cpuset: fix cppcheck missingReturn errors

.github/workflows/contrib.yml

@@ -11,9 +11,6 @@ jobs:
     runs-on: ubuntu-latest
     steps:
     - uses: actions/checkout@v5
-    - name: Compile admin/halog/halog
-      run: |
-        make admin/halog/halog
     - name: Compile dev/flags/flags
       run: |
         make dev/flags/flags

.github/workflows/quic-interop-aws-lc.yml

@@ -21,6 +21,9 @@ jobs:
     steps:
       - uses: actions/checkout@v5
 
+      - name: Update Docker to the latest
+        uses: docker/setup-docker-action@v4
+
       - name: Build Docker image
         id: push
         uses: docker/build-push-action@v6

.github/workflows/quic-interop-libressl.yml

@@ -21,6 +21,9 @@ jobs:
     steps:
       - uses: actions/checkout@v5
 
+      - name: Update Docker to the latest
+        uses: docker/setup-docker-action@v4
+
       - name: Build Docker image
         id: push
         uses: docker/build-push-action@v6

admin/cli/haproxy-dump-certs

@@ -149,7 +149,7 @@ usage() {
 	echo "Options:"
 	echo "  -S, --master-socket <path>   Use the master socket at <path> (default: ${SOCKET})"
 	echo "  -s, --socket <path>          Use the stats socket at <path>"
-	echo "  -p, --path <path>            Specifiy a base path for relative files (default: ${BASEPATH})"
+	echo "  -p, --path <path>            Specify a base path for relative files (default: ${BASEPATH})"
 	echo "  -n, --dry-run                Read certificates on the socket but don't dump them"
 	echo "  -d, --debug                  Debug mode, set -x"
 	echo "  -v, --verbose                Verbose mode"

doc/configuration.txt

@@ -5345,7 +5345,7 @@ tune.ssl.certificate-compression { auto | off }
 
   When set to "auto" it uses the default value of the TLS library.
 
-  With "off" it tries to explicitely disable the support of the feature.
+  With "off" it tries to explicitly disable the support of the feature.
   HAProxy won't try to send compressed certificates anymore nor accept
   compressed certificates.
 
@@ -7171,7 +7171,7 @@ default_backend <backend>
   used when no rule has matched. It generally is the dynamic backend which
   will catch all undetermined requests.
 
-  If a backend is disabled or unpublished, default_backend rules targetting it
+  If a backend is disabled or unpublished, default_backend rules targeting it
   will be ignored and stream processing will remain on the original proxy.
 
   Example :
@@ -21478,7 +21478,7 @@ jwt_decrypt_cert(<cert>)
   decrypted thanks to the certificate provided.
   The <cert> parameter must be a path to an already loaded certificate (that
   can be dumped via the "dump ssl cert" CLI command). The certificate must have
-  its "jwt" option explicitely set to "on" (see "jwt" crt-list option). It can
+  its "jwt" option explicitly set to "on" (see "jwt" crt-list option). It can
   be provided directly or via a variable.
   The only tokens managed yet are the ones using the Compact Serialization
   format (five dot-separated base64-url encoded strings).
@@ -31269,9 +31269,9 @@ user <username> [password|insecure-password <password>]
   slower than their glibc counterparts when calculating hashes, so you might
   want to consider this aspect too.
 
-  All passwords are considered normal arguments and are therefor subject to
+  All passwords are considered normal arguments and are therefore subject to
   regular section 2.2 Quoting and escaping. Single quoting passwords is
-  therefor recommended.
+  therefore recommended.
 
   Example:
         userlist L1

doc/management.txt

@@ -1731,7 +1731,7 @@ add backend <name> from <defproxy> [mode <mode>] [guid <guid>] [ EXPERIMENTAL ]
   Only TCP or HTTP proxies can be created. All of the settings are inherited
   from <defproxy> default proxy instance. By default, it is mandatory to
   specify the backend mode via the argument of the same name, unless <defproxy>
-  already defines it explicitely. It is also possible to use an optional GUID
+  already defines it explicitly. It is also possible to use an optional GUID
   argument if wanted.
 
