On Sun, Jan 28, 2018 at 06:41:23PM +0900, Masahiro Yamada wrote:
Recent GCC versions warn if the format string is not a literal because the compiler cannot check the argument validity at compile time.
Commit 192bc6948b02 ("Fix GCC format-security errors and convert sprintfs.") blindly replaced sprintf() with strcpy(), including many cases where the format parameter is a string literal.
For the kconfig change:
sprintf(header, " ");..., here the format parameter is a string literal " ", so it is definitely equivalent to:
strcpy(header, " ");Of course, if the 'header' did not have enough length for containing " ", it would be a security problem, but another problem. (in this case, the 'header' is 4 byte length buffer, so it is not a problem at all.)
The kconfig code is kept as synced with Linux as possible, but this change made the code out-of-sync for nothing. Just reverting.
Signed-off-by: Masahiro Yamada yamada.masahiro@socionext.com
Applied to u-boot/master, thanks!