One of these was creating a single 262144 byte stack frame. We now have
a way to check and limit the allocation size of a VLA. The `Cmp_Data`
ones were also fairly large. Now, no allocation is larger than 2KiB
(though rtp.c allocates close to that much).
Currently: 1) libsodium and 2) nacl.
Note that the "nacl" variant is actually libsodium. We just want to make
sure the static analysers see the `VANILLA_NACL` code paths.
Also added a valgrind build to run it on every pull request. I've had to
disable a few tests because valgrind makes those run infinitely slowly,
consistently timing them out.
This aligns the autotools build with the cmake build, which doesn't have
a config.h file. It also removes the ambiguity of config.h and
other/bootstrap_daemon/src/config.h.
Also added and used the new crypto_malloc and crypto_free.
The latter also zeroes out the memory safely. The former only exists for
symmetry (static analysis can detect asymmetric usages).
The file_saving_test.c was not included in the cmake list
and thus was ignored by travis and "make check". I found this
out while introducing ck_assert_msg into the integration test.
Furthermore, removed some variable width integers from encryptsave_test.c,
and the SRunner utilization. Implemmented ck_assert_msg, reorganized some
loops, and removed some longs in file_transfer_test.c.
Tests are not actually ran on appveyor for now, since they all fault for
some reason. For now, we just build them. Also, some tests are disabled
on msvc entirely, because they don't even compile. We'll need to look
into those, later. They are disabled using `MSVC_DONT_BUILD`.
Also added a `tox_options_copy` function for cloning an options object.
This can be useful when creating several Tox instances with slightly
varying options.
Previously, all log messages generated by tox_new (which is quite a lot)
were dropped, because client code had no chance to register a logging
callback, yet. This change allows setting the log callback from the
beginning and removes the ability to unset it.
Since the log callback is forever special, since it can't be stateless,
we don't necessarily need to treat it uniformly (with `event`).
- All global variables should be static unless they have an explicit
extern declaration in a header file.
- `to_compare` was not used in encryptsave and toxav tests.
- `break` in switch cases is not required directly after `return`,
`goto`, or a noreturn function like `abort`.
- Any non-externally-visible declarations should be `static`.
- Casting away the `const` qualifier from pointers-to-const is
dangerous. All but one instance of this are now correct. The one
instance where we can't keep `const` is one where toxav code actually
writes to a chunk of memory marked as `const`. This code also assumes
4 byte alignment of data packets. I don't know whether that is a valid
assumption, but it's likely unportable, and *not* obviously correct.
- Replaced empty parameter lists with `(void)` to avoid passing
parameters to it. Empty parameter lists are old style declarations for
unknown number and type of arguments.
- Commented out (as `#if DHT_HARDENING` block) the hardening code that
was never executed.
- Minor style fix: don't use `default` in enum-switches unless the number
of enumerators in the default case is very large. In this case, it was
2, so we want to list them both explicitly to be warned about missing
one if we add one in the future.
- Removed the only two function declarations from nTox.h and put them
into nTox.c. They are not used outside and nTox is not a library.
Messenger is slightly twisty when it comes to sending connection status
callbacks It will very likely need at the very least a partial refactor to
clean it up a bit. Toxcore shouldn't need void *userdata as deep as is
currently does.
(amend 1) Because of the nature of toxcore connection callbacks, I decided to
change this commit from statelessness for connections changes to statelessness
for friend requests. It's simpler this was and doesn't include doing anything
foolish in the time between commits.
group fixup because grayhatter doesn't want to do it
"arguably correct" is not how you write security sensitive code
Clear a compiler warning about types within a function.
Upon my own decision, the two tox_encryped_new convenience functions were removed due to basically needing two different sets of error codes.
At iphydf's suggestion the corresponding tox_get_encrypted_savedata convenience functions were removed as well.
Also, all data now has the magic number prepended. This is incompatible
for all but the save/load functions, but I think nothing besides the one
experimental qTox branch used any of those, which is why I feel confident
about the change.
