diff options
author | Reiner Herrmann <reiner@reiner-h.de> | 2020-08-08 14:26:57 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2020-08-08 14:26:57 +0200 |
commit | ce1b254834788eca7546b8f720cdabdeb0f6fe8f (patch) | |
tree | 33d9b068df7e0081f0038e80e1af86c7ff5c5acd /src | |
parent | update release notes (diff) | |
download | firejail-ce1b254834788eca7546b8f720cdabdeb0f6fe8f.tar.gz firejail-ce1b254834788eca7546b8f720cdabdeb0f6fe8f.tar.zst firejail-ce1b254834788eca7546b8f720cdabdeb0f6fe8f.zip |
annotate some functions as non-returning (#3574)
Diffstat (limited to 'src')
-rw-r--r-- | src/firejail/arp.c | 4 | ||||
-rw-r--r-- | src/firejail/firejail.h | 35 | ||||
-rw-r--r-- | src/firejail/join.c | 2 | ||||
-rw-r--r-- | src/firejail/main.c | 3 | ||||
-rw-r--r-- | src/firejail/protocol.c | 2 | ||||
-rw-r--r-- | src/firejail/sbox.c | 2 | ||||
-rw-r--r-- | src/firejail/x11.c | 4 | ||||
-rw-r--r-- | src/firemon/firemon.h | 6 | ||||
-rw-r--r-- | src/firemon/procevent.c | 13 | ||||
-rw-r--r-- | src/include/syscall.h | 2 | ||||
-rw-r--r-- | src/lib/errno.c | 2 |
11 files changed, 34 insertions, 41 deletions
diff --git a/src/firejail/arp.c b/src/firejail/arp.c index 3714af9a3..f88d0a1dd 100644 --- a/src/firejail/arp.c +++ b/src/firejail/arp.c | |||
@@ -239,9 +239,7 @@ int arp_check(const char *dev, uint32_t destaddr) { | |||
239 | } | 239 | } |
240 | } | 240 | } |
241 | 241 | ||
242 | // it will never get here! | 242 | __builtin_unreachable(); |
243 | close(sock); | ||
244 | return -1; | ||
245 | } | 243 | } |
246 | 244 | ||
247 | // assign a random IP address and check it | 245 | // assign a random IP address and check it |
diff --git a/src/firejail/firejail.h b/src/firejail/firejail.h index 54a1023ab..9c5a050b4 100644 --- a/src/firejail/firejail.h +++ b/src/firejail/firejail.h | |||
@@ -371,14 +371,14 @@ char *guess_shell(void); | |||
371 | 371 | ||
372 | // sandbox.c | 372 | // sandbox.c |
373 | int sandbox(void* sandbox_arg); | 373 | int sandbox(void* sandbox_arg); |
374 | void start_application(int no_sandbox, FILE *fp); | 374 | void start_application(int no_sandbox, FILE *fp) __attribute__((noreturn)); |
375 | void set_apparmor(void); | 375 | void set_apparmor(void); |
376 | 376 | ||
377 | // network_main.c | 377 | // network_main.c |
378 | void net_configure_sandbox_ip(Bridge *br); | 378 | void net_configure_sandbox_ip(Bridge *br); |
379 | void net_configure_veth_pair(Bridge *br, const char *ifname, pid_t child); | 379 | void net_configure_veth_pair(Bridge *br, const char *ifname, pid_t child); |
380 | void net_check_cfg(void); | 380 | void net_check_cfg(void); |
381 | void net_dns_print(pid_t pid); | 381 | void net_dns_print(pid_t pid) __attribute__((noreturn)); |
382 | void network_main(pid_t child); | 382 | void network_main(pid_t child); |
383 | void net_print(pid_t pid); | 383 | void net_print(pid_t pid); |
384 | 384 | ||
@@ -453,13 +453,12 @@ void profile_add_ignore(const char *str); | |||
453 | void list(void); | 453 | void list(void); |
454 | void tree(void); | 454 | void tree(void); |
455 | void top(void); | 455 | void top(void); |
456 | void netstats(void); | ||
