Hi Vincent, On Wed, May 28, 2014 at 08:43:10PM +0200, Vincent Bernat wrote: > ??? 28 mai 2014 18:11 +0200, Willy Tarreau <w...@1wt.eu> : > > > Feedback welcome as usual, > > When compiling with -Werror=format-security (which is a common settings > on a Debian-based distribution), we get: > > src/dumpstats.c:3059:4: error: format not a string literal and no format > arguments [-Werror=format-security] > chunk_appendf(&trash, srv_hlt_st[1]); /* DOWN (agent) */ > ^ > > srv_hlt_st[1] is "DOWN %s/%s", so this is not even a false positive. I > suppose this should be srv_hlt_st[0] but then it's better to just write > "DOWN" (since it avoids the warning).
Huh, no, here it's "DOWN (agent)". We don't even have "%s", the only possible arguments are %d. Could you please double-check ? Maybe you had local changes, I don't know, but I'm a bit confused. > It leads me to the next chunk of code: > > chunk_appendf(&trash, > srv_hlt_st[state], > (ref->state != SRV_ST_STOPPED) ? > (ref->check.health - ref->check.rise + 1) : (ref->check.health), > (ref->state != SRV_ST_STOPPED) ? > (ref->check.fall) : (ref->check.rise)); > > Not all members of srv_hlt_st have %s/%s. I cannot say for sure how > chunk_appendf work. Is that the caller or the callee that clean up? I > suppose that because of ..., this is automatically the caller so the > additional arguments are harmless. They're %d/%d, not %s/%s. The extra args are ignored when not used by the format string, just like printf does. In fact, chunk_appendf() does nothing special, it just uses vsnprintf(), which itself only parses the format arguments and depile them from the stack when needed. Hoping this helps, Willy