[U-Boot] [PATCH] disable security warning flags when possible
Mike Frysinger
vapier at gentoo.org
Mon Apr 25 21:30:43 CEST 2011
On Mon, Apr 25, 2011 at 15:16, Joakim Tjernlund wrote:
> Mike Frysinger wrote on 2011/04/25 20:06:40:
>> Some toolchains enable security warning flags by default, but these don't
>> really make sense in the u-boot world. Such as forcing changes like:
>> -printf(foo);
>> +printf("%s", foo);
>>
>> So disable the flags when the compiler supports them. Linux has already
>> merged a similar change in their build system.
>>
>> Signed-off-by: Mike Frysinger <vapier at gentoo.org>
>> ---
>> config.mk | 4 ++++
>> 1 files changed, 4 insertions(+), 0 deletions(-)
>>
>> diff --git a/config.mk b/config.mk
>> index fa46ff1..97d2631 100644
>> --- a/config.mk
>> +++ b/config.mk
>> @@ -191,6 +191,10 @@ CFLAGS := $(CPPFLAGS) -Wall -Wstrict-prototypes
>> endif
>>
>> CFLAGS += $(call cc-option,-fno-stack-protector)
>> +# Some toolchains enable security related warning flags by default,
>> +# but they don't make much sense in the u-boot world, so disable them.
>> +CFLAGS += $(call cc-option,-Wno-format-nonliteral)
>> +CFLAGS += $(call cc-option,-Wno-format-security)
>
> hmm, now we have this warning in the tree:
> miiphyutil.c: In function 'miiphy_register':
> miiphyutil.c:144: warning: format not a string literal and no format arguments
> which is a
> sprintf(new_dev->name, name);
>
> This warning goes away with your patch and I not sure that is a good thing. Keeping just:
> CFLAGS += $(call cc-option,-Wno-format-nonliteral)
> makes the warning stay.
i dont think the existing code is buggy. certainly changing it to
strcpy(new_dev->name, name) is fine, but again doing
sprintf(new_dev->name, "%s", name) is wrong.
> gcc 3.4.6 also complains:
> miiphyutil.c: In function `miiphy_read':
> miiphyutil.c:304: warning: comparison is always false due to limited range of data type
> which looks like a real one. Strange gcc 4.4.5 has lost that one.
this is -Wtype-limits now which makes sense to me ... this shouldnt be
under the "security" umbrella
CFLAGS += $(call cc-option,-Wtype-limits)
-mike
More information about the U-Boot
mailing list