> Sonar reports a finding in args.c, where a file check is done . > Stat performs a check on file, and later fopen is called on the file : > https://sonarcloud.io/project/issues?id=shipilev_jdk&languages=c&open=AXck8CL0BBG2CXpcnhtM&resolved=false&types=VULNERABILITY > > The coding could be slightly rewritten so that the potential TOCTOU is > removed (however I do not think that it is such a big issue).
Matthias Baesken has updated the pull request incrementally with one additional commit since the last revision: Small changes ------------- Changes: - all: https://git.openjdk.java.net/jdk/pull/2692/files - new: https://git.openjdk.java.net/jdk/pull/2692/files/78467273..8b106a14 Webrevs: - full: https://webrevs.openjdk.java.net/?repo=jdk&pr=2692&range=01 - incr: https://webrevs.openjdk.java.net/?repo=jdk&pr=2692&range=00-01 Stats: 2 lines in 1 file changed: 1 ins; 0 del; 1 mod Patch: https://git.openjdk.java.net/jdk/pull/2692.diff Fetch: git fetch https://git.openjdk.java.net/jdk pull/2692/head:pull/2692 PR: https://git.openjdk.java.net/jdk/pull/2692
