I tried building with GCC 9.1.1 for the first time, and got various warnings. ``` make[1]: Entering directory '/home/nickm/src/tor-035' CC src/feature/hs/hs_service.o In file included from ./src/lib/crypt_ops/crypto_rsa.h:21, from ./src/core/or/or.h:32, from src/feature/hs/hs_service.c:11: In function ‘load_client_keys’, inlined from ‘load_service_keys’ at src/feature/hs/hs_service.c:1090:7, inlined from ‘hs_service_load_all_keys’ at src/feature/hs/hs_service.c:4010:9: ./src/lib/log/log.h:244:3: error: ‘%s’ directive argument is null [-Werror=format-overflow=] 244 | log_fn_(LOG_WARN, domain, __FUNCTION__, args, ##__VA_ARGS__) | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ src/feature/hs/hs_service.c:1267:7: note: in expansion of macro ‘log_warn’ 1267 | log_warn(LD_REND, "Client authorization file %s can't be read. " | ^~~~~~~~ src/feature/hs/hs_service.c: In function ‘hs_service_load_all_keys’: src/feature/hs/hs_service.c:1267:52: note: format string is defined here 1267 | log_warn(LD_REND, "Client authorization file %s can't be read. " | ^~ cc1: all warnings being treated as errors make[1]: *** [Makefile:9877: src/feature/hs/hs_service.o] Error 1 CC src/feature/hs/core_libtor_app_testing_a-hs_service.o In file included from ./src/lib/crypt_ops/crypto_rsa.h:21, from ./src/core/or/or.h:32, from src/feature/hs/hs_service.c:11: In function ‘load_client_keys’, inlined from ‘load_service_keys’ at src/feature/hs/hs_service.c:1090:7, inlined from ‘hs_service_load_all_keys’ at src/feature/hs/hs_service.c:4010:9: ./src/lib/log/log.h:244:3: error: ‘%s’ directive argument is null [-Werror=format-overflow=] 244 | log_fn_(LOG_WARN, domain, __FUNCTION__, args, ##__VA_ARGS__) | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ src/feature/hs/hs_service.c:1267:7: note: in expansion of macro ‘log_warn’ 1267 | log_warn(LD_REND, "Client authorization file %s can't be read. " | ^~~~~~~~ src/feature/hs/hs_service.c: In function ‘hs_service_load_all_keys’: src/feature/hs/hs_service.c:1267:52: note: format string is defined here 1267 | log_warn(LD_REND, "Client authorization file %s can't be read. " | ^~ cc1: all warnings being treated as errors make[1]: *** [Makefile:11111: src/feature/hs/core_libtor_app_testing_a-hs_service.o] Error 1 make[1]: Target 'all-am' not remade because of errors. make[1]: Leaving directory '/home/nickm/src/tor-035' make: *** [Makefile:5788: all] Error 2 [1016]$ ``` It looks like this is a real bug: when there's something wrong with the client authorization file, we first free and null the file, and only log its contents afterwards. This appears to affect 0.3.5 and later.