From mboxrd@z Thu Jan 1 00:00:00 1970 From: Marek Vasut Date: Thu, 7 Aug 2014 15:43:44 +0200 Subject: [U-Boot] [PATCH v3 2/4] usb/gadget: fastboot: add eMMC support for flash command In-Reply-To: <26C65A2F-CC7C-44BC-A8AC-13856AFD2D6C@antoniou-consulting.com> References: <1403813604-31685-1-git-send-email-srae@broadcom.com> <201408071523.42634.marex@denx.de> <26C65A2F-CC7C-44BC-A8AC-13856AFD2D6C@antoniou-consulting.com> Message-ID: <201408071543.44673.marex@denx.de> List-Id: MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit To: u-boot@lists.denx.de On Thursday, August 07, 2014 at 03:28:14 PM, Pantelis Antoniou wrote: > Hi Marek, > > [snip] > > >> I don't want to be the first to defined it for all of armv7.... > > > > Honestly, we should just enable this CONFIG_SYS_VSNPRINTF by default for > > the good of humanity and all the things, since this unbounded string > > handling is just evil (see how OpenSSL ended up, partly because of that > > ... and I am just starting to see the pattern in all the security code). > > I don't want to go down that road with U-Boot. > > > > So, would you please cook a separate patch to enable this by default, so > > it would spur the right kind of discussion on this matter ? > > We should enable this by default. Unbounded string handling scares me. > > If we have problems with blowing over SPL size restrictions, perhaps have > it disabled only on those cases (that are known to have a problem). Right, I fully agree with what you said. The SPL and TPL might have issues with this being enabled, but then this can be enabled for full-blown U-Boot only. But this discussion should happen in a thread associated with patch enabling this. ;-) Best regards, Marek Vasut