[libpng16] Eliminated the final two Coverity defects (insecure temporary file

handling in contrib/libtests/pngstest.c; possible overflow of unsigned char in contrib/tools/png-fix-itxt.c). To use the "secure" file handling, define PNG_USE_MKSTEMP, otherwise "tmpfile()" will continue to be used.
2025-07-10 18:04:09 +02:00 · 2015-06-10 07:05:18 -05:00
parent 4293254bef
commit f6e7551f06
4 changed files with 58 additions and 24 deletions
--- a/contrib/libtests/pngstest.c
+++ b/contrib/libtests/pngstest.c
@@ -3245,9 +3245,23 @@ write_one_file(Image *output, Image *image, int convert_to_8bit)

   if (image->opts & USE_STDIO)
   {
+#ifndef PNG_USE_MKSTEMP
+      FILE *f = tmpfile();
+#else
+      /* Experimental. Coverity says tmpfile() is insecure because it
+       * generates predictable names.
+       */
      char tmpfile[] = "pngstest-XXXXXX";
-      FILE *f = fopen(mktemp(tmpfile),"w+");
-
+      int filedes;
+      FILE *f;
+      umask(0600);
+      filedes = mkstemp(tmpfile);
+      if (filedes >= 0)
+        f = fdopen(filedes,"w+");
+      else
+        f = NULL;
+#endif
+      
      if (f != NULL)
      {
         if (png_image_write_to_stdio(&image->image, f, convert_to_8bit,