Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

strange warning in build process #15

Open
sl1pkn07 opened this issue Dec 25, 2016 · 4 comments
Open

strange warning in build process #15

sl1pkn07 opened this issue Dec 25, 2016 · 4 comments

Comments

@sl1pkn07
Copy link 

Building JPEG XR shared lib
mkdir -p /tmp/makepkg/jxrlib-git/src/jxrlib/build
cc -shared /tmp/makepkg/jxrlib-git/src/jxrlib/build/image/encode/encode.o /tmp/makepkg/jxrlib-git/src/jxrlib/build/image/encode/segenc.o /tmp/makepkg/jxrlib-git/src/jxrlib/build/image/encode/strenc.o /tmp/makepkg/jxrlib-git/src/jxrlib/build/image/encode/strFwdTransform.o /tmp/makepkg/jxrlib-git/src/jxrlib/build/image/encode/strPredQuantEnc.o /tmp/makepkg/jxrlib-git/src/jxrlib/build/image/decode/decode.o /tmp/makepkg/jxrlib-git/src/jxrlib/build/image/decode/postprocess.o /tmp/makepkg/jxrlib-git/src/jxrlib/build/image/decode/segdec.o /tmp/makepkg/jxrlib-git/src/jxrlib/build/image/decode/strdec.o /tmp/makepkg/jxrlib-git/src/jxrlib/build/image/decode/strInvTransform.o /tmp/makepkg/jxrlib-git/src/jxrlib/build/image/decode/strPredQuantDec.o /tmp/makepkg/jxrlib-git/src/jxrlib/build/image/decode/JXRTranscode.o /tmp/makepkg/jxrlib-git/src/jxrlib/build/image/sys/adapthuff.o /tmp/makepkg/jxrlib-git/src/jxrlib/build/image/sys/image.o /tmp/makepkg/jxrlib-git/src/jxrlib/build/image/sys/strcodec.o /tmp/makepkg/jxrlib-git/src/jxrlib/build/image/sys/strPredQuant.o /tmp/makepkg/jxrlib-git/src/jxrlib/build/image/sys/strTransform.o /tmp/makepkg/jxrlib-git/src/jxrlib/build/image/sys/perfTimerANSI.o -o /tmp/makepkg/jxrlib-git/src/jxrlib/build/libjpegxr.so
/tmp/makepkg/jxrlib-git/src/jxrlib/build/image/encode/strenc.o: In function `StrIOEncInit':
strenc.c:(.text+0xc17): warning: the use of `tmpnam' is dangerous, better use `mkstemp'

gcc is 6.2.1

greetings
@sl1pkn07
Copy link
Author

same with gcc 7.1.1

@mloskot
Copy link

mloskot commented Jan 17, 2020

@sl1pkn07 What strange is in this warning?

https://www.gnu.org/software/libc/manual/html_node/Temporary-Files.html

Warning: Between the time the pathname is constructed and the file is created
another process might have created a file with the same name using tmpnam,
leading to a possible security hole.
The implementation generates names which can hardly be predicted, but when
opening the file you should use the O_EXCL flag.
Using tmpfile or mkstemp is a safe way to avoid this problem.

@sl1pkn07
Copy link
Author

sl1pkn07 commented Jan 17, 2020
edited
Loading

the strange is, why is appeared? is not possible silence by fix?

jxrlib/image/encode/strenc.c

Line 485 in 98e615d

if ((pFilename = tmpnam(NULL)) == NULL)

edit: same with gcc 9.2.0

@mloskot
Copy link

mloskot commented Jan 17, 2020
edited
Loading

the strange is, why is appeared?

Well, since that code uses the tmpnam function which is mentioned in the libc documentation as having potential security hole, the compiler issues the warning. There is literally nothing strange in that. I'd risk statement it is an expected behaviour.

is not possible silence by fix?

I'm sure it is possible. It's just that someone needs to do the work, fix it and propose patch. I'm sure this repo will be happy to accept a pull request...

melissalinkert added a commit to melissalinkert/jxrlib that referenced this issue Mar 14, 2024
@melissalinkert
Fix tmpnam warning
78e7e0f 
Fixes glencoesoftware#15, see https://salsa.debian.org/debian-phototools-team/jxrlib/-/commit/7e12ab1185b347c0edfd893471c055e3ae7830b5
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@mloskot @sl1pkn07