457 | 456 | ||
458 | // usage.c | 457 | // usage.c |
459 | void usage(void); | 458 | void usage(void); |
460 | 459 | ||
461 | // join.c | 460 | // join.c |
462 | void join(pid_t pid, int argc, char **argv, int index); | 461 | void join(pid_t pid, int argc, char **argv, int index) __attribute__((noreturn)); |
463 | bool is_ready_for_join(const pid_t pid); | 462 | bool is_ready_for_join(const pid_t pid); |
464 | void check_join_permission(pid_t pid); | 463 | void check_join_permission(pid_t pid); |
465 | pid_t switch_to_child(pid_t pid); | 464 | pid_t switch_to_child(pid_t pid); |
@@ -486,7 +485,7 @@ int macro_id(const char *name); | |||
486 | 485 | ||
487 | 486 | ||
488 | // util.c | 487 | // util.c |
489 | void errLogExit(char* fmt, ...); | 488 | void errLogExit(char* fmt, ...) __attribute__((noreturn)); |
490 | void fwarning(char* fmt, ...); | 489 | void fwarning(char* fmt, ...); |
491 | void fmessage(char* fmt, ...); | 490 | void fmessage(char* fmt, ...); |
492 | void drop_privs(int nogroups); | 491 | void drop_privs(int nogroups); |
@@ -584,7 +583,7 @@ int seccomp_load(const char *fname); | |||
584 | int seccomp_filter_drop(bool native); | 583 | int seccomp_filter_drop(bool native); |
585 | int seccomp_filter_keep(bool native); | 584 | int seccomp_filter_keep(bool native); |
586 | int seccomp_filter_mdwx(bool native); | 585 | int seccomp_filter_mdwx(bool native); |
587 | void seccomp_print_filter(pid_t pid); | 586 | void seccomp_print_filter(pid_t pid) __attribute__((noreturn)); |
588 | 587 | ||
589 | // caps.c | 588 | // caps.c |
590 | void seccomp_load_file_list(void); | 589 | void seccomp_load_file_list(void); |
@@ -595,7 +594,7 @@ void caps_set(uint64_t caps); | |||
595 | void caps_check_list(const char *clist, void (*callback)(int)); | 594 | void caps_check_list(const char *clist, void (*callback)(int)); |
596 | void caps_drop_list(const char *clist); | 595 | void caps_drop_list(const char *clist); |
597 | void caps_keep_list(const char *clist); | 596 | void caps_keep_list(const char *clist); |
598 | void caps_print_filter(pid_t pid); | 597 | void caps_print_filter(pid_t pid) __attribute__((noreturn)); |
599 | void caps_drop_dac_override(void); | 598 | void caps_drop_dac_override(void); |
600 | 599 | ||
601 | // fs_trace.c | 600 | // fs_trace.c |
@@ -618,7 +617,7 @@ void read_cpu_list(const char *str); | |||
618 | void set_cpu_affinity(void); | 617 | void set_cpu_affinity(void); |
619 | void load_cpu(const char *fname); | 618 | void load_cpu(const char *fname); |
620 | void save_cpu(void); | 619 | void save_cpu(void); |
621 | void cpu_print_filter(pid_t pid); | 620 | void cpu_print_filter(pid_t pid) __attribute__((noreturn)); |
622 | 621 | ||
623 | // cgroup.c | 622 | // cgroup.c |
624 | void save_cgroup(void); | 623 | void save_cgroup(void); |
@@ -640,7 +639,7 @@ void netns(const char *nsname); | |||
640 | void netns_mounts(const char *nsname); | 639 | void netns_mounts(const char *nsname); |
641 | 640 | ||
642 | // bandwidth.c | 641 | // bandwidth.c |
