On Tue, 23 Feb 2021 14:30:17 GMT, Matthias Baesken <mbaes...@openjdk.org> wrote:
>> Sonar reports a finding in args.c, where a file check is done . >> Stat performs a check on file, and later fopen is called on the file : >> https://sonarcloud.io/project/issues?id=shipilev_jdk&languages=c&open=AXck8CL0BBG2CXpcnhtM&resolved=false&types=VULNERABILITY >> >> The coding could be slightly rewritten so that the potential TOCTOU is >> removed (however I do not think that it is such a big issue). > > Matthias Baesken has updated the pull request incrementally with one > additional commit since the last revision: > > Small changes Marked as reviewed by clanger (Reviewer). ------------- PR: https://git.openjdk.java.net/jdk/pull/2692
