Commit dea5eb95 authored by Tomas Krizek's avatar Tomas Krizek

Merge branch 'warn-pedantic-ci' into 'master'

CI: enforce -Wpedantic

See merge request knot/knot-resolver!743
parents d939dd33 9d46dce6
......@@ -21,7 +21,7 @@ stages:
.build: &build
variables:
CFLAGS: -Werror -ggdb
CFLAGS: -ggdb
stage: build
except:
- master
......@@ -41,19 +41,29 @@ stages:
build:linux:amd64:
<<: *build
build:clang:linux:amd64:
<<: *build
variables:
CFLAGS: -Werror -Wno-error=unused-command-line-argument -ggdb
CXX: clang++
CC: clang
image: $CI_REGISTRY/knot/knot-resolver/ci/debian-unstable:knot-2.7 # newer Debian for newer Clang
artifacts:
build:asan:linux:amd64:
<<: *build
variables:
CFLAGS: -Werror -ggdb3 -O0 -fsanitize=address -fno-omit-frame-pointer
CFLAGS: -ggdb3 -O0 -fsanitize=address -fno-omit-frame-pointer
lint:pedantic:
stage: test # could be in build already, but let's not block the test stage if this fails
dependencies: [] # do not download build artifacts
except:
- master
image: $CI_REGISTRY/knot/knot-resolver/ci/debian-unstable:knot-2.7 # newer Debian for newer compilers
variables:
CFLAGS: -Werror -Wall -Wpedantic -ggdb -std=gnu11
script:
- make -k all
- make clean
- make -k all CC=clang CXX=clang++ \
CFLAGS="$CFLAGS -Wno-newline-eof -Wno-gnu-zero-variadic-macro-arguments -Wno-gnu-folding-constant"
tags:
- docker
- linux
- amd64
srpm:
stage: build
......@@ -119,7 +129,7 @@ test:linux:amd64:
# recompile everything otherwise lcov will bark because Git files will be "newer" than gcda files
# this is caused by interaction between Git approach to timestamps and Gitlab artifacts
- git clean -xdf
- make CFLAGS=-Werror
- make
- MAKEFLAGS="--jobs $(nproc)" make -k check
- MAKEFLAGS="--jobs $(nproc)" test "${COVERAGE:-0}" -eq 1 && make coverage-c COVERAGE_STAGE=gcov-check || echo "code coverage skipped"
dependencies: []
......@@ -159,7 +169,7 @@ installcheck:linux:amd64:
# recompile everything otherwise lcov will bark because Git files will be "newer" than gcda files
# this is caused by interaction between Git approach to timestamps and Gitlab artifacts
- git clean -xdf
- make install CFLAGS=-Werror
- make install
- MAKEFLAGS="--jobs $(nproc) --keep-going" make -k installcheck
- MAKEFLAGS="--jobs $(nproc)" test "${COVERAGE:-0}" -eq 1 && make coverage-c coverage-lua COVERAGE_STAGE=gcov-installcheck || echo "code coverage skipped"
dependencies: []
......
......@@ -34,8 +34,8 @@ INSTALL := install
# Flags
BUILD_LDFLAGS += $(LDFLAGS)
BUILD_CFLAGS := $(CFLAGS) $(CPPFLAGS) -std=c99 -D_GNU_SOURCE
BUILD_CFLAGS += -Wno-unused -Wtype-limits -Wformat -Wformat-security -Wall
BUILD_CFLAGS := -std=c99 -D_GNU_SOURCE $(CFLAGS) $(CPPFLAGS)
BUILD_CFLAGS += -Wtype-limits -Wformat -Wformat-security -Wshadow -Wall
BUILD_CFLAGS += -I$(abspath .) -I$(abspath lib/generic) -I$(abspath contrib)
BUILD_CFLAGS += -DPACKAGE_VERSION="\"$(VERSION)\"" -DPREFIX="\"$(PREFIX)\"" -DMODULEDIR="\"$(MODULEDIR)\""
BUILD_CFLAGS += -fvisibility=hidden
......
