Remove blanket warning suppressions and replace deprecated Winsock APIs

Historical reference only: stale-v0.72a-experimental-clean and analysis\stale-v0.72a-experimental-clean are retired reference sources, not active branch targets or current baselines. Use them only as provenance or idea-extraction sources; landed status is determined against main. See Historical References.

Summary

Two blanket #define suppressions in stdafx.h silence entire classes of security and deprecation warnings, hiding real issues. In parallel, a handful of deprecated Winsock IPv4-only APIs (inet_addr, inet_ntoa) remain in use despite being unsafe and deprecated since Vista.

Decision

2026-04-19: Explicitly deferred by product decision.

This item is tracked as Deferred to preserve that decision in the active backlog.

Current rationale:

• the remaining deprecated-Winsock usage is real but low practical impact for the current branch
• the cleanup is broad and mechanical, not a targeted correctness/stability fix
• current quality work is prioritizing narrower runtime-risk items first

This item remains valid backlog work, but it should stay deferred unless the warning-floor reduction effort or networking modernization work is explicitly reprioritized.

Warning Suppression Impact — 2026-05-02

The current Stdafx.h blanket warning pragmas are not benign, but they are also not the only source of warning debt. The active Release|x64 app build on 2026-05-02 succeeded while still reporting warnings:

• reference log: EMULE_WORKSPACE_ROOT\workspaces\workspace\state\build-logs\20260502-112930
• workspace summary: 862 warnings for APP main
• raw MSBuild footer: 391 Warning(s)
• de-duplicated located compiler warning sites: 379

The broad Stdafx.h:43-69 suppressions currently hide warning families such as unsafe function-pointer casts (C4191), hidden virtual overrides (C4263-C4266), signed/unsigned conversions (C4365), switch-enum coverage (C4061/C4062), local-static initialization concerns (C4640), and object layout/generated-member noise (C4625, C4626, C4820, C5026, C5027). Removing all of them in one pass would produce a large mixed queue of real defects, MFC-era framework noise, and low-value style cleanup.

Actual risk split:

• high correctness value: pointer/handle truncation, integer narrowing, implicit fallthroughs, non-portable varargs, throwing C/Win32 callbacks, and hidden virtual overrides
• medium value: numeric precision warnings in transfer, scheduling, scoring, rate-limit, and persisted-value code
• low value unless adjacent code is already being changed: register cleanup, unused parameters, padding/layout noise, inline decisions, and unreferenced internal functions

The detailed current warning map, including counts by warning code, hotspot files, concrete example call sites, and linker/dependency impact, is tracked in CI-010. Use that item to prioritize app-local source fixes before attempting to remove the global suppression block wholesale.

Revalidation — 2026-04-13

Current main still defines:

• Stdafx.h:73-74 — _CRT_SECURE_NO_DEPRECATE
• Stdafx.h:99-100 — _WINSOCK_DEPRECATED_NO_WARNINGS
• emule.vcxproj:310 — _CRT_SECURE_NO_DEPRECATE injected again via project settings

Current deprecated / legacy call-site counts in srchybrid:

• 15 inet_addr
• 4 inet_ntoa
• 0 gethostbyname
• 49 printf-family legacy calls (_stprintf, _sntprintf, wsprintf, sprintf)

Representative live Winsock sites include:

• AddSourceDlg.cpp:130
• AsyncProxySocketLayer.cpp:732
• AsyncSocketEx.cpp:896,1001,1029
• AsyncSocketExLayer.cpp:404,448
• IPFilterDlg.cpp:545
• KademliaUDPListener.cpp:81
• Preferences.cpp:2489
• ServerConnect.cpp:540
• ServerSocket.cpp:230
• UDPSocket.cpp:470,786
• URLClient.cpp:118
• WebServer.cpp:374,1187
• WebSocket.cpp:434
• UPnPImplWinServ.cpp:574

Deeper revalidation on 2026-04-14 tightened two parts of the picture:

• all 4 remaining inet_ntoa sites are concentrated in AsyncSocketEx.cpp (1001, 1029) and AsyncSocketExLayer.cpp (404, 448)
• WSAAsyncGetHostByName is still live in AsyncSocketEx.cpp, DownloadQueue.cpp, EmuleDlg.cpp, and UDPSocket.cpp, but that resolver redesign is tracked separately by REF-030

Also note that several raw copy sites (CustomAutoComplete.cpp:230, EmuleDlg.cpp:3770, FileInfoDialog.cpp:756) will re-surface once the blanket warning suppressions are removed. They are adjacent cleanup, even though they are not Winsock calls.

