Re: [Gluster-devel] glusterfs-3.3.0qa34 released

[Jeff Darcy]

On 04/10/2012 03:59 PM, Patrick Matthäi wrote:
> The "problem" is, that the % substitution is missing, so:
> 
> gf_log (this->name, GF_LOG_ERROR, msg);
> should become:
> gf_log (this->name, GF_LOG_ERROR, "%s", msg);
> 
> I didn't checked if this was introduced in other places, too.
> 
> In 3.2.5 there was a simmilar fault, which my co-maintainer of the
> glusterfs packaging has been fixed:
> http://review.gluster.com/#change,2598

Yes, it's easy to work around, and patches to do just that would be welcome.
I'll be the first to approve them.  OTOH, false positives are the bane of any
effort to improve software quality via static analysis.  The fact that gcc has
now generated two false positives for the same non-problem suggests that its
format-security diagnostics are not the right basis for such an effort.