......@@ -904,7 +904,7 @@ static int net_bpf_set(lua_State *L)
lua_pop(L, 1);
if (network_set_bpf(net, progfd) == 0) {
char errmsg[256] = {};
char errmsg[256] = { 0 };
snprintf(errmsg, sizeof(errmsg), "failed to attach BPF program to some networks: %s", strerror(errno));
format_error(L, errmsg);
lua_error(L);
......
......@@ -451,7 +451,7 @@ static int run_worker(uv_loop_t *loop, struct engine *engine, fd_array_t *ipc_se
pipe_ret = uv_pipe_open(&pipe, args->control_fd);
} else {
(void) mkdir("tty", S_IRWXU|S_IRWXG);
sock_file = afmt("tty/%ld", getpid());
sock_file = afmt("tty/%ld", (long)getpid());
if (sock_file) {
pipe_ret = uv_pipe_bind(&pipe, sock_file);
}
......
......@@ -26,12 +26,12 @@
#if (__linux__ && SO_REUSEPORT)
#define handle_init(type, loop, handle, family) do { \
uv_ ## type ## _init_ex((loop), (handle), (family)); \
uv_os_fd_t fd = 0; \
if (uv_fileno((uv_handle_t *)(handle), &fd) == 0) { \
int on = 1; \
int ret = setsockopt(fd, SOL_SOCKET, SO_REUSEPORT, &on, sizeof(on)); \
if (ret) { \
return ret; \
uv_os_fd_t hi_fd = 0; \
if (uv_fileno((uv_handle_t *)(handle), &hi_fd) == 0) { \
int hi_on = 1; \
int hi_ret = setsockopt(hi_fd, SOL_SOCKET, SO_REUSEPORT, &hi_on, sizeof(hi_on)); \
if (hi_ret) { \
return hi_ret; \
} \
} \
} while (0)
......
......@@ -1079,8 +1079,8 @@ static int client_verify_certificate(gnutls_session_t tls_session)
}
DEBUG_MSG("[tls_client] received pin : %s\n", cert_pin);
for (size_t i = 0; i < ctx->params->pins.len; ++i) {
const char *pin = ctx->params->pins.at[i];
for (size_t j = 0; j < ctx->params->pins.len; ++j) {
const char *pin = ctx->params->pins.at[j];
bool match = (strcmp(cert_pin, pin) == 0);
DEBUG_MSG("[tls_client] configured pin: %s matches? %s\n",
pin, match ? "yes" : "no");
......
......@@ -35,15 +35,15 @@
* lock based on a filename. At the moment it's POSIX-only, but it
* should be abstract enough of an interface to make an implementation
* for non-posix systems if anyone cares. */
typedef int lock;
static bool _lock_is_invalid(lock lock)
typedef int lock_t;
static bool _lock_is_invalid(lock_t lock)
{
return lock == -1;
}
/* a blocking lock on a given filename */
static lock _lock_filename(const char *fname)
static lock_t _lock_filename(const char *fname)
{
lock lockfd = open(fname, O_RDONLY|O_CREAT, 0400);
lock_t lockfd = open(fname, O_RDONLY|O_CREAT, 0400);
if (lockfd == -1)
return lockfd;
/* this should be a non-blocking lock */
......@@ -53,7 +53,7 @@ static lock _lock_filename(const char *fname)
}
return lockfd; /* for cleanup later */
}
static void _lock_unlock(lock *lock, const char *fname)
static void _lock_unlock(lock_t *lock, const char *fname)
{
if (lock && !_lock_is_invalid(*lock)) {
flock(*lock, LOCK_UN);
......@@ -68,7 +68,7 @@ static gnutls_x509_privkey_t get_ephemeral_privkey ()
gnutls_x509_privkey_t privkey = NULL;
int err;
gnutls_datum_t data = { .data = NULL, .size = 0 };
lock lock;
lock_t lock;
int datafd = -1;
/* Take a lock to ensure that two daemons started concurrently
......