Items

WWMOD_007 — Remove _CRT_SECURE_NO_DEPRECATE from stdafx.h

// stdafx.h — near top:
#define _CRT_SECURE_NO_DEPRECATE

This silences all CRT security deprecation warnings (strcpy → strcpy_s, sprintf → sprintf_s, etc.). Removing it will reveal real unsafe-string call sites. Fix the revealed warnings rather than re-suppressing them.

Expected newly-visible warnings: sprintf, _stprintf, strcat, etc. — coordinate with REF-023 (unsafe printf replacement) to address them.

WWMOD_008 — Remove _WINSOCK_DEPRECATED_NO_WARNINGS from stdafx.h

// stdafx.h:
#define _WINSOCK_DEPRECATED_NO_WARNINGS

This silences warnings about deprecated Winsock functions (inet_addr, inet_ntoa, gethostbyname, etc.). Removing it will identify all call sites that need updating.

WWMOD_030 — Replace inet_addr / inet_ntoa with modern equivalents

Known deprecated-Winsock call sites (partially fixed on stale branch — NOT in main for most files):

Function	Replacement
inet_addr(str)	inet_pton(AF_INET, str, &addr)
inet_ntoa(addr)	inet_ntop(AF_INET, &addr, buf, sizeof(buf))
gethostbyname(host)	getaddrinfo(host, ...)

Primary files to audit: - srchybrid/ServerConnect.cpp - srchybrid/IPFilter.cpp - srchybrid/ClientUDPSocket.cpp - srchybrid/KademliaUDPListener.cpp - srchybrid/BaseClient.cpp - Any file using inet_addr or inet_ntoa

Two-pass approach recommended: 1. Remove the #define _WINSOCK_DEPRECATED_NO_WARNINGS suppression 2. Fix all newly-surfaced warnings using inet_pton/inet_ntop

Order of Operations

1. Remove _CRT_SECURE_NO_DEPRECATE (will reveal sprintf sites — do NOT blindly re-add; fix sites incrementally or coordinate with REF-023)
2. Remove _WINSOCK_DEPRECATED_NO_WARNINGS
3. Fix all inet_addr/inet_ntoa call sites
4. Rebuild clean with zero new warnings

Files to Modify

File	Change
srchybrid/stdafx.h	Remove both #define suppressions
srchybrid/emule.vcxproj	Remove project-wide _CRT_SECURE_NO_DEPRECATE injection
srchybrid/ServerConnect.cpp	Replace deprecated Winsock calls
srchybrid/IPFilter.cpp	Replace deprecated Winsock calls
Other files surfaced by compiler	Replace deprecated CRT / Winsock calls

Acceptance Criteria

• [ ] _CRT_SECURE_NO_DEPRECATE removed from stdafx.h
• [ ] _CRT_SECURE_NO_DEPRECATE removed from project-wide preprocessor definitions
• [ ] _WINSOCK_DEPRECATED_NO_WARNINGS removed from stdafx.h
• [ ] Zero deprecated-Winsock warnings in a clean build
• [ ] Zero CRT security deprecation warnings from files touched in this change
• [ ] inet_addr / inet_ntoa replaced with inet_pton / inet_ntop throughout the codebase

Experimental Reference Implementation

Status in stale-v0.72a-experimental-clean: Done. Deprecated Winsock call count dropped from 28 in main to ~0 in experimental. Done in two steps: - d0a1c11 (WIP: replace inet_addr in socket connect paths) — inet_addr replaced with inet_pton in ServerConnect.cpp, BindAddressResolver.cpp, and other connect paths - 8656e2d and related — _WINSOCK_DEPRECATED_NO_WARNINGS suppression removed from stdafx.h; gethostbyname replaced with getaddrinfo - d8a4af3 (BUILD: enable C++20 and remove bootstrap build) + warning cleanup removed _CRT_SECURE_NO_DEPRECATE

Note on warning suppressions: Main still has 64 #pragma warning(disable/suppress) directives; experimental brought this down to 63 (near-identical), so the blanket per-file suppressions remain. The primary win in experimental was removing the global stdafx.h defines and fixing the actual sites they were covering.

Porting note: Start with removing _WINSOCK_DEPRECATED_NO_WARNINGS from stdafx.h and fixing the inet_addr/inet_ntoa sites one file at a time. The experimental branch has BindAddressResolver.cpp/h (new file) that abstracts the bind-address resolution — consider porting that too.