bad usage of mkstemp+PIL
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| Phatch |
Triaged
|
Wishlist
|
Unassigned | ||
| phatch (Ubuntu) |
New
|
Undecided
|
Unassigned | ||
Bug Description
Binary package hint: phatch
lib/thumbnail and imtools use mkstemp() to save some images.
The returned fd is not used directly, only the name of the generated name is pushed to PIL
using Image.save() method.
But this method uses __builtins_
The problem comes on the fact Python open function calls fopen().
That's not correct for files opened with mkstemp().
In fact on linux, mac and windows platforms, fopen/open implementations do the job without issues.
But it's not compliant to the C standard because some race conditions may appears.
A good usage of file opened with mkstemp() is to use fdopen() on the returned fd number.
Then gives the fdopen() resulting FILE stream pointer to PIL Image.save() method.
I know it's not make wrong current supported platform, but I'm trying to port Phatch on a new platform
named MorphOS. It's non-POSIX (and more a BSD compliant). and fopen(xxx, "w") on the python mkstemp() files doesn't work (file busy error).
It's not an 'error' from POSIX or from MorphOS, just the fact that the standard is not strict enough.
For example, check this mkstemp() man page here http://
See the example usage of mkstemp() (Your current usage is more like the non-secure mktemp() function).
| Stani (stani) wrote | #1 |
| Changed in phatch: | |
| importance: | Undecided → Wishlist |
| status: | New → Triaged |
Please feel free to provide a patch.