Simplify static analysis of fatal errors

The usual idiom for fatal error reporting in man-db is `error (FATAL,
...)` (there are a few cases using different exit codes, but they're
less common).  Unfortunately, there's no easy way to tell the compiler
that this call doesn't return, because `error (0, ...)` *does* return.
As a result, some call sites required extra work to give the compiler
this information, which can sometimes make a difference to static
analysis.

To simplify this, add a new `fatal` helper function which always exits
`FATAL` (i.e. 2) and never returns.  This is declared with `_Noreturn`
so that the compiler can straightforwardly know what's going on.

* bootstrap.conf (gnulib_modules): Add verror.
(XGETTEXT_OPTIONS): Add --flag=fatal:2:c-format.
* lib/fatal.c, lib/fatal.h: New files.
* lib/Makefile.am (libman_la_SOURCES): Add fatal.c and fatal.h.
* src/tests/Makefile.am (AM_CPPFLAGS): Add -I$(top_srcdir)/lib.
(get_mtime_LDADD): Add $(top_builddir)/lib/libman.la.

* lib/pathsearch.c (pathsearch, directory_on_path): Use fatal.
* lib/sandbox.c (can_load_seccomp, make_seccomp_filter, _sandbox_load):
Likewise.
* lib/security.c (gripe_set_euid): Likewise.
* lib/xregcomp.c (xregcomp): Likewise.
* libdb/db_lookup.c (gripe_corrupt_data, dblookup_pattern): Likewise.
* libdb/db_ver.c (dbver_wr): Likewise.
* src/accessdb.c (main): Likewise.
* src/catman.c (parse_for_sec): Likewise.
* src/check_mandirs.c (chown_if_possible): Likewise.
* src/man-recode.c (recode): Likewise.
* src/man.c (open_cat_stream, format_display, gripe_converting_name):
Likewise.
* src/manconv.c (add_output): Likewise.
* src/manp.c (add_dir_to_path_list): Likewise.
* src/tests/get-mtime.c (main): Likewise.
* src/whatis.c (do_apropos): Likewise.
* src/zsoelim.l (<so>\"?[^ \t\n\"]+\"?): Likewise.

* libdb/db_lookup.c (gripe_corrupt_data, gripe_replace_key): Declare as
_Noreturn.

* src/accessdb.c (main): Remove now-unnecessary assertion.
* src/man.c (gripe_converting_name): Remove now-unnecessary abort.

2 files changed, 7 insertions, 6 deletions

diff --git a/libdb/db_lookup.c b/libdb/db_lookup.c
index 64b8a499..db062597 100644
--- a/libdb/db_lookup.c
+++ b/libdb/db_lookup.c
@@ -50,6 +50,7 @@
 #include "manconfig.h"
 
 #include "debug.h"
+#include "fatal.h"
 #include "glcontainers.h"
 #include "wordfnmatch.h"
 #include "xregcomp.h"
@@ -81,13 +82,13 @@ void gripe_lock (const char *filename)
 #endif /* NDBM || BTREE */
 
 /* issue fatal message, then exit */
-void gripe_corrupt_data (MYDBM_FILE dbf)
+_Noreturn void gripe_corrupt_data (MYDBM_FILE dbf)
 {
-	error (FATAL, 0, _("index cache %s corrupt"), dbf->name);
+	fatal (0, _("index cache %s corrupt"), dbf->name);
 }
 
 /* deal with situation where we cannot replace a key */
-void gripe_replace_key (MYDBM_FILE dbf, const char *data)
+_Noreturn void gripe_replace_key (MYDBM_FILE dbf, const char *data)
 {
 	error (0, 0, _("cannot replace key %s"), data);
 	gripe_corrupt_data (dbf);
@@ -446,7 +447,7 @@ gl_list_t dblookup_pattern (MYDBM_FILE dbf, const char *pattern,
 		if (!MYDBM_DPTR (cont))
 		{
 			debug ("key was %s\n", MYDBM_DPTR (key));
-			error (FATAL, 0,
+			fatal (0,
 			       _("Database %s corrupted; rebuild with "
 				 "mandb --create"),
 			       dbf->name);
diff --git a/libdb/db_ver.c b/libdb/db_ver.c
index 1472e663..fac9c5ae 100644
--- a/libdb/db_ver.c
+++ b/libdb/db_ver.c
@@ -31,12 +31,12 @@
 #include "gettext.h"
 #define _(String) gettext (String)
 
-#include "error.h"
 #include "xalloc.h"
 
 #include "manconfig.h"
 
 #include "debug.h"
+#include "fatal.h"
 
 #include "mydbm.h"
 
@@ -78,7 +78,7 @@ void dbver_wr (MYDBM_FILE dbfile)
 	MYDBM_SET (content, xstrdup (VER_ID));
 
 	if (MYDBM_INSERT (dbfile, key, content) != 0)
-		error (FATAL, 0,
+		fatal (0,
 		       _("fatal: unable to insert version identifier into %s"),
 		       dbfile->name);