[U-Boot] [PATCH 0/4] Buffer overruns in printf

Simon Glass sjg at chromium.org
Fri Sep 23 22:46:18 CEST 2011


Hi Albert,

On Fri, Sep 23, 2011 at 1:40 PM, Albert ARIBAUD
<albert.u.boot at aribaud.net> wrote:
> Hi Simon,
>
> Le 23/09/2011 19:38, Simon Glass a écrit :
>>
>> The printf family of functions in U-Boot cannot deal with a situation
>> where
>> the caller provides a buffer which turns out to be too small for the
>> format
>> string. This can result in buffer overflows, stack overflows and other bad
>> behavior.
>
> Indeed overruns can lead to bad behaviors, but in any case, it can never be
> recovered, because at the root, the problem is that the caller provided
> inconsistent arguments to printf.

Recovery is one thing, but I would settle for just not crashing, which
is the purpose of this patch. We could also easily WARN if that were
considered appropriate here.

>
> So in essence, you're 'fixing' printf for a design error in printf's caller,
> instead of fixing the design error.

Well, the nature of a function is that it cannot know what arguments
might be passed to it. It can only assert(), limit check, etc. A limit
check is what this patch aims to add.

Regards,
Simon

>
> Amicalement,
> --
> Albert.
>


More information about the U-Boot mailing list