[Bug middle-end/79647] bogus warning when building openssl

pinskia at gcc dot gnu.org Mon, 20 Feb 2017 15:21:11 -0800

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=79647


--- Comment #2 from Andrew Pinski <pinskia at gcc dot gnu.org> ---
    int async_jobs = 0;

...
            async_jobs = atoi(opt_arg());
....

    loopargs_len = (async_jobs == 0 ? 1 : async_jobs);
    loopargs =
        app_malloc(loopargs_len * sizeof(loopargs_t), "array of loopargs");
    memset(loopargs, 0, loopargs_len * sizeof(loopargs_t));


Actually in my mind there is a security hole here as the async_jobs is not
checked and it is an user input.

[Bug middle-end/79647] bogus warning when building openssl

Reply via email to