diff --git a/configure.in b/configure.in
index 7395436ab9..67560498af 100644
--- a/configure.in
+++ b/configure.in
@@ -615,6 +615,11 @@ if test x$enable_gcc_warnings = xyes; then
#error
#endif]), have_gcc4=yes, have_gcc4=no)
+ AC_COMPILE_IFELSE(AC_LANG_PROGRAM([], [
+#if !defined(__GNUC__) || (__GNUC_MINOR__ < 2)
+#error
+#endif]), have_gcc42=yes, have_gcc42=no)
+
CFLAGS="$CFLAGS -W -Wfloat-equal -Wundef -Wpointer-arith -Wstrict-prototypes -Wmissing-prototypes -Wwrite-strings -Wredundant-decls -Wchar-subscripts -Wcomment -Wformat=2 -Wwrite-strings -Waggregate-return -Wmissing-declarations -Wredundant-decls -Wnested-externs -Wbad-function-cast -Wswitch-enum -Werror"
if test x$have_gcc4 = xyes ; then
@@ -622,6 +627,14 @@ if test x$enable_gcc_warnings = xyes; then
CFLAGS="$CFLAGS -Winit-self -Wmissing-field-initializers -Wdeclaration-after-statement -Wold-style-definition"
fi
+ if test x$have_gcc42 = xyes ; then
+ # These warnings break gcc 4.0.2 and work on gcc 4.2
+ # XXXX020 Use -fstack-protector.
+ # XXXX020 See if any of these work with earlier versions.
+ # XXXX020 See if we can get -Wstrict-overflow=x for x>1 working.
+ CFLAGS="$CFLAGS -Waddress -Wmissing-noreturn -Wnormalized=id -Woverride-init -W"
+ fi
+
##This will break the world on some 64-bit architectures
# CFLAGS="$CFLAGS -Winline"
diff --git a/src/common/compat.h b/src/common/compat.h
index 3f2abc1968..e5862f982a 100644
--- a/src/common/compat.h
+++ b/src/common/compat.h
@@ -97,6 +97,7 @@ extern INLINE double U64_TO_DBL(uint64_t x) {
#define ATTR_NORETURN __attribute__((noreturn))
#define ATTR_PURE __attribute__((pure))
#define ATTR_MALLOC __attribute__((malloc))
+#define ATTR_NORETURN __attribute__((noreturn))
#define ATTR_NONNULL(x) __attribute__((nonnull x))
/** Macro: Evaluates to exp and hints the compiler that the value
* of exp will probably be true. */
@@ -108,6 +109,7 @@ extern INLINE double U64_TO_DBL(uint64_t x) {
#define ATTR_NORETURN
#define ATTR_PURE
#define ATTR_MALLOC
+#define ATTR_NORETURN
#define ATTR_NONNULL(x)
#define PREDICT_LIKELY(exp) (exp)
#define PREDICT_UNLIKELY(exp) (exp)
diff --git a/src/common/container.c b/src/common/container.c
index 36234743ac..e3523735dd 100644
--- a/src/common/container.c
+++ b/src/common/container.c
@@ -87,7 +87,7 @@ smartlist_ensure_capacity(smartlist_t *sl, int size)
int higher = sl->capacity * 2;
while (size > higher)
higher *= 2;
- tor_assert(higher > sl->capacity); /* detect overflow */
+ tor_assert(higher > 0); /* detect overflow */
sl->capacity = higher;
sl->list = tor_realloc(sl->list, sizeof(void*)*sl->capacity);
}
diff --git a/src/common/util.c b/src/common/util.c
index ff658b7069..0c420f4602 100644
--- a/src/common/util.c
+++ b/src/common/util.c
@@ -858,8 +858,9 @@ tv_add(struct timeval *a, const struct timeval *b)
void
tv_addms(struct timeval *a, long ms)
{
- a->tv_usec += (ms * 1000) % 1000000;
- a->tv_sec += ((ms * 1000) / 1000000) + (a->tv_usec / 1000000);
+ uint64_t us = ms * 1000;
+ a->tv_usec += us % 1000000;
+ a->tv_sec += (us / 1000000) + (a->tv_usec / 1000000);
a->tv_usec %= 1000000;
}
diff --git a/src/or/buffers.c b/src/or/buffers.c
index 8e674eea0f..d043198337 100644
--- a/src/or/buffers.c
+++ b/src/or/buffers.c
@@ -1093,7 +1093,7 @@ int
fetch_from_buf_socks(buf_t *buf, socks_request_t *req,
int log_sockstype, int safe_socks)
{
- unsigned char len;
+ unsigned int len;
char tmpbuf[INET_NTOA_BUF_LEN];
uint32_t destip;
enum {socks4, socks4a} socks4_prot = socks4a;
@@ -1191,8 +1191,13 @@ fetch_from_buf_socks(buf_t *buf, socks_request_t *req,
return 1;
case 3: /* fqdn */
log_debug(LD_APP,"socks5: fqdn address type");
+ if (req->command == SOCKS_COMMAND_RESOLVE_PTR) {
+ log_warn(LD_APP, "socks5 received RESOLVE_PTR command with "
+ "hostname type. Rejecting.");
+ return -1;
+ }
len = (unsigned char)*(buf->cur+4);
- if (buf->datalen < 7u+len) /* addr/port there? */
+ if (buf->datalen < 7+len) /* addr/port there? */
return 0; /* not yet */
if (len+1 > MAX_SOCKS_ADDR_LEN) {
log_warn(LD_APP,
@@ -1200,11 +1205,6 @@ fetch_from_buf_socks(buf_t *buf, socks_request_t *req,
"%d. Rejecting.", len+1,MAX_SOCKS_ADDR_LEN);
return -1;
}
- if (req->command == SOCKS_COMMAND_RESOLVE_PTR) {
- log_warn(LD_APP, "socks5 received RESOLVE_PTR command with "
- "hostname type. Rejecting.");
- return -1;
- }
memcpy(req->address,buf->cur+5,len);
req->address[len] = 0;
req->port = ntohs(get_uint16(buf->cur+5+len));
diff --git a/src/or/control.c b/src/or/control.c
index 3e73510ce3..5100c16866 100644
--- a/src/or/control.c
+++ b/src/or/control.c
@@ -943,13 +943,18 @@ handle_control_authenticate(control_connection_t *conn, uint32_t len,
const char *errstr = NULL;
char *password;
size_t password_len;
+ const char *cp;
+ int i;
if (TOR_ISXDIGIT(body[0])) {
- int i = 0;
- while (TOR_ISXDIGIT(body[i]))
- ++i;
- password = tor_malloc(i/2 + 1);
- if (base16_decode(password, i/2+1, body, i)<0) {
+ cp = body;
+ while (TOR_ISXDIGIT(*cp))
+ ++cp;
+ i = cp - body;
+ tor_assert(i>0);
+ password_len = i/2;
+ password = tor_malloc(password_len + 1);
+ if (base16_decode(password, password_len+1, body, i)<0) {
connection_write_str_to_buf(
"551 Invalid hexadecimal encoding. Maybe you tried a plain text "
"password? If so, the standard requires that you put it in "
@@ -957,7 +962,6 @@ handle_control_authenticate(control_connection_t *conn, uint32_t len,
tor_free(password);
return 0;
}
- password_len = i/2;
} else if (TOR_ISSPACE(body[0])) {
password = tor_strdup("");
password_len = 0;
diff --git a/src/or/cpuworker.c b/src/or/cpuworker.c
index 85583acea6..3bc6f9601b 100644
--- a/src/or/cpuworker.c
+++ b/src/or/cpuworker.c
@@ -36,7 +36,7 @@ static int num_cpuworkers_busy=0;
* the last time we got a key rotation event. */
static time_t last_rotation_time=0;
-static void cpuworker_main(void *data);
+static void cpuworker_main(void *data) ATTR_NORETURN;
static int spawn_cpuworker(void);
static void spawn_enough_cpuworkers(void);
static void process_pending_task(connection_t *cpuworker);
diff --git a/src/or/rendclient.c b/src/or/rendclient.c
index fad32f648f..f6d24595f4 100644
--- a/src/or/rendclient.c
+++ b/src/or/rendclient.c
@@ -141,8 +141,8 @@ rend_client_send_introduction(origin_circuit_t *introcirc,
goto err;
}
- tor_assert(DIGEST_LEN + r <= RELAY_PAYLOAD_SIZE); /* we overran something */
payload_len = DIGEST_LEN + r;
+ tor_assert(payload_len <= RELAY_PAYLOAD_SIZE); /* we overran something */
if (relay_send_command_from_edge(0, TO_CIRCUIT(introcirc),
RELAY_COMMAND_INTRODUCE1,
diff --git a/src/or/test.c b/src/or/test.c
index f5e9d51230..ba5f2a45a2 100644
--- a/src/or/test.c
+++ b/src/or/test.c
@@ -1207,6 +1207,8 @@ static tor_mutex_t *_thread_test_start1 = NULL;
static tor_mutex_t *_thread_test_start2 = NULL;
static strmap_t *_thread_test_strmap = NULL;
+static void _thread_test_func(void* _s) ATTR_NORETURN;
+
static void
_thread_test_func(void* _s)
{
diff --git a/src/tools/tor-resolve.c b/src/tools/tor-resolve.c
index 71639140f8..328c74e4c9 100644
--- a/src/tools/tor-resolve.c
+++ b/src/tools/tor-resolve.c
@@ -44,6 +44,8 @@
do { log_fn(LOG_ERR, LD_NET, "Error while %s: %s", act, \
tor_socket_strerror(tor_socket_errno(_s))); } while (0)
+static void usage(void) ATTR_NORETURN;
+
/** Set *out to a newly allocated SOCKS4a resolve request with
* username and hostname as provided. Return the number
* of bytes in the request. */