[U-Boot] [PATCH v6 0/4] Buffer overruns in printf
The printf family of functions in U-Boot cannot deal with a situation where the caller provides a buffer which turns out to be too small for the format string. This can result in buffer overflows, stack overflows and other bad behavior. This patch series tidies this up in the common vsprintf.c code. You can find a discussion of the Linux / U-Boot licensing issues here: http://patchwork.ozlabs.org/patch/116161/ Code Size Impact (From Simon Glass ) With my ARMv7 compiler (gcc-4.4.3_cos_gg_53174) the code size increase is 312 bytes, about 10% increase to code size vsprintf.o. With the CONFIG_SYS_VSNPRINT option undefined, the code size impact is 4 bytes. Changes in v2: - Use sizeof(printbuffer) instead of CONFIG_SYS_PBSIZE - Drop patch which changes network code to use snprintf() Changes in v3: - Move prototypes from common.h to vsprintf.h - Add CONFIG_SYS_VSNPRINT option to enable vsnprintf() functions - Update README with CONFIG_SYS_VSNPRINT docs - Use ADDCH macro to support checking/not checking end pointer - Move function documentation into header file Changes in v4: - Add these changes in unless CONFIG_NO_SYS_VSNPRINT is defined - Reduce code size overhead if disabled to only 4 bytes on ARM - Remove the ugly #ifdef patch from series since it only saves 4 bytes Changes in v5: - Define INT_MAX locally within vsprintf.c - Drop limits.h as it is used in only two places in U-Boot Changes in v6: - Change the config option to CONFIG_SYS_VSNPRINTF - Make the default be to NOT include safe printf functions Simon Glass (2): Move vsprintf functions into their own header vsprintf: Move function documentation into header file Sonny Rao (2): Add safe vsnprintf and snprintf library functions Make printf and vprintf safe from buffer overruns README |9 ++ common/console.c | 10 +- include/common.h | 11 +-- include/vsprintf.h | 181 +++ lib/vsprintf.c | 237 --- 5 files changed, 345 insertions(+), 103 deletions(-) create mode 100644 include/vsprintf.h -- 1.7.3.1 ___ U-Boot mailing list U-Boot@lists.denx.de http://lists.denx.de/mailman/listinfo/u-boot
Re: [U-Boot] [PATCH v6 0/4] Buffer overruns in printf
Hi Wolfgang, On Mon, Nov 21, 2011 at 12:43 PM, Simon Glass wrote: > Hi, > > On Wed, Nov 2, 2011 at 12:52 PM, Simon Glass wrote: >> The printf family of functions in U-Boot cannot deal with a situation where >> the caller provides a buffer which turns out to be too small for the format >> string. This can result in buffer overflows, stack overflows and other bad >> behavior. > > Does any maintainer want to pick up this series? It passes the MAKEALL > test for me. Is this series going into this month's release? Regards, Simon > > Regards, > Simon > >> >> This patch series tidies this up in the common vsprintf.c code. >> >> You can find a discussion of the Linux / U-Boot licensing issues here: >> >> http://patchwork.ozlabs.org/patch/116161/ >> >> Code Size Impact >> >> >> (From Simon Glass ) >> With my ARMv7 compiler (gcc-4.4.3_cos_gg_53174) the code size increase is >> 312 bytes, about 10% increase to code size vsprintf.o. >> >> With the CONFIG_SYS_VSNPRINT option undefined, the code size impact >> is 4 bytes. >> >> >> Changes in v2: >> - Use sizeof(printbuffer) instead of CONFIG_SYS_PBSIZE >> - Drop patch which changes network code to use snprintf() >> >> Changes in v3: >> - Move prototypes from common.h to vsprintf.h >> - Add CONFIG_SYS_VSNPRINT option to enable vsnprintf() functions >> - Update README with CONFIG_SYS_VSNPRINT docs >> - Use ADDCH macro to support checking/not checking end pointer >> - Move function documentation into header file >> >> Changes in v4: >> - Add these changes in unless CONFIG_NO_SYS_VSNPRINT is defined >> - Reduce code size overhead if disabled to only 4 bytes on ARM >> - Remove the ugly #ifdef patch from series since it only saves 4 bytes >> >> Changes in v5: >> - Define INT_MAX locally within vsprintf.c >> - Drop limits.h as it is used in only two places in U-Boot >> >> Changes in v6: >> - Change the config option to CONFIG_SYS_VSNPRINTF >> - Make the default be to NOT include safe printf functions >> >> Simon Glass (2): >> Move vsprintf functions into their own header >> vsprintf: Move function documentation into header file >> >> Sonny Rao (2): >> Add safe vsnprintf and snprintf library functions >> Make printf and vprintf safe from buffer overruns >> >> README | 9 ++ >> common/console.c | 10 +- >> include/common.h | 11 +-- >> include/vsprintf.h | 181 +++ >> lib/vsprintf.c | 237 >> --- >> 5 files changed, 345 insertions(+), 103 deletions(-) >> create mode 100644 include/vsprintf.h >> >> -- >> 1.7.3.1 >> >> ___ U-Boot mailing list U-Boot@lists.denx.de http://lists.denx.de/mailman/listinfo/u-boot
Re: [U-Boot] [PATCH v6 0/4] Buffer overruns in printf
Dear Simon Glass, In message you wrote: > > Is this series going into this month's release? No. This goes into "next". Best regards, Wolfgang Denk -- DENX Software Engineering GmbH, MD: Wolfgang Denk & Detlev Zundel HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany Phone: (+49)-8142-66989-10 Fax: (+49)-8142-66989-80 Email: w...@denx.de Do not follow where the path may leadgo instead where there is no path and leave a trail. ___ U-Boot mailing list U-Boot@lists.denx.de http://lists.denx.de/mailman/listinfo/u-boot
Re: [U-Boot] [PATCH v6 0/4] Buffer overruns in printf
Hi, On Wed, Nov 2, 2011 at 12:52 PM, Simon Glass wrote: > The printf family of functions in U-Boot cannot deal with a situation where > the caller provides a buffer which turns out to be too small for the format > string. This can result in buffer overflows, stack overflows and other bad > behavior. Does any maintainer want to pick up this series? It passes the MAKEALL test for me. Regards, Simon > > This patch series tidies this up in the common vsprintf.c code. > > You can find a discussion of the Linux / U-Boot licensing issues here: > > http://patchwork.ozlabs.org/patch/116161/ > > Code Size Impact > > > (From Simon Glass ) > With my ARMv7 compiler (gcc-4.4.3_cos_gg_53174) the code size increase is > 312 bytes, about 10% increase to code size vsprintf.o. > > With the CONFIG_SYS_VSNPRINT option undefined, the code size impact > is 4 bytes. > > > Changes in v2: > - Use sizeof(printbuffer) instead of CONFIG_SYS_PBSIZE > - Drop patch which changes network code to use snprintf() > > Changes in v3: > - Move prototypes from common.h to vsprintf.h > - Add CONFIG_SYS_VSNPRINT option to enable vsnprintf() functions > - Update README with CONFIG_SYS_VSNPRINT docs > - Use ADDCH macro to support checking/not checking end pointer > - Move function documentation into header file > > Changes in v4: > - Add these changes in unless CONFIG_NO_SYS_VSNPRINT is defined > - Reduce code size overhead if disabled to only 4 bytes on ARM > - Remove the ugly #ifdef patch from series since it only saves 4 bytes > > Changes in v5: > - Define INT_MAX locally within vsprintf.c > - Drop limits.h as it is used in only two places in U-Boot > > Changes in v6: > - Change the config option to CONFIG_SYS_VSNPRINTF > - Make the default be to NOT include safe printf functions > > Simon Glass (2): > Move vsprintf functions into their own header > vsprintf: Move function documentation into header file > > Sonny Rao (2): > Add safe vsnprintf and snprintf library functions > Make printf and vprintf safe from buffer overruns > > README | 9 ++ > common/console.c | 10 +- > include/common.h | 11 +-- > include/vsprintf.h | 181 +++ > lib/vsprintf.c | 237 --- > 5 files changed, 345 insertions(+), 103 deletions(-) > create mode 100644 include/vsprintf.h > > -- > 1.7.3.1 > > ___ U-Boot mailing list U-Boot@lists.denx.de http://lists.denx.de/mailman/listinfo/u-boot
