← Back to index | Original Bugzilla link

Bug 24315 – dmd/cpreprocess.d:87: warning: use of tmpnam is dangerous use mkstemp

Status: RESOLVED
Resolution: FIXED
Severity: regression
Priority: P1
Component: dmd
Product: D
Version: D2
Platform: All
OS: Linux
Creation time: 2024-01-02T12:42:01Z
Last change time: 2024-02-02T10:07:15Z
Keywords: ImportC, pull
Assigned to: No Owner
Creator: Iain Buclaw

Comments

Comment #0 by ibuclaw — 2024-01-02T12:42:01Z

ld now gives the following warning when building dmd. Offending line of code here: https://github.com/dlang/dmd/blob/91e157558bd8a386cef97064f6a5d7c9f332b5d2/compiler/src/dmd/cpreprocess.d#L87

Comment #1 by ibuclaw — 2024-01-02T13:21:39Z

This is a regression. github.com/dlang/dmd/pull/15981

Comment #2 by bugzilla — 2024-01-03T08:07:23Z

The problem with using mkstemp() is it returns a file descriptor. I need it to return a file name. Any way the warning can be turned off?

Comment #3 by bugzilla — 2024-01-03T18:47:08Z

Maybe I just need to write our own tmpnam() function.

Comment #4 by kdevel — 2024-01-03T20:14:34Z

(In reply to Walter Bright from comment #2) > The problem with using mkstemp() is it returns a file descriptor. I need it > to return a file name. It returns the file name, too: [1] [2] [3] [4] [1] https://pubs.opengroup.org/onlinepubs/009604499/functions/mkstemp.html "The string in template should look like a filename with six trailing 'X' s; mkstemp() replaces each 'X' with a character from the portable filename character set." [2] https://forum.dlang.org/post/[email protected] "Getting a safe path for a temporary file" [3] https://forum.dlang.org/post/[email protected] "temporary files - what is the resolution?" [4] https://www.gnu.org/software/gnulib/manual/html_node/mkstemp.html

Comment #5 by bugzilla — 2024-01-06T01:55:23Z

It returns a file descriptor for an already opened file.

Comment #6 by kdevel — 2024-01-06T06:52:59Z

(In reply to Walter Bright from comment #5) > It returns a file descriptor for an already opened file. The descriptor is unused and can be safely closed (or the FILE* ptr fclosed after using fdopen). Using mkstemp is how to create a named temporary file lege artis in GNU/Linux [5]. The actual filename is in the writable template-buffer given as parameter to mkstemp. The preprocessor will put its output into that file. I was under the impression that not the POSIX but the Windows version could pose problems here? [5] sec 2.2.2. (p. 7) of Ulrich Drepper: Defensive Programming for Red Hat Enterprise Linux (and What To Do If Something Goes Wrong) http://people.redhat.com/drepper/defprogramming.pdf

Comment #7 by ibuclaw — 2024-01-06T22:27:56Z

(In reply to Walter Bright from comment #5) > It returns a file descriptor for an already opened file. The passed string is an out parameter as well. @kdevel one convenience of tmpnam is that you don't have to worry about where the $TEMP directory is located for the vagary of supported platforms. > Maybe I just need to write our own tmpnam() function. The generic-ish implementation should be simple enough, could return a slice too instead of a pointer.

Comment #8 by dlang-bot — 2024-02-01T04:21:23Z

@WalterBright created dlang/dmd pull request #16126 "fix bugzilla Issue 24315 - dmd/cpreprocess.d:87: warning: use of tmpn…" fixing this issue: - fix bugzilla Issue 24315 - dmd/cpreprocess.d:87: warning: use of tmpnam is dangerous use mkstemp https://github.com/dlang/dmd/pull/16126

Comment #9 by dlang-bot — 2024-02-02T10:07:15Z

dlang/dmd pull request #16126 "fix bugzilla Issue 24315 - dmd/cpreprocess.d:87: warning: use of tmpn…" was merged into master: - 01b8d5d8534d0ba1a6cbe516040fa70221320344 by Walter Bright: fix bugzilla Issue 24315 - dmd/cpreprocess.d:87: warning: use of tmpnam is dangerous use mkstemp https://github.com/dlang/dmd/pull/16126