fix: added hedley safeguards to many internal C functions

dyne · Jan 8, 2025 · c780601 · c780601
1 parent a190171
commit c780601
Show file tree

Hide file tree

Showing 8 changed files with 2,119 additions and 9 deletions.
diff --git a/src/hedley.h b/src/hedley.h
diff --git a/src/mutt_sprintf.h b/src/mutt_sprintf.h
@@ -6,9 +6,14 @@
 #define MUTT_SPRINTF_H 1
 
 #include <stddef.h>
-#include <stdarg.h> /* ... */
+#include <stdarg.h>
+#include <hedley.h>
 
+HEDLEY_INLINE
 int mutt_vsnprintf(char *str, size_t count, const char *fmt, va_list args);
+
+HEDLEY_PRINTF_FORMAT(3,4)
+HEDLEY_INLINE
 int mutt_snprintf(char *str, size_t count, const char *fmt, ...);
 
 #endif /* snprintf.h */
diff --git a/src/zen_big.h b/src/zen_big.h
@@ -41,18 +41,31 @@ typedef struct {
 } big;
 
 // new or dup already push the object in LUA's stack
+HEDLEY_MALLOC
+HEDLEY_RETURNS_NON_NULL
+HEDLEY_WARN_UNUSED_RESULT
 big* big_new(lua_State *L);
 
+HEDLEY_MALLOC
+HEDLEY_RETURNS_NON_NULL
+HEDLEY_WARN_UNUSED_RESULT
 big* big_dup(lua_State *L, big *c);
 
-void big_free(lua_State *L, big *c);
+void big_free(lua_State *L, HEDLEY_NO_ESCAPE big *c);
+
+HEDLEY_MALLOC
+HEDLEY_RETURNS_NON_NULL
+HEDLEY_WARN_UNUSED_RESULT
 big* big_arg(lua_State *L, int n);
 
 // internal initialisation of double or single big
 int big_init(lua_State *L,big *n);
 int dbig_init(lua_State *L,big *n);
 
 // internal conversion from d/big to octet
+HEDLEY_MALLOC
+HEDLEY_RETURNS_NON_NULL
+HEDLEY_WARN_UNUSED_RESULT
 octet *new_octet_from_big(lua_State *L, big *c);
 
 #endif
diff --git a/src/zen_ecp.h b/src/zen_ecp.h
@@ -34,8 +34,16 @@ typedef struct {
 	// curves ECP.
 } ecp;
 
-void ecp_free(lua_State *L, ecp* e);
+void ecp_free(lua_State *L, HEDLEY_NO_ESCAPE ecp* e);
+
+HEDLEY_MALLOC
+HEDLEY_RETURNS_NON_NULL
+HEDLEY_WARN_UNUSED_RESULT
 ecp* ecp_new(lua_State *L);
+
+HEDLEY_MALLOC
+HEDLEY_RETURNS_NON_NULL
+HEDLEY_WARN_UNUSED_RESULT
 ecp* ecp_arg(lua_State *L,int n);
 
 typedef struct {
@@ -49,8 +57,16 @@ typedef struct {
 	// curves ECP.
 } ecp2;
 
-void ecp2_free(lua_State *L, ecp2* e);
+void ecp2_free(lua_State *L, HEDLEY_NO_ESCAPE ecp2* e);
+
+HEDLEY_MALLOC
+HEDLEY_RETURNS_NON_NULL
+HEDLEY_WARN_UNUSED_RESULT
 ecp2* ecp2_new(lua_State *L);
+
+HEDLEY_MALLOC
+HEDLEY_RETURNS_NON_NULL
+HEDLEY_WARN_UNUSED_RESULT
 ecp2* ecp2_arg(lua_State *L,int n);
 
 char gf_sign(BIG y);

diff --git a/src/zen_error.h b/src/zen_error.h
@@ -23,12 +23,15 @@
 #ifndef __ZEN_ERROR_H__
 #define __ZEN_ERROR_H__
 
-// #include <stdlib.h>
 #include <string.h>
 #include <stdarg.h>
+#include <hedley.h>
 
 // macro to obtain Z context from a lua_State
-#define Z(l) zenroom_t *Z=NULL; (void)Z; if (l) { void *_zv; lua_getallocf(l, &_zv); Z = _zv; } else { _err("NULL context in call: %s\n", __func__); }
+#define Z(l) \
+	if(HEDLEY_UNLIKELY(l==NULL) \
+	    lerror(l,"NULL lua_State in %s",__func__); \
+	zenroom_t *Z; lua_getallocf(l, &Z)
 
 // tracing wrappers for all C->Lua functions
 #define BEGIN() trace(L, "vv begin %s",__func__)
@@ -55,26 +58,37 @@ typedef enum log_priority {
 void get_log_prefix(void *Z, log_priority prio, char dest[5]);
 
 // context free print and error messages
+HEDLEY_PRINTF_FORMAT(1,2)
 void _out(const char *fmt, ...);
+HEDLEY_PRINTF_FORMAT(1,2)
 void _err(const char *fmt, ...);
 // context free results
 int OK();
 int FAIL();
 
 // lua context error message
+HEDLEY_PRINTF_FORMAT(2,3)
+HEDLEY_NO_RETURN
 int lerror(void *L, const char *fmt, ...);
 
+HEDLEY_PRINTF_FORMAT(2,3)
 int notice(void *L, const char *format, ...); // INFO
+HEDLEY_PRINTF_FORMAT(2,3)
 int func(void *L, const char *format, ...); // VERBOSE
+HEDLEY_PRINTF_FORMAT(2,3)
 int trace(void *L, const char *format, ...); // TRACE (VERY VERBOSE)
+HEDLEY_PRINTF_FORMAT(2,3)
 int zerror(void *L, const char *format, ...); // ERROR
+HEDLEY_PRINTF_FORMAT(2,3)
 int act(void *L, const char *format, ...); // DEBUG
+HEDLEY_PRINTF_FORMAT(2,3)
 int warning(void *L, const char *format, ...); // WARN
 
 void json_start(void *L);
 void json_end(void *L);
 
-#define SAFE(x) if(!x) lerror(L, "NULL variable in %s",__func__)
+#define SAFE(x) HEDLEY_REQUIRE_MSG(x!=NULL, __func__)
+// if(!x) lerror(L, "NULL variable in %s",__func__)
 
 // useful for debugging
 #if DEBUG == 1

diff --git a/src/zen_float.h b/src/zen_float.h
@@ -22,13 +22,17 @@
 #define __ZEN_FLOAT_H__
 
 // new or dup already push the object in LUA's stack
+HEDLEY_MALLOC
 float* float_new(lua_State *L);
 
+HEDLEY_MALLOC
 float* float_dup(lua_State *L, float *c);
 
+HEDLEY_MALLOC
 float* float_arg(lua_State *L, int n);
 
 // internal conversion from float to octet
+HEDLEY_MALLOC
 octet *new_octet_from_float(lua_State *L, float *c);
 
 #endif

diff --git a/src/zen_hash.h b/src/zen_hash.h
@@ -56,8 +56,14 @@ typedef struct {
   // ...
 } hash;
 
-
+HEDLEY_MALLOC
+HEDLEY_RETURNS_NON_NULL
+HEDLEY_WARN_UNUSED_RESULT
 hash* hash_new(lua_State *L, const char *hashtype);
+
+HEDLEY_MALLOC
+HEDLEY_RETURNS_NON_NULL
+HEDLEY_WARN_UNUSED_RESULT
 hash* hash_arg(lua_State *L, int n);
 
 #endif
diff --git a/src/zen_octet.h b/src/zen_octet.h
@@ -22,19 +22,29 @@
 #define __ZEN_OCTET_H__
 
 #include <amcl.h>
+#include <hedley.h>
 
 // REMEMBER: o_new and o_dup push a new object in lua's stack
+HEDLEY_MALLOC
+HEDLEY_RETURNS_NON_NULL
 octet* o_new(lua_State *L, const int size);
 
+HEDLEY_MALLOC
+HEDLEY_RETURNS_NON_NULL
 octet *o_dup(lua_State *L, octet *o);
 
 // REMEMBER: o_arg returns a new allocated octet to be freed with o_free
+HEDLEY_MALLOC
+HEDLEY_RETURNS_NON_NULL
 octet* o_arg(lua_State *L, int n);
 
 // These functions are internal and not exposed to lua's stack
 // to make an octet visible to lua can be done using o_dup
+HEDLEY_MALLOC
+HEDLEY_RETURNS_NON_NULL
 octet *o_alloc(lua_State *L, int size);
-void o_free(lua_State *L,octet *o);
+
+void o_free(lua_State *L, HEDLEY_NO_ESCAPE octet *o);
 
 void push_octet_to_hex_string(lua_State *L, octet *o);
 void push_buffer_to_octet(lua_State *L, char *p, size_t len);