cheng/libpng
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

[libpng16] Quieted two Coverity issues in contrib/libtests/timepng.c.

Browse Source
This commit is contained in:
Glenn Randers-Pehrson 2016-04-28 21:23:37 -05:00
parent 2b9f68631c
commit 8c754b1834
3 changed files with 43 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
ANNOUNCE
View File

@ -1,4 +1,4 @@
Libpng 1.6.22beta06 - April 28, 2016 Libpng 1.6.22beta06 - April 29, 2016
This is not intended to be a public release. It will be replaced This is not intended to be a public release. It will be replaced
within a few weeks by a public version or by another test version. within a few weeks by a public version or by another test version.
@ -91,8 +91,9 @@ Version 1.6.22beta05 [April 27, 2016]
Fixed typo (missing underscore) in #define PNG_READ_16_TO_8_SUPPORTED Fixed typo (missing underscore) in #define PNG_READ_16_TO_8_SUPPORTED
(Bug report by Y.Ohashik). (Bug report by Y.Ohashik).
Version 1.6.22beta06 [April 28, 2016] Version 1.6.22beta06 [April 29, 2016]
Rebased contrib/intel_sse.patch. Rebased contrib/intel_sse.patch.
Quieted two Coverity issues in contrib/libtests/timepng.c.
Send comments/corrections/commendations to png-mng-implement at lists.sf.net Send comments/corrections/commendations to png-mng-implement at lists.sf.net
(subscription required; visit (subscription required; visit

3
CHANGES
View File

@ -5551,8 +5551,9 @@ Version 1.6.22beta05 [April 27, 2016]
Fixed typo (missing underscore) in #define PNG_READ_16_TO_8_SUPPORTED Fixed typo (missing underscore) in #define PNG_READ_16_TO_8_SUPPORTED
(Bug report by Y.Ohashik). (Bug report by Y.Ohashik).
Version 1.6.22beta06 [April 28, 2016] Version 1.6.22beta06 [April 29, 2016]
Rebased contrib/intel_sse.patch. Rebased contrib/intel_sse.patch.
Quieted two Coverity issues in contrib/libtests/timepng.c.
Send comments/corrections/commendations to png-mng-implement at lists.sf.net Send comments/corrections/commendations to png-mng-implement at lists.sf.net
(subscription required; visit (subscription required; visit

38
contrib/libtests/timepng.c
View File

@ -394,6 +394,12 @@ int main(int argc, char **argv)
argv[3]); argv[3]);
exit(99); exit(99);
} }
#ifdef __COVERITY__
else
{
nfiles &= 0x7fffffff;
}
#endif
argv += 3; argv += 3;
argc -= 3; argc -= 3;
@ -401,7 +407,39 @@ int main(int argc, char **argv)
else /* Else use a temporary file */ else /* Else use a temporary file */
{ {
#ifndef __COVERITY__
fp = tmpfile(); fp = tmpfile();
#else
/* Experimental. Coverity says tmpfile() is insecure because it
* generates predictable names.
*
* It is possible to satisfy Coverity by using mkstemp(); however,
* any platform supporting mkstemp() undoubtedly has a secure tmpfile()
* implementation as well, and doesn't need the fix. Note that
* the fix won't work on platforms that don't support mkstemp().
*
* https://www.securecoding.cert.org/confluence/display/c/
* FIO21-C.+Do+not+create+temporary+files+in+shared+directories
* says that most historic implementations of tmpfile() provide
* only a limited number of possible temporary file names
* (usually 26) before file names are recycled. That article also
* provides a secure solution that unfortunately depends upon mkstemp().
*/
char tmpfile[] = "timepng-XXXXXX";
int filedes;
umask(0177);
filedes = mkstemp(tmpfile);
if (filedes < 0)
fp = NULL;
else
{
fp = fdopen(filedes,"w+");
/* Hide the filename immediately and ensure that the file does
* not exist after the program ends
*/
(void) unlink(tmpfile);
}
#endif
if (fp == NULL) if (fp == NULL)
{ {