643 | void bandwidth_pid(pid_t pid, const char *command, const char *dev, int down, int up); | 642 | void bandwidth_pid(pid_t pid, const char *command, const char *dev, int down, int up) __attribute__((noreturn)); |
644 | void network_set_run_file(pid_t pid); | 643 | void network_set_run_file(pid_t pid); |
645 | 644 | ||
646 | // fs_etc.c | 645 | // fs_etc.c |
@@ -650,7 +649,7 @@ void fs_private_dir_list(const char *private_dir, const char *private_run_dir, c | |||
650 | // no_sandbox.c | 649 | // no_sandbox.c |
651 | int check_namespace_virt(void); | 650 | int check_namespace_virt(void); |
652 | int check_kernel_procs(void); | 651 | int check_kernel_procs(void); |
653 | void run_no_sandbox(int argc, char **argv); | 652 | void run_no_sandbox(int argc, char **argv) __attribute__((noreturn)); |
654 | 653 | ||
655 | #define MAX_ENVS 256 // some sane maximum number of environment variables | 654 | #define MAX_ENVS 256 // some sane maximum number of environment variables |
656 | #define MAX_ENV_LEN (PATH_MAX + 32) // FOOBAR=SOME_PATH | 655 | #define MAX_ENV_LEN (PATH_MAX + 32) // FOOBAR=SOME_PATH |
@@ -681,7 +680,7 @@ void fs_private_lib(void); | |||
681 | // protocol.c | 680 | // protocol.c |
682 | void protocol_filter_save(void); | 681 | void protocol_filter_save(void); |
683 | void protocol_filter_load(const char *fname); | 682 | void protocol_filter_load(const char *fname); |
684 | void protocol_print_filter(pid_t pid); | 683 | void protocol_print_filter(pid_t pid) __attribute__((noreturn)); |
685 | 684 | ||
686 | // restrict_users.c | 685 | // restrict_users.c |
687 | void restrict_users(void); | 686 | void restrict_users(void); |
@@ -693,7 +692,7 @@ void fs_logger2int(const char *msg1, int d); | |||
693 | void fs_logger3(const char *msg1, const char *msg2, const char *msg3); | 692 | void fs_logger3(const char *msg1, const char *msg2, const char *msg3); |
694 | void fs_logger_print(void); | 693 | void fs_logger_print(void); |
695 | void fs_logger_change_owner(void); | 694 | void fs_logger_change_owner(void); |
696 | void fs_logger_print_log(pid_t pid); | 695 | void fs_logger_print_log(pid_t pid) __attribute__((noreturn)); |
697 | 696 | ||
698 | // run_symlink.c | 697 | // run_symlink.c |
699 | void run_symlink(int argc, char **argv, int run_as_is); | 698 | void run_symlink(int argc, char **argv, int run_as_is); |
@@ -719,11 +718,11 @@ void fs_mkfile(const char *name); | |||
719 | 718 | ||
720 | void fs_x11(void); | 719 | void fs_x11(void); |
721 | int x11_display(void); | 720 | int x11_display(void); |
722 | void x11_start(int argc, char **argv); | 721 | void x11_start(int argc, char **argv) __attribute__((noreturn)); |
723 | void x11_start_xpra(int argc, char **argv); | 722 | void x11_start_xpra(int argc, char **argv) __attribute__((noreturn)); |
724 | void x11_start_xephyr(int argc, char **argv); | 723 | void x11_start_xephyr(int argc, char **argv) __attribute__((noreturn)); |
725 | void x11_block(void); | 724 | void x11_block(void); |
726 | void x11_start_xvfb(int argc, char **argv); | 725 | void x11_start_xvfb(int argc, char **argv) __attribute__((noreturn)); |
727 | void x11_xorg(void); | 726 | void x11_xorg(void); |
728 | 727 | ||
