[U-Boot] [PATCH] disable security warning flags when possible
Some toolchains enable security warning flags by default, but these don't really make sense in the u-boot world. Such as forcing changes like: -printf(foo); +printf("%s", foo);
So disable the flags when the compiler supports them. Linux has already merged a similar change in their build system.
Signed-off-by: Mike Frysinger vapier@gentoo.org --- config.mk | 4 ++++ 1 files changed, 4 insertions(+), 0 deletions(-)
diff --git a/config.mk b/config.mk index fa46ff1..97d2631 100644 --- a/config.mk +++ b/config.mk @@ -191,6 +191,10 @@ CFLAGS := $(CPPFLAGS) -Wall -Wstrict-prototypes endif
CFLAGS += $(call cc-option,-fno-stack-protector) +# Some toolchains enable security related warning flags by default, +# but they don't make much sense in the u-boot world, so disable them. +CFLAGS += $(call cc-option,-Wno-format-nonliteral) +CFLAGS += $(call cc-option,-Wno-format-security)
# $(CPPFLAGS) sets -g, which causes gcc to pass a suitable -g<format> # option to the assembler.
Mike Frysinger vapier@gentoo.org wrote on 2011/04/25 20:06:40:
Some toolchains enable security warning flags by default, but these don't really make sense in the u-boot world. Such as forcing changes like: -printf(foo); +printf("%s", foo);
So disable the flags when the compiler supports them. Linux has already merged a similar change in their build system.
Signed-off-by: Mike Frysinger vapier@gentoo.org
config.mk | 4 ++++ 1 files changed, 4 insertions(+), 0 deletions(-)
diff --git a/config.mk b/config.mk index fa46ff1..97d2631 100644 --- a/config.mk +++ b/config.mk @@ -191,6 +191,10 @@ CFLAGS := $(CPPFLAGS) -Wall -Wstrict-prototypes endif
CFLAGS += $(call cc-option,-fno-stack-protector) +# Some toolchains enable security related warning flags by default, +# but they don't make much sense in the u-boot world, so disable them. +CFLAGS += $(call cc-option,-Wno-format-nonliteral) +CFLAGS += $(call cc-option,-Wno-format-security)
hmm, now we have this warning in the tree: miiphyutil.c: In function 'miiphy_register': miiphyutil.c:144: warning: format not a string literal and no format arguments which is a sprintf(new_dev->name, name);
This warning goes away with your patch and I not sure that is a good thing. Keeping just: CFLAGS += $(call cc-option,-Wno-format-nonliteral) makes the warning stay.
Jocke
PS. gcc 3.4.6 also complains: miiphyutil.c: In function `miiphy_read': miiphyutil.c:304: warning: comparison is always false due to limited range of data type which looks like a real one. Strange gcc 4.4.5 has lost that one.
On Mon, Apr 25, 2011 at 15:16, Joakim Tjernlund wrote:
Mike Frysinger wrote on 2011/04/25 20:06:40:
Some toolchains enable security warning flags by default, but these don't really make sense in the u-boot world. Such as forcing changes like: -printf(foo); +printf("%s", foo);
So disable the flags when the compiler supports them. Linux has already merged a similar change in their build system.
Signed-off-by: Mike Frysinger vapier@gentoo.org
config.mk | 4 ++++ 1 files changed, 4 insertions(+), 0 deletions(-)
diff --git a/config.mk b/config.mk index fa46ff1..97d2631 100644 --- a/config.mk +++ b/config.mk @@ -191,6 +191,10 @@ CFLAGS := $(CPPFLAGS) -Wall -Wstrict-prototypes endif
CFLAGS += $(call cc-option,-fno-stack-protector) +# Some toolchains enable security related warning flags by default, +# but they don't make much sense in the u-boot world, so disable them. +CFLAGS += $(call cc-option,-Wno-format-nonliteral) +CFLAGS += $(call cc-option,-Wno-format-security)
hmm, now we have this warning in the tree: miiphyutil.c: In function 'miiphy_register': miiphyutil.c:144: warning: format not a string literal and no format arguments which is a sprintf(new_dev->name, name);
This warning goes away with your patch and I not sure that is a good thing. Keeping just: CFLAGS += $(call cc-option,-Wno-format-nonliteral) makes the warning stay.
i dont think the existing code is buggy. certainly changing it to strcpy(new_dev->name, name) is fine, but again doing sprintf(new_dev->name, "%s", name) is wrong.
gcc 3.4.6 also complains: miiphyutil.c: In function `miiphy_read': miiphyutil.c:304: warning: comparison is always false due to limited range of data type which looks like a real one. Strange gcc 4.4.5 has lost that one.
this is -Wtype-limits now which makes sense to me ... this shouldnt be under the "security" umbrella
CFLAGS += $(call cc-option,-Wtype-limits) -mike
Dear Mike Frysinger,
In message 1303754800-14317-1-git-send-email-vapier@gentoo.org you wrote:
Some toolchains enable security warning flags by default, but these don't really make sense in the u-boot world. Such as forcing changes like: -printf(foo); +printf("%s", foo);
So disable the flags when the compiler supports them. Linux has already merged a similar change in their build system.
Signed-off-by: Mike Frysinger vapier@gentoo.org
config.mk | 4 ++++ 1 files changed, 4 insertions(+), 0 deletions(-)
Applied, thanks.
Best regards,
Wolfgang Denk
participants (3)
-
Joakim Tjernlund -
Mike Frysinger -
Wolfgang Denk