Enable more compiler warnings

To ensure code quality and make life harder.

Notes:
- choosed to use enum or int (e.g. ares_status_t)
- CURLINFO_SSL_VERIFYRESULT was wrong
- https_fetch_ctx_cleanup's curl_result_code parameter
- int options range checked in options.c

Author: baranyaib90

CMakeLists.txt

@@ -25,8 +25,7 @@ if (NOT CMAKE_INSTALL_BINDIR)
   set(CMAKE_INSTALL_BINDIR bin)
 endif()
 
-# TODO: add flags: -Wconversion -Wsign-conversion -Wfloat-conversion -Wcast-align -Wimplicit-fallthrough
-set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wall -Wextra -Wpedantic -Wstrict-aliasing -Wformat=2 -Wunused -Wno-variadic-macros -Wnull-dereference -Wshadow")
+set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wall -Wextra -Wpedantic -Wstrict-aliasing -Wformat=2 -Wunused -Wno-variadic-macros -Wnull-dereference -Wshadow -Wconversion -Wsign-conversion -Wfloat-conversion -Wimplicit-fallthrough")
 set(CMAKE_C_FLAGS_DEBUG "-gdwarf-4 -DDEBUG")
 set(CMAKE_C_FLAGS_RELEASE "-O2")
 
@@ -97,7 +96,7 @@ if(USE_CLANG_TIDY)
     message(STATUS "clang-tidy not found.")
   else()
     message(STATUS "clang-tidy found: ${CLANG_TIDY_EXE}")
-    set(DO_CLANG_TIDY "${CLANG_TIDY_EXE}" "-fix" "-fix-errors" "-checks=*,-cert-err34-c,-readability-identifier-length,-altera-unroll-loops,-bugprone-easily-swappable-parameters,-concurrency-mt-unsafe,-*magic-numbers,-hicpp-signed-bitwise,-readability-function-cognitive-complexity,-altera-id-dependent-backward-branch,-google-readability-todo,-misc-include-cleaner")
+    set(DO_CLANG_TIDY "${CLANG_TIDY_EXE}" "-fix" "-fix-errors" "-checks=*,-cert-err34-c,-readability-identifier-length,-altera-unroll-loops,-bugprone-easily-swappable-parameters,-concurrency-mt-unsafe,-*magic-numbers,-hicpp-signed-bitwise,-readability-function-cognitive-complexity,-altera-id-dependent-backward-branch,-google-readability-todo,-misc-include-cleaner,-cast-align")
   endif()
 else()
   message(STATUS "Not using clang-tidy.")

src/dns_poller.c

@@ -12,7 +12,7 @@ static void sock_cb(struct ev_loop __attribute__((unused)) *loop,
 }
 
 static struct ev_io * get_io_event(dns_poller_t *d, int sock) {
-  for (int i = 0; i < d->io_events_count; i++) {
+  for (unsigned i = 0; i < d->io_events_count; i++) {
     if (d->io_events[i].fd == sock) {
       return &d->io_events[i];
     }
@@ -35,7 +35,7 @@ static void sock_state_cb(void *data, int fd, int read, int write) {
   // reserve and start new event on unused slot
   io_event_ptr = get_io_event(d, 0);
   if (!io_event_ptr) {
-    FLOG("c-ares needed more IO event handler, than the number of provided nameservers: %d", d->io_events_count);
+    FLOG("c-ares needed more IO event handler, than the number of provided nameservers: %u", d->io_events_count);
   }
   DLOG("Reserved new io event: %p", io_event_ptr);
   // NOLINTNEXTLINE(clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling)
@@ -52,7 +52,7 @@ static char *get_addr_listing(char** addr_list, const int af) {
   }
   for (int i = 0; addr_list[i]; i++) {
     const char *res = ares_inet_ntop(af, addr_list[i], pos,
-                                     list + POLLER_ADDR_LIST_SIZE - 1 - pos);
+                                     (ares_socklen_t)(list + POLLER_ADDR_LIST_SIZE - 1 - pos));
     if (res != NULL) {
       pos += strlen(pos);
       *pos = ',';
@@ -97,8 +97,8 @@ static ev_tstamp get_timeout(dns_poller_t *d)
     struct timeval tv;
     struct timeval *tvp = ares_timeout(d->ares, &max_tv, &tv);
     // NOLINTNEXTLINE(bugprone-narrowing-conversions,cppcoreguidelines-narrowing-conversions)
-    ev_tstamp after = tvp->tv_sec + tvp->tv_usec * 1e-6;
-    return after ? after : 0.1;
+    ev_tstamp after = (double)tvp->tv_sec + (double)tvp->tv_usec * 1e-6;
+    return after > 0.1 ? after : 0.1;
 }
 
 static void timer_cb(struct ev_loop __attribute__((unused)) *loop,
@@ -170,8 +170,8 @@ void dns_poller_init(dns_poller_t *d, struct ev_loop *loop,
   d->timer.data = d;
   ev_timer_start(d->loop, &d->timer);
 
-  int nameservers = 1;
-  for (int i = 0; bootstrap_dns[i]; i++) {
+  unsigned nameservers = 1;
+  for (unsigned i = 0; bootstrap_dns[i]; i++) {
     if (bootstrap_dns[i] == ',') {
       nameservers++;
     }
@@ -181,7 +181,7 @@ void dns_poller_init(dns_poller_t *d, struct ev_loop *loop,
   if (!d->io_events) {
     FLOG("Out of mem");
   }
-  for (int i = 0; i < nameservers; i++) {
+  for (unsigned i = 0; i < nameservers; i++) {
     d->io_events[i].data = d;
   }
   d->io_events_count = nameservers;

src/dns_poller.h

@@ -30,7 +30,7 @@ typedef struct {
 
   ev_timer timer;
   ev_io *io_events;
-  int io_events_count;
+  unsigned io_events_count;
 } dns_poller_t;
 
 // Initializes c-ares and starts a timer for periodic DNS resolution on the

src/dns_server.c

@@ -57,13 +57,13 @@ static void watcher_cb(struct ev_loop __attribute__((unused)) *loop,
     return;
   }
 
-  char *dns_req = (char *)malloc(len);  // To free buffer after https request is complete.
+  char *dns_req = (char *)malloc((size_t)len);  // To free buffer after https request is complete.
   if (dns_req == NULL) {
     FLOG("Out of mem");
   }
-  memcpy(dns_req, tmp_buf, len);  // NOLINT(clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling)
+  memcpy(dns_req, tmp_buf, (size_t)len);  // NOLINT(clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling)
 
-  d->cb(d, 0, d->cb_data, (struct sockaddr*)&tmp_raddr, dns_req, len);
+  d->cb(d, 0, d->cb_data, (struct sockaddr*)&tmp_raddr, dns_req, (size_t)len);
 }
 
 void dns_server_init(dns_server_t *d, struct ev_loop *loop,
@@ -85,7 +85,7 @@ static uint16_t get_edns_udp_size(const char *dns_req, const size_t dns_req_len)
   ares_dns_record_t *dnsrec = NULL;
   ares_status_t parse_status = ares_dns_parse((const unsigned char *)dns_req, dns_req_len, 0, &dnsrec);
   if (parse_status != ARES_SUCCESS) {
-    WLOG("Failed to parse DNS request: %s", ares_strerror(parse_status));
+    WLOG("Failed to parse DNS request: %s", ares_strerror((int)parse_status));
     return DNS_SIZE_LIMIT;
   }
   const uint16_t tx_id = ares_dns_record_get_id(dnsrec);
@@ -116,7 +116,7 @@ static void truncate_dns_response(char *buf, size_t *buflen, const uint16_t size
   ares_dns_record_t *dnsrec = NULL;
   ares_status_t status = ares_dns_parse((const unsigned char *)buf, *buflen, 0, &dnsrec);
   if (status != ARES_SUCCESS) {
-    WLOG("Failed to parse DNS response: %s", ares_strerror(status));
+    WLOG("Failed to parse DNS response: %s", ares_strerror((int)status));
     return;
   }
   const uint16_t tx_id = ares_dns_record_get_id(dnsrec);
@@ -127,13 +127,13 @@ static void truncate_dns_response(char *buf, size_t *buflen, const uint16_t size
   while (ares_dns_record_rr_cnt(dnsrec, ARES_SECTION_ADDITIONAL) > 0) {
     status = ares_dns_record_rr_del(dnsrec, ARES_SECTION_ADDITIONAL, 0);
     if (status != ARES_SUCCESS) {
-      WLOG("%04hX: Could not remove additional record: %s", tx_id, ares_strerror(status));
+      WLOG("%04hX: Could not remove additional record: %s", tx_id, ares_strerror((int)status));
     }
   }
   while (ares_dns_record_rr_cnt(dnsrec, ARES_SECTION_AUTHORITY) > 0) {
     status = ares_dns_record_rr_del(dnsrec, ARES_SECTION_AUTHORITY, 0);
     if (status != ARES_SUCCESS) {
-      WLOG("%04hX: Could not remove authority record: %s", tx_id, ares_strerror(status));
+      WLOG("%04hX: Could not remove authority record: %s", tx_id, ares_strerror((int)status));
     }
   }
 
@@ -148,7 +148,7 @@ static void truncate_dns_response(char *buf, size_t *buflen, const uint16_t size
   for (uint8_t g = 0; g < UINT8_MAX; ++g) {  // endless loop guard
     status = ares_dns_write(dnsrec, &new_resp, &new_resp_len);
     if (status != ARES_SUCCESS) {
-      WLOG("%04hX: Failed to create truncated DNS response: %s", tx_id, ares_strerror(status));
+      WLOG("%04hX: Failed to create truncated DNS response: %s", tx_id, ares_strerror((int)status));
       new_resp = NULL;  // just to be sure
       break;
     }
@@ -168,7 +168,7 @@ static void truncate_dns_response(char *buf, size_t *buflen, const uint16_t size
     while (answers > answers_to_keep) {
       status = ares_dns_record_rr_del(dnsrec, ARES_SECTION_ANSWER, answers - 1);
       if (status != ARES_SUCCESS) {
-        WLOG("%04hX: Could not remove answer record: %s", tx_id, ares_strerror(status));
+        WLOG("%04hX: Could not remove answer record: %s", tx_id, ares_strerror((int)status));
         break;
       }
       --answers;

src/https_client.c

@@ -138,7 +138,7 @@ static int closesocket_callback(void __attribute__((unused)) *clientp, curl_sock
   return 0;
 }
 
-static void https_log_data(enum LogSeverity level, struct https_fetch_ctx *ctx,
+static void https_log_data(int level, struct https_fetch_ctx *ctx,
                            const char * prefix, char *ptr, size_t size)
 {
   const size_t width = 0x10;
@@ -156,14 +156,14 @@ static void https_log_data(enum LogSeverity level, struct https_fetch_ctx *ctx,
     for (size_t c = 0; c < width; c++) {
       if (i+c < size) {
         // NOLINTNEXTLINE(clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling)
-        hex_off += snprintf(hex + hex_off, sizeof(hex) - hex_off,
-                            "%02x ", (unsigned char)ptr[i+c]);
+        hex_off += (size_t)snprintf(hex + hex_off, sizeof(hex) - hex_off,
+                                    "%02x ", (unsigned char)ptr[i+c]);
         // NOLINTNEXTLINE(clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling)
-        str_off += snprintf(str + str_off, sizeof(str) - str_off,
-                            "%c", isprint(ptr[i+c]) ? ptr[i+c] : '.');
+        str_off += (size_t)snprintf(str + str_off, sizeof(str) - str_off,
+                                    "%c", isprint(ptr[i+c]) ? ptr[i+c] : '.');
       } else {
         // NOLINTNEXTLINE(clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling)
-        hex_off += snprintf(hex + hex_off, sizeof(hex) - hex_off, "   ");
+        hex_off += (size_t)snprintf(hex + hex_off, sizeof(hex) - hex_off, "   ");
       }
     }
 
