From 006d6b36b513c08816df1752576cf9f508fbd7a1 Mon Sep 17 00:00:00 2001 From: Craig Comstock Date: Wed, 24 Jun 2026 09:25:46 -0500 Subject: [PATCH 1/3] Bump libntech to latest Ticket: none Changelog: none (cherry picked from commit 3423caf81e5ea41f96bba7574980702b9c53bb33) --- libntech | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libntech b/libntech index 944af926a7..9b43128e91 160000 --- a/libntech +++ b/libntech @@ -1 +1 @@ -Subproject commit 944af926a78c2410075419145510c4f4beb2901d +Subproject commit 9b43128e91d002ff1a3ea8c46715ae7be79ddadf From 176b01827511253f47f83ca2e9675fbf610b4f6a Mon Sep 17 00:00:00 2001 From: Craig Comstock Date: Wed, 24 Jun 2026 10:49:01 -0500 Subject: [PATCH 2/3] Added -Wextra and -Wno-sign-compare to github workflow gcc options This will catch more warnings as errors and help us keep our code cleaner. Ticket: ENT-14208 Changelog: none (cherry picked from commit 7544e662172f423207d35f21f109cba77a35d9a4) --- .github/workflows/asan_unit_tests.yml | 2 +- .github/workflows/macos_unit_tests.yml | 2 +- .github/workflows/unit_tests.yml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/asan_unit_tests.yml b/.github/workflows/asan_unit_tests.yml index 6e1a4b9d9e..5de1588c8a 100644 --- a/.github/workflows/asan_unit_tests.yml +++ b/.github/workflows/asan_unit_tests.yml @@ -15,6 +15,6 @@ jobs: - name: Run autotools / configure run: ./autogen.sh --enable-debug - name: Compile and link (make) - run: make -j8 CFLAGS="-Werror -Wall -fsanitize=address" LDFLAGS="-fsanitize=address" + run: make -j8 CFLAGS="-Werror -Wall -Wextra -Wno-sign-compare -fsanitize=address" LDFLAGS="-fsanitize=address" - name: Run unit tests run: make -C tests/unit CFLAGS="-fsanitize=address" LDFLAGS="-fsanitize=address" check diff --git a/.github/workflows/macos_unit_tests.yml b/.github/workflows/macos_unit_tests.yml index 014c5cdcc8..193eb86c27 100644 --- a/.github/workflows/macos_unit_tests.yml +++ b/.github/workflows/macos_unit_tests.yml @@ -20,6 +20,6 @@ jobs: run: > ./autogen.sh --enable-debug - name: Compile and link - run: MACOSX_DEPLOYMENT_TARGET=15.4 make -j8 CFLAGS="-Werror -Wall" + run: MACOSX_DEPLOYMENT_TARGET=15.4 make -j8 CFLAGS="-Werror -Wall -Wextra -Wno-sign-compare" - name: Run unit tests run: make -C tests/unit check diff --git a/.github/workflows/unit_tests.yml b/.github/workflows/unit_tests.yml index c46cb5b19a..0f72353e21 100644 --- a/.github/workflows/unit_tests.yml +++ b/.github/workflows/unit_tests.yml @@ -16,6 +16,6 @@ jobs: - name: Run autotools / configure run: ./autogen.sh --enable-debug - name: Compile and link (make) - run: make -j8 CFLAGS="-Werror -Wall" + run: make -j8 CFLAGS="-Werror -Wall -Wextra -Wno-sign-compare" - name: Run unit tests run: make -C tests/unit check From d0574a19381a5eab6423b39394827b5300d68756 Mon Sep 17 00:00:00 2001 From: Craig Comstock Date: Wed, 24 Jun 2026 10:49:50 -0500 Subject: [PATCH 3/3] Refactored variable length array code to use alloca() While VLAs are supported in C99 and C11, they do pose some portability issues so best to