Possible bug in random name generation for mkostemp and friends
Anthony G. Basile
basile at opensource.dyc.edu
Sat Feb 2 21:28:10 UTC 2013
Hi everyone,
While working on getting mkostemp and friends into musl, I looked
closely at the uclibc code. In libc/misc/internals/tempname.c, in
brain_damaged_fillrand() we have
....
static uint64_t value;
gettimeofday(&tv, NULL);
value += ((uint64_t) tv.tv_usec << 16) ^ tv.tv_sec ^ getpid();
...
Even though 'value' is declared static it is never initialized. Isn't
this a problem? I know we want random values in value, but this is
probably undefined behavior and who knows what the compiler will do with it.
--Tony
--
Anthony G. Basile, Ph. D.
Chair of Information Technology
D'Youville College
Buffalo, NY 14201
(716) 829-8197
More information about the uClibc
mailing list