On Thursday, August 07, 2014 at 03:28:14 PM, Pantelis Antoniou wrote:
Hi Marek,
[snip]
I don't want to be the first to defined it for all of armv7....
Honestly, we should just enable this CONFIG_SYS_VSNPRINTF by default for the good of humanity and all the things, since this unbounded string handling is just evil (see how OpenSSL ended up, partly because of that ... and I am just starting to see the pattern in all the security code). I don't want to go down that road with U-Boot.
So, would you please cook a separate patch to enable this by default, so it would spur the right kind of discussion on this matter ?
We should enable this by default. Unbounded string handling scares me.
If we have problems with blowing over SPL size restrictions, perhaps have it disabled only on those cases (that are known to have a problem).
Right, I fully agree with what you said. The SPL and TPL might have issues with this being enabled, but then this can be enabled for full-blown U-Boot only.
But this discussion should happen in a thread associated with patch enabling this. ;-)
Best regards, Marek Vasut