From ce1b254834788eca7546b8f720cdabdeb0f6fe8f Mon Sep 17 00:00:00 2001 From: Reiner Herrmann Date: Sat, 8 Aug 2020 14:26:57 +0200 Subject: annotate some functions as non-returning (#3574) --- src/firejail/arp.c | 4 +--- src/firejail/firejail.h | 35 +++++++++++++++++------------------ src/firejail/join.c | 2 +- src/firejail/main.c | 3 +-- src/firejail/protocol.c | 2 +- src/firejail/sbox.c | 2 +- src/firejail/x11.c | 4 ++-- src/firemon/firemon.h | 6 +++--- src/firemon/procevent.c | 13 +++++-------- src/include/syscall.h | 2 +- src/lib/errno.c | 2 +- 11 files changed, 34 insertions(+), 41 deletions(-) (limited to 'src') diff --git a/src/firejail/arp.c b/src/firejail/arp.c index 3714af9a3..f88d0a1dd 100644 --- a/src/firejail/arp.c +++ b/src/firejail/arp.c @@ -239,9 +239,7 @@ int arp_check(const char *dev, uint32_t destaddr) { } } - // it will never get here! - close(sock); - return -1; + __builtin_unreachable(); } // assign a random IP address and check it diff --git a/src/firejail/firejail.h b/src/firejail/firejail.h index 54a1023ab..9c5a050b4 100644 --- a/src/firejail/firejail.h +++ b/src/firejail/firejail.h @@ -371,14 +371,14 @@ char *guess_shell(void); // sandbox.c int sandbox(void* sandbox_arg); -void start_application(int no_sandbox, FILE *fp); +void start_application(int no_sandbox, FILE *fp) __attribute__((noreturn)); void set_apparmor(void); // network_main.c void net_configure_sandbox_ip(Bridge *br); void net_configure_veth_pair(Bridge *br, const char *ifname, pid_t child); void net_check_cfg(void); -void net_dns_print(pid_t pid); +void net_dns_print(pid_t pid) __attribute__((noreturn)); void network_main(pid_t child); void net_print(pid_t pid); @@ -453,13 +453,12 @@ void profile_add_ignore(const char *str); void list(void); void tree(void); void top(void); -void netstats(void); // usage.c void usage(void); // join.c -void join(pid_t pid, int argc, char **argv, int index); +void join(pid_t pid, int argc, char **argv, int index) __attribute__((noreturn)); bool is_ready_for_join(const pid_t pid); void check_join_permission(pid_t pid); pid_t switch_to_child(pid_t pid); @@ -486,7 +485,7 @@ int macro_id(const char *name); // util.c -void errLogExit(char* fmt, ...); +void errLogExit(char* fmt, ...) __attribute__((noreturn)); void fwarning(char* fmt, ...); void fmessage(char* fmt, ...); void drop_privs(int nogroups); @@ -584,7 +583,7 @@ int seccomp_load(const char *fname); int seccomp_filter_drop(bool native); int seccomp_filter_keep(bool native); int seccomp_filter_mdwx(bool native); -void seccomp_print_filter(pid_t pid); +void seccomp_print_filter(pid_t pid) __attribute__((noreturn)); // caps.c void seccomp_load_file_list(void); @@ -595,7 +594,7 @@ void caps_set(uint64_t caps); void caps_check_list(const char *clist, void (*callback)(int)); void caps_drop_list(const char *clist); void caps_keep_list(const char *clist); -void caps_print_filter(pid_t pid); +void caps_print_filter(pid_t pid) __attribute__((noreturn)); void caps_drop_dac_override(void); // fs_trace.c @@ -618,7 +617,7 @@ void read_cpu_list(const char *str); void set_cpu_affinity(void); void load_cpu(const char *fname); void save_cpu(void); -void cpu_print_filter(pid_t pid); +void cpu_print_filter(pid_t pid) __attribute__((noreturn)); // cgroup.c void save_cgroup(void); @@ -640,7 +639,7 @@ void netns(const char *nsname); void netns_mounts(const char *nsname); // bandwidth.c -void bandwidth_pid(pid_t pid, const char *command, const char *dev, int down, int up); +void bandwidth_pid(pid_t pid, const char *command, const char *dev, int down, int up) __attribute__((noreturn)); void network_set_run_file(pid_t pid); // fs_etc.c @@ -650,7 +649,7 @@ void