Commit 947c626dc5bfbc232cc0f41d16fa213a885ad234
1 parent
9c11135ce0
Exists in
v2017.01-smarct4x
and in
30 other branches
vsprintf.c: Always enable CONFIG_SYS_VSNPRINTF
Enabling this function always removes some class of string saftey issues. The size change here in general is about 400 bytes and this seems a reasonable trade-off. Cc: Peng Fan <peng.fan@nxp.com> Cc: Peter Robinson <pbrobinson@gmail.com> Cc: Fabio Estevam <fabio.estevam@freescale.com> Cc: Adrian Alonso <aalonso@freescale.com> Cc: Stefano Babic <sbabic@denx.de> Cc: Hans de Goede <hdegoede@redhat.com> Signed-off-by: Tom Rini <trini@konsulko.com>
Showing 13 changed files with 0 additions and 51 deletions Side-by-side Diff
- README
- configs/bayleybay_defconfig
- configs/chromebook_link_defconfig
- configs/chromebox_panther_defconfig
- configs/coreboot-x86_defconfig
- configs/crownbay_defconfig
- configs/galileo_defconfig
- configs/minnowmax_defconfig
- configs/qemu-x86_defconfig
- configs/sandbox_defconfig
- include/vsprintf.h
- lib/Kconfig
- lib/vsprintf.c
README
... | ... | @@ -890,15 +890,6 @@ |
890 | 890 | 'Sane' compilers will generate smaller code if |
891 | 891 | CONFIG_PRE_CON_BUF_SZ is a power of 2 |
892 | 892 | |
893 | -- Safe printf() functions | |
894 | - Define CONFIG_SYS_VSNPRINTF to compile in safe versions of | |
895 | - the printf() functions. These are defined in | |
896 | - include/vsprintf.h and include snprintf(), vsnprintf() and | |
897 | - so on. Code size increase is approximately 300-500 bytes. | |
898 | - If this option is not given then these functions will | |
899 | - silently discard their buffer size argument - this means | |
900 | - you are not getting any overflow checking in this case. | |
901 | - | |
902 | 893 | - Boot Delay: CONFIG_BOOTDELAY - in seconds |
903 | 894 | Delay before automatically booting the default image; |
904 | 895 | set to -1 to disable autoboot. |
configs/bayleybay_defconfig
configs/chromebook_link_defconfig
configs/chromebox_panther_defconfig
configs/coreboot-x86_defconfig
configs/crownbay_defconfig
configs/galileo_defconfig
configs/minnowmax_defconfig
configs/qemu-x86_defconfig
configs/sandbox_defconfig
include/vsprintf.h
... | ... | @@ -124,7 +124,6 @@ |
124 | 124 | int vsprintf(char *buf, const char *fmt, va_list args); |
125 | 125 | char *simple_itoa(ulong i); |
126 | 126 | |
127 | -#ifdef CONFIG_SYS_VSNPRINTF | |
128 | 127 | /** |
129 | 128 | * Format a string and place it in a buffer |
130 | 129 | * |
... | ... | @@ -199,17 +198,6 @@ |
199 | 198 | * See the vsprintf() documentation for format string extensions over C99. |
200 | 199 | */ |
201 | 200 | int vscnprintf(char *buf, size_t size, const char *fmt, va_list args); |
202 | -#else | |
203 | -/* | |
204 | - * Use macros to silently drop the size parameter. Note that the 'cn' | |
205 | - * versions are the same as the 'n' versions since the functions assume | |
206 | - * there is always enough buffer space when !CONFIG_SYS_VSNPRINTF | |
207 | - */ | |
208 | -#define snprintf(buf, size, fmt, args...) sprintf(buf, fmt, ##args) | |
209 | -#define scnprintf(buf, size, fmt, args...) sprintf(buf, fmt, ##args) | |
