RFR: JDK-8262199: TOCTOU in jli args.c
Matthias Baesken
mbaesken at openjdk.java.net
Tue Feb 23 14:03:52 UTC 2021
Sonar reports a finding in args.c, where a file check is done .
Stat performs a check on file, and later fopen is called on the file :
https://sonarcloud.io/project/issues?id=shipilev_jdk&languages=c&open=AXck8CL0BBG2CXpcnhtM&resolved=false&types=VULNERABILITY
The coding could be slightly rewritten so that the potential TOCTOU is removed (however I do not think that it is such a big issue).
-------------
Commit messages:
- JDK-8262199
Changes: https://git.openjdk.java.net/jdk/pull/2692/files
Webrev: https://webrevs.openjdk.java.net/?repo=jdk&pr=2692&range=00
Issue: https://bugs.openjdk.java.net/browse/JDK-8262199
Stats: 32 lines in 1 file changed: 12 ins; 16 del; 4 mod
Patch: https://git.openjdk.java.net/jdk/pull/2692.diff
Fetch: git fetch https://git.openjdk.java.net/jdk pull/2692/head:pull/2692
PR: https://git.openjdk.java.net/jdk/pull/2692
More information about the core-libs-dev
mailing list