fs_private_dir_list(const char *private_dir, const char *private_run_dir, c // no_sandbox.c int check_namespace_virt(void); int check_kernel_procs(void); -void run_no_sandbox(int argc, char **argv); +void run_no_sandbox(int argc, char **argv) __attribute__((noreturn)); #define MAX_ENVS 256 // some sane maximum number of environment variables #define MAX_ENV_LEN (PATH_MAX + 32) // FOOBAR=SOME_PATH @@ -681,7 +680,7 @@ void fs_private_lib(void); // protocol.c void protocol_filter_save(void); void protocol_filter_load(const char *fname); -void protocol_print_filter(pid_t pid); +void protocol_print_filter(pid_t pid) __attribute__((noreturn)); // restrict_users.c void restrict_users(void); @@ -693,7 +692,7 @@ void fs_logger2int(const char *msg1, int d); void fs_logger3(const char *msg1, const char *msg2, const char *msg3); void fs_logger_print(void); void fs_logger_change_owner(void); -void fs_logger_print_log(pid_t pid); +void fs_logger_print_log(pid_t pid) __attribute__((noreturn)); // run_symlink.c void run_symlink(int argc, char **argv, int run_as_is); @@ -719,11 +718,11 @@ void fs_mkfile(const char *name); void fs_x11(void); int x11_display(void); -void x11_start(int argc, char **argv); -void x11_start_xpra(int argc, char **argv); -void x11_start_xephyr(int argc, char **argv); +void x11_start(int argc, char **argv) __attribute__((noreturn)); +void x11_start_xpra(int argc, char **argv) __attribute__((noreturn)); +void x11_start_xephyr(int argc, char **argv) __attribute__((noreturn)); void x11_block(void); -void x11_start_xvfb(int argc, char **argv); +void x11_start_xvfb(int argc, char **argv) __attribute__((noreturn)); void x11_xorg(void); // ls.c @@ -733,7 +732,7 @@ enum { SANDBOX_FS_PUT, SANDBOX_FS_MAX // this should always be the last entry }; -void sandboxfs(int op, pid_t pid, const char *path1, const char *path2); +void sandboxfs(int op, pid_t pid, const char *path1, const char *path2) __attribute__((noreturn)); // checkcfg.c #define DEFAULT_ARP_PROBES 2 @@ -839,7 +838,7 @@ void build_appimage_cmdline(char **command_line, char **window_title, int argc, // run sbox int sbox_run(unsigned filter, int num, ...); int sbox_run_v(unsigned filter, char * const arg[]); -void sbox_exec_v(unsigned filter, char * const arg[]); +void sbox_exec_v(unsigned filter, char * const arg[]) __attribute__((noreturn)); // run_files.c void delete_run_files(pid_t pid); diff --git a/src/firejail/join.c b/src/firejail/join.c index 4c8555f29..f202d1a9c 100644 --- a/src/firejail/join.c +++ b/src/firejail/join.c @@ -588,7 +588,7 @@ void join(pid_t pid, int argc, char **argv, int index) { start_application(0, NULL); - // it will never get here!!! + __builtin_unreachable(); } EUID_USER(); diff --git a/src/firejail/main.c b/src/firejail/main.c index 79e39b669..f37d1ca52 100644 --- a/src/firejail/main.c +++ b/src/firejail/main.c @@ -1159,8 +1159,7 @@ int main(int argc, char **argv, char **envp) { // start the program directly without sandboxing run_no_sandbox(argc, argv); - // it will never get here! - assert(0); + __builtin_unreachable(); } } EUID_ASSERT(); diff --git a/src/firejail/protocol.c b/src/firejail/protocol.c index 6402afbc6..a1594d6b9 100644 --- a/src/firejail/protocol.c +++ b/src/firejail/protocol.c @@ -90,7 +90,7 @@ void protocol_print_filter(pid_t pid) { exit(0); #else fwarning("--protocol not supported on this platform\n"); - return; + exit(1); #endif } diff --git a/src/firejail/sbox.c b/src/firejail/sbox.c index 99f11a246..57c21ce78 100644 --- a/src/firejail/sbox.c +++ b/src/firejail/sbox.c @@ -31,7 +31,7 @@ #define O_PATH 010000000 #endif -static int sbox_do_exec_v(unsigned filtermask, char * const arg[]) { +static int __attribute__((noreturn)) sbox_do_exec_v(unsigned filtermask, char * const arg[]) { // build a new, clean environment int env_index = 0; char *new_environment[256] = { NULL }; diff --git a/src/firejail/x11.c b/src/firejail/x11.c index 98ac184d9..ba54ca376 100644 --- a/src/firejail/x11.c +++ b/src/firejail/x11.c @@ -682,7 +682,7 @@ static char * get_title_arg_str() { } -void x11_start_xpra_old(int argc, char **argv, int display, char *display_str) { +static void __attribute__((noreturn)) x11_start_xpra_old(int argc, char **argv, int display, char *display_str) { EUID_ASSERT(); int i; struct stat s; @@ -921,7 +921,7 @@ void x11_start_xpra_old(int argc, char **argv, int display, char *display_str) { } -void x11_start_xpra_new(int argc, char **argv, char *display_str) { +static void __attribute__((noreturn)) x11_start_xpra_new(int argc, char **argv, char *display_str) { EUID_ASSERT(); int i; pid_t server = 0; diff --git a/src/firemon/firemon.h b/src/firemon/firemon.h index 7a55a64fb..3fba486eb 100644 --- a/src/firemon/firemon.h +++ b/src/firemon/firemon.h @@ -46,13 +46,13 @@ void firemon_sleep(int st); // procevent.c -void procevent(pid_t pid); +void procevent(pid_t pid) __attribute__((noreturn)); // usage.c void usage(void); // top.c -void top(void); +void top(void) __attribute__((noreturn)); // list.c void list(void); @@ -82,7 +82,7 @@ void cgroup(pid_t pid, int print_procs); void tree(pid_t pid); // netstats.c -void netstats(void); +void netstats(void) __attribute__((noreturn)); // x11.c void x11(pid_t pid, int print_procs); diff --git a/src/firemon/procevent.c b/src/firemon/procevent.c index 7dd08444e..45964d3a2 100644 --- a/src/firemon/procevent.c +++ b/src/firemon/procevent.c @@ -220,7 +220,7 @@ errexit: } -static int procevent_monitor(const int sock, pid_t mypid) { +static void __attribute__((noreturn)) procevent_monitor(const int sock, pid_t mypid) { ssize_t len; struct nlmsghdr *nlmsghdr; @@ -246,8 +246,7 @@ static int procevent_monitor(const int sock, pid_t mypid) { int rv = select(max, &readfds, NULL, NULL, &tv); if (rv == -1) { - fprintf(stderr, "recv: %s\n", strerror(errno)); - return -1; + errExit("recv"); } // timeout @@ -259,7 +258,7 @@ static int procevent_monitor(const int sock, pid_t mypid) { if ((len = recv(sock, buf, sizeof(buf), 0)) == 0) - return 0; + exit(0); if (len == -1) { if (errno == EINTR) continue; @@ -271,7 +270,7 @@ static int procevent_monitor(const int sock, pid_t mypid) { } else { fprintf(stderr,"Error: rx socket recv call, errno %d, %s\n", errno, strerror(errno)); - return -1; + exit(1); } } @@ -497,7 +496,7 @@ static int procevent_monitor(const int sock, pid_t mypid) { exit(0); } } - return 0; + __builtin_unreachable(); } void procevent(pid_t pid) { @@ -515,6 +514,4 @@ void procevent(pid_t pid) { } procevent_monitor(sock, pid); // it will never return from here - assert(0); - close(sock); // quiet static analyzers } diff --git a/src/include/syscall.h b/src/include/syscall.h index 89b54170e..489da0600 100644 --- a/src/include/syscall.h +++ b/src/include/syscall.h @@ -32,7 +32,7 @@ void filter_add_blacklist_override(int fd, int syscall, int arg, void *ptrarg, b // errno.c void errno_print(void); int errno_find_name(const char *name); -char *errno_find_nr(int nr); +const char *errno_find_nr(int nr); // syscall.c void syscall_print(void); diff --git a/src/lib/errno.c b/src/lib/errno.c index d38c197ad..881c3b27e 100644 --- a/src/lib/errno.c +++ b/src/lib/errno.c @@ -183,7 +183,7 @@ int errno_find_name(const char *name) { return -1; } -char *errno_find_nr(int nr) { +const char *errno_find_nr(int nr) { int i; int elems = sizeof(errnolist) / sizeof(errnolist[0]); for (i = 0; i < elems; i++) { -- cgit v1.2.3-70-g09d2