729 | // ls.c | 728 | // ls.c |
@@ -733,7 +732,7 @@ enum { | |||
733 | SANDBOX_FS_PUT, | 732 | SANDBOX_FS_PUT, |
734 | SANDBOX_FS_MAX // this should always be the last entry | 733 | SANDBOX_FS_MAX // this should always be the last entry |
735 | }; | 734 | }; |
736 | void sandboxfs(int op, pid_t pid, const char *path1, const char *path2); | 735 | void sandboxfs(int op, pid_t pid, const char *path1, const char *path2) __attribute__((noreturn)); |
737 | 736 | ||
738 | // checkcfg.c | 737 | // checkcfg.c |
739 | #define DEFAULT_ARP_PROBES 2 | 738 | #define DEFAULT_ARP_PROBES 2 |
@@ -839,7 +838,7 @@ void build_appimage_cmdline(char **command_line, char **window_title, int argc, | |||
839 | // run sbox | 838 | // run sbox |
840 | int sbox_run(unsigned filter, int num, ...); | 839 | int sbox_run(unsigned filter, int num, ...); |
841 | int sbox_run_v(unsigned filter, char * const arg[]); | 840 | int sbox_run_v(unsigned filter, char * const arg[]); |
842 | void sbox_exec_v(unsigned filter, char * const arg[]); | 841 | void sbox_exec_v(unsigned filter, char * const arg[]) __attribute__((noreturn)); |
843 | 842 | ||
844 | // run_files.c | 843 | // run_files.c |
845 | void delete_run_files(pid_t pid); | 844 | void delete_run_files(pid_t pid); |
diff --git a/src/firejail/join.c b/src/firejail/join.c index 4c8555f29..f202d1a9c 100644 --- a/src/firejail/join.c +++ b/src/firejail/join.c | |||
@@ -588,7 +588,7 @@ void join(pid_t pid, int argc, char **argv, int index) { | |||
588 | 588 | ||
589 | start_application(0, NULL); | 589 | start_application(0, NULL); |
590 | 590 | ||
591 | // it will never get here!!! | 591 | __builtin_unreachable(); |
592 | } | 592 | } |
593 | EUID_USER(); | 593 | EUID_USER(); |
594 | 594 | ||
diff --git a/src/firejail/main.c b/src/firejail/main.c index 79e39b669..f37d1ca52 100644 --- a/src/firejail/main.c +++ b/src/firejail/main.c | |||
@@ -1159,8 +1159,7 @@ int main(int argc, char **argv, char **envp) { | |||
1159 | 1159 | ||
1160 | // start the program directly without sandboxing | 1160 | // start the program directly without sandboxing |
1161 | run_no_sandbox(argc, argv); | 1161 | run_no_sandbox(argc, argv); |
1162 | // it will never get here! | 1162 | __builtin_unreachable(); |
1163 | assert(0); | ||
1164 | } | 1163 | } |
1165 | } | 1164 | } |
1166 | EUID_ASSERT(); | 1165 | EUID_ASSERT(); |
diff --git a/src/firejail/protocol.c b/src/firejail/protocol.c index 6402afbc6..a1594d6b9 100644 --- a/src/firejail/protocol.c +++ b/src/firejail/protocol.c | |||
@@ -90,7 +90,7 @@ void protocol_print_filter(pid_t pid) { | |||
90 | exit(0); | 90 | exit(0); |
91 | #else | 91 | #else |
92 | fwarning("--protocol not supported on this platform\n"); | 92 | fwarning("--protocol not supported on this platform\n"); |
93 | return; | 93 | exit(1); |
94 | #endif | 94 | #endif |
95 | } | 95 | } |
96 | 96 | ||
diff --git a/src/firejail/sbox.c b/src/firejail/sbox.c index 99f11a246..57c21ce78 100644 --- a/src/firejail/sbox.c +++ b/src/firejail/sbox.c | |||
@@ -31,7 +31,7 @@ | |||
31 | #define O_PATH 010000000 | 31 | #define O_PATH 010000000 |
32 | #endif | 32 | #endif |
