[U-Boot] [PATCH] Fix GCC format-security errors.
Wolfgang Denk
wd at denx.de
Tue Dec 29 17:11:57 CET 2015
Dear Ben,
In message <1451399667-32519-1-git-send-email-ben.whitten at gmail.com> you wrote:
> From: Ben Whitten <ben.whitten at gmail.com>
>
> With format-security errors turned on, GCC picks up the use of sprintf without
> a format parameter.
Thanks for detecting this, but...
> - ptr = sprintf(build_buf, tmp);
> + ptr = sprintf(build_buf, "%s", tmp);
...
> - ptr += sprintf(build_buf + ptr, tmp);
> + ptr += sprintf(build_buf + ptr, "%s", tmp);
... why should we use sprintf() here at all? I recommend to convert
this into a plain strcpy().
Best regards,
Wolfgang Denk
--
DENX Software Engineering GmbH, Managing Director: Wolfgang Denk
HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany
Phone: (+49)-8142-66989-10 Fax: (+49)-8142-66989-80 Email: wd at denx.de
Any fool can make things bigger, more complex, and more violent. It
takes a touch of genius - and a lot of courage - to move in the
opposite direction. - Albert Einstein
More information about the U-Boot
mailing list