (in both cmake and autotools). - add `CURL_PRINTF()` internal attribute and mark functions accepting printf arguments with it. This is a copy of existing `CURL_TEMP_PRINTF()` but using `__printf__` to make it compatible with redefinting the `printf` symbol: https://gcc.gnu.org/onlinedocs/gcc-3.0.4/gcc_5.html#SEC94 - fix `CURL_PRINTF()` and existing `CURL_TEMP_PRINTF()` for mingw-w64 and enable it on this platform. - enable `-Wimplicit-fallthrough`. - enable `-Wtrampolines`. - add `-Wsign-conversion` commented with a FIXME. - cmake: enable `-pedantic-errors` the way we do it with autotools. Follow-up to d5c0351055d5709da8f3e16c91348092fdb481aa #2747 - lib/curl_trc.h: use `CURL_FORMAT()`, this also fixes it to enable format checks. Previously it was always disabled due to the internal `printf` macro. Fix them: - fix bug where an `set_ipv6_v6only()` call was missed in builds with `--disable-verbose` / `CURL_DISABLE_VERBOSE_STRINGS=ON`. - add internal `FALLTHROUGH()` macro. - replace obsolete fall-through comments with `FALLTHROUGH()`. - fix fallthrough markups: Delete redundant ones (showing up as warnings in most cases). Add missing ones. Fix indentation. - silence `-Wformat-nonliteral` warnings with llvm/clang. - fix one `-Wformat-nonliteral` warning. - fix new `-Wformat` and `-Wformat-security` warnings. - fix `CURL_FORMAT_SOCKET_T` value for mingw-w64. Also move its definition to `lib/curl_setup.h` allowing use in `tests/server`. - lib: fix two wrongly passed string arguments in log outputs. Co-authored-by: Jay Satiro - fix new `-Wformat` warnings on mingw-w64. [1] https://github.com/ossf/wg-best-practices-os-developers/blob/56c0fde3895bfc55c8a973ef49a2572c507b2ae1/docs/Compiler-Hardening-Guides/Compiler-Options-Hardening-Guide-for-C-and-C%2B%2B.md Closes #12489
show more ...
|
#
e9a7d4a1 |
| 21-Nov-2023 |
Viktor Szakats |
windows: use built-in `_WIN32` macro to detect Windows Windows compilers define `_WIN32` automatically. Windows SDK headers or build env defines `WIN32`, or we have to take care of it. T
windows: use built-in `_WIN32` macro to detect Windows Windows compilers define `_WIN32` automatically. Windows SDK headers or build env defines `WIN32`, or we have to take care of it. The agreement seems to be that `_WIN32` is the preferred practice here. Make the source code rely on that to detect we're building for Windows. Public `curl.h` was using `WIN32`, `__WIN32__` and `CURL_WIN32` for Windows detection, next to the official `_WIN32`. After this patch it only uses `_WIN32` for this. Also, make it stop defining `CURL_WIN32`. There is a slight chance these break compatibility with Windows compilers that fail to define `_WIN32`. I'm not aware of any obsolete or modern compiler affected, but in case there is one, one possible solution is to define this macro manually. grepping for `WIN32` remains useful to discover Windows-specific code. Also: - extend `checksrc` to ensure we're not using `WIN32` anymore. - apply minor formatting here and there. - delete unnecessary checks for `!MSDOS` when `_WIN32` is present. Co-authored-by: Jay Satiro Reviewed-by: Daniel Stenberg Closes #12376
show more ...
|
#
2bc1d775 |
| 02-Jan-2023 |
Daniel Stenberg |
copyright: update all copyright lines and remove year ranges - they are mostly pointless in all major jurisdictions - many big corporations and projects already don't use them - save
copyright: update all copyright lines and remove year ranges - they are mostly pointless in all major jurisdictions - many big corporations and projects already don't use them - saves us from pointless churn - git keeps history for us - the year range is kept in COPYING checksrc is updated to allow non-year using copyright statements Closes #10205
show more ...
|
#
eb33ccd5 |
| 26-Sep-2022 |
Daniel Stenberg |
functypes: provide the recv and send arg and return types This header is for providing the argument types for recv() and send() when built to not use a dedicated config-[platfor].h file.
