https://gcc.gnu.org/bugzilla/show_bug.cgi?id=89094
Bug ID: 89094 Summary: collect2.c:main c_argv buffer is undersized when -EL, -EB or -B used in COLLECT_GCC_OPTIONS Product: gcc Version: 9.0 Status: UNCONFIRMED Severity: normal Priority: P3 Component: other Assignee: unassigned at gcc dot gnu.org Reporter: remi at machet dot us Target Milestone: --- collect2.c main() uses an array to store filtered arguments called c_argv. The size of that array is based on num_c_args which account for 15 entries plus command line arguments and one entry per -qm or -qf argument inside COLLECT_GCC_OPTIONS: /* Now pick up any flags we want early from COLLECT_GCC_OPTIONS The LTO options are passed here as are other options that might be unsuitable for ld (e.g. -save-temps). */ p = getenv ("COLLECT_GCC_OPTIONS"); while (p && *p) { const char *q = extract_string (&p); if (*q == '-' && (q[1] == 'm' || q[1] == 'f')) num_c_args++; ... But later, when the array is filled, more options not accounted for above are added to the array if found in COLLECT_GCC_OPTIONS: -EL, -EB, -B<path> and 2 entries for '-B <path>': if (*q == '-' && (q[1] == 'm' || q[1] == 'f')) *c_ptr++ = xstrdup (q); if (strcmp (q, "-EL") == 0 || strcmp (q, "-EB") == 0) *c_ptr++ = xstrdup (q); if (strcmp (q, "-shared") == 0) shared_obj = 1; if (strcmp (q, "-static") == 0) static_obj = 1; if (*q == '-' && q[1] == 'B') { *c_ptr++ = xstrdup (q); if (q[2] == 0) { q = extract_string (&p); *c_ptr++ = xstrdup (q); } } Any of the extra options, if present, is causing c_argv to overflow.