From mboxrd@z Thu Jan 1 00:00:00 1970 From: Wolfgang Denk Date: Tue, 29 Dec 2015 17:11:57 +0100 Subject: [U-Boot] [PATCH] Fix GCC format-security errors. In-Reply-To: <1451399667-32519-1-git-send-email-ben.whitten@gmail.com> References: <1451399667-32519-1-git-send-email-ben.whitten@gmail.com> Message-ID: <20151229161157.F191F383BF2@gemini.denx.de> List-Id: MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit To: u-boot@lists.denx.de Dear Ben, In message <1451399667-32519-1-git-send-email-ben.whitten@gmail.com> you wrote: > From: Ben Whitten > > With format-security errors turned on, GCC picks up the use of sprintf without > a format parameter. Thanks for detecting this, but... > - ptr = sprintf(build_buf, tmp); > + ptr = sprintf(build_buf, "%s", tmp); ... > - ptr += sprintf(build_buf + ptr, tmp); > + ptr += sprintf(build_buf + ptr, "%s", tmp); ... why should we use sprintf() here at all? I recommend to convert this into a plain strcpy(). Best regards, Wolfgang Denk -- DENX Software Engineering GmbH, Managing Director: Wolfgang Denk HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany Phone: (+49)-8142-66989-10 Fax: (+49)-8142-66989-80 Email: wd at denx.de Any fool can make things bigger, more complex, and more violent. It takes a touch of genius - and a lot of courage - to move in the opposite direction. - Albert Einstein