......@@ -207,7 +207,7 @@ static void mp_poison(struct mempool *mp, bool poison)
kr_asan_unpoison(mp, sizeof(*mp));
}
struct mempool_chunk *chunk = mp->state.last[0];
void *chunk_off = (void *)chunk - chunk->size;
void *chunk_off = (uint8_t *)chunk - chunk->size;
if (poison) {
kr_asan_poison(chunk_off, chunk->size);
} else {
......
......@@ -501,14 +501,14 @@ static void zi_zone_process(uv_timer_t* handle)
goto finish;
}
knot_rrset_t *rr = map_get(&z_import->rrset_indexed, key);
if (!rr) {
knot_rrset_t *rr_key = map_get(&z_import->rrset_indexed, key);
if (!rr_key) {
/* DNSKEY MUST be here. If not found - fail. */
kr_log_error("[zimport] DNSKEY not found for `%s`, fail\n", zone_name_str);
failed = 1;
goto finish;
}
z_import->key = rr;
z_import->key = rr_key;
VERBOSE_MSG(NULL, "started: zone: '%s'\n", zone_name_str);
......@@ -516,16 +516,16 @@ static void zi_zone_process(uv_timer_t* handle)
/* Import DNSKEY at first step. If any validation problems will appear,
* cancel import of whole zone. */
KR_DNAME_GET_STR(qname_str, rr->owner);
KR_RRTYPE_GET_STR(type_str, rr->type);
KR_DNAME_GET_STR(kname_str, rr_key->owner);
KR_RRTYPE_GET_STR(ktype_str, rr_key->type);
VERBOSE_MSG(NULL, "importing: qname: '%s' type: '%s'\n",
qname_str, type_str);
VERBOSE_MSG(NULL, "importing: name: '%s' type: '%s'\n",
kname_str, ktype_str);
int res = zi_rrset_import(z_import, rr);
int res = zi_rrset_import(z_import, rr_key);
if (res != 0) {
VERBOSE_MSG(NULL, "import failed: qname: '%s' type: '%s'\n",
qname_str, type_str);
kname_str, ktype_str);
failed = 1;
goto finish;
}
......@@ -538,16 +538,16 @@ static void zi_zone_process(uv_timer_t* handle)
continue;
}
KR_DNAME_GET_STR(qname_str, rr->owner);
KR_DNAME_GET_STR(name_str, rr->owner);
KR_RRTYPE_GET_STR(type_str, rr->type);
VERBOSE_MSG(NULL, "importing: qname: '%s' type: '%s'\n",
qname_str, type_str);
int res = zi_rrset_import(z_import, rr);
if (res == 0) {
VERBOSE_MSG(NULL, "importing: name: '%s' type: '%s'\n",
name_str, type_str);
int ret = zi_rrset_import(z_import, rr);
if (ret == 0) {
++ns_imported;
} else {
VERBOSE_MSG(NULL, "import failed: qname: '%s' type: '%s'\n",
qname_str, type_str);
VERBOSE_MSG(NULL, "import failed: name: '%s' type: '%s'\n",
name_str, type_str);
++failed;
}
z_import->rrset_sorted.at[i] = NULL;
......@@ -570,16 +570,16 @@ static void zi_zone_process(uv_timer_t* handle)
continue;
}
KR_DNAME_GET_STR(qname_str, rr->owner);
KR_DNAME_GET_STR(name_str, rr->owner);
KR_RRTYPE_GET_STR(type_str, rr->type);
VERBOSE_MSG(NULL, "importing: qname: '%s' type: '%s'\n",
qname_str, type_str);
VERBOSE_MSG(NULL, "importing: name: '%s' type: '%s'\n",
name_str, type_str);
res = zi_rrset_import(z_import, rr);
if (res == 0) {
++other_imported;
} else {
VERBOSE_MSG(NULL, "import failed: qname: '%s' type: '%s'\n",
qname_str, type_str);
VERBOSE_MSG(NULL, "import failed: name: '%s' type: '%s'\n",
name_str, type_str);
++failed;
}
}
......
