On Thursday, August 07, 2014 at 03:28:14 PM, Pantelis Antoniou wrote: > Hi Marek, > > [snip] > > >> I don't want to be the first to defined it for all of armv7.... > > > > Honestly, we should just enable this CONFIG_SYS_VSNPRINTF by default for > > the good of humanity and all the things, since this unbounded string > > handling is just evil (see how OpenSSL ended up, partly because of that > > ... and I am just starting to see the pattern in all the security code). > > I don't want to go down that road with U-Boot. > > > > So, would you please cook a separate patch to enable this by default, so > > it would spur the right kind of discussion on this matter ? > > We should enable this by default. Unbounded string handling scares me. > > If we have problems with blowing over SPL size restrictions, perhaps have > it disabled only on those cases (that are known to have a problem).
Right, I fully agree with what you said. The SPL and TPL might have issues with this being enabled, but then this can be enabled for full-blown U-Boot only. But this discussion should happen in a thread associated with patch enabling this. ;-) Best regards, Marek Vasut _______________________________________________ U-Boot mailing list U-Boot@lists.denx.de http://lists.denx.de/mailman/listinfo/u-boot
