[PATCH master 1/3] treewide: fix -Wformat-security warnings for run_command()
Sascha Hauer
s.hauer at pengutronix.de
Tue Mar 3 23:34:19 PST 2026
On Mon, 02 Mar 2026 14:52:32 +0100, Ahmad Fatoum wrote:
> run_command() is declared __printf(1, 2), so passing a non-literal
> format string triggers -Wformat-security with clang. Use "%s" as the
> format string at all call sites that forward a dynamic string.
>
>
Applied, thanks!
[1/3] treewide: fix -Wformat-security warnings for run_command()
https://git.pengutronix.de/cgit/barebox/commit/?id=f6e2a02f918f (link may not be stable)
[2/3] jwt: fix buffer overflow and double-free in jwt_part_parse
https://git.pengutronix.de/cgit/barebox/commit/?id=ca9205326237 (link may not be stable)
[3/3] of: fdt: fix heap-buffer-overflow in fdt_machine_is_compatible
https://git.pengutronix.de/cgit/barebox/commit/?id=ef2e9ab5611c (link may not be stable)
Best regards,
--
Sascha Hauer <s.hauer at pengutronix.de>
More information about the barebox
mailing list