On Tue, Feb 18, 2020 at 6:12 PM Bernd Edlinger <bernd.edlin...@hotmail.de> wrote: > > Hi, > > I noticed that my /tmp directory gets clobbered with many *.ld/*.le files > whenever > the test suite runs. I tracked that down to a bug in the collect2 and > lto-wrapper > executable, which happens when -save-temps is used. As I tunrs out, that > these > .ld- and .le-files are no longer used, so I removed them altogether, including > the no longer used dump_ld_file. > > But when I looked closer I found that the collect2 also calls the not signal > safe > function vfprintf (via notice) and the signal safe unlink from a signal > handler, > but since the argument for the unlink is potentially accessed before the file > path is > initialized, we may call unlink with memory obtained directly from xmalloc, > this might > end in removing arbitrary files on the hard disk, when the collect2 is > interrupted > asynchronously by any signal handler. > > Therefore thus this bug might even deserve a CVE number. > > > Bootstrapped and reg-tested on x86_64-pc-linux-gnu. > Is it OK for trunk.
The collect2 parts are OK for trunk. Please omit the lto-wrapper change though, you mention lto-wrapper has a bug above but I see no connection to creating a new temporary file there. Thanks, Richard. > > Thanks > Bernd.