   Servers can be added via the command "add server". The backend is initialized

include/haproxy/proxy-t.h

@@ -242,12 +242,12 @@ enum PR_SRV_STATE_FILE {
 /* Proxy flags */
 #define PR_FL_DISABLED           0x01  /* The proxy was disabled in the configuration (not at runtime) */
 #define PR_FL_STOPPED            0x02  /* The proxy was stopped */
-#define PR_FL_DEF_EXPLICIT_MODE  0x04  /* Proxy mode is explicitely defined - only used for defaults instance */
+#define PR_FL_DEF_EXPLICIT_MODE  0x04  /* Proxy mode is explicitly defined - only used for defaults instance */
 #define PR_FL_EXPLICIT_REF       0x08  /* The default proxy is explicitly referenced by another proxy */
 #define PR_FL_IMPLICIT_REF       0x10  /* The default proxy is implicitly referenced by another proxy */
 #define PR_FL_PAUSED             0x20  /* The proxy was paused at run time (reversible) */
 #define PR_FL_CHECKED            0x40  /* The proxy configuration was fully checked (including postparsing checks) */
-#define PR_FL_BE_UNPUBLISHED     0x80  /* The proxy cannot be targetted by content switching rules */
+#define PR_FL_BE_UNPUBLISHED     0x80  /* The proxy cannot be targeted by content switching rules */
 
 struct stream;
 

include/haproxy/ssl_sock-t.h

@@ -339,7 +339,7 @@ struct global_ssl {
 	char **passphrase_cmd;
 	int passphrase_cmd_args_cnt;
 
-	unsigned int certificate_compression:1; /* allow to explicitely disable certificate compression */
+	unsigned int certificate_compression:1; /* allow to explicitly disable certificate compression */
 };
 
 /* The order here matters for picking a default context,

src/backend.c

@@ -2067,7 +2067,7 @@ int connect_server(struct stream *s)
 			 * available.
 			 *
 			 * This check must be performed before conn_prepare()
-			 * to ensure consistency accross the whole stack, in
+			 * to ensure consistency across the whole stack, in
 			 * particular for QUIC between quic-conn and mux layer.
 			 */
 			if (IS_HTX_STRM(s) && srv->use_ssl &&
@@ -3063,7 +3063,7 @@ int be_downtime(struct proxy *px) {
 
 /* Checks if <px> backend supports the addition of servers at runtime. Either a
  * backend or a defaults proxy are supported. If proxy is incompatible, <msg>
- * will be allocated to contain a textual explaination.
+ * will be allocated to contain a textual explanation.
  */
 int be_supports_dynamic_srv(struct proxy *px, char **msg)
 {

src/cfgparse-ssl.c

@@ -496,7 +496,7 @@ static int ssl_parse_global_keylog(char **args, int section_type, struct proxy *
 }
 #endif
 
-/* Allow to explicitely disable certificate compression when set to "off" */
+/* Allow to explicitly disable certificate compression when set to "off" */
 #ifdef SSL_OP_NO_RX_CERTIFICATE_COMPRESSION
 static int ssl_parse_certificate_compression(char **args, int section_type, struct proxy *curpx,
                                              const struct proxy *defpx, const char *file, int line,

src/chunk.c

@@ -80,7 +80,7 @@ struct buffer *get_trash_chunk(void)
 }
 
 /* Similar to get_trash_chunk() but return a pre-allocated large chunk
- * instead. Becasuse large buffers are not enabled by default, this function may
+ * instead. Because large buffers are not enabled by default, this function may
  * return NULL.
  */
 struct buffer *get_large_trash_chunk(void)
@@ -127,7 +127,7 @@ struct buffer *get_larger_trash_chunk(struct buffer *chk)
 	if (!chk)
 		return get_trash_chunk();
 
-	/* No large buffers or current chunk is alread a large trash chunk */
+	/* No large buffers or current chunk is already a large trash chunk */
 	if (!large_trash_size || chk->size == large_trash_size)
 		return NULL;
 

src/cpuset.c

@@ -27,6 +27,8 @@ int ha_cpuset_set(struct hap_cpuset *set, int cpu)
 #elif defined(CPUSET_USE_ULONG)
 	set->cpuset |= (0x1 << cpu);
 	return 0;
+#else
+	return 0;
 #endif
 }
 
