------- Comment #2 from rguenth at gcc dot gnu dot org 2009-10-31 13:11 -------
Some things were fixed. Still open are
> +/* Pass files generated by the lto-wrapper to the linker. FD is lto-wrapper's
> + stdout. */
> +
> +static void
> +add_output_files (FILE *f)
> +{
> + char fname[1000]; /* FIXME: Is this big enough? */
I don't know what sort of strings go there, but if they can be filenames
with user-controlled components then the GNU Coding Standards say to avoid
arbitrary limits.
> + output_files = realloc (output_files, num_output_files * sizeof (char
> *));
> + output_files[num_output_files - 1] = strdup (s);
Use xrealloc and xstrdup. Other places have the same issue with realloc
or calloc or strdup.
Also there are still asserts that look fishy.
assert (lto_wrapper_argv);
temp_obj_dir_name = strdup ("tmp_objectsXXXXXX");
t = mkdtemp (temp_obj_dir_name);
assert (t == temp_obj_dir_name);
(see also PR39023)
--
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=41550
