Hi Albert,
On Fri, Sep 23, 2011 at 1:40 PM, Albert ARIBAUD albert.u.boot@aribaud.net wrote:
Hi Simon,
Le 23/09/2011 19:38, Simon Glass a écrit :
The printf family of functions in U-Boot cannot deal with a situation where the caller provides a buffer which turns out to be too small for the format string. This can result in buffer overflows, stack overflows and other bad behavior.
Indeed overruns can lead to bad behaviors, but in any case, it can never be recovered, because at the root, the problem is that the caller provided inconsistent arguments to printf.
Recovery is one thing, but I would settle for just not crashing, which is the purpose of this patch. We could also easily WARN if that were considered appropriate here.
So in essence, you're 'fixing' printf for a design error in printf's caller, instead of fixing the design error.
Well, the nature of a function is that it cannot know what arguments might be passed to it. It can only assert(), limit check, etc. A limit check is what this patch aims to add.
Regards, Simon
Amicalement,
Albert.