From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <SRS0=tW7D=LX=lists.denx.de=u-boot-bounces@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-7.3 required=3.0 tests=BAYES_00,DKIM_SIGNED,
	DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,
	SPF_HELO_NONE,SPF_PASS,USER_AGENT_SANE_2 autolearn=no autolearn_force=no
	version=3.4.0
Received: from mail.kernel.org (mail.kernel.org [198.145.29.99])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 42153C11F66
	for <u-boot@archiver.kernel.org>; Tue, 29 Jun 2021 10:35:06 +0000 (UTC)
Received: from phobos.denx.de (phobos.denx.de [85.214.62.61])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by mail.kernel.org (Postfix) with ESMTPS id 5BFCE61D7A
	for <u-boot@archiver.kernel.org>; Tue, 29 Jun 2021 10:35:05 +0000 (UTC)
DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 5BFCE61D7A
Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=nic.cz
Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de
Received: from h2850616.stratoserver.net (localhost [IPv6:::1])
	by phobos.denx.de (Postfix) with ESMTP id 4A19182DFC;
	Tue, 29 Jun 2021 12:35:02 +0200 (CEST)
Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=nic.cz
Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de
Authentication-Results: phobos.denx.de;
	dkim=pass (1024-bit key; secure) header.d=nic.cz header.i=@nic.cz header.b="XfY73QGA";
	dkim-atps=neutral
Received: by phobos.denx.de (Postfix, from userid 109)
 id B326483121; Tue, 29 Jun 2021 12:34:59 +0200 (CEST)
Received: from mail.nic.cz (mail.nic.cz [IPv6:2001:1488:800:400::400])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (No client certificate requested)
 by phobos.denx.de (Postfix) with ESMTPS id BF1F082EC5
 for <u-boot@lists.denx.de>; Tue, 29 Jun 2021 12:34:56 +0200 (CEST)
Authentication-Results: phobos.denx.de;
 dmarc=pass (p=none dis=none) header.from=nic.cz
Authentication-Results: phobos.denx.de;
 spf=pass smtp.mailfrom=marek.behun@nic.cz
Received: from thinkpad (unknown [172.20.6.87])
 by mail.nic.cz (Postfix) with ESMTPSA id 4EDEB1412B6;
 Tue, 29 Jun 2021 12:34:56 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=nic.cz; s=default;
 t=1624962896; bh=efT9UfqbKjvcjmbwg+wox/z6fUhbOZpuMXQKC6TftkE=;
 h=Date:From:To;
 b=XfY73QGACIUQgvpbBLO2ZGsHh6D9637G+uYU7eUt7i9zwmrCtiKASoypE4hEqz53A
 8620AhP9oj2nZWXnyN5VDzwkGOEsrZXPwLTSUVK8O3u2htbtH2dbGfLkNEGiXNBxFP
 eWfTFIYwZJ7SKtzSdEFeeSNfBxubSUY1NoKpsNR8=
Date: Tue, 29 Jun 2021 12:34:54 +0200
From: Marek Behun <marek.behun@nic.cz>
To: "Roland Gaudig (OSS)" <roland.gaudig-oss@weidmueller.com>
Cc: Wolfgang Denk <wd@denx.de>, u-boot@lists.denx.de, Simon Glass
 <sjg@chromium.org>, Roland Gaudig <roland.gaudig@weidmueller.com>, Alex
 Nemirovsky <alex.nemirovsky@cortina-access.com>, Bin Meng
 <bmeng.cn@gmail.com>, Heinrich Schuchardt <xypron.glpk@gmx.de>, Patrick
 Delaunay <patrick.delaunay@foss.st.com>, Rayagonda Kokatanur
 <rayagonda.kokatanur@broadcom.com>, Robert Marko <robert.marko@sartura.hr>,
 Sean Anderson <seanga2@gmail.com>, Stefan Bosch <stefan_b@posteo.net>,
 Weijie Gao <weijie.gao@mediatek.com>
Subject: Re: [PATCH 0/3] cmd: setexpr: add fmt format string operation
Message-ID: <20210629123454.282288d4@thinkpad>
In-Reply-To: <a463f32f-8ef0-6973-f1c3-a881ee6e5d26@weidmueller.com>
References: <20210628151750.572837-1-roland.gaudig-oss@weidmueller.com>
 <83741.1624955845@gemini.denx.de>
 <a463f32f-8ef0-6973-f1c3-a881ee6e5d26@weidmueller.com>
X-Mailer: Claws Mail 3.17.8 (GTK+ 2.24.33; x86_64-pc-linux-gnu)
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
X-BeenThere: u-boot@lists.denx.de
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: U-Boot discussion <u-boot.lists.denx.de>
List-Unsubscribe: <https://lists.denx.de/options/u-boot>,
 <mailto:u-boot-request@lists.denx.de?subject=unsubscribe>
List-Archive: <https://lists.denx.de/pipermail/u-boot/>
List-Post: <mailto:u-boot@lists.denx.de>
List-Help: <mailto:u-boot-request@lists.denx.de?subject=help>
List-Subscribe: <https://lists.denx.de/listinfo/u-boot>,
 <mailto:u-boot-request@lists.denx.de?subject=subscribe>
Errors-To: u-boot-bounces@lists.denx.de
Sender: "U-Boot" <u-boot-bounces@lists.denx.de>
X-Virus-Scanned: clamav-milter 0.103.2 at phobos.denx.de
X-Virus-Status: Clean

On Tue, 29 Jun 2021 09:41:25 +0000
"Roland Gaudig (OSS)" <roland.gaudig-oss@weidmueller.com> wrote:

> I think just passing the format string directly to sprintf should be
> avoided because it is unsafe. For example
> 
> => setexpr foo fmt %s 0xffffffff  
> 
> would surely lead to access on memory location outside the variable
> where 0xffffffff is stored.

+1. I guess Wolfgang's rationale was that in U-Boot we already have
pretty serious means to break the system, so allowing the user to
directly pass wrong parameters to sprintf is not that much of a problem
since we can say that the user should know what they are doing.

But implementing a dedicated format parser for this that is also safe
is a simple exercise, imho, so I think we should do this properly, if
at all.

> > This was actually one of my intentions when making this suggestion -
> > to be able to construct any kind of data from pieces; say, for
> > example:
> >   
> > => setexpr foo fmt "%0x08x-%s-%d-%s" $a $b $c $d  
> 
> I think the only way to support such expressions in a save way would
> be implementing an own format string parser for setexpr with
> corresponding checks if access is possible, instead of just directly
> passing all values unchecked to sprintf.

We can properly implement
 %s with field width, justification

 %c

 integral types (everything 64-bits, no reason for length modifiers,
 imho) with field width, precision, zero padding, sign forcing,
 etc...

We don't need floating points nor out of order arguments.

Marek