Simplify static analysis of fatal errors

The usual idiom for fatal error reporting in man-db is `error (FATAL,
...)` (there are a few cases using different exit codes, but they're
less common).  Unfortunately, there's no easy way to tell the compiler
that this call doesn't return, because `error (0, ...)` *does* return.
As a result, some call sites required extra work to give the compiler
this information, which can sometimes make a difference to static
analysis.

To simplify this, add a new `fatal` helper function which always exits
`FATAL` (i.e. 2) and never returns.  This is declared with `_Noreturn`
so that the compiler can straightforwardly know what's going on.

* bootstrap.conf (gnulib_modules): Add verror.
(XGETTEXT_OPTIONS): Add --flag=fatal:2:c-format.
* lib/fatal.c, lib/fatal.h: New files.
* lib/Makefile.am (libman_la_SOURCES): Add fatal.c and fatal.h.
* src/tests/Makefile.am (AM_CPPFLAGS): Add -I$(top_srcdir)/lib.
(get_mtime_LDADD): Add $(top_builddir)/lib/libman.la.

* lib/pathsearch.c (pathsearch, directory_on_path): Use fatal.
* lib/sandbox.c (can_load_seccomp, make_seccomp_filter, _sandbox_load):
Likewise.
* lib/security.c (gripe_set_euid): Likewise.
* lib/xregcomp.c (xregcomp): Likewise.
* libdb/db_lookup.c (gripe_corrupt_data, dblookup_pattern): Likewise.
* libdb/db_ver.c (dbver_wr): Likewise.
* src/accessdb.c (main): Likewise.
* src/catman.c (parse_for_sec): Likewise.
* src/check_mandirs.c (chown_if_possible): Likewise.
* src/man-recode.c (recode): Likewise.
* src/man.c (open_cat_stream, format_display, gripe_converting_name):
Likewise.
* src/manconv.c (add_output): Likewise.
* src/manp.c (add_dir_to_path_list): Likewise.
* src/tests/get-mtime.c (main): Likewise.
* src/whatis.c (do_apropos): Likewise.
* src/zsoelim.l (<so>\"?[^ \t\n\"]+\"?): Likewise.

* libdb/db_lookup.c (gripe_corrupt_data, gripe_replace_key): Declare as
_Noreturn.

* src/accessdb.c (main): Remove now-unnecessary assertion.
* src/man.c (gripe_converting_name): Remove now-unnecessary abort.

1 files changed, 6 insertions, 7 deletions

diff --git a/lib/sandbox.c b/lib/sandbox.c
index 798e6d77..bfda5e30 100644
--- a/lib/sandbox.c
+++ b/lib/sandbox.c
@@ -64,13 +64,13 @@
 #endif /* HAVE_LIBSECCOMP */
 
 #include "attribute.h"
-#include "error.h"
 #include "xalloc.h"
 #include "xstrndup.h"
 
 #include "manconfig.h"
 
 #include "debug.h"
+#include "fatal.h"
 #include "sandbox.h"
 
 struct man_sandbox {
@@ -194,7 +194,7 @@ static bool can_load_seccomp (void)
 		if (nr == __NR_SCMP_ERROR) \
 			break; \
 		if (seccomp_rule_add (ctx, SCMP_ACT_ALLOW, nr, 0) < 0) \
-			error (FATAL, errno, "can't add seccomp rule"); \
+			fatal (errno, "can't add seccomp rule"); \
 	} while (0)
 
 #define SC_ALLOW_PERMISSIVE(name) \
@@ -209,7 +209,7 @@ static bool can_load_seccomp (void)
 		if (nr == __NR_SCMP_ERROR) \
 			break; \
 		if (seccomp_rule_add (ctx, SCMP_ACT_ALLOW, nr, 1, cmp1) < 0) \
-			error (FATAL, errno, "can't add seccomp rule"); \
+			fatal (errno, "can't add seccomp rule"); \
 	} while (0)
 
 #define SC_ALLOW_ARG_2(name, cmp1, cmp2) \
@@ -219,7 +219,7 @@ static bool can_load_seccomp (void)
 			break; \
 		if (seccomp_rule_add (ctx, SCMP_ACT_ALLOW, nr, \
 				      2, cmp1, cmp2) < 0) \
-			error (FATAL, errno, "can't add seccomp rule"); \
+			fatal (errno, "can't add seccomp rule"); \
 	} while (0)
 
 /* Create a seccomp filter.
@@ -247,7 +247,7 @@ static scmp_filter_ctx make_seccomp_filter (int permissive)
 	debug ("initialising seccomp filter (permissive: %d)\n", permissive);
 	ctx = seccomp_init (SCMP_ACT_ERRNO (ENOSYS));
 	if (!ctx)
-		error (FATAL, errno, "can't initialise seccomp filter");
+		fatal (errno, "can't initialise seccomp filter");
 
 	/* Allow sibling architectures for x86, since people sometimes mix
 	 * and match architectures there for performance reasons.
@@ -621,8 +621,7 @@ static void _sandbox_load (man_sandbox *sandbox, int permissive) {
 				/* Don't try this again. */
 				seccomp_filter_unavailable = 1;
 			} else
-				error (FATAL, errno,
-				       "can't load seccomp filter");
+				fatal (errno, "can't load seccomp filter");
 		}
 	}
 }