functypes: provide the recv and send arg and return types This header is for providing the argument types for recv() and send() when built to not use a dedicated config-[platfor].h file. Remove the slow brute-force checks from configure and cmake. This change also removes the use of the types for select, as they were not used in code. Closes #9592
show more ...
|
#
d7dceb57 |
| 07-Sep-2022 |
Marcel Raad |
lib and tests: add missing curl.h includes Closes https://github.com/curl/curl/pull/9453
|
#
6526b362 |
| 13-Aug-2022 |
David Carlier |
memdebug: add annotation attributes memory debug tracking annotates whether the returned pointer does not `alias`, hints where the size required is, for Windows to be better debugged
memdebug: add annotation attributes memory debug tracking annotates whether the returned pointer does not `alias`, hints where the size required is, for Windows to be better debugged via Visual Studio. Closes https://github.com/curl/curl/pull/9306
show more ...
|
#
ad9bc597 |
| 17-May-2022 |
max.mehl |
copyright: make repository REUSE compliant Add licensing and copyright information for all files in this repository. This either happens in the file itself as a comment header or in the
copyright: make repository REUSE compliant Add licensing and copyright information for all files in this repository. This either happens in the file itself as a comment header or in the file `.reuse/dep5`. This commit also adds a Github workflow to check pull requests and adapts copyright.pl to the changes. Closes #8869
show more ...
|
Revision tags: curl-7_76_1, curl-7_76_0, curl-7_75_0, curl-7_74_0 |
|
#
4d2f8006 |
| 04-Nov-2020 |
Daniel Stenberg |
curl.se: new home Closes #6172
|
Revision tags: curl-7_73_0, tiny-curl-7_72_0, curl-7_72_0 |
|
#
81b4e99b |
| 27-Jul-2020 |
Daniel Stenberg |
curl: improve the existing file check with -J Previously a file that isn't user-readable but is user-writable would not be properly avoided and would get overwritten. Reported-b
curl: improve the existing file check with -J Previously a file that isn't user-readable but is user-writable would not be properly avoided and would get overwritten. Reported-by: BrumBrum on hackerone Assisted-by: Jay Satiro Bug: https://hackerone.com/reports/926638 Closes #5731
show more ...
|
Revision tags: curl-7_71_1, curl-7_71_0, curl-7_70_0, curl-7_69_1, curl-7_69_0, curl-7_68_0 |
|
#
9c1806ae |
| 30-Nov-2019 |
Jay Satiro |
build: Disable Visual Studio warning "conditional expression is constant" - Disable warning C4127 "conditional expression is constant" globally in curl_setup.h for when building with M
build: Disable Visual Studio warning "conditional expression is constant" - Disable warning C4127 "conditional expression is constant" globally in curl_setup.h for when building with Microsoft's compiler. This mainly affects building with the Visual Studio project files found in the projects dir. Prior to this change the cmake and winbuild build systems already disabled 4127 globally for when building with Microsoft's compiler. Also, 4127 was already disabled for all build systems in the limited circumstance of the WHILE_FALSE macro which disabled the warning specifically for while(0). This commit removes the WHILE_FALSE macro and all other cruft in favor of disabling globally in curl_setup. Background: We have various macros that cause 0 or 1 to be evaluated, which would cause warning C4127 in Visual Studio. For example this causes it: #define Curl_resolver_asynch() 1 Full behavior is not clearly defined and inconsistent across versions. However it is documented that since VS 2015 Update 3 Microsoft has addressed this somewhat but not entirely, not warning on while(true) for example. Prior to this change some C4127 warnings occurred when I built with Visual Studio using the generated projects in the projects dir. Closes https://github.com/curl/curl/pull/4658
show more ...
|
Revision tags: curl-7_67_0, curl-7_66_0, curl-7_65_3, curl-7_65_2, curl-7_65_1, curl-7_65_0, curl-7_64_1 |
|
#
76b63489 |
| 08-Mar-2019 |
Daniel Stenberg |
memdebug: make debug-specific functions use curl_dbg_ prefix To not "collide" or use up the regular curl_ name space. Also makes them easier to detect in helper scripts. Closes
memdebug: make debug-specific functions use curl_dbg_ prefix To not "collide" or use up the regular curl_ name space. Also makes them easier to detect in helper scripts. Closes #3656
show more ...
