http://gcc.gnu.org/bugzilla/show_bug.cgi?id=59687
Bug ID: 59687
Summary: The description of ios::noreplace is hilarious
Product: gcc
Version: 4.8.1
Status: UNCONFIRMED
Severity: major
Priority: P3
Component: libstdc++
Assignee: unassigned at gcc dot gnu.org
Reporter: giecrilj at stegny dot 2a.pl
The page "Backwards Compatibility" [1] says:
> For output streams, “nocreate” is probably the default, unless you specify
> std::ios::trunc ?
Probably??? Could you please estimate the probability?
Also inconsistent with the table at filebuf::open that does not mention "x"
mode to be actually used.
> To be safe, you can open the file for reading, check if it has been opened,
> and then decide whether you want to create/replace or not.
This may be true when there is only one process and one thread; otherwise it is
blatant disinformation and wishful thinking — see the page "C++ TOCTOU
Vulnerability" in the CERT Secure Coding Manual [2].
___
[1] <URL:
http://gcc.gnu.org/onlinedocs/libstdc++/manual/backwards.html#backwards.third.nocreate_noreplace
>
[2] <URL:
https://www.securecoding.cert.org/confluence/download/attachments/40402999/09%20Race%20Conditions.pdf
>
