PHP :: Doc Bug #21029 :: mysql warning involving my

mysql warning involving my_tempnam.c is misleading

Submitted:

2002-12-15 11:08 UTC

Modified:

2003-07-18 12:03 UTC

Votes:	8
Avg. Score:	4.8 ± 0.7
Reproduced:	8 of 8 (100.0%)
Same Version:	6 (75.0%)
Same OS:	7 (87.5%)

From:

php at 5en1 dot com

Assigned:

Status:

Closed

Package:

Documentation problem

PHP Version:

4.3.2RC1

OS:

all

Private report:

CVE-ID:

None

View Developer Edit

[2002-12-15 11:08 UTC] php at 5en1 dot com

hi
on several system "make" crashed because tempnam is not secur.
I've fixed that bug.
new content of the "my_tempnam.c" working perfectly :
(located in etx/mysql if i remember good)





/* Copyright Abandoned 1996 TCX DataKonsult AB & Monty Program KB & Detron HB 
This file is public domain and comes with NO WARRANTY of any kind */

/*
  This function is only used by some old ISAM code.
  When we remove ISAM support from MySQL, we should also delete this file

  One should instead use the functions in mf_tempfile.c
*/

#include "mysys_priv.h"
#include <m_string.h>
#include "my_static.h"
#include "mysys_err.h"

#define TMP_EXT ".tmp"				/* Extension of tempfile  */
#if ! defined(P_tmpdir)
#define P_tmpdir ""
#endif

#ifdef HAVE_TEMPNAM
#if !defined( MSDOS) && !defined(OS2)
extern char **environ;
#endif
#endif

/* Make a uniq temp file name by using dir and adding something after
   pfx to make name uniq. Name is made by adding a uniq 8 length-string and
   TMP_EXT after pfx.
   Returns pointer to malloced area for filename. Should be freed by
   free().
   The name should be uniq, but it isn't checked if it file allready exists.
   Uses tempnam() if function exist on system.
   This function fixes that if dir is given it's used. For example
   MSDOS tempnam() uses always TMP environment-variable if it exists.
*/
	/* ARGSUSED */

my_string my_tempnam(const char *dir, const char *pfx,
		     myf MyFlags  __attribute__((unused)))
{
#ifdef _MSC_VER
  char temp[FN_REFLEN],*end,*res,**old_env,*temp_env[1];
  old_env=environ;
  if (dir)
  {
    end=strend(dir)-1;
    if (!dir[0])
    {				/* Change empty string to current dir */
      temp[0]= FN_CURLIB;
      temp[1]= 0;
      dir=temp;
    }
    else if (*end == FN_DEVCHAR)
    {				/* Get current dir for drive */
      _fullpath(temp,dir,FN_REFLEN);
      dir=temp;
    }
    else if (*end == FN_LIBCHAR && dir < end && end[-1] != FN_DEVCHAR)
    {
      strmake(temp,dir,(uint) (end-dir));	/* Copy and remove last '\' */
      dir=temp;
    }
    environ=temp_env;		/* Force use of dir (dir not checked) */
    temp_env[0]=0;
  }
  
  res=mkstemp(my_string);
  environ=old_env;
  return res;
#else
#ifdef __ZTC__
  if (!dir)
  {				/* If empty test first if TMP can be used */
    dir=getenv("TMP");
  }
  return mkstemp(my_string); /* Use stand. dir with prefix */
#else
#ifdef HAVE_TEMPNAM
  char temp[2],*res,**old_env,*temp_env[1];

  if (dir && !dir[0])
  {				/* Change empty string to current dir */
    temp[0]= FN_CURLIB;
    temp[1]= 0;
    dir=temp;
  }
#ifdef OS2
  /* changing environ variable doesn't work with VACPP */
  char  buffer[256];
  sprintf( buffer, "TMP=%s", dir);
  /* remove ending backslash */
  if (buffer[strlen(buffer)-1] == '\\')
     buffer[strlen(buffer)-1] = '\0';
  putenv( buffer);
#else
  old_env=(char**)environ;
  if (dir)
  {				/* Don't use TMPDIR if dir is given */
    ((char **)environ)=(char**)temp_env;		/* May give warning */
    temp_env[0]=0;
  }
#endif
  
