Hi,
On 28 May 2015 at 07:25, Tom Rini trini@konsulko.com wrote:
On Wed, May 06, 2015 at 11:21:33AM +0800, tang yuantian wrote:
From: Tang Yuantian Yuantian.Tang@freescale.com
Function 'sprintf' does not check buffer boundaries but outputs to the buffer of fixed size which could potentially cause buffer overflow. Use a safer function to replace it.
Signed-off-by: Tang Yuantian Yuantian.Tang@freescale.com
Applied to u-boot/master, thanks!
Just in case others miss it, you need to enable an option to make this actually change something:
- Safe printf() functions Define CONFIG_SYS_VSNPRINTF to compile in safe versions of the printf() functions. These are defined in include/vsprintf.h and include snprintf(), vsnprintf() and so on. Code size increase is approximately 300-500 bytes. If this option is not given then these functions will silently discard their buffer size argument - this means you are not getting any overflow checking in this case.
Regards, Simon