diff --git a/configure.ac b/configure.ac index 97e3da19..b9858cbd 100644 --- a/configure.ac +++ b/configure.ac @@ -144,6 +144,17 @@ else libzmq_pedantic="yes" fi +AC_ARG_WITH([militant], + [AS_HELP_STRING([--with-militant], + [Enable militant API assertions])], + [zmq_militant="yes"], + []) + +if test "x$zmq_militant" = "xyes"; then + AC_DEFINE(ZMQ_ACT_MILITANT, 1, [Enable militant API assertions]) +fi + + # By default compiling with -Werror except OSX. libzmq_werror="yes" diff --git a/src/options.cpp b/src/options.cpp index e569710b..c69c0fed 100644 --- a/src/options.cpp +++ b/src/options.cpp @@ -65,6 +65,7 @@ int zmq::options_t::setsockopt (int option_, const void *optval_, { bool is_int = (optvallen_ == sizeof (int)); int value = is_int? *((int *) optval_): 0; + bool malformed = true; // Did caller pass a bad option value? switch (option_) { case ZMQ_SNDHWM: @@ -440,10 +441,21 @@ int zmq::options_t::setsockopt (int option_, const void *optval_, } break; - default: + // There are valid scenarios for probing with unknown socket option + // values, e.g. to check if security is enabled or not. This will not + // provoke a militant assert. However, passing bad values to a valid + // socket option will, if ZMQ_ACT_MILITANT is defined. + malformed = false; break; } +#if defined (ZMQ_ACT_MILITANT) + // There is no valid use case for passing an error back to the application + // when it sent malformed arguments to a socket option. Use ./configure + // --with-militant to enable this checking. + if (malformed) + zmq_assert (false); +#endif errno = EINVAL; return -1; } @@ -517,6 +529,7 @@ int zmq::options_t::getsockopt (int option_, void *optval_, size_t *optvallen_) return 0; } break; + case ZMQ_TYPE: if (is_int) { *value = type; @@ -757,9 +770,7 @@ int zmq::options_t::getsockopt (int option_, void *optval_, size_t *optvallen_) return 0; } break; - - - } + } errno = EINVAL; return -1; }