@@ -42,6 +44,8 @@ int ha_cpuset_clr(struct hap_cpuset *set, int cpu)
 #elif defined(CPUSET_USE_ULONG)
 	set->cpuset &= ~(0x1 << cpu);
 	return 0;
+#else
+	return 0;
 #endif
 }
 
@@ -96,6 +100,8 @@ int ha_cpuset_count(const struct hap_cpuset *set)
 
 #elif defined(CPUSET_USE_ULONG)
 	return my_popcountl(set->cpuset);
+#else
+	return 0;
 #endif
 }
 
@@ -120,6 +126,8 @@ int ha_cpuset_ffs(const struct hap_cpuset *set)
 		return 0;
 
 	return my_ffsl(set->cpuset);
+#else
+	return 0;
 #endif
 }
 
@@ -148,6 +156,8 @@ int ha_cpuset_isequal(const struct hap_cpuset *dst, const struct hap_cpuset *src
 
 #elif defined(CPUSET_USE_ULONG)
 	return dst->cpuset == src->cpuset;
+#else
+	return 0;
 #endif
 }
 
@@ -159,6 +169,8 @@ int ha_cpuset_size()
 #elif defined(CPUSET_USE_ULONG)
 	return LONGBITS;
 
+#else
+	return 0;
 #endif
 }
 

src/haproxy.c

@@ -2822,7 +2822,7 @@ void deinit(void)
 	 * they are respectively cleaned up in sink_deinit() and deinit_log_forward()
 	 */
 
-	/* If named defaults were preserved, ensure refcount is resetted. */
+	/* If named defaults were preserved, ensure refcount is reset. */
 	if (!(global.tune.options & GTUNE_PURGE_DEFAULTS))
 		defaults_px_unref_all();
 	/* All proxies are removed now, so every defaults should also be freed

src/haterm.c

@@ -47,7 +47,7 @@ const char *HTTP_HELP =
         " - /?R=<enable>      Enable sending random data if >0.\n"
         "\n"
         "Note that those arguments may be cumulated on one line separated by a set of\n"
-        "delimitors among [&?,;/] :\n"
+        "delimiters among [&?,;/] :\n"
         " -  GET /?s=20k&c=1&t=700&K=30r HTTP/1.0\n"
         " -  GET /?r=500?s=0?c=0?t=1000 HTTP/1.0\n"
         "\n";
@@ -323,7 +323,7 @@ static int hstream_htx_buf_snd(struct connection *conn, struct hstream *hs)
 	}
 
 	/* The HTX data are not fully sent if the last HTX data
-	 * were not fully transfered or if there are remaining data
+	 * were not fully transferred or if there are remaining data
 	 * to send (->to_write > 0).
 	 */
 	if (!htx_is_empty(htxbuf(&hs->res))) {
@@ -1007,7 +1007,7 @@ static int hstream_build_responses(void)
 
 	/* original haterm chunk mode responses are made of 1-byte chunks
 	 * but the haproxy muxes do not support this. At this time
-	 * these reponses are handled the same way as for common
+	 * these responses are handled the same way as for common
 	 * responses with a pre-built buffer.
 	 */
 	for (i = 0; i < sizeof(common_chunk_resp); i++)

src/haterm_init.c

@@ -106,7 +106,7 @@ static inline size_t hbuf_is_null(const struct hbuf *h)
 
 /* Simple function, to append <line> to <b> without without
  * trailing '\0' character.
- * Take into an account the '\t' and '\n' escaped sequeces.
+ * Take into an account the '\t' and '\n' escaped sequences.
  */
 static void hstream_str_buf_append(struct hbuf *h, const char *line)
 {
@@ -215,7 +215,7 @@ void haproxy_init_args(int argc, char **argv)
 		argc--; argv++;
 	}
 
