On Monday 28 November 2011 14:24:49 Wolfgang Denk wrote: > common/menu.c used printf() in a number of places to print user > provided, constant strings (like the "title" string). printf() is > dangerous here for example in case the user unwittingly embeds some > '%' caracters that printf() would interpret as formatting and then > pick up random arguments. Use puts() instead.
i'm not seeing this problem based on your patch below ...
> --- a/common/menu.c
> +++ b/common/menu.c
>
> - if (!m->item_data_print)
> - printf("%s\n", item->key);
> + putc(item->key);
> + putc('\n');
item->key is not passed as the first arg, so % sequences would not get
interpreted
> - printf("%s:\n", m->title);
> + puts(m->title);
> + putc('\n');
same here
> - printf("^C\n");
> + puts("^C\n");
this change makes sense, but not for any of the reasons cited in the
changelog; this looks like a simple optimization ...
-mike
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ U-Boot mailing list U-Boot@lists.denx.de http://lists.denx.de/mailman/listinfo/u-boot
