------- Comment #2 from rguenth at gcc dot gnu dot org 2009-10-31 13:11 ------- Some things were fixed. Still open are
> +/* Pass files generated by the lto-wrapper to the linker. FD is lto-wrapper's > + stdout. */ > + > +static void > +add_output_files (FILE *f) > +{ > + char fname[1000]; /* FIXME: Is this big enough? */ I don't know what sort of strings go there, but if they can be filenames with user-controlled components then the GNU Coding Standards say to avoid arbitrary limits. > + output_files = realloc (output_files, num_output_files * sizeof (char > *)); > + output_files[num_output_files - 1] = strdup (s); Use xrealloc and xstrdup. Other places have the same issue with realloc or calloc or strdup. Also there are still asserts that look fishy. assert (lto_wrapper_argv); temp_obj_dir_name = strdup ("tmp_objectsXXXXXX"); t = mkdtemp (temp_obj_dir_name); assert (t == temp_obj_dir_name); (see also PR39023) -- http://gcc.gnu.org/bugzilla/show_bug.cgi?id=41550