[vlc-devel] [PATCH] record: use vlc_mkstemp instead of tempnam

[Lyndon Brown]

Indeed. Apologies. I've made a mistake here in terms of misidentifying
this pair of patches as being completed work when I picked them out of
the pile for submission the other night. As I just discussed in my
response to Steve, he has reminded me that I'd been intending to
actually ask some questions in precisely the area he noticed as a
problem, having had concerns myself at the time about the paths being
passed to vlc_mkstemp() in existing code, which mine copied.

I may have also been intending to ask for suggestion about tackling the
FIXME.

As for the lack warning, there's no existing warning there. I don't
recall whether I intended to ask if it would be acceptable to add one,
or leave that alone. I presume you do want one added?


On Mon, 2020-09-28 at 10:20 +0300, Rémi Denis-Courmont wrote:
> Hi,
> 
> Besides Steve's portability objections, this patch does not make much
> sense. It suffers from the exact same problems as the existing code,
> just more complicated and without a warning.
> 
> Le 27 septembre 2020 23:30:20 GMT+03:00, Lyndon Brown <
> jnqnfe at gmail.com> a écrit :
> > attached. preview:
> > 
> > From: Lyndon Brown <jnqnfe at gmail.com>
> > Date: Fri, 29 Mar 2019 14:31:38 +0000
> > Subject: record: use vlc_mkstemp instead of tempnam
> > 
> > resolves compile warning about insecure function
> > 
> > diff --git a/modules/stream_out/record.c
> > b/modules/stream_out/record.c
> > index ce2ce958e7..f205c610f6 100644
> > --- a/modules/stream_out/record.c
> > +++ b/modules/stream_out/record.c
> > @@ -465,10 +465,20 @@ static void OutputStart( sout_stream_t
> > *p_stream )
> >              char *psz_file;
> >              int i_es;
> >  
> > -            psz_file = tempnam( NULL, "vlc" );
> > +            psz_file = strdup( DIR_SEP"tmp"DIR_SEP"vlc-
> > recording.XXXXXX" );
> >              if( !psz_file )
> >                  continue;
> >  
> > +            int fd = vlc_mkstemp( psz_file );
> > +
> > +            if( fd == -1 )
> > +                continue;
> > +
> > +            /* FIXME: unlink after creation, we only want to
> > create it here,
> > +               not hold it open since sout takes a path to open
> > not an FD of
> > +               an already open file */
> > +            vlc_unlink( psz_file );
> > +
> >              msg_Dbg( p_stream, "probing muxer %s",
> > ppsz_muxers[i][0] );
> >              i_es = OutputNew( p_stream, ppsz_muxers[i][0],
> > psz_file, NULL );
> >  
> 
> _______________________________________________
> vlc-devel mailing list
> To unsubscribe or modify your subscription options:
> https://mailman.videolan.org/listinfo/vlc-devel