Wietse Venema:
> A. Schulze:
> > postqueue: panic: vbuf_print: output for '%s' exceeds space 0
>
> Unfortunately, there is no way that I can reproduce this in
> postfix-3.2.0, given the preconditions in this code. Does this
> machine have ECC meory? Does it have a history of programs crashing?
>
> Wietse
>
> Message-ID: <20170826122446.horde.wtusryfdzjjo1nij3m0g...@andreasschulze.de>
> postfix 3.2.0
> postqueue: panic: vbuf_print: output for '%s' exceeds space 0
>
> This msg_panic() call is made from VBUF_SNPRINTF():
> #define VBUF_SNPRINTF(bp, sz, fmt, arg) do { \
> ssize_t _ret; \
> VBUF_SPACE((bp), (sz)); \
> _ret = snprintf((char *) (bp)->ptr, (bp)->cnt, (fmt), (arg)); \
> if (_ret < 0) \
> msg_panic("%s: output error for '%s'", myname, (fmt)); \
> if (_ret >= (bp)->cnt) \
> msg_panic("%s: output for '%s' exceeds space %ld", \
> myname, fmt, (long) (bp)->cnt); \
>
> According to the panic message, (bp)->cnt is zero, meaning the
> output buffer has no free space, which can't happen because
> VBUF_SNPRINTF() is called with sz > 0, as will be argued below.
> Therefore, VBUF_SPACE() is called with a value sz > 0, and the
> output buffer must have free space.
>
> The panic message says "%s" therefore this VBUF_SNPRINTF() call is
> made while formatting a string with an fmt value of "%s".
Unfortunately, the panic call overwrites the format string that was
involved with the error, so the analysis for width and precision
is wrong.
Wietse