33 | 33 | ||
34 | static int sbox_do_exec_v(unsigned filtermask, char * const arg[]) { | 34 | static int __attribute__((noreturn)) sbox_do_exec_v(unsigned filtermask, char * const arg[]) { |
35 | // build a new, clean environment | 35 | // build a new, clean environment |
36 | int env_index = 0; | 36 | int env_index = 0; |
37 | char *new_environment[256] = { NULL }; | 37 | char *new_environment[256] = { NULL }; |
diff --git a/src/firejail/x11.c b/src/firejail/x11.c index 98ac184d9..ba54ca376 100644 --- a/src/firejail/x11.c +++ b/src/firejail/x11.c | |||
@@ -682,7 +682,7 @@ static char * get_title_arg_str() { | |||
682 | } | 682 | } |
683 | 683 | ||
684 | 684 | ||
685 | void x11_start_xpra_old(int argc, char **argv, int display, char *display_str) { | 685 | static void __attribute__((noreturn)) x11_start_xpra_old(int argc, char **argv, int display, char *display_str) { |
686 | EUID_ASSERT(); | 686 | EUID_ASSERT(); |
687 | int i; | 687 | int i; |
688 | struct stat s; | 688 | struct stat s; |
@@ -921,7 +921,7 @@ void x11_start_xpra_old(int argc, char **argv, int display, char *display_str) { | |||
921 | } | 921 | } |
922 | 922 | ||
923 | 923 | ||
924 | void x11_start_xpra_new(int argc, char **argv, char *display_str) { | 924 | static void __attribute__((noreturn)) x11_start_xpra_new(int argc, char **argv, char *display_str) { |
925 | EUID_ASSERT(); | 925 | EUID_ASSERT(); |
926 | int i; | 926 | int i; |
927 | pid_t server = 0; | 927 | pid_t server = 0; |
diff --git a/src/firemon/firemon.h b/src/firemon/firemon.h index 7a55a64fb..3fba486eb 100644 --- a/src/firemon/firemon.h +++ b/src/firemon/firemon.h | |||
@@ -46,13 +46,13 @@ void firemon_sleep(int st); | |||
46 | 46 | ||
47 | 47 | ||
48 | // procevent.c | 48 | // procevent.c |
49 | void procevent(pid_t pid); | 49 | void procevent(pid_t pid) __attribute__((noreturn)); |
50 | 50 | ||
51 | // usage.c | 51 | // usage.c |
52 | void usage(void); | 52 | void usage(void); |
53 | 53 | ||
54 | // top.c | 54 | // top.c |
55 | void top(void); | 55 | void top(void) __attribute__((noreturn)); |
56 | 56 | ||
57 | // list.c | 57 | // list.c |
58 | void list(void); | 58 | void list(void); |
@@ -82,7 +82,7 @@ void cgroup(pid_t pid, int print_procs); | |||
82 | void tree(pid_t pid); | 82 | void tree(pid_t pid); |
83 | 83 | ||
84 | // netstats.c | 84 | // netstats.c |
85 | void netstats(void); | 85 | void netstats(void) __attribute__((noreturn)); |
86 | 86 | ||
87 | // x11.c | 87 | // x11.c |
88 | void x11(pid_t pid, int print_procs); | 88 | void x11(pid_t pid, int print_procs); |
diff --git a/src/firemon/procevent.c b/src/firemon/procevent.c index 7dd08444e..45964d3a2 100644 --- a/src/firemon/procevent.c +++ b/src/firemon/procevent.c | |||
@@ -220,7 +220,7 @@ errexit: | |||
220 | } | 220 | } |
221 | 221 | ||
222 | 222 | ||
223 | static int procevent_monitor(const int sock, pid_t mypid) { | 223 | static void __attribute__((noreturn)) procevent_monitor(const int sock, pid_t mypid) { |
224 | ssize_t len; | 224 | ssize_t len; |
225 | struct nlmsghdr *nlmsghdr; | 225 | struct nlmsghdr *nlmsghdr; |
226 | 226 | ||
