❦ 28 mai 2014 18:11 +0200, Willy Tarreau <[email protected]> :
> Feedback welcome as usual,
When compiling with -Werror=format-security (which is a common settings
on a Debian-based distribution), we get:
src/dumpstats.c:3059:4: error: format not a string literal and no format
arguments [-Werror=format-security]
chunk_appendf(&trash, srv_hlt_st[1]); /* DOWN (agent) */
^
srv_hlt_st[1] is "DOWN %s/%s", so this is not even a false positive. I
suppose this should be srv_hlt_st[0] but then it's better to just write
"DOWN" (since it avoids the warning).
It leads me to the next chunk of code:
chunk_appendf(&trash,
srv_hlt_st[state],
(ref->state != SRV_ST_STOPPED) ?
(ref->check.health - ref->check.rise + 1) : (ref->check.health),
(ref->state != SRV_ST_STOPPED) ?
(ref->check.fall) : (ref->check.rise));
Not all members of srv_hlt_st have %s/%s. I cannot say for sure how
chunk_appendf work. Is that the caller or the callee that clean up? I
suppose that because of ..., this is automatically the caller so the
additional arguments are harmless.
--
panic("esp: what could it be... I wonder...");
2.2.16 /usr/src/linux/drivers/scsi/esp.c