......@@ -339,8 +339,10 @@ int nsec3_encloser(struct key *k, struct answer *ans,
/* Basic checks OK -> materialize data, cleaning any previous
* records on that answer index (unsuccessful attempts). */
knot_dname_t owner[KNOT_DNAME_MAXLEN];
{
int ret = dname_wire_reconstruct(owner, k->zname, hash_low);
if (unlikely(ret)) continue;
}
const int ans_id = (exact_match && name_labels + 1 == last_nxproven_labels)
? AR_CPE : AR_NSEC;
{
......
......@@ -133,6 +133,7 @@ int peek_nosync(kr_layer_t *ctx, knot_pkt_t *pkt)
/**** 1. find the name or the closest (available) zone, not considering wildcards
**** 1a. exact name+type match (can be negative answer in insecure zones) */
{
knot_db_val_t key = key_exact_type_maypkt(k, qry->stype);
knot_db_val_t val = { NULL, 0 };
ret = cache_op(cache, read, &key, &val, 1);
......@@ -140,6 +141,7 @@ int peek_nosync(kr_layer_t *ctx, knot_pkt_t *pkt)
/* found an entry: test conditions, materialize into pkt, etc. */
ret = found_exact_hit(ctx, pkt, val, lowest_rank);
}
}
if (ret && ret != -abs(ENOENT)) {
VERBOSE_MSG(qry, "=> exact hit error: %d %s\n", ret, kr_strerror(ret));
assert(false);
......@@ -252,7 +254,7 @@ int peek_nosync(kr_layer_t *ctx, knot_pkt_t *pkt)
/* Assuming k->buf still starts with zone's prefix,
* look up the SOA in cache. */
k->buf[0] = k->zlf_len;
key = key_exact_type(k, KNOT_RRTYPE_SOA);
knot_db_val_t key = key_exact_type(k, KNOT_RRTYPE_SOA);
knot_db_val_t val = { NULL, 0 };
ret = cache_op(cache, read, &key, &val, 1);
const struct entry_h *eh;
......
......@@ -219,14 +219,14 @@ static int kr_rrset_validate_with_key(kr_rrset_validation_ctx_t *vctx,
continue;
}
vctx->rrs_counters.matching_name_type++;
int ret = validate_rrsig_rr(&val_flgs, covered_labels, rdata_j,
int retv = validate_rrsig_rr(&val_flgs, covered_labels, rdata_j,
keys->owner, key_rdata, keytag,
zone_name, timestamp, vctx);
if (ret == kr_error(EAGAIN)) {
if (retv == kr_error(EAGAIN)) {
kr_dnssec_key_free(&created_key);
vctx->result = ret;
return ret;
} else if (ret != 0) {
vctx->result = retv;
return retv;
} else if (retv != 0) {
continue;
}
if (val_flgs & FLG_WILDCARD_EXPANSION) {
......
......@@ -418,16 +418,16 @@ static int closest_encloser_proof(const knot_pkt_t *pkt,
next_closer = knot_wire_next_label(next_closer, NULL);
}
for (unsigned j = 0; j < sec->count; ++j) {
const knot_rrset_t *rrset = knot_pkt_rr(sec, j);
if (rrset->type != KNOT_RRTYPE_NSEC3) {
const knot_rrset_t *rrset_j = knot_pkt_rr(sec, j);
if (rrset_j->type != KNOT_RRTYPE_NSEC3) {
continue;
}
ret = covers_name(&flags, rrset, next_closer);
ret = covers_name(&flags, rrset_j, next_closer);
if (ret != 0) {
return ret;
}
if (flags & FLG_NAME_COVERED) {
covering = rrset;
covering = rrset_j;
break;
}
}
......
......@@ -461,9 +461,9 @@ static int fetch_ns(struct kr_context *ctx, struct kr_zonecut *cut,
|| (aqpf->AWAIT_IPV6 && aq->stype == KNOT_RRTYPE_AAAA)) {
if (knot_dname_in_bailiwick(ns_name,
aq->parent->zone_cut.name)) {
for (int i = 0; i < 2; ++i)
if (infos[i] == AI_UNKNOWN)
infos[i] = AI_CYCLED;
for (int j = 0; j < 2; ++j)
if (infos[j] == AI_UNKNOWN)
infos[j] = AI_CYCLED;
break;
}
} else {
......
