From 30491248f659d4591454f1712b86467894e35b17 Mon Sep 17 00:00:00 2001 From: Craig Comstock Date: Wed, 24 Jun 2026 10:49:01 -0500 Subject: [PATCH 1/3] Added -Wextra and -Wno-sign-compare to github workflow gcc options This will catch more warnings as errors and help us keep our code cleaner. Ticket: ENT-14208 Changelog: none (cherry picked from commit 7544e662172f423207d35f21f109cba77a35d9a4) --- .github/workflows/asan_unit_tests.yml | 2 +- .github/workflows/macos_unit_tests.yml | 2 +- .github/workflows/unit_tests.yml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/asan_unit_tests.yml b/.github/workflows/asan_unit_tests.yml index 6c3dec8517..afccb4593f 100644 --- a/.github/workflows/asan_unit_tests.yml +++ b/.github/workflows/asan_unit_tests.yml @@ -15,6 +15,6 @@ jobs: - name: Run autotools / configure run: ./autogen.sh --enable-debug - name: Compile and link (make) - run: make -j8 CFLAGS="-Werror -Wall -fsanitize=address" LDFLAGS="-fsanitize=address" + run: make -j8 CFLAGS="-Werror -Wall -Wextra -Wno-sign-compare -fsanitize=address" LDFLAGS="-fsanitize=address" - name: Run unit tests run: make -C tests/unit CFLAGS="-fsanitize=address" LDFLAGS="-fsanitize=address" check diff --git a/.github/workflows/macos_unit_tests.yml b/.github/workflows/macos_unit_tests.yml index e781b39b0b..cb50d21da4 100644 --- a/.github/workflows/macos_unit_tests.yml +++ b/.github/workflows/macos_unit_tests.yml @@ -20,6 +20,6 @@ jobs: run: > ./autogen.sh --enable-debug - name: Compile and link - run: MACOSX_DEPLOYMENT_TARGET=15.4 make -j8 CFLAGS="-Werror -Wall" + run: MACOSX_DEPLOYMENT_TARGET=15.4 make -j8 CFLAGS="-Werror -Wall -Wextra -Wno-sign-compare" - name: Run unit tests run: make -C tests/unit check diff --git a/.github/workflows/unit_tests.yml b/.github/workflows/unit_tests.yml index ad142ac402..0624f0b7e5 100644 --- a/.github/workflows/unit_tests.yml +++ b/.github/workflows/unit_tests.yml @@ -16,6 +16,6 @@ jobs: - name: Run autotools / configure run: ./autogen.sh --enable-debug - name: Compile and link (make) - run: make -j8 CFLAGS="-Werror -Wall" + run: make -j8 CFLAGS="-Werror -Wall -Wextra -Wno-sign-compare" - name: Run unit tests run: make -C tests/unit check From 1d48a0c1b6b392511b914197d7a1c59afd66923c Mon Sep 17 00:00:00 2001 From: Craig Comstock Date: Wed, 24 Jun 2026 10:49:50 -0500 Subject: [PATCH 2/3] Refactored variable length array code to use alloca() While VLAs are supported in C99 and C11, they do pose some portability issues so best to avoid their use. alloca() allocates on the stack frame and is free'd on exit from the function so essentially equivalent. Ticket: ENT-14208 Changelog: none (cherry picked from commit 6e952013b0c0d475102ec48c2907025d1aa9a629) --- cf-serverd/server_tls.c | 4 ++-- libpromises/evalfunction.c | 5 ++--- libpromises/ornaments.c | 2 +- libpromises/syslog_client.c | 5 +++-- tests/acceptance/mock_package_manager.c | 2 +- 5 files changed, 9 insertions(+), 9 deletions(-) diff --git a/cf-serverd/server_tls.c b/cf-serverd/server_tls.c index edc185237b..10f0794320 100644 --- a/cf-serverd/server_tls.c +++ b/cf-serverd/server_tls.c @@ -226,8 +226,8 @@ bool ServerTLSPeek(ConnectionInfo *conn_info) const int peek_size = CF_INBAND_OFFSET + sizeof("CAUTH"); - char buf[peek_size]; - ssize_t got = recv(ConnectionInfoSocket(conn_info), buf, sizeof(buf), MSG_PEEK); + char *buf = alloca(peek_size); + ssize_t got = recv(ConnectionInfoSocket(conn_info), buf, peek_size, MSG_PEEK); assert(got <= peek_size); if (got < 0) { diff --git a/libpromises/evalfunction.c b/libpromises/evalfunction.c index 3ab5ad0251..51fb2a9c7c 100644 --- a/libpromises/evalfunction.c +++ b/libpromises/evalfunction.c @@ -8528,9 +8528,8 @@ static FnCallResult FnCallClassFilterCsv(EvalContext *ctx, } else { - size_t const key_len = PRINTSIZE(size_t); - char key[key_len]; - xsnprintf(key, key_len, "%zu", i); + char key[PRINTSIZE(size_t)]; + xsnprintf(key, PRINTSIZE(size_t), "%zu", i); JsonObjectAppendString(class_container, key, diff --git a/libpromises/ornaments.c b/libpromises/ornaments.c index 469a6626a5..502137ea1a 100644 --- a/libpromises/ornaments.c +++ b/libpromises/ornaments.c @@ -170,7 +170,7 @@ void PromiseBanner(EvalContext *ctx, const Promise *pp) } const size_t n = 2*CF_MAXFRAGMENT + 3; - char pretty_promise_name[n+1]; + char *pretty_promise_name = alloca(n+1); pretty_promise_name[0] = '\0'; StringAppendAbbreviatedPromise(pretty_promise_name, pp->promiser, n, CF_MAXFRAGMENT); Log(LOG_LEVEL_VERBOSE, "P: Promiser/affected object: '%s'", pretty_promise_name); diff --git a/libpromises/syslog_client.c b/libpromises/syslog_client.c index 0b68048c56..0b55a0cc91 100644 --- a/libpromises/syslog_client.c +++ b/libpromises/syslog_client.c @@ -27,6 +27,8 @@ #include + +#define RFC3164_LENGTH 1024 /* * Set by cf-agent/cf-serverd from body agent/server control. */ @@ -112,8 +114,7 @@ void RemoteSysLog(int log_priority, const char *log_string) } else { - const size_t rfc3164_len = 1024; - char message[rfc3164_len]; + char message[RFC3164_LENGTH]; char timebuffer[26]; pid_t pid = getpid(); diff --git a/tests/acceptance/mock_package_manager.c b/tests/acceptance/mock_package_manager.c index 70ac0d2cd8..dea326bad1 100644 --- a/tests/acceptance/mock_package_manager.c +++ b/tests/acceptance/mock_package_manager.c @@ -8,7 +8,7 @@ static char AVAILABLE_PACKAGES_FILE_NAME[PATH_MAX]; static char INSTALLED_PACKAGES_FILE_NAME[PATH_MAX]; -static const int MAX_PACKAGE_ENTRY_LENGTH = 256; +#define MAX_PACKAGE_ENTRY_LENGTH 256 #define DEFAULT_ARCHITECTURE "x666" From 940aacea6e2228db70d49d96793c0e1e0fe224cd Mon Sep 17 00:00:00 2001 From: Craig Comstock Date: Wed, 24 Jun 2026 09:25:46 -0500 Subject: [PATCH 3/3] Bump libntech to latest Ticket: none Changelog: none (cherry picked from commit 3423caf81e5ea41f96bba7574980702b9c53bb33) Conflicts: libntech --- libntech | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libntech b/libntech index 944af926a7..9b43128e91 160000 --- a/libntech +++ b/libntech @@ -1 +1 @@ -Subproject commit 944af926a78c2410075419145510c4f4beb2901d +Subproject commit 9b43128e91d002ff1a3ea8c46715ae7be79ddadf