| [AD] Maybe bug in pack_fopen_chunk |
[ Thread Index |
Date Index
| More lists.liballeg.org/allegro-developers Archives
]
In pack_fopen_chunk, file.c, line 2007 there is a bit of code involving tmpnam:
====
/* note: since the filename creation and the opening are not
* an atomic operation, this is not secure
*/
tmpnam_string = tmpnam(NULL);
tmp_name = _AL_MALLOC_ATOMIC(strlen(tmp_dir) +
strlen(tmpnam_string) + 2);
sprintf(tmp_name, "%s/%s", tmp_dir, tmpnam_string);
if (tmp_name) {
#ifndef ALLEGRO_MPW
tmp_fd = open(tmp_name, O_RDWR | O_BINARY | O_CREAT |
O_EXCL, OPEN_PERMS);
#else
tmp_fd = _al_open(tmp_name, O_RDWR | O_BINARY | O_CREAT | O_EXCL);
#endif
}
====
tmp_dir has already been set up (to /tmp or whatever)
On OSX (and as far as I can tell from the manpages, on Linux too),
tmpnam() already supplies the path to the temporary file, (I get
something like '/var/tmp/tmp.0.nvWJmI') so the final value of tmp_name
is something like '/tmp//var/tmp/tmp.0.nvWJmI'. This is a non-existent
path and open() fails.
Please can someone confirm that on Linux, tmpnam provides a path?
Looking at the wider context, those lines are only used if
HAVE_MKSTEMP is not defined (mkstemp() is a much better way to do it,
and most systems I think have mkstemp) so there is a second bug -
namely OSX should define HAVE_MKSTEMP. I'll look into that one.
Pete