avoid their use. alloca() allocates on the stack frame and is free'd on exit from the function so essentially equivalent. Ticket: ENT-14208 Changelog: none (cherry picked from commit 6e952013b0c0d475102ec48c2907025d1aa9a629) --- cf-serverd/server_tls.c | 4 ++-- libpromises/evalfunction.c | 5 ++--- libpromises/ornaments.c | 2 +- libpromises/syslog_client.c | 5 +++-- tests/acceptance/mock_package_manager.c | 2 +- 5 files changed, 9 insertions(+), 9 deletions(-) diff --git a/cf-serverd/server_tls.c b/cf-serverd/server_tls.c index edc185237b..10f0794320 100644 --- a/cf-serverd/server_tls.c +++ b/cf-serverd/server_tls.c @@ -226,8 +226,8 @@ bool ServerTLSPeek(ConnectionInfo *conn_info) const int peek_size = CF_INBAND_OFFSET + sizeof("CAUTH"); - char buf[peek_size]; - ssize_t got = recv(ConnectionInfoSocket(conn_info), buf, sizeof(buf), MSG_PEEK); + char *buf = alloca(peek_size); + ssize_t got = recv(ConnectionInfoSocket(conn_info), buf, peek_size, MSG_PEEK); assert(got <= peek_size); if (got < 0) { diff --git a/libpromises/evalfunction.c b/libpromises/evalfunction.c index 5ab935fd77..d9030b1eda 100644 --- a/libpromises/evalfunction.c +++ b/libpromises/evalfunction.c @@ -7396,9 +7396,8 @@ static FnCallResult FnCallClassFilterCsv(EvalContext *ctx, } else { - size_t const key_len = PRINTSIZE(size_t); - char key[key_len]; - xsnprintf(key, key_len, "%zu", i); + char key[PRINTSIZE(size_t)]; + xsnprintf(key, PRINTSIZE(size_t), "%zu", i); JsonObjectAppendString(class_container, key, diff --git a/libpromises/ornaments.c b/libpromises/ornaments.c index ca37e98d88..d43c7c56ff 100644 --- a/libpromises/ornaments.c +++ b/libpromises/ornaments.c @@ -156,7 +156,7 @@ void PromiseBanner(EvalContext *ctx, const Promise *pp) } const size_t n = 2*CF_MAXFRAGMENT + 3; - char pretty_promise_name[n+1]; + char *pretty_promise_name = alloca(n+1); pretty_promise_name[0] = '\0'; StringAppendAbbreviatedPromise(pretty_promise_name, pp->promiser, n, CF_MAXFRAGMENT); Log(LOG_LEVEL_VERBOSE, "P: Promiser/affected object: '%s'", pretty_promise_name); diff --git a/libpromises/syslog_client.c b/libpromises/syslog_client.c index 0b68048c56..0b55a0cc91 100644 --- a/libpromises/syslog_client.c +++ b/libpromises/syslog_client.c @@ -27,6 +27,8 @@ #include + +#define RFC3164_LENGTH 1024 /* * Set by cf-agent/cf-serverd from body agent/server control. */ @@ -112,8 +114,7 @@ void RemoteSysLog(int log_priority, const char *log_string) } else { - const size_t rfc3164_len = 1024; - char message[rfc3164_len]; + char message[RFC3164_LENGTH]; char timebuffer[26]; pid_t pid = getpid(); diff --git a/tests/acceptance/mock_package_manager.c b/tests/acceptance/mock_package_manager.c index 70ac0d2cd8..dea326bad1 100644 --- a/tests/acceptance/mock_package_manager.c +++ b/tests/acceptance/mock_package_manager.c @@ -8,7 +8,7 @@ static char AVAILABLE_PACKAGES_FILE_NAME[PATH_MAX]; static char INSTALLED_PACKAGES_FILE_NAME[PATH_MAX]; -static const int MAX_PACKAGE_ENTRY_LENGTH = 256; +#define MAX_PACKAGE_ENTRY_LENGTH 256 #define DEFAULT_ARCHITECTURE "x666"