On Sun, Jan 28, 2018 at 06:41:23PM +0900, Masahiro Yamada wrote:
> Recent GCC versions warn if the format string is not a literal
> because the compiler cannot check the argument validity at compile
> time.
>
> Commit 192bc6948b02 ("Fix GCC format-security errors and convert
> sprintfs.") blindly replaced sprintf() with strcpy(), including
> many cases where the format parameter is a string literal.
>
> For the kconfig change:
>
> sprintf(header, " ");
>
> ..., here the format parameter is a string literal " ", so it is
> definitely equivalent to:
>
> strcpy(header, " ");
>
> Of course, if the 'header' did not have enough length for containing
> " ", it would be a security problem, but another problem. (in this
> case, the 'header' is 4 byte length buffer, so it is not a problem at
> all.)
>
> The kconfig code is kept as synced with Linux as possible, but this
> change made the code out-of-sync for nothing. Just reverting.
>
> Signed-off-by: Masahiro Yamada <yamada.masah...@socionext.com>Applied to u-boot/master, thanks! -- Tom
signature.asc
Description: PGP signature
_______________________________________________ U-Boot mailing list U-Boot@lists.denx.de https://lists.denx.de/listinfo/u-boot
