Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: teleproxy/teleproxy
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: main
Choose a base ref
...
head repository: teleproxy/teleproxy
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: fix/cppcheck-exhaustive
Choose a head ref
Checking mergeability… Don’t worry, you can still create the pull request.
  • 9 commits
  • 19 files changed
  • 1 contributor

Commits on May 20, 2026

  1. lint: run cppcheck at exhaustive check level 

    Catches nullPointerOutOfMemory and CTU null-pointer paths that
the default "normal" level misses (the class of finding upstream
contributors have been filing one PR at a time).

Drops the now-irrelevant normalCheckLevelMaxBranches suppression.
    @rkline0x
    rkline0x committed May 20, 2026
    Configuration menu
    Copy the full SHA
    c0561d5 View commit details
    Browse the repository at this point in the history

  2. ci: install cppcheck 2.20.0 from source, not apt 2.13 

    Ubuntu noble ships cppcheck 2.13, which predates the
nullPointerOutOfMemory and ctunullpointer* checks. Build a pinned
2.20.0 from upstream so --check-level=exhaustive in make lint
actually reports the OOM / cross-TU null paths.

Cache by version key so subsequent runs reuse the build.
    @rkline0x
    rkline0x committed May 20, 2026
    Configuration menu
    Copy the full SHA
    46f23f4 View commit details
    Browse the repository at this point in the history

  3. common: check malloc result in startup parsing and TL helpers 

    server-functions.c: assert(longopts) after the malloc, matching the
existing assert(shortopts) two lines up (parse-options is startup-only,
crashing hard is the established pattern).

tl-parse.c: tl_query_header_clone returns NULL on OOM (no callers
currently, but the contract was already pointer-returning).
tls_init_raw_msg returns -1 when the raw_message allocation fails
instead of dereferencing NULL through rwm_init. This also clears the
ctunullpointer findings in net-msg.c that flowed from this site.

cppcheck --check-level=exhaustive: 74 -> 68 findings.
    @rkline0x
    rkline0x committed May 20, 2026
    Configuration menu
    Copy the full SHA
    abaa042 View commit details
    Browse the repository at this point in the history

  4. engine: check allocator results in startup and RPC dispatch 

    engine.c: assert(E) immediately after the calloc in default_main —
every subsequent line of engine_startup dereferences E, and prior
to this any allocation failure would surface as a NULL deref deep
in the init path.

engine-rpc.c:
- register_custom_op_cb / tl_query_result_fun_set: assert(O) and
  assert(tl_query_result_functions) — these run during pre-init,
  established hard-fail convention.
- tl_default_act_dup: returns NULL on alloc failure (function
  pointer used during request dispatch, callers must handle).

cppcheck --check-level=exhaustive: 68 -> 54 findings (assert(E)
collapses the cross-TU chain through engine_startup).
    @rkline0x
    rkline0x committed May 20, 2026
    Configuration menu
    Copy the full SHA
    f5b2a58 View commit details
    Browse the repository at this point in the history

  5. jobs: check allocator results in queue init and message dispatch 

    create_job_class_sub / job_message_queue_init: assert on the calloc
results — both run during engine init / job-class registration.

job_message_send / job_message_send_fake: assert(M) immediately after
the malloc. These are void hot-path dispatch functions with no error
return; an OOM here was previously a NULL deref two lines later.

job_message_payload_alloc (jobs.h): returns NULL on failure — the
function is currently uncalled, but the pointer-returning contract
is the right shape if it ever gets wired up.

notify_job_subscriber alloc: assert(S) at the subscription site.

cppcheck --check-level=exhaustive: 54 -> 28 findings (the jobs paths
fed many cross-TU chains).
    @rkline0x
    rkline0x committed May 20, 2026
    Configuration menu
    Copy the full SHA
    c0a855f View commit details
    Browse the repository at this point in the history

  6. net: check allocator results on raw_message and event paths 

    Every void function in the network layer that mallocs a raw_message
or event struct and immediately dereferences it now asserts on the
result, matching the existing assert convention in net-msg.c
(alloc_msg_part) and the asserts already in tcp_rpc_conn_send_init.

Sites covered:
- net-msg.c alloc_msg_part inline (root of many CTU chains)
- net-rpc-targets.c rpc_target_alloc calloc
- net-tcp-direct-dc.c relay raw_message malloc
- net-tcp-rpc-common.c: send_init, send_im, send (three sites)
- net-tcp-rpc-ext-server.c: tcp_proxy_pass, add_client_random
- net-thread.c notification_event_insert_conn

cppcheck --check-level=exhaustive: 28 -> 11 findings.
    @rkline0x
    rkline0x committed May 20, 2026
    Configuration menu
    Copy the full SHA
    55f7336 View commit details
    Browse the repository at this point in the history

  7. vv-tree: check allocator results in tree_alloc and free_tree_ptr 

    tree_alloc_ is included from this template for every tree
instantiation in the codebase — a single assert(T) after the
zmalloc0/calloc covers them all, and matches the assert(R) the
callers (tree_clone_) already perform on the returned pointer.

free_tree_ptr_: assert(F) on the free_later wrapper malloc, same
pattern as the rest of the cleanup.
    @rkline0x
    rkline0x committed May 20, 2026
    Configuration menu
    Copy the full SHA
    85321c4 View commit details
    Browse the repository at this point in the history

  8. clean up remaining unchecked allocators in raw_message paths 

    These were the final cross-TU chains feeding the ctunullpointer
findings in net-msg.c via rwm_init / rwm_clone / rwm_move / rwm_create:

- tl-parse.c: __tl_raw_msg_fetch_mark, tlf_init_raw_message,
  tls_init_tcp_raw_msg, tls_init_tcp_raw_msg_unaligned,
  tls_init_raw_msg_nosend
- engine-rpc.c: process_act_atom_subjob result wrap (line 388)
- net-connections.c: net_server_socket_reader read buffer alloc
- net-http-server.c: write_http_error
- net-tcp-rpc-ext-server.c: TLS handshake split-send (m1/m2)

cppcheck --check-level=exhaustive: down to zero non-uninitvar findings.
    @rkline0x
    rkline0x committed May 20, 2026
    Configuration menu
    Copy the full SHA
    6be4d04 View commit details
    Browse the repository at this point in the history

  9. mtproto-proxy-http: alloc checks + split response_buffer init 

    process_http_query OPTIONS path and hts_stats_execute were the last
unchecked calloc sites feeding raw_message paths (CTU chains into
net-msg.c). assert / return -1 to match the surrounding patterns.

http_send_message: split the
  tl_store_raw_data(buf, snprintf(buf, ..., ...))
call into two statements so it's clear the buffer is initialized
before being read. cppcheck flagged it as uninitvar because of the
unspecified argument-evaluation order; in practice the function
call happens after all args are evaluated, but the rewrite is
easier to read regardless.

cppcheck --check-level=exhaustive: 0 findings.
    @rkline0x
    rkline0x committed May 20, 2026
    Configuration menu
    Copy the full SHA
    128616d View commit details
    Browse the repository at this point in the history
Loading