On Wed, May 28, 2014 at 11:04:45PM +0200, Vincent Bernat wrote:
> ??? 28 mai 2014 22:59 +0200, Willy Tarreau <w...@1wt.eu> :
>
> >> When compiling with -Werror=format-security (which is a common settings
> >> on a Debian-based distribution), we get:
> >>
> >> src/dumpstats.c:3059:4: error: format not a string literal and no format
> >> arguments [-Werror=format-security]
> >> chunk_appendf(&trash, srv_hlt_st[1]); /* DOWN (agent) */
> >> ^
> >>
> >> srv_hlt_st[1] is "DOWN %s/%s", so this is not even a false positive. I
> >> suppose this should be srv_hlt_st[0] but then it's better to just write
> >> "DOWN" (since it avoids the warning).
> >
> > Huh, no, here it's "DOWN (agent)". We don't even have "%s", the only
> > possible
> > arguments are %d. Could you please double-check ? Maybe you had local
> > changes,
> > I don't know, but I'm a bit confused.
>
> You are right, I was looking at the wrong place in dumpstats.c. So, no
> bug, but the compiler is still not happy. What about providing an
> additional argument to chunk_appendf to let know that this is handled
> correctly?
I'm really not fond of adding bugs on purpose to hide compiler bugs,
because they tend to be "fixed" by the casual reader the worst possible
way... We've had our lot of gcc workarounds already and each time it
ended up in a spiral.
I just tried here on 4.7 with the same flag and got the same result. I tried
to force "const" in addition to "static" on the types declaration and it still
fails, so we're clearly in front of a compiler bug. Not a big one, but an
invalid check (or an excessive use I don't know). Indeed, there's absolutely
nothing wrong about writing :
const char *hello = "hello world\n";
printf(hello);
And when hello is a const, there's no risk that it will be modified at
runtime, so basically the check is wrong here if it does not check the
real definition of the static element.
Do you have an idea how this strange check is dealt with in other
programs usually if debian always uses that flag ?
Willy
