Open-code find_arg(). There is only one caller in client_common.c, so open-code the logic there and get rid of the public function and the unused error code.
Merge topic branch t/overflow into master This series implements a new memory allocation API which checks for overflows. The first part of the series just renames the main allocation functions. Later patches in the series implement allocators which take two size_t arguments (like calloc(3)) and check whether the multiplication overflows by employing the __builtin_mul_overflow() primitive supported by gcc and clang. This requires us to bump the lowest supported gcc and clang version. * refs/heads/t/overflow: build: Compile with -ftrapv. string: Introduce arr_zalloc(). string: Introduce arr_alloc(). string: Introduce arr_realloc() and check for integer overflow. string: Rename para_calloc() -> zalloc(). string: Rename para_malloc() -> alloc(). string: Overhaul para_strdup().
Merge branch 'refs/heads/t/ll' Two little cleanups related to the logging facility and two commits which add the ll command to para_server and para_audiod. The merge resulted in a conflict in afs.c due to the earlier merge of the poll topic branch which replaced all calls to select() by calls to poll(). The implementation of the ll server command introduced a new caller of select(), afs_select(), which needs to be replaced by afs_poll() to resolve the conflict. * refs/heads/t/ll: New server command: ll to change the log level at runtime. New audiod command: ll to change the log level at runtime. daemon: Kill get_loglevel_by_name(). server/audiod: Don't parse loglevel argument unnecessarily.
string: Introduce arr_zalloc(). Adjust all callers which pass a product of two integers to zalloc() to call the new function instead and reduce zalloc() to a one-line wrapper.
string: Introduce arr_alloc(). Change all callers of alloc() which pass a product of two integers as the allocation size to call the new function instead. This function aborts if the multiplication overflows. With arr_alloc() in place, alloc() reduces to a trivial wrapper which calls new arr_alloc() with the first argument equal to one.
string: Introduce arr_realloc() and check for integer overflow. Use __builtin_mul_overflow() for the check. This builtin was introduced in gcc-5, so we need to bump the lowest supported version. Re-implement para_realloc() as a trivial wrapper for arr_realloc() to simplify and to avoid duplicating the size check.
string: Rename para_calloc() -> zalloc(). Reword the documentation a bit since the function has never been a wrapper for calloc(3). No code changes.
string: Rename para_malloc() -> alloc(). Just because it's shorter and matches the naming of the new allocators we are about to introduce. The bulk of this patch was created with sed -i 's/para_malloc/alloc/g' *.c *.h yy/mp.y
daemon: Kill get_loglevel_by_name(). Open-code the logic in daemon_set_log_color_or_die() and get the values from the new SEVERTIES macro rather than duplicating the severity list in get_loglevel_by_name(). The SEVERTIES macro will turn out to be handy for the ll subcommands of para_server and para_audiod which are introduced in subsequent commits.
Remove para_dirname() and para_basename(). The former has only a single caller, the second only two, open-coding these is actually simpler and more performant because we no longer scan each path twice and avoid the temporary copy of the path.
string: Remove malloc attribute from para_realloc(). Quoting from the corresponding section of the gcc-10 manual: This tells the compiler that a function is 'malloc'-like, i.e., that the pointer P returned by the function cannot alias any other pointer valid when the function returns, and moreover no pointers to valid objects occur in any storage addressed by P. Using this attribute can improve optimization. Compiler predicts that a function with the attribute returns non-null in most cases. Functions like 'malloc' and 'calloc' have this property because they return a pointer to uninitialized or zeroed-out storage. However, functions like 'realloc' do not have this property, as they can return a pointer to storage containing pointers. Found by code inspection, the unpached code never caused problems. Also, the function definition in string.c does not contain the attribute.
Shorten copyright notice. The GPLv2 line does not add any additional information, so drop it. This leaves a single line of legalese text for most files, which is about the amount of screen real estate it deserves. This patch was created with the following script (plus some manual fixups): awk '{ if (NR <= 5) { gs = gensub(/.*Copyright.* ([0-9]+).*Andre Noll.*/, "\\1", "g") if (gs != $0) year = gs next } if (NR == 6 && year != "") printf("/* Copyright (C) %s Andre Noll <maan@tuebingen.mpg.de>, see file COPYING. */\n", year) print }'
string.h: Fix indentation, add doxygen reference. The comment was improperly formatted, and the reference to para_printf() lacked a \ref statement.
doxygen: Add \ref to references. This way doxygen issues a warning if the file/function/structure no longer exists and a stale reference remains.
Fix signedness issues in format strings. Compiling with -Wformat-signedness (not enabled so far) causes many warnings because of format strings which specify an unsigned type but correspond to an argument of signed type, or vice versa. This commit fixes all these mismatches. For "%u", "%d", "%lu", "%ld" we let the format string match the type of the argument, but for "%x" we need to cast the argument to a suitable unsigned type. After this patch the tree compiles cleanly with -Wformat-signedness given. The warning will be enabled in a subsequent commit.
Introduce sanitize_str(). Currently we sanitize the status item strings for para_gui in align_str() of gui.c. This implementation is flawed because it does not work for wide character strings. This patch provides an abstraction in string.c which works in both the UFT-8 and non-UTF-8 case. The flawed implementation of this function in gui.c is removed and the surrounding code is changed to call the new function instead.
Do not check return value of WRITE_STATUS_ITEM(). The previous commit removed error checking from para_printf(), but one instance remains: the WRITE_STATUS_ITEM() macro which also calls para_printf(). This patch removes the error checking code of this macro and adjusts all callers.
Update year in copyright headers. Done with files=$(git grep -l 'Copyright (C) [0-9]\{4\}\(-2014\)* Andre Noll') sed --in-place= -e 's/Copyright (C) \([0-9]\{4\}\)-2014 Andre Noll/Copyright (C) \1 Andre Noll/1' $files In previous years we ran a similar script to set the second year in the range to the current year. This is kind of silly, so let's get rid of this useless information. This commit replaces "Copyright (C) A-B" by "Copyright (C) A" in all file headers, i.e. only the first year (A) is left in. Accurate information including time stamps for each change can be obtained from the git history.
Assorted typo fixes in comments. Quite a few..
doc: Change email address to maan@tuebingen.mpg.de The mail server on systemlinux.org was down for more than a week lately, so let's use an alternative official address. This commit changes all maan@systemlinux.org addresses to maan@tuebingen.mpg.de. Most .c and .h files contain the email address in the copyright header, so they must all be patched. Three other files contain the address for a different reason: * README lists email and git, gitweb and home page URLs * configure.ac needs it for configure -h * version.c contains it for the -V option of all commands