Message ID | 20200212194645.1765445-2-mk@mkio.de |
---|---|
State | Accepted |
Commit | b3192f48c19c15d37ba69722b2846de4b73b27cd |
Delegated to: | Tom Rini |
Headers | show |
Series | moveconfig fixes | expand |
On 2/12/20 8:46 PM, Markus Klotzbuecher wrote: > Commit b237d358b "moveconfig: expand simple expressions" added support > for expanding expressions in configs, but used the unsafe python > built-in "eval". This patch fixes this by replacing eval with the > asteval module. > > Signed-off-by: Markus Klotzbuecher <mk@mkio.de> > Cc: Heinrich Schuchardt <xypron.glpk@gmx.de> > Cc: Heiko Schocher <hs@denx.de> > Cc: Tom Rini <trini@konsulko.com> > Cc: Simon Glass <sjg@chromium.org> > Cc: Joe Hershberger <joe.hershberger@ni.com> > Cc: Masahiro Yamada <yamada.masahiro@socionext.com> Thanks for addressing this concern. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
On Wed, Feb 12, 2020 at 08:46:44PM +0100, Markus Klotzbuecher wrote: > Commit b237d358b "moveconfig: expand simple expressions" added support > for expanding expressions in configs, but used the unsafe python > built-in "eval". This patch fixes this by replacing eval with the > asteval module. > > Signed-off-by: Markus Klotzbuecher <mk@mkio.de> > Cc: Heinrich Schuchardt <xypron.glpk@gmx.de> > Cc: Heiko Schocher <hs@denx.de> > Cc: Tom Rini <trini@konsulko.com> > Cc: Simon Glass <sjg@chromium.org> > Cc: Joe Hershberger <joe.hershberger@ni.com> > Cc: Masahiro Yamada <yamada.masahiro@socionext.com> > Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Applied to u-boot/master, thanks!
diff --git a/tools/moveconfig.py b/tools/moveconfig.py index 36160a3977..df20ec66af 100755 --- a/tools/moveconfig.py +++ b/tools/moveconfig.py @@ -295,6 +295,7 @@ To see the complete list of supported options, run """ +import asteval import collections import copy import difflib @@ -808,10 +809,11 @@ def try_expand(line): return line try: + aeval = asteval.Interpreter( usersyms=SIZES, minimal=True ) cfg, val = re.split("=", line) val= val.strip('\"') if re.search("[*+-/]|<<|SZ_+|\(([^\)]+)\)", val): - newval = hex(eval(val, SIZES)) + newval = hex(aeval(val)) print("\tExpanded expression %s to %s" % (val, newval)) return cfg+'='+newval except:
Commit b237d358b "moveconfig: expand simple expressions" added support for expanding expressions in configs, but used the unsafe python built-in "eval". This patch fixes this by replacing eval with the asteval module. Signed-off-by: Markus Klotzbuecher <mk@mkio.de> Cc: Heinrich Schuchardt <xypron.glpk@gmx.de> Cc: Heiko Schocher <hs@denx.de> Cc: Tom Rini <trini@konsulko.com> Cc: Simon Glass <sjg@chromium.org> Cc: Joe Hershberger <joe.hershberger@ni.com> Cc: Masahiro Yamada <yamada.masahiro@socionext.com> --- tools/moveconfig.py | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-)