On Sun, Apr 23, 2017 at 03:39:22AM -0400, Ian Sutton wrote:
> I noticed some strange code in src/sys/arch/armv7/omap/ommmc.c
>
> This preprocessor define seems to map intr. state bit positions with
> strings describing them:
>
> 149 #define MMCHS_STAT_FMT "\20" \
> 150 "\x09d_BADA" \
> 151 "\x09c_CERR" \
> 152 "\x098_ACE" \
> 153 "\x096_DEB" \
> 154 "\x095_DCRC" \
> 155 "\x094_DTO" \
> 156 "\x093_CIE" \
> 157 "\x092_CEB" \
> 158 "\x091_CCRC" \
> 159 "\x090_CTO" \
> 160 "\x08f_ERRI" \
> 161 "\x089_OBI" \
> 162 "\x088_CIRQ" \
> 163 "\x085_BRR" \
> 164 "\x084_BWR" \
> 165 "\x082_BGE" \
> 166 "\x081_TC" \
> 167 "\x080_CC"
>
> It's used later as an extra printf() argument (edited for clarity):
>
> 1174 printf("%s: interrupt status=%b\n", DEVNAME(sc), status, MMCHS_STAT_FMT);
>
> Whenever the above is called, the string counterpart to each interupt
> bit set in 'status' is printed, for example:
>
> mmmc0: interrupt status=20008000<_BADA,_ERRI>
>
> Where BADA and ERRI are intr. status bits at positions 29 and 15
> respectively.
>
> So through some combination of:
> * CPP multi-string define with unclear hex escapes prepended
> * printf() call with one too many parameters
> * undocumented %b printf() token
http://man.openbsd.org/printf.9
