Possible bug in random name generation for mkostemp and friends
Bernhard Reutner-Fischer
rep.dot.nop at gmail.com
Sat Feb 2 23:04:27 UTC 2013
On 2 February 2013 22:28:10 "Anthony G. Basile"
<basile at opensource.dyc.edu> wrote:
> Hi everyone,
>
> While working on getting mkostemp and friends into musl, I looked
> closely at the uclibc code. In libc/misc/internals/tempname.c, in
> brain_damaged_fillrand() we have
>
> ....
> static uint64_t value;
> gettimeofday(&tv, NULL);
> value += ((uint64_t) tv.tv_usec << 16) ^ tv.tv_sec ^ getpid();
> ...
>
> Even though 'value' is declared static it is never initialized. Isn't
> this a problem? I know we want random values in value, but this is
> probably undefined behavior and who knows what the compiler will do with it.
This is C.
Sent with AquaMail for Android
http://www.aqua-mail.com
More information about the uClibc
mailing list