-	/* Restore the argumenst */
+	/* Restore the arguments */
 	argc = sargc; argv = sargv;
 	while (argc > 0) {
 		char *opt;

src/http_fetch.c

@@ -44,7 +44,7 @@
 /* this struct is used between calls to smp_fetch_hdr() or smp_fetch_cookie() */
 static THREAD_LOCAL struct http_hdr_ctx static_http_hdr_ctx;
 /* this is used to convert raw connection buffers to htx */
-/* NOTE: For now, raw bufers cannot exceeds the standard size */
+/* NOTE: For now, raw buffers cannot exceeds the standard size */
 static THREAD_LOCAL struct buffer static_raw_htx_chunk;
 static THREAD_LOCAL char *static_raw_htx_buf;
 

src/jwe.c

@@ -326,7 +326,7 @@ static int decrypt_cek_aeskw(struct buffer *cek, struct buffer *decrypted_cek, s
  * the one found in the JWE token.
  * The tag is built out of a HMAC of some concatenated data taken from the JWE
  * token (see https://datatracker.ietf.org/doc/html/rfc7518#section-5.2). The
- * firest half of the previously decrypted cek is used as HMAC key.
+ * first half of the previously decrypted cek is used as HMAC key.
  * Returns 0 in case of success, 1 otherwise.
  */
 static int build_and_check_tag(jwe_enc enc,  struct jwt_item items[JWE_ELT_MAX],
@@ -504,7 +504,7 @@ static inline void clear_decoded_items(struct buffer *decoded_items[JWE_ELT_MAX]
 /*
  * Decrypt the contents of a JWE token thanks to the user-provided base64
  * encoded secret. This converter can only be used for tokens that have a
- * symetric algorithm (AESKW, AESGCMKW or "dir" special case).
+ * symmetric algorithm (AESKW, AESGCMKW or "dir" special case).
  * Returns the decrypted contents, or nothing if any error happened.
  */
 static int sample_conv_jwt_decrypt_secret(const struct arg *args, struct sample *smp, void *private)
@@ -761,7 +761,7 @@ static int decrypt_cek_rsa(struct buffer *cek, struct buffer *decrypted_cek,
 /*
  * Decrypt the contents of a JWE token thanks to the user-provided certificate
  * and private key. This converter can only be used for tokens that have an
- * asymetric algorithm (RSA only for now).
+ * asymmetric algorithm (RSA only for now).
  * Returns the decrypted contents, or nothing if any error happened.
  */
 static int sample_conv_jwt_decrypt_cert(const struct arg *args, struct sample *smp, void *private)
@@ -827,7 +827,7 @@ static int sample_conv_jwt_decrypt_cert(const struct arg *args, struct sample *s
 	if (chunk_printf(cert, "%.*s", (int)b_data(&cert_smp.data.u.str), b_orig(&cert_smp.data.u.str)) <= 0)
 		goto end;
 
-	/* With asymetric crypto algorithms we should always have a CEK */
+	/* With asymmetric crypto algorithms we should always have a CEK */
 	if (!items[JWE_ELT_CEK].length)
 		goto end;
 

src/proxy.c

@@ -4857,7 +4857,7 @@ static int cli_parse_add_backend(char **args, char *payload, struct appctx *appc
 		return 1;
 	}
 	if (!(defpx->flags & PR_FL_DEF_EXPLICIT_MODE) && !mode) {
-		cli_dynerr(appctx, memprintf(&msg, "Mode is required as '%s' default proxy does not explicitely defines it.\n", def_name));
+		cli_dynerr(appctx, memprintf(&msg, "Mode is required as '%s' default proxy does not explicitly defines it.\n", def_name));
 		return 1;
 	}
 	if (defpx->mode != PR_MODE_TCP && defpx->mode != PR_MODE_HTTP) {

src/stream.c

@@ -1141,12 +1141,12 @@ enum act_return process_use_service(struct act_rule *rule, struct proxy *px,
 	return ACT_RET_STOP;
 }
 
-/* Parses persist-rules attached to <fe> frontend and report the first macthing
+/* Parses persist-rules attached to <fe> frontend and report the first matching
  * entry, using <sess> session and <s> stream as sample source.
  *
  * As this function is called several times in the same stream context,
  * <persist> will act as a caching value to avoid reprocessing of a similar
- * ruleset. It must be set to a negative value for the first invokation.
+ * ruleset. It must be set to a negative value for the first invocation.
  *
  * Returns 1 if a rule matches, else 0.
  */