In the file src/server.c, the function serverLogRaw has the following code:

void serverLogRaw(int level, const char *msg) {
    const int syslogLevelMap[] = { LOG_DEBUG, LOG_INFO, LOG_NOTICE, LOG_WARNING };

    ....
    level &= 0xff; /* clear flags */
    if (level < server.verbosity) return;

    ...
    if (server.syslog_enabled) syslog(syslogLevelMap[level], "%s", msg);
}

When level is given a large value, the buffer syslogLevelMap is overflowed. Given that severLog is called extensively in the codebase, I think a proper check is needed.

Comment From: oranagra

When level is given a large value...

but level is one of these:

#define LL_DEBUG 0
#define LL_VERBOSE 1
#define LL_NOTICE 2
#define LL_WARNING 3

it's never suppose to have a huge value, so adding a check, or an assertion is just wasteful. anything i'm missing?

Comment From: yiyuaner

When level is given a large value...

but level is one of these:

```c

define LL_DEBUG 0

define LL_VERBOSE 1

define LL_NOTICE 2

define LL_WARNING 3

```

it's never suppose to have a huge value, so adding a check, or an assertion is just wasteful. anything i'm missing?

If this is intended to be used internally, then it's fine. Though I would suggest adding an assertion here.

Comment From: oranagra

thanks. but i feel an assertion there is unnecessary, and could also cause performance overheads.