Reported by clang-tidy `bugprone-sizeof-expression`.
Silencing:
```
tests/libtest/cli_h2_pausing.c:164:23: warning: suspicious usage of 'sizeof()' on an expression of pointer type [bugprone-sizeof-expression]
164 | memset(&resolve, 0, sizeof(resolve));
| ^
tests/libtest/cli_upload_pausing.c:158:23: warning: suspicious usage of 'sizeof()' on an expression of pointer type [bugprone-sizeof-expression]
158 | memset(&resolve, 0, sizeof(resolve));
| ^
```
Ref: https://clang.llvm.org/extra/clang-tidy/checks/bugprone/sizeof-expression.htmlCloses#20649
Try to make the wording more clear. It is the addresses in the resolver
result that are affected, not anything regarding *how* resolving is
done.
Closes#20585
Simplify the language expaining the --variable option, reducing
repetition. Also fix some minor grammar issues and makes language for
examples more consistent.
Closes#20636
A NULL dereference cannot happen with existing use of this code.
linux-mingw, CM clang-tidy:
```
/home/runner/work/curl/curl/tests/server/sockfilt.c:720:24: error: Access
to field 'tv_sec' results in a dereference of a null pointer (loaded from
variable 'tv') [clang-analyzer-core.NullDereference,-warnings-as-errors]
720 | tv->tv_sec = 0;
| ~~ ^
```
Ref: https://github.com/curl/curl/actions/runs/22191200093/job/64179197235?pr=20631#step:10:283
Cherry-picked from #20631Closes#20639
clang-tidy <= v20 (as seen between 18.1.3 and 20.1.2) report
`readability-uppercase-literal-suffix` originating from mingw-w64 system
header `_mingw_mac.h` via `define __MSABI_LONG(x) x ## l`
Triggered by `SOCKENOMEM` (e.g. in tests/server/sockfilt.c):
```
warning: integer literal has suffix 'l', which is not uppercase [readability-uppercase-literal-suffix]
```
Work around by replacing Windows macro `WSA_NOT_ENOUGH_MEMORY`
with its literal value.
Bug: https://github.com/curl/curl/pull/20631#issuecomment-3930619868
Follow-up to c07c3cac74#20629
Cherry-picked from #20631Closes#20638
By passing to clang-tidy the C compiler with `--target` and sysroot
options, if any.
Fixing (GHA/windows, linux-mingw, CM clang-tidy):
```
lib/curl_setup.h:841:10: error: 'io.h' file not found [clang-diagnostic-error]
841 | #include <io.h>
| ^~~~~~
Found compiler error(s).
FAILED: [code=1] tests/server/CMakeFiles/servers-clang-tidy bld/tests/server/CMakeFiles/servers-clang-tidy
cd tests/server && /usr/bin/clang-tidy --config-file=.clang-tidy.yml
--warnings-as-errors=* --checks=-clang-diagnostic-unused-function first.c getpart.c util.c dnsd.c [...]
-- <-D-options> <-I-options> <cflags>
```
For reference, this is CMake's built-in clang-tidy invocation:
```
/usr/local/bin/cmake -E __run_co_compile --tidy="/usr/bin/clang-tidy;--config-file=.clang-tidy.yml;
--warnings-as-errors=*;--extra-arg-before=--driver-mode=gcc" --source=lib/curl_fopen.c
-- /usr/bin/clang --target=x86_64-w64-mingw32 <-D-options> <-I-options> <cflags>
```
Also:
- bump cmakelint `--max-statements`. Needs 59 after this patch.
- use undocumented CMake variables:
- `CMAKE_C_COMPILE_OPTIONS_TARGET` for `--target=`
- `CMAKE_C_COMPILE_OPTIONS_SYSROOT` for `--sysroot=`
Cherry-picked from #20631Closes#20640
Also enable `bugprone-suspicious-realloc-usage` clang-tidy option
to verify.
Fixing:
```
tests/server/rtspd.c:328:37: error: 'req->rtp_buffer' may be set to null if 'realloc' fails,
which may result in a leak of the original buffer
[bugprone-suspicious-realloc-usage,-warnings-as-errors]
328 | req->rtp_buffer = realloc(req->rtp_buffer,
| ~~~~~~~~~~~~~~~ ^ ~~~~~~~~~~~~~~~
```
Ref: https://clang.llvm.org/extra/clang-tidy/checks/bugprone/suspicious-realloc-usage.htmlCloses#20621
Seen with mbedTLS 4.0.0. mbedTLS 4.0.0 renamed `mbedcrypto` lib to
`tfpsacrypto`, while also keeping a copy under the old name to aid
transition. However, this compatibility logic is broken for MSVC static
builds, and the old name missing.
Work around by looking for the new name in the raw detection codepath.
Note that using `pkg-config`-based detection also works as a workaround.
Reported-by: tawmoto on github
Fixes#20616
Ref: https://github.com/Mbed-TLS/mbedtls/blob/v4.0.0/library/CMakeLists.txt#L275-L282
Ref: https://github.com/Mbed-TLS/mbedtls/issues/10605Closes#20617
Fix bigger and smaller kinks in how clang-tidy is configured and used.
Sync behavior more between autotools and cmake, lib/src and tests. Bump
clang-tidy minimum version and prepare logic to allow using clang-tidy
to a fuller extent.
- move clang-tidy settings from builds to a new `.clang-tidy.yml`.
To make it easy to see and edit checks at one place. Also to allow
using the `--checks=` option internally to silence tests-specific
checks. (clang-tidy does not support multiple `--check=` options via
the command-line.)
Use explicit `--config-file=` option to point to the configuration.
