http://gcc.gnu.org/bugzilla/show_bug.cgi?id=59687
Bug ID: 59687 Summary: The description of ios::noreplace is hilarious Product: gcc Version: 4.8.1 Status: UNCONFIRMED Severity: major Priority: P3 Component: libstdc++ Assignee: unassigned at gcc dot gnu.org Reporter: giecrilj at stegny dot 2a.pl The page "Backwards Compatibility" [1] says: > For output streams, “nocreate” is probably the default, unless you specify > std::ios::trunc ? Probably??? Could you please estimate the probability? Also inconsistent with the table at filebuf::open that does not mention "x" mode to be actually used. > To be safe, you can open the file for reading, check if it has been opened, > and then decide whether you want to create/replace or not. This may be true when there is only one process and one thread; otherwise it is blatant disinformation and wishful thinking — see the page "C++ TOCTOU Vulnerability" in the CERT Secure Coding Manual [2]. ___ [1] <URL: http://gcc.gnu.org/onlinedocs/libstdc++/manual/backwards.html#backwards.third.nocreate_noreplace > [2] <URL: https://www.securecoding.cert.org/confluence/download/attachments/40402999/09%20Race%20Conditions.pdf >