Hi Albert, On Fri, Sep 23, 2011 at 1:40 PM, Albert ARIBAUD <albert.u.b...@aribaud.net> wrote: > Hi Simon, > > Le 23/09/2011 19:38, Simon Glass a écrit : >> >> The printf family of functions in U-Boot cannot deal with a situation >> where >> the caller provides a buffer which turns out to be too small for the >> format >> string. This can result in buffer overflows, stack overflows and other bad >> behavior. > > Indeed overruns can lead to bad behaviors, but in any case, it can never be > recovered, because at the root, the problem is that the caller provided > inconsistent arguments to printf.
Recovery is one thing, but I would settle for just not crashing, which is the purpose of this patch. We could also easily WARN if that were considered appropriate here. > > So in essence, you're 'fixing' printf for a design error in printf's caller, > instead of fixing the design error. Well, the nature of a function is that it cannot know what arguments might be passed to it. It can only assert(), limit check, etc. A limit check is what this patch aims to add. Regards, Simon > > Amicalement, > -- > Albert. > _______________________________________________ U-Boot mailing list U-Boot@lists.denx.de http://lists.denx.de/mailman/listinfo/u-boot
