* Antony Polukhin:
addr2line_pipe uses execvp, which could lead to evaluation of the PATH variable from programs which underwent an AT_SECURE transition (e.g., SUID programs), which could lead to privilege escalation issues.
I'm providing an absolute path to the executable, so there must be no PATH evaluation. Am I missing something?
I'm talking about this: char prog_name[] = "addr2line"; As far as I can see, this is not just used as the argv[0] argument, but also as the program to execute.
With inlining, a single stack frame can expand to a list of source locations (reflecting the inlineed call stack). The current design does not take that into account.
I've found no system API to get multiple locations. So the Stacktrace API is designed to have at most 1 location.
addr2line can optionally resolve inlining information. The additional frames come from the DWARF data.