[PATCH] Fix -save-temp leaking files in /tmp and possible data loss in signal handler
Bernd Edlinger
bernd.edlinger@hotmail.de
Tue Feb 18 17:12:00 GMT 2020
Hi,
I noticed that my /tmp directory gets clobbered with many *.ld/*.le files whenever
the test suite runs. I tracked that down to a bug in the collect2 and lto-wrapper
executable, which happens when -save-temps is used. As I tunrs out, that these
.ld- and .le-files are no longer used, so I removed them altogether, including
the no longer used dump_ld_file.
But when I looked closer I found that the collect2 also calls the not signal safe
function vfprintf (via notice) and the signal safe unlink from a signal handler,
but since the argument for the unlink is potentially accessed before the file path is
initialized, we may call unlink with memory obtained directly from xmalloc, this might
end in removing arbitrary files on the hard disk, when the collect2 is interrupted
asynchronously by any signal handler.
Therefore thus this bug might even deserve a CVE number.
Bootstrapped and reg-tested on x86_64-pc-linux-gnu.
Is it OK for trunk.
Thanks
Bernd.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-Fix-save-temp-leaking-files-in-tmp.patch
Type: text/x-patch
Size: 7926 bytes
Desc: 0001-Fix-save-temp-leaking-files-in-tmp.patch
URL: <http://gcc.gnu.org/pipermail/gcc-patches/attachments/20200218/f3101829/attachment.bin>
More information about the Gcc-patches
mailing list