210 | -#define vsnprintf(buf, size, fmt, args...) vsprintf(buf, fmt, ##args) | |
211 | -#define vscnprintf(buf, size, fmt, args...) vsprintf(buf, fmt, ##args) | |
212 | -#endif /* CONFIG_SYS_VSNPRINTF */ | |
213 | 201 | |
214 | 202 | /** |
215 | 203 | * print_grouped_ull() - print a value with digits grouped by ',' |
lib/Kconfig
... | ... | @@ -27,15 +27,6 @@ |
27 | 27 | get_timer() must operate in milliseconds and this option must be |
28 | 28 | set to 1000. |
29 | 29 | |
30 | -config SYS_VSNPRINTF | |
31 | - bool "Enable safe version of sprintf()" | |
32 | - help | |
33 | - Since sprintf() can overflow its buffer, it is common to use | |
34 | - snprintf() instead, which knows the buffer size and can avoid | |
35 | - overflow. However, this does increase code size slightly (for | |
36 | - Thumb-2, about 420 bytes). Enable this option for safety when | |
37 | - using sprintf() with data you do not control. | |
38 | - | |
39 | 30 | config USE_TINY_PRINTF |
40 | 31 | bool "Enable tiny printf() version" |
41 | 32 | help |
lib/vsprintf.c
... | ... | @@ -141,7 +141,6 @@ |
141 | 141 | #define SMALL 32 /* Must be 32 == 0x20 */ |
142 | 142 | #define SPECIAL 64 /* 0x */ |
143 | 143 | |
144 | -#ifdef CONFIG_SYS_VSNPRINTF | |
145 | 144 | /* |
146 | 145 | * Macro to add a new character to our output string, but only if it will |
147 | 146 | * fit. The macro moves to the next character position in the output string. |
... | ... | @@ -151,9 +150,6 @@ |
151 | 150 | *(str) = (ch); \ |
152 | 151 | ++str; \ |
153 | 152 | } while (0) |
154 | -#else | |
155 | -#define ADDCH(str, ch) (*(str)++ = (ch)) | |
156 | -#endif | |
157 | 153 | |
158 | 154 | static char *number(char *buf, char *end, u64 num, |
159 | 155 | int base, int size, int precision, int type) |
160 | 156 | |
... | ... | @@ -441,13 +437,11 @@ |
441 | 437 | /* 't' added for ptrdiff_t */ |
442 | 438 | char *end = buf + size; |
443 | 439 | |
444 | -#ifdef CONFIG_SYS_VSNPRINTF | |
445 | 440 | /* Make sure end is always >= buf - do we want this in U-Boot? */ |
446 | 441 | if (end < buf) { |
447 | 442 | end = ((void *)-1); |
448 | 443 | size = end - buf; |
449 | 444 | } |
450 | -#endif | |
451 | 445 | str = buf; |
452 | 446 | |
453 | 447 | for (; *fmt ; ++fmt) { |
454 | 448 | |
455 | 449 | |
... | ... | @@ -609,21 +603,16 @@ |
609 | 603 | flags); |
610 | 604 | } |
611 | 605 | |
612 | -#ifdef CONFIG_SYS_VSNPRINTF | |
613 | 606 | if (size > 0) { |
614 | 607 | ADDCH(str, '\0'); |
615 | 608 | if (str > end) |
616 | 609 | end[-1] = '\0'; |
617 | 610 | --str; |
618 | 611 | } |
619 | -#else | |
620 | - *str = '\0'; | |
621 | -#endif | |
622 | 612 | /* the trailing null byte doesn't count towards the total */ |
623 | 613 | return str - buf; |
624 | 614 | } |
625 | 615 | |
626 | -#ifdef CONFIG_SYS_VSNPRINTF | |
627 | 616 | int vsnprintf(char *buf, size_t size, const char *fmt, |
628 | 617 | va_list args) |
629 | 618 | { |
... | ... | @@ -666,7 +655,6 @@ |
666 | 655 | |
667 | 656 | return i; |
668 | 657 | } |
669 | -#endif /* CONFIG_SYS_VSNPRINT */ | |
670 | 658 | |
671 | 659 | /** |
672 | 660 | * Format a string and place it in a buffer (va_list version) |