......@@ -147,4 +147,4 @@ struct kr_prop *bogus_log_props(void)
return prop_list;
}
KR_MODULE_EXPORT(bogus_log);
KR_MODULE_EXPORT(bogus_log)
......@@ -285,29 +285,29 @@ static int del_pair(struct hints_data *data, const char *name, const char *addr)
kr_zonecut_del(&data->reverse_hints, reverse_key, key, key_len);
return kr_zonecut_del(&data->hints, key,
kr_inaddr(&ia.ip), kr_inaddr_len(&ia.ip));
} else {
/* Find a matching name */
}
/* We're removing everything for the name;
* first find the name's pack */
pack_t *addr_set = kr_zonecut_find(&data->hints, key);
if (!addr_set || addr_set->len == 0) {
return kr_error(ENOENT);
}
/* Remove address records in hints from reverse_hints. */
uint8_t *addr = pack_head(*addr_set);
while (addr != pack_tail(*addr_set)) {
void *addr_val = pack_obj_val(addr);
int family = pack_obj_len(addr) == kr_family_len(AF_INET)
for (uint8_t *a = pack_head(*addr_set); a != pack_tail(*addr_set);
a = pack_obj_next(a)) {
void *addr_val = pack_obj_val(a);
int family = pack_obj_len(a) == kr_family_len(AF_INET)
? AF_INET : AF_INET6;
const knot_dname_t *reverse_key = raw_addr2reverse(addr_val, family);
if (reverse_key != NULL) {
kr_zonecut_del(&data->reverse_hints, reverse_key, key, key_len);
}
addr = pack_obj_next(addr);
}
/* Remove the whole name. */
return kr_zonecut_del_all(&data->hints, key);
}
}
static int load_file(struct kr_module *module, const char *path)
......
Subproject commit 5beaa28f4ef5ec20aa0adb75b54fabae556ec96d
Subproject commit 09ac09e38778ef6f7470cbb3ecc320fc57d3c73c
......@@ -7,8 +7,7 @@ $(call make_lua_module,policy)
policy-clean:
$(MAKE) -C $(AHOCORASICK_DIR) clean
$(AHOCORASICK_DIR)ahocorasick$(LIBEXT): $(AHOCORASICK_DIR)Makefile
$(MAKE) -C $(AHOCORASICK_DIR) ahocorasick$(LIBEXT) CFLAGS="$(lua_CFLAGS) -O2 $(CFLAGS)"
@# CFLAGS overridden to get rid of -msse4.1 etc.
$(MAKE) -C $(AHOCORASICK_DIR) ahocorasick$(LIBEXT) CXXFLAGS="$(lua_CFLAGS)"
policy-install: ahocorasick-install
ahocorasick-install: $(AHOCORASICK_DIR)ahocorasick$(LIBEXT) $(DESTDIR)$(MODULEDIR)
......
#!/usr/bin/env python3
"""
Print IP address to binary representation in Python hex format \x12
"""
from socket import inet_pton, AF_INET6, AF_INET
import sys
from binascii import hexlify
try:
arg = sys.argv[1]
except:
sys.exit('Usage: inet_pton.py <IPv4 or IPv6 address>')
if ':' in arg:
addr_type = AF_INET6
else:
addr_type = AF_INET
print(repr(inet_pton(addr_type, arg)).strip("'"))
......@@ -42,6 +42,7 @@ static void test_int(void **state_)
assert_int_equal(queue_len(q), 3 + 99);
/* Basic iterator test. */
{
int i = 0;
for (queue_int_it_t it = queue_it_begin(q); !queue_it_finished(it);
queue_it_next(it)) {
......@@ -49,6 +50,7 @@ static void test_int(void **state_)
++i;
}
assert_int_equal(queue_len(q), i);
}
queue_deinit(q);
queue_init(q);
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment