From 3423caf81e5ea41f96bba7574980702b9c53bb33 Mon Sep 17 00:00:00 2001 From: Craig Comstock Date: Wed, 24 Jun 2026 09:25:46 -0500 Subject: [PATCH 1/3] Bump libntech to latest Needed for fixes related to ENT-14143 Ticket: ENT-14143 Changelog: none --- libntech | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libntech b/libntech index c91951ff41..11be6817ae 160000 --- a/libntech +++ b/libntech @@ -1 +1 @@ -Subproject commit c91951ff4185de36f27f42f1cfed200a79061342 +Subproject commit 11be6817ae8067aa3a1626a3871deb872093e0e2 From 7544e662172f423207d35f21f109cba77a35d9a4 Mon Sep 17 00:00:00 2001 From: Craig Comstock Date: Wed, 24 Jun 2026 10:49:01 -0500 Subject: [PATCH 2/3] Added -Wextra and -Wno-sign-compare to github workflow gcc options This will catch more warnings as errors and help us keep our code cleaner. Ticket: ENT-14208 Changelog: none --- .github/workflows/asan_unit_tests.yml | 2 +- .github/workflows/macos_unit_tests.yml | 2 +- .github/workflows/unit_tests.yml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/asan_unit_tests.yml b/.github/workflows/asan_unit_tests.yml index 6c3dec8517..afccb4593f 100644 --- a/.github/workflows/asan_unit_tests.yml +++ b/.github/workflows/asan_unit_tests.yml @@ -15,6 +15,6 @@ jobs: - name: Run autotools / configure run: ./autogen.sh --enable-debug - name: Compile and link (make) - run: make -j8 CFLAGS="-Werror -Wall -fsanitize=address" LDFLAGS="-fsanitize=address" + run: make -j8 CFLAGS="-Werror -Wall -Wextra -Wno-sign-compare -fsanitize=address" LDFLAGS="-fsanitize=address" - name: Run unit tests run: make -C tests/unit CFLAGS="-fsanitize=address" LDFLAGS="-fsanitize=address" check diff --git a/.github/workflows/macos_unit_tests.yml b/.github/workflows/macos_unit_tests.yml index e781b39b0b..cb50d21da4 100644 --- a/.github/workflows/macos_unit_tests.yml +++ b/.github/workflows/macos_unit_tests.yml @@ -20,6 +20,6 @@ jobs: run: > ./autogen.sh --enable-debug - name: Compile and link - run: MACOSX_DEPLOYMENT_TARGET=15.4 make -j8 CFLAGS="-Werror -Wall" + run: MACOSX_DEPLOYMENT_TARGET=15.4 make -j8 CFLAGS="-Werror -Wall -Wextra -Wno-sign-compare" - name: Run unit tests run: make -C tests/unit check diff --git a/.github/workflows/unit_tests.yml b/.github/workflows/unit_tests.yml index ad142ac402..0624f0b7e5 100644 --- a/.github/workflows/unit_tests.yml +++ b/.github/workflows/unit_tests.yml @@ -16,6 +16,6 @@ jobs: - name: Run autotools / configure run: ./autogen.sh --enable-debug - name: Compile and link (make) - run: make -j8 CFLAGS="-Werror -Wall" + run: make -j8 CFLAGS="-Werror -Wall -Wextra -Wno-sign-compare" - name: Run unit tests run: make -C tests/unit check From 6e952013b0c0d475102ec48c2907025d1aa9a629 Mon Sep 17 00:00:00 2001 From: Craig Comstock Date: Wed, 24 Jun 2026 10:49:50 -0500 Subject: [PATCH 3/3] Refactored variable length array code to use alloca() While VLAs are supported in C99 and C11, they do pose some portability issues so best to avoid their use. alloca() allocates on the stack frame and is free'd on exit from the function so essentially equivalent. Ticket: ENT-14208 Changelog: none --- cf-serverd/server_tls.c | 4 ++-- libpromises/evalfunction.c | 5 ++--- libpromises/ornaments.c | 2 +- libpromises/syslog_client.c | 5 +++-- tests/acceptance/mock_package_manager.c | 2 +- 5 files changed, 9 insertions(+), 9 deletions(-) diff --git a/cf-serverd/server_tls.c b/cf-serverd/server_tls.c index 0f4e142db3..c89ad3b4ab 100644 --- a/cf-serverd/server_tls.c +++ b/cf-serverd/server_tls.c @@ -228,8 +228,8 @@ bool ServerTLSPeek(ConnectionInfo *conn_info) const int peek_size = CF_INBAND_OFFSET + sizeof("CAUTH"); - char buf[peek_size]; - ssize_t got = recv(ConnectionInfoSocket(conn_info), buf, sizeof(buf), MSG_PEEK); + char *buf = alloca(peek_size); + ssize_t got = recv(ConnectionInfoSocket(conn_info), buf, peek_size, MSG_PEEK); assert(got <= peek_size); if (got < 0) { diff --git a/libpromises/evalfunction.c b/libpromises/evalfunction.c index f9d160528d..922149a359 100644 --- a/libpromises/evalfunction.c +++ b/libpromises/evalfunction.c @@ -8533,9 +8533,8 @@ static FnCallResult FnCallClassFilterCsv(EvalContext *ctx, } else { - size_t const key_len = PRINTSIZE(size_t); - char key[key_len]; - xsnprintf(key, key_len, "%zu", i); + char key[PRINTSIZE(size_t)]; + xsnprintf(key, PRINTSIZE(size_t), "%zu", i); JsonObjectAppendString(class_container, key, diff --git a/libpromises/ornaments.c b/libpromises/ornaments.c index 469a6626a5..502137ea1a 100644 --- a/libpromises/ornaments.c +++ b/libpromises/ornaments.c @@ -170,7 +170,7 @@ void PromiseBanner(EvalContext *ctx, const Promise *pp) } const size_t n = 2*CF_MAXFRAGMENT + 3; - char pretty_promise_name[n+1]; + char *pretty_promise_name = alloca(n+1); pretty_promise_name[0] = '\0'; StringAppendAbbreviatedPromise(pretty_promise_name, pp->promiser, n, CF_MAXFRAGMENT); Log(LOG_LEVEL_VERBOSE, "P: Promiser/affected object: '%s'", pretty_promise_name); diff --git a/libpromises/syslog_client.c b/libpromises/syslog_client.c index 0b68048c56..0b55a0cc91 100644 --- a/libpromises/syslog_client.c +++ b/libpromises/syslog_client.c @@ -27,6 +27,8 @@ #include + +#define RFC3164_LENGTH 1024 /* * Set by cf-agent/cf-serverd from body agent/server control. */ @@ -112,8 +114,7 @@ void RemoteSysLog(int log_priority, const char *log_string) } else { - const size_t rfc3164_len = 1024; - char message[rfc3164_len]; + char message[RFC3164_LENGTH]; char timebuffer[26]; pid_t pid = getpid(); diff --git a/tests/acceptance/mock_package_manager.c b/tests/acceptance/mock_package_manager.c index 70ac0d2cd8..dea326bad1 100644 --- a/tests/acceptance/mock_package_manager.c +++ b/tests/acceptance/mock_package_manager.c @@ -8,7 +8,7 @@ static char AVAILABLE_PACKAGES_FILE_NAME[PATH_MAX]; static char INSTALLED_PACKAGES_FILE_NAME[PATH_MAX]; -static const int MAX_PACKAGE_ENTRY_LENGTH = 256; +#define MAX_PACKAGE_ENTRY_LENGTH 256 #define DEFAULT_ARCHITECTURE "x666"