[U-Boot] [PATCH] disable security warning flags when possible

Mike Frysinger vapier at gentoo.org
Mon Apr 25 21:30:43 CEST 2011


On Mon, Apr 25, 2011 at 15:16, Joakim Tjernlund wrote:
> Mike Frysinger wrote on 2011/04/25 20:06:40:
>> Some toolchains enable security warning flags by default, but these don't
>> really make sense in the u-boot world.  Such as forcing changes like:
>>    -printf(foo);
>>    +printf("%s", foo);
>>
>> So disable the flags when the compiler supports them.  Linux has already
>> merged a similar change in their build system.
>>
>> Signed-off-by: Mike Frysinger <vapier at gentoo.org>
>> ---
>>  config.mk |    4 ++++
>>  1 files changed, 4 insertions(+), 0 deletions(-)
>>
>> diff --git a/config.mk b/config.mk
>> index fa46ff1..97d2631 100644
>> --- a/config.mk
>> +++ b/config.mk
>> @@ -191,6 +191,10 @@ CFLAGS := $(CPPFLAGS) -Wall -Wstrict-prototypes
>>  endif
>>
>>  CFLAGS += $(call cc-option,-fno-stack-protector)
>> +# Some toolchains enable security related warning flags by default,
>> +# but they don't make much sense in the u-boot world, so disable them.
>> +CFLAGS += $(call cc-option,-Wno-format-nonliteral)
>> +CFLAGS += $(call cc-option,-Wno-format-security)
>
> hmm, now we have this warning in the tree:
>   miiphyutil.c: In function 'miiphy_register':
>   miiphyutil.c:144: warning: format not a string literal and no format arguments
> which is a
>        sprintf(new_dev->name, name);
>
> This warning goes away with your patch and I not sure that is a good thing. Keeping just:
>   CFLAGS += $(call cc-option,-Wno-format-nonliteral)
> makes the warning stay.

i dont think the existing code is buggy.  certainly changing it to
strcpy(new_dev->name, name) is fine, but again doing
sprintf(new_dev->name, "%s", name) is wrong.

> gcc 3.4.6 also complains:
>  miiphyutil.c: In function `miiphy_read':
>  miiphyutil.c:304: warning: comparison is always false due to limited range of data type
> which looks like a real one. Strange gcc 4.4.5 has lost that one.

this is -Wtype-limits now which makes sense to me ... this shouldnt be
under the "security" umbrella

CFLAGS += $(call cc-option,-Wtype-limits)
-mike


More information about the U-Boot mailing list