>From http://gcc.gnu.org/ml/gcc-patches/2009-09/msg02151.html
> +static void
> +write_resolution (void)
> +{
> + unsigned int i;
> + FILE *f;
> + /* FIXME: Disabled for now since we are not using the resolution file. */
> + return;
> +
> +
> + /* FIXME: This should be a temporary file. */
> + f = fopen ("resolution", "w");
Fixed filenames like this are typically security holes. The return above
means this isn't, but it might be best to remove this function altogether
until you are ready to add a version that actually does something.
> +/* Pass files generated by the lto-wrapper to the linker. FD is lto-wrapper's
> + stdout. */
> +
> +static void
> +add_output_files (FILE *f)
> +{
> + char fname[1000]; /* FIXME: Is this big enough? */
I don't know what sort of strings go there, but if they can be filenames
with user-controlled components then the GNU Coding Standards say to avoid
arbitrary limits.
> + output_files = realloc (output_files, num_output_files * sizeof (char
> *));
> + output_files[num_output_files - 1] = strdup (s);
Use xrealloc and xstrdup. Other places have the same issue with realloc
or calloc or strdup.
> + /* Write argv to a file to avoid a command line that is too long. */
> + t = asprintf (&at_args, "@%s/arguments", temp_obj_dir_name);
> + assert (t >= 0);
This is an example of inappropriate use of assert for things that may be
valid error conditions not a program bug. It looks like there are others
in this plugin. Some cleanup work is needed.
--
Summary: Fix security and portability issues in lto-plugin
Product: gcc
Version: lto
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: lto
AssignedTo: espindola at google dot com
ReportedBy: dnovillo at gcc dot gnu dot org
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=41550
