From 192bc6948b02ff4168cab16162fffb507946dc2b Mon Sep 17 00:00:00 2001
From: Ben Whitten <ben.whitten@gmail.com>
Date: Wed, 30 Dec 2015 13:05:58 +0000
Subject: Fix GCC format-security errors and convert sprintfs.

With format-security errors turned on, GCC picks up the use of sprintf with
a format parameter not being a string literal.

Simple uses of sprintf are also converted to use strcpy.

Signed-off-by: Ben Whitten <ben.whitten@gmail.com>
Acked-by: Wolfgang Denk <wd@denx.de>
Reviewed-by: Tom Rini <trini@konsulko.com>
---
 common/cmd_elf.c | 13 ++++++++-----
 1 file changed, 8 insertions(+), 5 deletions(-)

(limited to 'common/cmd_elf.c')

diff --git a/common/cmd_elf.c b/common/cmd_elf.c
index 86e694a..5190cc6 100644
--- a/common/cmd_elf.c
+++ b/common/cmd_elf.c
@@ -288,9 +288,10 @@ int do_bootvx(cmd_tbl_t *cmdtp, int flag, int argc, char * const argv[])
 						  (size_t)255));
 		} else {
 			tmp = getenv("bootdev");
-			if (tmp)
-				ptr = sprintf(build_buf, tmp);
-			else
+			if (tmp) {
+				strcpy(build_buf, tmp);
+				ptr = strlen(tmp);
+			} else
 				printf("## VxWorks boot device not specified\n");
 
 			tmp = getenv("bootfile");
@@ -331,8 +332,10 @@ int do_bootvx(cmd_tbl_t *cmdtp, int flag, int argc, char * const argv[])
 				ptr += sprintf(build_buf + ptr, "tn=%s ", tmp);
 
 			tmp = getenv("othbootargs");
-			if (tmp)
-				ptr += sprintf(build_buf + ptr, tmp);
+			if (tmp) {
+				strcpy(build_buf + ptr, tmp);
+				ptr += strlen(tmp);
+			}
 
 			memcpy((void *)bootaddr, build_buf,
 			       max(strlen(build_buf), (size_t)255));
-- 
cgit v1.1