Bug Summary

File:build/libiberty/choose-temp.c
Warning:line 71, column 7
Call to function 'mktemp' is insecure as it always creates or uses insecure temporary file. Use 'mkstemp' instead

Annotated Source Code

Press '?' to see keyboard shortcuts

clang -cc1 -cc1 -triple x86_64-unknown-linux-gnu -analyze -disable-free -disable-llvm-verifier -discard-value-names -main-file-name choose-temp.c -analyzer-store=region -analyzer-opt-analyze-nested-blocks -analyzer-checker=core -analyzer-checker=apiModeling -analyzer-checker=unix -analyzer-checker=deadcode -analyzer-checker=security.insecureAPI.UncheckedReturn -analyzer-checker=security.insecureAPI.getpw -analyzer-checker=security.insecureAPI.gets -analyzer-checker=security.insecureAPI.mktemp -analyzer-checker=security.insecureAPI.mkstemp -analyzer-checker=security.insecureAPI.vfork -analyzer-checker=nullability.NullPassedToNonnull -analyzer-checker=nullability.NullReturnedFromNonnull -analyzer-output plist -w -setup-static-analyzer -analyzer-config-compatibility-mode=true -mrelocation-model pic -pic-level 1 -fhalf-no-semantic-interposition -mframe-pointer=none -fmath-errno -fno-rounding-math -mconstructor-aliases -munwind-tables -target-cpu x86-64 -tune-cpu generic -debugger-tuning=gdb -fcoverage-compilation-dir=/home/marxin/BIG/buildbot/buildworker/marxinbox-gcc-clang-static-analyzer/objdir/libiberty -resource-dir /usr/lib64/clang/13.0.0 -D HAVE_CONFIG_H -I . -I /home/marxin/BIG/buildbot/buildworker/marxinbox-gcc-clang-static-analyzer/build/libiberty/../include -D _GNU_SOURCE -internal-isystem /usr/lib64/clang/13.0.0/include -internal-isystem /usr/local/include -internal-isystem /usr/bin/../lib64/gcc/x86_64-suse-linux/11/../../../../x86_64-suse-linux/include -internal-externc-isystem /include -internal-externc-isystem /usr/include -O2 -Wwrite-strings -fconst-strings -fdebug-compilation-dir=/home/marxin/BIG/buildbot/buildworker/marxinbox-gcc-clang-static-analyzer/objdir/libiberty -ferror-limit 19 -fcf-protection=full -fgnuc-version=4.2.1 -vectorize-loops -vectorize-slp -analyzer-output=plist-html -analyzer-config silence-checkers=core.NullDereference -faddrsig -D__GCC_HAVE_DWARF2_CFI_ASM=1 -o /home/marxin/BIG/buildbot/buildworker/marxinbox-gcc-clang-static-analyzer/objdir/clang-static-analyzer/2021-11-20-133755-20252-1/report-ys9sDK.plist -x c /home/marxin/BIG/buildbot/buildworker/marxinbox-gcc-clang-static-analyzer/build/libiberty/choose-temp.c
1/* Utility to pick a temporary filename prefix.
2 Copyright (C) 1996-2021 Free Software Foundation, Inc.
3
4This file is part of the libiberty library.
5Libiberty is free software; you can redistribute it and/or
6modify it under the terms of the GNU Library General Public
7License as published by the Free Software Foundation; either
8version 2 of the License, or (at your option) any later version.
9
10Libiberty is distributed in the hope that it will be useful,
11but WITHOUT ANY WARRANTY; without even the implied warranty of
12MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13Library General Public License for more details.
14
15You should have received a copy of the GNU Library General Public
16License along with libiberty; see the file COPYING.LIB. If not,
17write to the Free Software Foundation, Inc., 51 Franklin Street - Fifth Floor,
18Boston, MA 02110-1301, USA. */
19
20#ifdef HAVE_CONFIG_H1
21#include "config.h"
22#endif
23
24#include <stdio.h> /* May get P_tmpdir. */
25#include <sys/types.h>
26#ifdef HAVE_UNISTD_H1
27#include <unistd.h>
28#endif
29#ifdef HAVE_STDLIB_H1
30#include <stdlib.h>
31#endif
32#ifdef HAVE_STRING_H1
33#include <string.h>
34#endif
35
36#include "libiberty.h"
37
38/* Name of temporary file.
39 mktemp requires 6 trailing X's. */
40#define TEMP_FILE"ccXXXXXX" "ccXXXXXX"
41#define TEMP_FILE_LEN(sizeof("ccXXXXXX") - 1) (sizeof(TEMP_FILE"ccXXXXXX") - 1)
42
43/*
44
45@deftypefn Extension char* choose_temp_base (void)
46
47Return a prefix for temporary file names or @code{NULL} if unable to
48find one. The current directory is chosen if all else fails so the
49program is exited if a temporary directory can't be found (@code{mktemp}
50fails). The buffer for the result is obtained with @code{xmalloc}.
51
52This function is provided for backwards compatibility only. Its use is
53not recommended.
54
55@end deftypefn
56
57*/
58
59char *
60choose_temp_base (void)
61{
62 const char *base = choose_tmpdir ();
63 char *temp_filename;
64 int len;
65
66 len = strlen (base);
67 temp_filename = XNEWVEC (char, len + TEMP_FILE_LEN + 1)((char *) xmalloc (sizeof (char) * (len + (sizeof("ccXXXXXX")
- 1) + 1)))
;
68 strcpy (temp_filename, base);
69 strcpy (temp_filename + len, TEMP_FILE"ccXXXXXX");
70
71 if (mktemp (temp_filename) == 0)
Call to function 'mktemp' is insecure as it always creates or uses insecure temporary file. Use 'mkstemp' instead
72 abort ();
73 return temp_filename;
74}