strlen() will get string length excluding '\0', but strcpy() will append '\0' in the end, so need XNEWVEC additional byte, or cause memory over flow.
Signed-off-by: Chen Gang <[email protected]> --- gcc/gcc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/gcc/gcc.c b/gcc/gcc.c index 6cd08ea..8ea46ec 100644 --- a/gcc/gcc.c +++ b/gcc/gcc.c @@ -4895,7 +4895,7 @@ do_spec_1 (const char *spec, int inswitch, const char *soft_matched_part) { saved_suffix = XNEWVEC (char, suffix_length - + strlen (TARGET_OBJECT_SUFFIX)); + + strlen (TARGET_OBJECT_SUFFIX) + 1); strncpy (saved_suffix, suffix, suffix_length); strcpy (saved_suffix + suffix_length, TARGET_OBJECT_SUFFIX); -- 1.7.11.7
