commit 267a07d3cbbe0db73521dded430cb7023c440447
author Nigel Tao <nigeltao@golang.org> Wed Mar 04 22:30:03 2020 +1100
committer Nigel Tao <nigeltao@golang.org> Wed Mar 04 22:30:03 2020 +1100
tree 971ce5f13245f2bae87d3a8dd6b84e3a349cb03a
parent 757a4bd68cd37a4e6da995b4351621f103e20f50

Add an example/zcat -fail-if-unsandboxed flag

example/zcat/zcat.c

diff --git a/example/zcat/zcat.c b/example/zcat/zcat.c
index 4d7398b..87af5e3 100644
--- a/example/zcat/zcat.c
+++ b/example/zcat/zcat.c
@@ -80,12 +80,70 @@
 uint8_t work_buffer[1];
 #endif
 
+// ----
+
+static bool sandboxed = false;
+
+struct {
+  int remaining_argc;
+  char** remaining_argv;
+
+  bool fail_if_unsandboxed;
+} flags = {0};
+
+const char*  //
+parse_flags(int argc, char** argv) {
+  int c = (argc > 0) ? 1 : 0;  // Skip argv[0], the program name.
+  for (; c < argc; c++) {
+    char* arg = argv[c];
+    if (*arg++ != '-') {
+      break;
+    }
+
+    // A double-dash "--foo" is equivalent to a single-dash "-foo". As special
+    // cases, a bare "-" is not a flag (some programs may interpret it as
+    // stdin) and a bare "--" means to stop parsing flags.
+    if (*arg == '\x00') {
+      break;
+    } else if (*arg == '-') {
+      arg++;
+      if (*arg == '\x00') {
+        c++;
+        break;
+      }
+    }
+
+    if (!strcmp(arg, "fail-if-unsandboxed")) {
+      flags.fail_if_unsandboxed = true;
+      continue;
+    }
+
+    return "main: unrecognized flag argument";
+  }
+
+  flags.remaining_argc = argc - c;
+  flags.remaining_argv = argv + c;
+  return NULL;
+}
+
+// ----
+
 // ignore_return_value suppresses errors from -Wall -Werror.
 static void  //
 ignore_return_value(int ignored) {}
 
-static const char*  //
-decode() {
+#include <stdio.h>
+
+const char*  //
+main1(int argc, char** argv) {
+  const char* z = parse_flags(argc, argv);
+  if (z) {
+    return z;
+  }
+  if (flags.fail_if_unsandboxed && !sandboxed) {
+    return "main: unsandboxed";
+  }
+
   wuffs_gzip__decoder dec;
   wuffs_base__status status =
       wuffs_gzip__decoder__initialize(&dec, sizeof dec, WUFFS_VERSION, 0);
@@ -148,7 +206,7 @@
 
     wuffs_base__io_buffer__compact(&src);
     if (src.meta.wi == src.data.len) {
-      return "internal error: no I/O progress possible";
+      return "main: internal error: no I/O progress possible";
     }
   }
 }
@@ -184,9 +242,10 @@
 main(int argc, char** argv) {
 #if defined(WUFFS_EXAMPLE_USE_SECCOMP)
   prctl(PR_SET_SECCOMP, SECCOMP_MODE_STRICT);
+  sandboxed = true;
 #endif
 
-  int exit_code = compute_exit_code(decode());
+  int exit_code = compute_exit_code(main1(argc, argv));
 
 #if defined(WUFFS_EXAMPLE_USE_SECCOMP)
   // Call SYS_exit explicitly instead of SYS_exit_group implicitly.