RFR: JDK-8262199: TOCTOU in jli args.c

Matthias Baesken mbaesken at openjdk.java.net
Tue Feb 23 14:03:52 UTC 2021


Sonar reports a finding in args.c, where a file check is done .
Stat performs a check on file, and later fopen is called on the file :
https://sonarcloud.io/project/issues?id=shipilev_jdk&languages=c&open=AXck8CL0BBG2CXpcnhtM&resolved=false&types=VULNERABILITY

The coding could be slightly rewritten so that the potential TOCTOU is removed (however I do not think that it is such a big issue).

-------------

Commit messages:
 - JDK-8262199

Changes: https://git.openjdk.java.net/jdk/pull/2692/files
 Webrev: https://webrevs.openjdk.java.net/?repo=jdk&pr=2692&range=00
  Issue: https://bugs.openjdk.java.net/browse/JDK-8262199
  Stats: 32 lines in 1 file changed: 12 ins; 16 del; 4 mod
  Patch: https://git.openjdk.java.net/jdk/pull/2692.diff
  Fetch: git fetch https://git.openjdk.java.net/jdk pull/2692/head:pull/2692

PR: https://git.openjdk.java.net/jdk/pull/2692


More information about the core-libs-dev mailing list