bad usage of mkstemp+PIL

Bug #576061 reported by Yomgui on 2010-05-05
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Phatch
Wishlist
Unassigned
phatch (Ubuntu)
Undecided
Unassigned

Bug Description

Binary package hint: phatch

lib/thumbnail and imtools use mkstemp() to save some images.
The returned fd is not used directly, only the name of the generated name is pushed to PIL
using Image.save() method.

But this method uses __builtins__.open(filename, 'wb') to open the mkstemp() file.

The problem comes on the fact Python open function calls fopen().
That's not correct for files opened with mkstemp().

In fact on linux, mac and windows platforms, fopen/open implementations do the job without issues.
But it's not compliant to the C standard because some race conditions may appears.

A good usage of file opened with mkstemp() is to use fdopen() on the returned fd number.
Then gives the fdopen() resulting FILE stream pointer to PIL Image.save() method.

I know it's not make wrong current supported platform, but I'm trying to port Phatch on a new platform
named MorphOS. It's non-POSIX (and more a BSD compliant). and fopen(xxx, "w") on the python mkstemp() files doesn't work (file busy error).

It's not an 'error' from POSIX or from MorphOS, just the fact that the standard is not strict enough.

For example, check this mkstemp() man page here http://www.daemon-systems.org/man/mkstemp.3.html
See the example usage of mkstemp() (Your current usage is more like the non-secure mktemp() function).

Stani (stani) wrote :

Please feel free to provide a patch.

Changed in phatch:
importance: Undecided → Wishlist
status: New → Triaged
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers