And a few variables around.
There remain cases where the accepted pointer is const, yet the returned
pointer is written to.
Partly addressing (glibc 2.43):
```
* For ISO C23, the functions bsearch, memchr, strchr, strpbrk, strrchr,
strstr, wcschr, wcspbrk, wcsrchr, wcsstr and wmemchr that return
pointers into their input arrays now have definitions as macros that
return a pointer to a const-qualified type when the input argument is
a pointer to a const-qualified type.
```
Ref: https://lists.gnu.org/archive/html/info-gnu/2026-01/msg00005.html
Reported-by: Rudi Heitbaum
Ref: #20420Closes#20421
Use non-deprecated CRT function variants on Windows.
- introduce `curlx_fdopen()`, `curlx_close()` and use them. Map them to
non-deprecated, underscored, CRT functions on Windows.
- replace `close()` uses with either `sclose()` (for sockets) or
`curlx_close()` (for files).
- map `fileno`, `unlink`, `isatty` to their non-deprecated, underscored,
versions on Windows.
- tool_dirhie: map `mkdir` to `_mkdir` on Windows.
- easy: use `_strdup()` on Windows, regardless of how `HAVE_STRDUP` is
set.
- cmake: assume `HAVE_STRDUP` on Windows. To allow dropping a detection
hack using `_CRT_NONSTDC_NO_DEPRECATE` with MSVC. Windows always has
`_strdup()` which the code uses, but also needs `HAVE_STRDUP` defined
to disable curl's own `strdup()` implementation.
- curl_setup.h: drop `_CRT_NONSTDC_NO_DEPRECATE` as no longer necessary.
Closes#20212
Extend two existing local suppressions to GCC, and add another
GCC-specific one as a replacement.
Before this patch suppressing this warning was odd with clang, because
after this option, `-Wformat=2` is used, which re-enables it.
Also:
- mprintf: minimize scope of a warning suppression.
- tests/server: suppress this warning for a system `vsnprintf()` call
where it could trigger in C89 builds or with
`CFLAGS=-DCURL_NO_FMT_CHECKS` set. Seen with Apple clang 17:
```
curl/tests/server/util.c:114:37: warning: format string is not a string literal [-Wformat-nonliteral]
114 | vsnprintf(buffer, sizeof(buffer), msg, ap);
| ^~~
/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/secure/_stdio.h:124:69: note: expanded from macro 'vsnprintf'
124 | #define vsnprintf(str, len, ...) __vsnprintf_chk_func (str, len, 0, __VA_ARGS__)
| ^~~~~~~~~~~
/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/secure/_stdio.h:81:65: note: expanded from macro '__vsnprintf_chk_func'
81 | __builtin___vsnprintf_chk (str, len, flag, __darwin_obsz(str), format, ap)
| ^~~~~~
```
Ref: #20363Closes#20366
- `stdlib.h` and `string.h` is included via `curl_setup_once.h`,
allowing to drop from `tests/server` sources and `tool_doswin.c`.
- `stdlib.h` is also included via `setup-vms.h` (earlier than above),
allowing to drop it from `curl_addrinfo.h` on VMS.
Closes#20303
Already included directly via `hostip.c`, and other header users do not
use it.
Also add comment about why `setjmp.h` is used.
Cherry-picked from #20106Closes#20132
Also:
- examples/hsts-preload: apply the same change as it's based on lib1915
in tests. Make a local clone of `curlx_strcopy()`. Then drop the
`_CRT_SECURE_NO_WARNINGS` hack, that's no longer necessary.
- curl_setup.h: delete `strcpy()` from the `_CRT_SECURE_NO_WARNINGS`
list.
Closes#20076
This function REQUIRES the size of the target buffer as well as the
length of the source string. Meant to make it harder to do a bad
strcpy().
Removes 23 calls to strcpy().
Closes#20067
- curl_range: replace `sendf.h` with direct header dependency
`curl_trc.h`.
- drop `curl/curl.h` includes from internal sourcees in favor of the
include made from `curl_setup.h`. Replace it with the latter where
it's the only include.
- include `curl_setup.h` before using macros, where missing.
- drop redundant `stdlib.h`, `string.h` includes, in favor of
`curl_setup_once.h` including them.
- drop redundant `limits.h` in favor of `curl_setup.h` including it.
- fake_addrinfo.h: fix typo in comment.
- curl_setup_once.h: drop `stdio.h` in favor of earlier include in
`curl_setup.h`.
- drop stray, unused, `stddef.h` includes.
- memdebug.h: add missing `stddef.h` include. (relying on accidental
includes via other headers before this patch.)
- stddef.h: document why it's included.
- strerr: drop `curl/mprintf.h` in favor of `curl/curl.h` including it
via `curl_setup.h`.
Closes#20027
- add local API `toolx_localtime()` to wrap the banned function
`localtime()`. Used from libcurl, libtests and test servers.
- auto-detect and use `localtime_r()` where available (e.g. Linux).
Also to support multi-threading.
- use `localtime_s()` on Windows. It requires MSVC or mingw-w64 v4+.
Also to support multi-threading.
Use local workaround to also support mingw-w64 v3.
- add `src/toolx` to keep internal APIs used by the curl tool and tests,
but not by libcurl. `toolx_localtime()` is the first API in it.
- replace `localtime()` calls with `toolx_localtime()`.
Except in examples.
- note Windows XP's default `msvcrt.dll` doesn't offer secure CRT APIs.
XP likely needs a newer version of this DLL, or may not run.
- note that `localtime()` mirrors `gmtime()`, with the difference that
`gmtime()`'s internal wrapper lives in curlx.
Also:
- drop redundant `int` casts.
Refs:
https://learn.microsoft.com/cpp/c-runtime-library/reference/localtime-localtime32-localtime64https://learn.microsoft.com/cpp/c-runtime-library/reference/localtime-s-localtime32-s-localtime64-shttps://pubs.opengroup.org/onlinepubs/9799919799/functions/localtime.htmlhttps://linux.die.net/man/3/localtime_r
Ref: #19955 (for `gmtime_r()`)
Follow-up to 54d9f060b4b0a8fb5fa006813e4db1ca5c1a07e8
Closes#19957
Make sure to call `curlx_now_init()` before the first call to
`curlx_now()`.
Before this patch the first `curlx_now()` used the non-Vista code path
calling `GetTickCount()` on Vista+. This is harmless, but the upcoming
PR #18009 is going to drop the non-Vista code path, causing a division
by zero at startup in test servers, without this fix.
Bug: https://github.com/curl/curl/pull/18009#issuecomment-3652154307Closes#19973
Windows 10.17063+ (having unix socket support) fails to set for unix
sockets the `SO_REUSEADDR` option, with error 10045 (`WSAEOPNOTSUPP`),
and also fails to set `SO_KEEPALIVE` with error 10042 (`WSAENOPROTOOPT`).
Fix by not enabling these socket options on Windows for unix sockets.
Also:
- fixing test 1435, 1436 to run in CI.
- fixing the `socksd` test server for test 1467, 1468, 1470. But, also
disable these for now due to another Windows issue: #19825
Ref: https://stackoverflow.com/questions/68791319/unix-domain-socket-bind-failed-in-windows/68794755#68794755
Ref: #19810Closes#19812
Before this patch curl used the C preprocessor to override standard
memory allocation symbols: malloc, calloc, strdup, realloc, free.
The goal of these is to replace them with curl's debug wrappers in
`CURLDEBUG` builds, another was to replace them with the wrappers
calling user-defined allocators in libcurl. This solution needed a bunch
of workarounds to avoid breaking external headers: it relied on include
order to do the overriding last. For "unity" builds it needed to reset
overrides before external includes. Also in test apps, which are always
built as single source files. It also needed the `(symbol)` trick
to avoid overrides in some places. This would still not fix cases where
the standard symbols were macros. It was also fragile and difficult
to figure out which was the actual function behind an alloc or free call
in a specific piece of code. This in turn caused bugs where the wrong
allocator was accidentally called.
To avoid these problems, this patch replaces this solution with
`curlx_`-prefixed allocator macros, and mapping them _once_ to either
the libcurl wrappers, the debug wrappers or the standard ones, matching
the rest of the code in libtests.
This concludes the long journey to avoid redefining standard functions
in the curl codebase.
Note: I did not update `packages/OS400/*.c` sources. They did not
`#include` `curl_setup.h`, `curl_memory.h` or `memdebug.h`, meaning
the overrides were never applied to them. This may or may not have been
correct. For now I suppressed the direct use of standard allocators
via a local `.checksrc`. Probably they (except for `curlcl.c`) should be
updated to include `curl_setup.h` and use the `curlx_` macros.
This patch changes mappings in two places:
- `lib/curl_threads.c` in libtests: Before this patch it mapped to
libcurl allocators. After, it maps to standard allocators, like
the rest of libtests code.
- `units`: before this patch it mapped to standard allocators. After, it
maps to libcurl allocators.
Also:
- drop all position-dependent `curl_memory.h` and `memdebug.h` includes,
and delete the now unnecessary headers.
- rename `Curl_tcsdup` macro to `curlx_tcsdup` and define like the other
allocators.
- map `curlx_strdup()` to `_strdup()` on Windows (was: `strdup()`).
To fix warnings silenced via `_CRT_NONSTDC_NO_DEPRECATE`.
- multibyte: map `curlx_convert_*()` to `_strdup()` on Windows
(was: `strdup()`).
- src: do not reuse the `strdup` name for the local replacement.
- lib509: call `_strdup()` on Windows (was: `strdup()`).
- test1132: delete test obsoleted by this patch.
- CHECKSRC.md: update text for `SNPRINTF`.
- checksrc: ban standard allocator symbols.
Follow-up to b12da22db1f11da51082977dc21a7edee7858911 #18866
Follow-up to db98daab05aec251bcb6615d2d38dfebec291736 #18844
Follow-up to 4deea9396bc7dd25c6362fa746a57bf309c74ada #18814
Follow-up to 9678ff5b1bfea1c847aee4f9edf023e8f01c9293 #18776
Follow-up to 10bac43b873fe45869e15b36aac1c1e5bc89b6e0 #18774
Follow-up to 20142f5d06f7120ba94cbcc25c998e8d81aec85b #18634
Follow-up to bf7375ecc50e857760b0d0a668c436e208a400bd #18503
Follow-up to 9863599d69b79d290928a89bf9160f4e4e023d4e #18502
Follow-up to 3bb5e58c105d7be450b667858d1b8e7ae3ded555 #17827Closes#19626
Replace:
- `open()` with `curlx_open()` (1 call).
- `fopen()` with `curlx_fopen()`.
- `fclose()` with `curlx_fclose()`.
To centralize interacting with the CRT in preparation for using "safe"
alternatives on Windows. This also adds long-filename and Unicode
support for these operations on Windows.
Keep using `open()` in the signal handler to avoid any issues with
calling code not allowed in signal handlers.
Cherry-picked from #19643Closes#19679
- replace 0777 with `S_I*` macros.
- fix to not pass invalid flags on Windows.
Follow-up to 537987d8c66aac6ec96cde098ab45525e156b54e #19645Closes#19671
There remain some false positives, hits in test data, and `dir` use,
around 100 issues in total.
There is no plan to enforce badwords on tests.
Also:
- badwords.txt: let a few `manpage[s]` occurrences through
(in Perl code).
Closes#19541
Windows CE support was limited to successful builds with ming32ce
(a toolchain that hasn't seen an update since 2009, using an ancient gcc
version and "old mingw"-style SDK headers, that curl deprecated earlier).
Builds with MSVC were broken for a long time. mingw32ce builds were never
actually tested and runtime and unlikely to work due to missing stubs.
Windows CE toolchains also miss to comply with C89. Paired with lack of
demand and support for the platform, curl deprecated it earlier.
This patch removes support from the codebase to ease maintaining Windows
codepaths.
Follow-up to f98c0ba834d4b4da480373b732a86976f9064ccd #17924
Follow-up to 8491e6574cde770b227ca0e1cd66548291f49661 #17379
Follow-up to 2a292c39846107228201674d686be5b3ed96674d #15975Closes#17927
Before this patch servers were loading the original data source file
(from `tests/data/test*`) if they failed to open the preprocessed data
file.
It was causing issues in many (most?) tests, because original data files
are not preprocessed, thus may be incomplete and/or come with wrong
newline characters. It's also causing difficult to diagnose issues when
a test accidentally references another test's data, which by chance
makes the test pass initially, until either that or the executed test
data gets an update, and breaking it, as seen in #19329.
Historically, the fallback existed first, then the preprocessed copy.
The fallback is no longer used by tests (except by stray accidents).
Fix it by dropping the fallback logic and relying on the preprocessed
data file saved there by the runtests framework.
Also fix two remaining test data cross-references:
- test1565: reference own server input data instead of test1's.
- test3014: reference own server input data instead of test1439's.
Ref: #19398
Follow-up to aaf9522a2c28e5142c7f5640da4e24b65b47dc53 #19329Closes#19429
To make it simpler to move them around, create and delete them without
syncing with `REUSE.toml`.
Also:
- checksrc: allow empty lines in `.checksrc`.
- comment on why curl printfs are disallowed in examples.
Closes#19024
The function service_connection() now passes in a reference to the
socket instead of by value since the sub function http_connect() might
close it and set *infdp = CURL_SOCKET_BAD. This would previously not be
detected when service_connection() returned and potentially cause a
double close of the socket.
Reported-by: Joshua Rogers
Closes#19031
The code was overriding system memory allocation functions to a local
jump table (declared in `curl_setup.h`). And setup that jump table
to call the original system allocation functions.
Also tested fine with cegcc/WinCE. The `_strdup` fallback was possibly
required for an MSVC WinCE toolchain.
Closes#18922
After this patch, the codebase no longer overrides system printf
functions. Instead it explicitly calls either the curl printf functions
`curl_m*printf()` or the system ones using their original names.
Also:
- drop unused `curl_printf.h` includes.
- checksrc: ban system printf functions, allow where necessary.
Follow-up to db98daab05aec251bcb6615d2d38dfebec291736 #18844
Follow-up to 4deea9396bc7dd25c6362fa746a57bf309c74ada #18814Closes#18866
Also:
- tests/server: replace local `sstrerror()` with `curlx_strerror()`.
- tests/server: show the error code next to the string, where missing.
- curlx: use `curl_msnprintf()` when building for src and tests.
(units was already using it.)
- lib: drop unused includes found along the way.
- curlx_strerror(): avoid compiler warning (and another similar one):
```
In file included from servers.c:14:
../../lib/../../lib/curlx/strerr.c: In function ‘curlx_strerror’:
../../lib/../../lib/curlx/strerr.c:328:32: error: ‘snprintf’ output may be truncated before the last format character [-Werror=format-truncation=]
328 | SNPRINTF(buf, buflen, "%s", msg);
| ^
../../lib/../../lib/curlx/strerr.c:47:18: note: ‘snprintf’ output 1 or more bytes (assuming 2) into a destination of size 1
47 | #define SNPRINTF snprintf
| ^
../../lib/../../lib/curlx/strerr.c:328:7: note: in expansion of macro ‘SNPRINTF’
328 | SNPRINTF(buf, buflen, "%s", msg);
| ^~~~~~~~
```
Follow-up to 45438c8d6f8e70385d66c029568524e9e803c539 #18823Closes#18840
Replace an `strtol()` and `strtoul()` call, both used in hex mode, with
`curlx_str_hex()`.
Follow-up to 45438c8d6f8e70385d66c029568524e9e803c539 #18823Closes#18837
By making them defaults, then fixing and/or reshuffling remaining
exceptions as necessary.
- checksrc: ban by default: `snprintf`, `vsnprintf`, `sscanf`, `strtol`.
- examples: replace `strtol` with `atoi` to avoid a checksrc exception.
- tests/libtest: replace `strtol` with `atol`.
- tests/server: replace most `strtol` with `atol`.
- tests/server: replace most `strtoul` with `atol`/`atoi`.
- tests/server: drop no longer used `util_ultous`.
- fix typo in checksrc rules: `vsnprint` -> `vsnprintf`.
- update local exceptions.
Also:
- examples: ban curl printf functions. They're discouraged in user code.
- examples: replace curl printf with system printf.
Add `snprintf` workaround for <VS2015.
- examples/synctime: fix `-Wfloat-equal`.
- examples/synctime: exclude for non-Windows and non-UWP Windows.
- examples/synctime: build by default.
Closes#18823
Replace them by `curlx_open()` and `curlx_stat()`.
To make it obvious in the source code what is being executed.
Also:
- tests/server: stop overriding `open()` for test servers.
This is critical for the call made from the signal handler.
For other calls, it's an option to use `curlx_open()`, but
doesn't look important enough to do it, following the path
taken with `fopen()`.
Follow-up to 10bac43b873fe45869e15b36aac1c1e5bc89b6e0 #18774
Follow-up to 20142f5d06f7120ba94cbcc25c998e8d81aec85b #18634
Follow-up to bf7375ecc50e857760b0d0a668c436e208a400bd #18503Closes#18776
By introducing wrappers for them in the curlx namespace:
`curlx_fopen()`, `curlx_fdopen()`, `curlx_fclose()`.
The undefine/redefine/`(function)()` methods broke on systems
implementing these functions as macros. E.g. AIX 32-bit's `fopen()`.
Also:
- rename `lib/fopen.*` to `lib/curl_fopen.*` (for `Curl_fopen()`)
to make room for the newly added `curlx/fopen.h`.
- curlx: move file-related functions from `multibyte.c` to `fopen.c`.
- tests/server: stop using the curl-specific `fopen()` implementation
on Windows. Unicode isn't used by runtests, and it isn't critical to
run tests on longs path. It can be re-enabled if this becomes
necessary, or if the wrapper receives a feature that's critical for
test servers.
Reported-by: Andrew Kirillov
Bug: https://github.com/curl/curl/issues/18510#issuecomment-3274393640
Follow-up to bf7375ecc50e857760b0d0a668c436e208a400bd #18503
Follow-up to 9863599d69b79d290928a89bf9160f4e4e023d4e #18502
Follow-up to 3bb5e58c105d7be450b667858d1b8e7ae3ded555 #17827Closes#18634
Turns out the signal handler on Windows still wasn't signal safe after
the previous round of fix. There is an `open()` call made from there,
and `open` happens to be unconditionally overridden via `curl_setup.h`
on Windows, to its local implementation (`curlx_win32_open()`), which
does memory allocations and potentially other things that are not signal
safe.
This is a temporary fix, till avoiding the override of system symbols
`open` and `stat` on Windows.
FTR this did not fix the CI 2304 errors, diskspace fail or job hangs due
to 0xC0000142 fork failure (it's rare all three occurs in the same run):
https://github.com/curl/curl/actions/runs/18110523584?pr=18774
Ref: #18634
Follow-up e95f509c66abdd88ae02e3243cdc217f19c4a330 #16852Closes#18774
Before this patch `accept4()`, `socket()`, `socketpair()`, `send()` and
`recv()` system symbols were remapped via macros, using the same name,
to local curl debug wrappers. This patch replaces these overrides by
introducing curl-namespaced macros that map either to the system symbols
or to their curl debug wrappers in `CURLDEBUG` (TrackMemory) builds.
This follows a patch that implemented the same for `accept()`.
The old method required tricks to make these redefines work in unity
builds, and avoid them interfering with system headers. These tricks
did not work for system symbols implemented as macros.
The new method allows to setup these mappings once, without interfering
with system headers, upstream macros, or unity builds. It makes builds
more robust.
Also:
- checksrc: ban all mapped functions.
- docs/examples: tidy up checksrc rules.
Follow-up to 9863599d69b79d290928a89bf9160f4e4e023d4e #18502
Follow-up to 3bb5e58c105d7be450b667858d1b8e7ae3ded555 #17827Closes#18503
- update Microsoft documentation links.
(also drop language designator where present.)
- checksrc: allow longer than 78 character lines if they
contain a https URL. To make these links easier to use and parse.
- merge links that were split into two lines.
Closes#18626
Replace `_beginthreadex()` C runtime calls with native win32 API
`CreateThread()`. The latter was already used in `src/tool_doswin.c`
and in UWP and Windows CE builds before this patch. After this patch
all Windows flavors use it. To drop PP logic and simplify code.
While working on this it turned out that `src/tool_doswin.c` calls
`TerminateThread()`, which isn't recommended by the documentation,
except for "the most extreme cases". This patch makes no attempt
to change that code.
Ref: 9a2663322c330ff11275abafd612e9c99407a94a #17572
Ref: https://learn.microsoft.com/windows/win32/api/processthreadsapi/nf-processthreadsapi-terminatethread
Also:
- use `WaitForSingleObjectEx()` on all desktop Windows.
Ref: 4be80d5109a340973dc6ce0221ec5c5761587df0
Ref: https://sourceforge.net/p/curl/feature-requests/82/
Ref: https://learn.microsoft.com/windows/win32/api/synchapi/nf-synchapi-waitforsingleobjectex
- tests: drop redundant casts.
- lib3207: fix to not rely on thread macros when building without thread
support.
Assisted-by: Jay Satiro
Assisted-by: Marcel Raad
Assisted-by: Michał Petryka
Follow-up to 38029101e2d78ba125732b3bab6ec267b80a0e72 #11625Closes#18451