|
#
11974ac8 |
| 22-Feb-2019 |
Daniel Stenberg |
configure: remove the unused fdopen macro and the two remaining #ifdefs for it Closes #3600
|
Revision tags: curl-7_64_0, curl-7_63_0, curl-7_62_0, curl-7_61_1, curl-7_61_0 |
|
#
0aeca417 |
| 27-Jun-2018 |
Daniel Stenberg |
getnameinfo: not used Closes #2687
|
Revision tags: curl-7_60_0, curl-7_59_0, curl-7_58_0, curl-7_57_0 |
|
#
52d9a11c |
| 27-Oct-2017 |
Marcel Raad |
memdebug: use send/recv signature for curl_dosend/curl_dorecv This avoids build errors and warnings caused by implicit casts. Closes https://github.com/curl/curl/pull/2031
|
Revision tags: curl-7_56_1 |
|
#
ad164ece |
| 10-Oct-2017 |
Daniel Stenberg |
memdebug: trace send, recv and socket ... to allow them to be included in torture tests too. closes #1980
|
Revision tags: curl-7_56_0, curl-7_55_1, curl-7_55_0, curl-7_54_1, curl-7_54_0, curl-7_53_1, curl-7_53_0, curl-7_52_1, curl-7_52_0, curl-7_51_0, curl-7_50_3, curl-7_50_2, curl-7_50_1, curl-7_50_0, curl-7_49_1, curl-7_49_0 |
|
#
63b5378a |
| 29-Apr-2016 |
Daniel Stenberg |
memdebug.h: remove inclusion of other headers Mostly because they're not needed, because memdebug.h is always included last of all headers so the others already included the correct ones
memdebug.h: remove inclusion of other headers Mostly because they're not needed, because memdebug.h is always included last of all headers so the others already included the correct ones. But also, starting now we don't want this to accidentally include any system headers, as the header included _before_ this header may add defines and other fun stuff that we won't want used in system includes.
show more ...
|
#
a71012c0 |
| 03-Apr-2016 |
Daniel Stenberg |
code: style updates
|
Revision tags: curl-7_48_0, curl-7_47_1 |
|
#
4af40b36 |
| 02-Feb-2016 |
Daniel Stenberg |
URLs: change all http:// URLs to https://
|
Revision tags: curl-7_47_0 |
|
#
e1b6b221 |
| 07-Dec-2015 |
Gisle Vanem |
lwip: Fix compatibility issues with later versions The name of the header guard in lwIP's <lwip/opt.h> has changed from '__LWIP_OPT_H__' to 'LWIP_HDR_OPT_H' (bug #35874 in May 2015).
lwip: Fix compatibility issues with later versions The name of the header guard in lwIP's <lwip/opt.h> has changed from '__LWIP_OPT_H__' to 'LWIP_HDR_OPT_H' (bug #35874 in May 2015). Other fixes: - In curl_setup.h, the problem with an old PSDK doesn't apply if lwIP is used. - In memdebug.h, the 'socket' should be undefined first due to lwIP's lwip_socket() macro. - In curl_addrinfo.c lwIP's getaddrinfo() + freeaddrinfo() macros need special handling because they were undef'ed in memdebug.h. - In select.c we can't use preprocessor conditionals inside select if MSVC and select is a macro, as it is with lwIP. http://curl.haxx.se/mail/lib-2015-12/0023.html http://curl.haxx.se/mail/lib-2015-12/0024.html
show more ...
|
Revision tags: curl-7_46_0, curl-7_45_0, curl-7_44_0, curl-7_43_0, curl-7_42_1, curl-7_42_0 |
|
#
93959995 |
| 17-Mar-2015 |
Daniel Stenberg |
checksrc: use space after comma
|
#
0f4a03cb |
| 16-Mar-2015 |
Daniel Stenberg |
free: instead of Curl_safefree() Since we just started make use of free(NULL) in order to simplify code, this change takes it a step further and: - converts lots of Curl_safefre
free: instead of Curl_safefree() Since we just started make use of free(NULL) in order to simplify code, this change takes it a step further and: - converts lots of Curl_safefree() calls to good old free() - makes Curl_safefree() not check the pointer before free() The (new) rule of thumb is: if you really want a function call that frees a pointer and then assigns it to NULL, then use Curl_safefree(). But we will prefer just using free() from now on.