@@ -246,8 +246,7 @@ static int procevent_monitor(const int sock, pid_t mypid) { | |||
246 | 246 | ||
247 | int rv = select(max, &readfds, NULL, NULL, &tv); | 247 | int rv = select(max, &readfds, NULL, NULL, &tv); |
248 | if (rv == -1) { | 248 | if (rv == -1) { |
249 | fprintf(stderr, "recv: %s\n", strerror(errno)); | 249 | errExit("recv"); |
250 | return -1; | ||
251 | } | 250 | } |
252 | 251 | ||
253 | // timeout | 252 | // timeout |
@@ -259,7 +258,7 @@ static int procevent_monitor(const int sock, pid_t mypid) { | |||
259 | 258 | ||
260 | 259 | ||
261 | if ((len = recv(sock, buf, sizeof(buf), 0)) == 0) | 260 | if ((len = recv(sock, buf, sizeof(buf), 0)) == 0) |
262 | return 0; | 261 | exit(0); |
263 | if (len == -1) { | 262 | if (len == -1) { |
264 | if (errno == EINTR) | 263 | if (errno == EINTR) |
265 | continue; | 264 | continue; |
@@ -271,7 +270,7 @@ static int procevent_monitor(const int sock, pid_t mypid) { | |||
271 | } | 270 | } |
272 | else { | 271 | else { |
273 | fprintf(stderr,"Error: rx socket recv call, errno %d, %s\n", errno, strerror(errno)); | 272 | fprintf(stderr,"Error: rx socket recv call, errno %d, %s\n", errno, strerror(errno)); |
274 | return -1; | 273 | exit(1); |
275 | } | 274 | } |
276 | } | 275 | } |
277 | 276 | ||
@@ -497,7 +496,7 @@ static int procevent_monitor(const int sock, pid_t mypid) { | |||
497 | exit(0); | 496 | exit(0); |
498 | } | 497 | } |
499 | } | 498 | } |
500 | return 0; | 499 | __builtin_unreachable(); |
501 | } | 500 | } |
502 | 501 | ||
503 | void procevent(pid_t pid) { | 502 | void procevent(pid_t pid) { |
@@ -515,6 +514,4 @@ void procevent(pid_t pid) { | |||
515 | } | 514 | } |
516 | 515 | ||
517 | procevent_monitor(sock, pid); // it will never return from here | 516 | procevent_monitor(sock, pid); // it will never return from here |
518 | assert(0); | ||
519 | close(sock); // quiet static analyzers | ||
520 | } | 517 | } |
diff --git a/src/include/syscall.h b/src/include/syscall.h index 89b54170e..489da0600 100644 --- a/src/include/syscall.h +++ b/src/include/syscall.h | |||
@@ -32,7 +32,7 @@ void filter_add_blacklist_override(int fd, int syscall, int arg, void *ptrarg, b | |||
32 | // errno.c | 32 | // errno.c |
33 | void errno_print(void); | 33 | void errno_print(void); |
34 | int errno_find_name(const char *name); | 34 | int errno_find_name(const char *name); |
35 | char *errno_find_nr(int nr); | 35 | const char *errno_find_nr(int nr); |
36 | 36 | ||
37 | // syscall.c | 37 | // syscall.c |
38 | void syscall_print(void); | 38 | void syscall_print(void); |
diff --git a/src/lib/errno.c b/src/lib/errno.c index d38c197ad..881c3b27e 100644 --- a/src/lib/errno.c +++ b/src/lib/errno.c | |||
@@ -183,7 +183,7 @@ int errno_find_name(const char *name) { | |||
183 | return -1; | 183 | return -1; |
184 | } | 184 | } |
185 | 185 | ||
186 | char *errno_find_nr(int nr) { | 186 | const char *errno_find_nr(int nr) { |
187 | int i; | 187 | int i; |
188 | int elems = sizeof(errnolist) / sizeof(errnolist[0]); | 188 | int elems = sizeof(errnolist) / sizeof(errnolist[0]); |
189 | for (i = 0; i < elems; i++) { | 189 | for (i = 0; i < elems; i++) { |