From patchwork Sun Jan 28 09:41:23 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Masahiro Yamada X-Patchwork-Id: 126075 Delivered-To: patch@linaro.org Received: by 10.46.84.92 with SMTP id y28csp1576480ljd; Sun, 28 Jan 2018 01:42:05 -0800 (PST) X-Google-Smtp-Source: AH8x2243WtNByUIpMeZ2OheA0vi1DO9gaOIPtzhMDCe87/kOyOwG+cbXpHogzTClJMtyvetFatTL X-Received: by 10.80.186.114 with SMTP id 47mr43465154eds.252.1517132525830; Sun, 28 Jan 2018 01:42:05 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1517132525; cv=none; d=google.com; s=arc-20160816; b=gx5DD97zkCSuEUgv68g0Kt7AKRSnxJiOuEzpuIA6qFCP9XjIulKMimSiW5sXWCpwPp F3m7MDeQnnT5y6vA3g84d36Cy1zMFho4RQ5uC0pmvXMZmXoYo8Y6L7RgKblZYtNGdnle sF/uYyP9uorgAnkHRcrccHuST5deYYOikwTIlWUOO0fRkCJ2AJaBsLRY03EdzCADJvRL O7uw64Opr3YFHaUjhBmIHKnNNEAeKUSaPR7cOOS8NVbvQRt2dGwPtH4iqrWFaiWlJWQY uNdSkbAKPQ7/bkG5ZlUobsWUeDukftEy2pw4nCphEwDtb5bmdNXJbczgSv0+1QQmvVEz 7bJg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:content-transfer-encoding:mime-version :list-subscribe:list-help:list-post:list-archive:list-unsubscribe :list-id:precedence:subject:cc:message-id:date:to:from :dkim-signature:dkim-filter:arc-authentication-results; bh=YvLQb3T/eC4duD7PNGgc/+VmI2aXeN5gtyFMFjMKfvc=; b=UP5Jk+u60bbgKSHPTlP9mvO1qpWTPF6g6rVpjAfo82OJGsjpnm5CxGr/z5t011Y2O5 PmPDpgc+ri69tlB0GsRXUznj0H3VUHaR6Bb6i7Aam/GkkSIXFsX+tjpy3GEmstqYTyfd d8MrlmPKeyMX5QkvUda6XbT8TpCBH3yUd560cXHkCRAOdK3dpyWLCQflATMYiAQoFZce b4JNEYecqkKT13j/70S9ex2HTndKAwTY+OxzfHFgtx4HSn+s4G5KG5vPz3vo0Ah9u5S5 DlbhyYUy3cUS1T9lc+tc6MFiCCJ9Dj1t3EufS3g1TQknx06PQ+raqVtd/Qt4YQTkcjeM irQg== ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@nifty.com header.s=dec2015msa header.b=bzE3rGwN; spf=pass (google.com: best guess record for domain of u-boot-bounces@lists.denx.de designates 81.169.180.215 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de Return-Path: Received: from lists.denx.de (dione.denx.de. [81.169.180.215]) by mx.google.com with ESMTP id g31si575767edc.164.2018.01.28.01.42.04; Sun, 28 Jan 2018 01:42:05 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of u-boot-bounces@lists.denx.de designates 81.169.180.215 as permitted sender) client-ip=81.169.180.215; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@nifty.com header.s=dec2015msa header.b=bzE3rGwN; spf=pass (google.com: best guess record for domain of u-boot-bounces@lists.denx.de designates 81.169.180.215 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de Received: by lists.denx.de (Postfix, from userid 105) id 6C716C21FC4; Sun, 28 Jan 2018 09:42:03 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on lists.denx.de X-Spam-Level: X-Spam-Status: No, score=0.0 required=5.0 tests=RCVD_IN_DNSWL_NONE, T_DKIM_INVALID autolearn=unavailable autolearn_force=no version=3.4.0 Received: from lists.denx.de (localhost [IPv6:::1]) by lists.denx.de (Postfix) with ESMTP id 5B562C21DA3; Sun, 28 Jan 2018 09:42:01 +0000 (UTC) Received: by lists.denx.de (Postfix, from userid 105) id 00F90C21DA3; Sun, 28 Jan 2018 09:41:59 +0000 (UTC) Received: from conuserg-09.nifty.com (conuserg-09.nifty.com [210.131.2.76]) by lists.denx.de (Postfix) with ESMTPS id F3DABC21C2F for ; Sun, 28 Jan 2018 09:41:58 +0000 (UTC) Received: from grover.sesame (FL1-125-199-20-195.osk.mesh.ad.jp [125.199.20.195]) (authenticated) by conuserg-09.nifty.com with ESMTP id w0S9fPIa023554; Sun, 28 Jan 2018 18:41:25 +0900 DKIM-Filter: OpenDKIM Filter v2.10.3 conuserg-09.nifty.com w0S9fPIa023554 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nifty.com; s=dec2015msa; t=1517132485; bh=tTHpfD3usZIbspODugCHBDWkrkOcHBUqe+NpHfdYS5c=; h=From:To:Cc:Subject:Date:From; b=bzE3rGwNRPRiDr4zDu9ldktJGTB0BCZugMiCdHResU6BoOYiRjVIBeIso/OUh2+M5 QYhlaKtRfobftPK3D0u9HOfuGDtcoeU0dgzZ43TRPDJLRVa2LD0LCkvMx1QxRFaETy pyHwW5FEY4wOgsSqAvMVT+kBXCd73dxFJmzLqAi3z00+2kqudYKgbbySWba2mYkFFq U0VrfxVefKqjgN9FJq3I2JjPW5+Obn47JJmlIEDNHk4pXCwLia4Pf8gXdZPfaOjlKM Zj+g8Wic03JZxb1wLq8Xs2ynqNGH2tWCMhUtSycnw2SN4x7y8GZaDNkqkDHUvYibcO mrGoZ1ROcRuqA== X-Nifty-SrcIP: [125.199.20.195] From: Masahiro Yamada To: u-boot@lists.denx.de Date: Sun, 28 Jan 2018 18:41:23 +0900 Message-Id: <1517132483-22879-1-git-send-email-yamada.masahiro@socionext.com> X-Mailer: git-send-email 2.7.4 Cc: Ben Whitten , Tom Rini Subject: [U-Boot] [PATCH] kconfig: revert change that was not needed for -Wformat-security X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.18 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" Recent GCC versions warn if the format string is not a literal because the compiler cannot check the argument validity at compile time. Commit 192bc6948b02 ("Fix GCC format-security errors and convert sprintfs.") blindly replaced sprintf() with strcpy(), including many cases where the format parameter is a string literal. For the kconfig change: sprintf(header, " "); ..., here the format parameter is a string literal " ", so it is definitely equivalent to: strcpy(header, " "); Of course, if the 'header' did not have enough length for containing " ", it would be a security problem, but another problem. (in this case, the 'header' is 4 byte length buffer, so it is not a problem at all.) The kconfig code is kept as synced with Linux as possible, but this change made the code out-of-sync for nothing. Just reverting. Signed-off-by: Masahiro Yamada --- scripts/kconfig/mconf.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/kconfig/mconf.c b/scripts/kconfig/mconf.c index 953d5c7..315ce2c 100644 --- a/scripts/kconfig/mconf.c +++ b/scripts/kconfig/mconf.c @@ -379,7 +379,7 @@ static void update_text(char *buf, size_t start, size_t end, void *_data) data->targets[k] = pos->target; k++; } else { - strcpy(header, " "); + sprintf(header, " "); } memcpy(buf + pos->offset, header, sizeof(header) - 1);