Security fixes, code modernization, and community PR integration

[zknpr]

Summary

This PR consolidates security fixes, code modernization, and integrates several valuable community PRs that have been pending.

Security Fixes

• Memory leak fix: piStartRef was not freed in vSigIntHandler() and vFailureExit() cleanup paths
• NULL checks: Added proper NULL checks after all malloc/calloc calls instead of relying on assert() (which is disabled by NDEBUG in release builds)
• Compiler security flags: Added -fstack-protector-strong, -D_FORTIFY_SOURCE=2, -Wformat-security for release builds

Code Modernization

• CMakeLists.txt overhaul: Modernized to use target-based CMake properties, proper Release/Debug build separation, and generator expressions
• Build type handling: NDEBUG is now only defined in Release builds; Debug builds have -g -O0 for proper debugging
• Added -Wpedantic with exception for 3rdparty getopt code (uses deprecated register keyword)
• Updated libmodbus minimum version to 3.1.7 (required for quirks support)
• Translated all French comments to English for maintainability
• Updated copyright years to 2015-2025

Community PR Integration

This PR implements the functionality from the following open PRs:

• check result of modbus_set_slave() #87 (@r00t-): Check modbus_set_slave() return value to prevent crashes with invalid slave addresses
• Add option -x to print reference in hexadecimal format #90 (@ciakval): Add -x option to print register addresses in hexadecimal format
• Add support for MAX_SLAVE and REPLY_TO_BROADCAST quirks #99 (@JesseRiemens): Add -Q and -X options for libmodbus quirks (MAX_SLAVE and REPLY_TO_BROADCAST)

New Command-Line Options

-x    Print address (reference) in hexadecimal format
-Q    Enable MAX_SLAVE quirk (accept slave id 0-255)
-X    Enable REPLY_TO_BROADCAST quirk (send reply to broadcast)

CI/CD

• Added GitHub Actions workflow for automated builds on:
  • Ubuntu (Release + Debug configurations)
  • macOS (Release)
  • Windows (Release)

Test Plan

• Build on Linux with libmodbus >= 3.1.7
• Build on macOS
• Build on Windows (with bundled libmodbus)
• Test -x option displays hex addresses correctly
• Test -Q option allows slave addresses 0-255
• Test -X option for broadcast reply
• Verify memory leak is fixed with valgrind
• Verify invalid slave address now returns proper error instead of crash

Breaking Changes

• libmodbus minimum version increased from 3.1.4 to 3.1.7 (required for modbus_enable_quirks() function)

---

🤖 Generated with Claude Code

[Copilot]

Pull request overview

This PR consolidates security hardening and modernization work for mbpoll, including safer memory allocation handling, new CLI features, updated build tooling (CMake), and a new multi-platform GitHub Actions CI workflow.

Changes:

• Replace assert()-based allocation checks with explicit NULL checks and improve cleanup paths.
• Add new CLI options -x, -Q, and -X (hex address printing + libmodbus quirks support), plus corresponding help/README updates.
• Modernize CMakeLists.txt (target-based flags, Release/Debug separation, updated libmodbus minimum) and add CI builds for Linux/macOS/Windows.

Reviewed changes

Copilot reviewed 9 out of 9 changed files in this pull request and generated 4 comments.

Show a summary per file

File	Description
src/mbpoll.c	Adds new CLI flags, enables libmodbus quirks, improves allocation failure handling, and fixes a cleanup leak.
CMakeLists.txt	Modernizes build configuration, hardening flags, dependency discovery, and libmodbus minimum version.
.github/workflows/ci.yml	Adds CI jobs for Linux/macOS/Windows builds and basic smoke checks.
README.md	Updates libmodbus minimum version and documents new CLI options.
mbpoll-config.h	Updates copyright year.
src/serial.h	Translates comments to English and updates copyright year.
src/serial.c	Updates copyright year.
src/custom-rts.h	Updates copyright year.
src/custom-rts.c	Updates copyright year.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[r00t-]

This PR implements the functionality from the following open PRs:

so people are now using "AI" bots for stealing other people's contributions from open merge requests and claiming ownership of them?

[zknpr]

This PR implements the functionality from the following open PRs:

so people are now using "AI" bots for stealing other people's contributions from open merge requests and claiming ownership of them?

I found your Pr useful and worth adding. Where do you see me claiming your contribution as my own? As far as I can tell, you and your Pr are both tagged.

[JesseRiemens]

This PR implements the functionality from the following open PRs:

so people are now using "AI" bots for stealing other people's contributions from open merge requests and claiming ownership of them?

I found your Pr useful and worth adding. Where do you see me claiming your contribution as my own? As far as I can tell, you and your Pr are both tagged.

Could have cherry-picked and included the contributions itself - then the code authored by us is merged. I don't think you had bad intentions necessarily, but I feel @r00t- s annoyance as well.

[zknpr]

@r00t- @JesseRiemens @ciakval

You're right, and I owe you all an apology. I should have cherry-picked your commits instead of reimplementing the functionality. Mentioning your PRs in the description doesn't replace proper git authorship — your names belong in git log, not just in a PR body. That was a mistake on my part and I'm sorry.

If @epsilonrt is open to it, I'd like to fix this properly: revert the portions of this PR that overlap with #87, #90, and #99, then cherry-pick your original commits so you get the authorship credit you deserve. Happy to put together that follow-up PR if the maintainer agrees.

Again, apologies for the misstep.