RFR: JDK-8262199: TOCTOU in jli args.c [v2]
Matthias Baesken
mbaesken at openjdk.java.net
Tue Feb 23 14:33:08 UTC 2021
> Sonar reports a finding in args.c, where a file check is done .
> Stat performs a check on file, and later fopen is called on the file :
> https://sonarcloud.io/project/issues?id=shipilev_jdk&languages=c&open=AXck8CL0BBG2CXpcnhtM&resolved=false&types=VULNERABILITY
>
> The coding could be slightly rewritten so that the potential TOCTOU is removed (however I do not think that it is such a big issue).
Matthias Baesken has updated the pull request incrementally with one additional commit since the last revision:
Small changes
-------------
Changes:
- all: https://git.openjdk.java.net/jdk/pull/2692/files
- new: https://git.openjdk.java.net/jdk/pull/2692/files/78467273..8b106a14
Webrevs:
- full: https://webrevs.openjdk.java.net/?repo=jdk&pr=2692&range=01
- incr: https://webrevs.openjdk.java.net/?repo=jdk&pr=2692&range=00-01
Stats: 2 lines in 1 file changed: 1 ins; 0 del; 1 mod
Patch: https://git.openjdk.java.net/jdk/pull/2692.diff
Fetch: git fetch https://git.openjdk.java.net/jdk pull/2692/head:pull/2692
PR: https://git.openjdk.java.net/jdk/pull/2692
More information about the core-libs-dev
mailing list