@@ -249,7 +249,7 @@ static void https_set_request_version(https_client_t *client,
   switch (client->opt->use_http_version) {
     case 1:
       http_version_int = CURL_HTTP_VERSION_1_1;
-      // fallthrough
+      __attribute__((fallthrough));
     case 2:
       break;
     case 3:
@@ -338,7 +338,7 @@ static void https_fetch_ctx_init(https_client_t *client,
 
 static int https_fetch_ctx_process_response(https_client_t *client,
                                             struct https_fetch_ctx *ctx,
-                                            int curl_result_code)
+                                            CURLcode curl_result_code)
 {
   CURLcode res = 0;
   long long_resp = 0;
@@ -419,15 +419,15 @@ static int https_fetch_ctx_process_response(https_client_t *client,
     res = curl_easy_getinfo(ctx->curl, CURLINFO_SSL_VERIFYRESULT, &long_resp);
     if (res != CURLE_OK) {
       ELOG_REQ("CURLINFO_SSL_VERIFYRESULT: %s", curl_easy_strerror(res));
-    } else if (long_resp != CURLE_OK) {
-      WLOG_REQ("CURLINFO_SSL_VERIFYRESULT: %s", curl_easy_strerror(long_resp));
+    } else if (long_resp != 0) {
+      WLOG_REQ("CURLINFO_SSL_VERIFYRESULT: certificate verification failure %d", long_resp);
     }
 
     res = curl_easy_getinfo(ctx->curl, CURLINFO_OS_ERRNO, &long_resp);
     if (res != CURLE_OK) {
       ELOG_REQ("CURLINFO_OS_ERRNO: %s", curl_easy_strerror(res));
     } else if (long_resp != 0) {
-      WLOG_REQ("CURLINFO_OS_ERRNO: %d %s", long_resp, strerror(long_resp));
+      WLOG_REQ("CURLINFO_OS_ERRNO: %d %s", long_resp, strerror((int)long_resp));
       if (long_resp == ENETUNREACH && !client->opt->ipv4) {
         // this can't be fixed here with option overwrite because of dns_poller
         WLOG("Try to run application with -4 argument!");
@@ -510,7 +510,7 @@ static void https_fetch_ctx_cleanup(https_client_t *client,
   if (curl_result_code < 0) {
     WLOG_REQ("Request was aborted");
     drop_reply = 1;
-  } else if (https_fetch_ctx_process_response(client, ctx, curl_result_code) != 0) {
+  } else if (https_fetch_ctx_process_response(client, ctx, (CURLcode)curl_result_code) != 0) {
     ILOG_REQ("Response was faulty, skipping DNS reply");
     drop_reply = 1;
   }
@@ -540,7 +540,7 @@ static void check_multi_info(https_client_t *c) {
       struct https_fetch_ctx *cur = c->fetches;
       while (cur) {
         if (cur->curl == msg->easy_handle) {
-          https_fetch_ctx_cleanup(c, prev, cur, msg->data.result);
+          https_fetch_ctx_cleanup(c, prev, cur, (int)msg->data.result);
           break;
         }
         prev = cur;
@@ -642,7 +642,7 @@ static int multi_timer_cb(CURLM __attribute__((unused)) *multi,
   ev_timer_stop(c->loop, &c->timer);
   if (timeout_ms >= 0) {
     // NOLINTNEXTLINE(clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling)
-    ev_timer_init(&c->timer, timer_cb, timeout_ms / 1000.0, 0);
+    ev_timer_init(&c->timer, timer_cb, (double)timeout_ms / 1000.0, 0);
     ev_timer_start(c->loop, &c->timer);
   }
   return 0;

src/logging.c

@@ -121,7 +121,7 @@ void _log(const char *file, int line, int severity, const char *fmt, ...) {
   if (chars < 0 || chars >= LOG_LINE_SIZE/2) {
     abort();  // must be impossible
   }
-  buff_pos += chars;
+  buff_pos += (uint32_t)chars;
 
   va_list args;
   va_start(args, fmt);
@@ -132,7 +132,7 @@ void _log(const char *file, int line, int severity, const char *fmt, ...) {
   if (chars < 0) {
     abort();  // must be impossible
   }
-  buff_pos += chars;
+  buff_pos += (uint32_t)chars;
   if (buff_pos >= LOG_LINE_SIZE) {
     buff_pos = LOG_LINE_SIZE - 1;
     buff[buff_pos - 1] = '$'; // indicate truncation

src/main.c

@@ -156,7 +156,7 @@ static int addr_list_reduced(const char* full_list, const char* list) {
   while (pos < end) {
     char current[50];
     const char *comma = strchr(pos, ',');
-    size_t ip_len = comma ? comma - pos : end - pos;
+    size_t ip_len = (size_t)(comma ? comma - pos : end - pos);
     strncpy(current, pos, ip_len); // NOLINT(clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling)
     current[ip_len] = '\0';
 
@@ -180,7 +180,10 @@ static void dns_poll_cb(const char* hostname, void *data,
   memset(buf, 0, sizeof(buf)); // NOLINT(clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling)
   if (strlen(hostname) > 254) { FLOG("Hostname too long."); }
   int ip_start = snprintf(buf, sizeof(buf) - 1, "%s:443:", hostname);  // NOLINT(clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling)
-  (void)snprintf(buf + ip_start, sizeof(buf) - 1 - ip_start, "%s", addr_list); // NOLINT(clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling)
+  if (ip_start < 0) {
+    abort();  // must be impossible
+  }
+  (void)snprintf(buf + ip_start, sizeof(buf) - 1 - (uint32_t)ip_start, "%s", addr_list); // NOLINT(clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling)
   if (app->resolv && app->resolv->data) {
     char * old_addr_list = strstr(app->resolv->data, ":443:");
     if (old_addr_list) {
@@ -272,7 +275,7 @@ int main(int argc, char *argv[]) {
     }
     case OPR_PARSING_ERROR:
       printf("Failed to parse options!\n");
-      // fallthrough
+      __attribute__((fallthrough));
     case OPR_OPTION_ERROR:
       printf("\n");
       options_show_usage(argc, argv);
@@ -281,7 +284,7 @@ int main(int argc, char *argv[]) {
       abort();  // must not happen
   }
 
-  logging_init(opt.logfd, opt.loglevel, opt.flight_recorder_size);
+  logging_init(opt.logfd, opt.loglevel, (uint32_t)opt.flight_recorder_size);
 
   ILOG("Version: %s", sw_version());
   ILOG("Built: " __DATE__ " " __TIME__);
@@ -323,7 +326,7 @@ int main(int argc, char *argv[]) {
   https_client_init(&https_client, &opt, (opt.stats_interval ? &stat : NULL), loop);
 
   struct addrinfo *listen_addrinfo = get_listen_address(opt.listen_addr);
-  ((struct sockaddr_in*) listen_addrinfo->ai_addr)->sin_port = htons(opt.listen_port);
+  ((struct sockaddr_in*) listen_addrinfo->ai_addr)->sin_port = htons((uint16_t)opt.listen_port);
 
   app_state_t app;
   app.https_client = &https_client;
@@ -338,7 +341,7 @@ int main(int argc, char *argv[]) {
 
   dns_server_tcp_t * dns_server_tcp = NULL;
   if (opt.tcp_client_limit > 0) {
-    dns_server_tcp = dns_server_tcp_create(loop, listen_addrinfo, dns_server_cb, &app, opt.tcp_client_limit);
+    dns_server_tcp = dns_server_tcp_create(loop, listen_addrinfo, dns_server_cb, &app, (uint16_t)opt.tcp_client_limit);
   }
 
   freeaddrinfo(listen_addrinfo);

src/options.h

@@ -57,7 +57,7 @@ struct Options {
   const char *ca_info;
 
   // Number of logs to be kept by flight recorder
-  uint32_t flight_recorder_size;
+  int flight_recorder_size;
 } __attribute__((aligned(128)));
 typedef struct Options options_t;