Plug possible snprintf overflow in lto-wrapper.

My upcoming improvements to the DOM threader triggered a warning in
this code.  It looks like the format string is ".ltrans%u.ltrans", but
we're only writing a max of ".ltrans" + whatever the MAX_INT is here.

Tested on x86-64 Linux.

gcc/ChangeLog:

	* lto-wrapper.c (run_gcc): Plug snprintf overflow.

diff --git a/gcc/lto-wrapper.c b/gcc/lto-wrapper.c
index 903c258..7b9e488 100644 (file)
--- a/gcc/lto-wrapper.c
+++ b/gcc/lto-wrapper.c
@@ -1983,7 +1983,9 @@ cont:
          output_name = XOBFINISH (&env_obstack, char *);
 
          /* Adjust the dumpbase if the linker output file was seen.  */
-         int dumpbase_len = (strlen (dumppfx) + sizeof (DUMPBASE_SUFFIX));
+         int dumpbase_len = (strlen (dumppfx)
+                             + sizeof (DUMPBASE_SUFFIX)
+                             + sizeof (".ltrans"));
          char *dumpbase = (char *) xmalloc (dumpbase_len + 1);
          snprintf (dumpbase, dumpbase_len, "%sltrans%u.ltrans", dumppfx, i);
          argv_ptr[0] = dumpbase;
@@ -2009,9 +2011,11 @@ cont:
            }
          else
            {
-             char argsuffix[sizeof (DUMPBASE_SUFFIX) + 1];
+             char argsuffix[sizeof (DUMPBASE_SUFFIX)
+                            + sizeof (".ltrans_args") + 1];
              if (save_temps)
-               snprintf (argsuffix, sizeof (DUMPBASE_SUFFIX),
+               snprintf (argsuffix,
+                         sizeof (DUMPBASE_SUFFIX) + sizeof (".ltrans_args"),
                          "ltrans%u.ltrans_args", i);
              fork_execute (new_argv[0], CONST_CAST (char **, new_argv),
                            true, save_temps ? argsuffix : NULL);