show more ...
|
Revision tags: curl-7_41_0, curl-7_40_0, curl-7_39_0, curl-7_38_0, curl-7_37_1, curl-7_37_0, curl-7_36_0, curl-7_35_0, curl-7_34_0, curl-7_33_0, curl-7_32_0 |
|
#
6bcacff1 |
| 19-Jul-2013 |
Yang Tse |
WIN32 MemoryTracking: require UNICODE for wide strdup code support
|
#
90695fb2 |
| 18-Jul-2013 |
Yang Tse |
Reinstate "WIN32 MemoryTracking: track wcsdup() _wcsdup() and _tcsdup() usage". This reverts commit 7ed25cc, reinstating commit 8ec2cb5. As of 18-jul-2013 we still do have code in l
Reinstate "WIN32 MemoryTracking: track wcsdup() _wcsdup() and _tcsdup() usage". This reverts commit 7ed25cc, reinstating commit 8ec2cb5. As of 18-jul-2013 we still do have code in libcurl that makes use of these memory functions. Commit 8ec2cb5 comment still applies and is yet valid. These memory functions are solely used in Windows builds, so all related code is protected with '#ifdef WIN32' preprocessor conditional compilation directives. Specifically, wcsdup() _wcsdup() are used when building a Windows target with UNICODE and USE_WINDOWS_SSPI preprocessor symbols defined. This is the case when building a Windows UNICODE target with Windows native SSL/TLS support enabled. Realizing that wcsdup() _wcsdup() are used is a bit tricky given that usage of these is hidden behind _tcsdup() which is MS way of dealing with code that must tolerate UNICODE and non-UNICODE compilation. Additionally, MS header files and those compatible from other compilers use this preprocessor conditional compilation directive in order to select at compilation time whether 'wide' or 'ansi' MS API functions are used. Without this code, Windows build targets with Windows native SSL/TLS support enabled and MemoryTracking support enabled misbehave in tracking memory usage, regardless of being a UNICODE enabled build or not.
show more ...
|
Revision tags: curl-7_31_0 |
|
#
7ed25ccf |
| 12-May-2013 |
Daniel Stenberg |
Revert "WIN32 MemoryTracking: track wcsdup() _wcsdup() and _tcsdup() usage" This reverts commit 8ec2cb5544b86306b702484ea785b6b9596562ab. We don't have any code anywhere in libcurl
Revert "WIN32 MemoryTracking: track wcsdup() _wcsdup() and _tcsdup() usage" This reverts commit 8ec2cb5544b86306b702484ea785b6b9596562ab. We don't have any code anywhere in libcurl (or the curl tool) that use wcsdup so there's no such memory use to track. It seems to cause mild problems with the Borland compiler though that we may avoid by reverting this change again. Bug: http://curl.haxx.se/mail/lib-2013-05/0070.html
show more ...
|
Revision tags: curl-7_30_0 |
|
#
8ec2cb55 |
| 25-Mar-2013 |
Yang Tse |
WIN32 MemoryTracking: track wcsdup() _wcsdup() and _tcsdup() usage As of 25-mar-2013 wcsdup() _wcsdup() and _tcsdup() are only used in WIN32 specific code, so tracking of these has not b
WIN32 MemoryTracking: track wcsdup() _wcsdup() and _tcsdup() usage As of 25-mar-2013 wcsdup() _wcsdup() and _tcsdup() are only used in WIN32 specific code, so tracking of these has not been extended for other build targets. Without this fix, memory tracking system on WIN32 builds, when using these functions, would provide misleading results. In order to properly extend this support for all targets curl.h would have to define curl_wcsdup_callback prototype and consequently wchar_t should be visible before that in curl.h. IOW curl_wchar_t defined in curlbuild.h and this pulling whatever system header is required to get wchar_t definition. Additionally a new curl_global_init_mem() function that also receives user defined wcsdup() callback would be required.
show more ...
|