- .clang-tidy.yml: link to documentation.
- suppress `clang-diagnostic-nullability-extension` due to a false
positive in libtests with `CURL_WERROR=ON` and `PICKY_COMPILER=OFF`.
- .clang-tidy.yml: enable `portability-*`, `misc-const-correctness`.
- drop `--quiet` clang-tidy option by default to make its working a bit
more transparent. The extra output is minimial.
- consistently use double-dashes in clang-tidy command-line options.
Supported by clang-tidy 9.0.0+ (2019-09-19). Before this patch single
and double were used arbitrarily.
- src/tool_parsecfg: silence false positive `clang-analyzer-unix.Stream`.
Seen with clang 18 + clang-tidy 19 and 20 (only with autotools.)
- INTERNALS: require clang-tidy 14.0.0+. For the `--config-file` option.
- INTERNALS: recommend clang-tidy 19.1.0+, to avoid bogus
`clang-analyzer-valist.Uninitialized` warnings. (bug details below)
autotools:
- allow configuring the clang-tidy tool via `CLANG_TIDY` env.
Also to use in GHA to point to a suffixed clang-tody tool.
- fix to pass CFLAGS to lib, src sources.
(keep omitting them when using a non-clang compiler.)
- fix to pass `--warnings-as-errors=*` in quotes to avoid globbing.
cmake:
- fix to not pass an empty `-I` to clang-tidy.
- fix to pass CFLAGS (picky warnings) to clang-tidy for test sources.
(keep omitting them when using a non-clang compiler.)
- fix to disable `clang-diagnostic-unused-function` for test sources.
(tests have static entry points, which trigger this check when
checking them as individidual sources.)
- fix forwarding `CURL_CLANG_TIDYFLAGS` to clang-tidy.
- force disable picky warnings when running clang-tidy with a non-clang
compiler. To not pass these flags when checking lib and src.
CI:
- GHA/linux: avoid clang-tidy bug by upgrading to v19, and drop the
workaround.
- GHA/linux: switch to clang from gcc in the clang-tidy job. Using gcc
doesn't allow passing CFLAGS to clang-tidy, making it less effective.
(My guess this was one factor contributing to this job often missing
to find certain issues compared to GHA/macos.)
I recomment using clang-tidy with a clang compiler, preferably the same
version or one that's compatible. Other cases are best effort, and may
fail if a C flag is passed to clang-tidy that it does not understand.
Picky warnings are mostly omitted when using a non-clang compiler,
reducing its usefulness.
Details and reproducer for the v18 (and earlier) clang-tidy bug,
previously affecting the GHA/linux job:
clang-tidy <=18 emits false warnings way when passing multiple C sources
at once (as done with autotools):
```sh
cat > src1.c <<EOF
#include <string.h>
static void dummy(void *p) { memcmp(p, p, 0); }
EOF
cat > src2.c <<EOF
#include <stdarg.h>
void vafunc(int option, ...)
{
va_list param;
va_start(param, option);
if(option)
(void)va_arg(param, int);
va_end(param);
}
EOF
/opt/homebrew/opt/llvm@18/bin/clang-tidy --checks=clang-analyzer-valist.Uninitialized src1.c src2.c
# src2.c:7:11: warning: va_arg() is called on an uninitialized va_list [clang-analyzer-valist.Uninitialized]
```
Follow-up to e86542038d#17047Closes#20605
- fix internal macro `AN_APPLE_OS` reused between sources without
resetting it. It may potentially have left the system sha256
function unused.
- fix to define `WOLFSSL_OPTIONS_IGNORE_SYS` so that it always applies
to wolfSSL headers, also during feature detection.
- md4, md5, sha256: simplify fallback logic.
- delete 20+ unused macros.
- scope or move macros to avoid `-Wunused-macros` warnings.
- examples: delete unused code.
The warning detects macros defined but not used within the same C
source. It does not warn for macros defined in headers. It also works
with unity builds, but to a lesser extent.
Closes#20593
Any failf() that fill the errorbuf need to be forgotten once happy
eyeballing finds a succssful winner. Because the errorbuf, once set, is
not overwritten with future error information.
Adds test_05_05 to verify.
Reported-by: Tim Friedrich Brüggemann
Fixes#20608Closes#20613
To fix potential `-Wdisabled-macro-expansion` warnings when using these
macros within other macros. Fixing for example:
```
lib/doh.c:328:3: error: disabled expansion of recursive macro [clang-diagnostic-disabled-macro-expansion,-warnings-as-errors]
328 | ERROR_CHECK_SETOPT(CURLOPT_URL, url);
| ^
lib/doh.c:271:14: note: expanded from macro 'ERROR_CHECK_SETOPT'
271 | result = curl_easy_setopt((CURL *)doh, x, y); \
| ^
include/curl/curl.h:3332:44: note: expanded from macro 'curl_easy_setopt'
3332 | #define curl_easy_setopt(handle,opt,param) curl_easy_setopt(handle,opt,param)
| ^
[...]
```
Also update comments on why curl continues to disable
`-Wdisabled-macro-expansion` and `-Wused-but-marked-unused` warnings.
Follow-up to 92f215fea1#18477Closes#20597
The change was valid, but caused an annoying warning with perfectly
working non-binutils ld linkers:
```
ld: warning: ignoring duplicate libraries: 'my/path/usr/local/lib/libcrypto.a'
```
(seen with Apple clang, when using static `libcrypto.a`)
It means that for the binutil ld hack to work at consumption-time, curl
must be built with the same picky binutils (gcc) toolchain.
Reverts 795433b923#20434Closes#20594