  res=mkstemp("bidule");
#ifndef OS2
  ((char**)environ)=(char**)old_env;		/* May give warning */
#endif
  if (!res)
    DBUG_PRINT("error",("Got error: %d from tempnam",errno));
  return res;
#else
  register long uniq;
  register int length;
  my_string pos,end_pos;
  DBUG_ENTER("my_tempnam");
					/* Make a uniq nummber */
  pthread_mutex_lock(&THR_LOCK_open);
  uniq= ((long) getpid() << 20) + (long) _my_tempnam_used++ ;
  pthread_mutex_unlock(&THR_LOCK_open);
  if (!dir && !(dir=getenv("TMPDIR")))	/* Use this if possibly */
    dir=P_tmpdir;			/* Use system default */
  length=strlen(dir)+strlen(pfx)+1;

  DBUG_PRINT("test",("mallocing %d byte",length+8+sizeof(TMP_EXT)+1));
  if (!(pos=(char*) malloc(length+8+sizeof(TMP_EXT)+1)))
  {
    if (MyFlags & MY_FAE+MY_WME)
      my_error(EE_OUTOFMEMORY, MYF(ME_BELL+ME_WAITTANG),
	       length+8+sizeof(TMP_EXT)+1);
    DBUG_RETURN(NullS);
  }
  end_pos=strmov(pos,dir);
  if (end_pos != pos && end_pos[-1] != FN_LIBCHAR)
    *end_pos++=FN_LIBCHAR;
  end_pos=strmov(end_pos,pfx);

  for (length=0 ; length < 8 && uniq ; length++)
  {
    *end_pos++= _dig_vec[(int) (uniq & 31)];
    uniq >>= 5;
  }
  VOID(strmov(end_pos,TMP_EXT));
  DBUG_PRINT("exit",("tempnam: '%s'",pos));
  DBUG_RETURN(pos);
#endif /* HAVE_TEMPNAM */
#endif /* __ZTC__ */
#endif /* _MSC_VER */
} /* my_tempnam */

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2002-12-15 11:15 UTC] derick@php.net

Please provide an unified diff (diff -u) against the latest CVS version.

Derick

[2002-12-15 11:59 UTC] php at 5en1 dot com

oups
i don't understand anything
i'm totally a linux newbie
i've only linux on my webserver, so it's not really good to try...
can you do that for me ?
thanks

[2002-12-15 16:10 UTC] sniper@php.net

Not a PHP bug. (gcc should not consider that 'error' as fatal, previous versions just output a warning about it..)

[2002-12-16 12:29 UTC] php at 5en1 dot com

why did it not continue de compiling so ???
however, it's easy to fix this "warning", why do you wont do it ????????

[2002-12-16 12:47 UTC] iliaa@php.net

Because the warning is not in the PHP code, but rather then mysql library. Until the developers of that library (MySQL Developers) decide that this issue is something worth fixing, we PHP developers can do nothing but wait. There may be reasons why they chose this function over the 'safer' alternative. No matter the compiler warning messages will never prevent successful compilation, they are WARNING not ERRORs, that is unless you've made your compiler 'die' on warnings.

[2003-01-29 18:09 UTC] djlopez at gmx dot de

Hi,
on FreeBSD 4.4 I'm doing "make" and the warning appears, but it HALTS on this warning, and no php binary is made!!

[2003-01-29 18:32 UTC] msopacua@php.net

No - it doesn't (trust me). But please ask about this at php-install@php.net.

[2003-01-29 23:08 UTC] philip@php.net

It's finally time we make a FAQ out of this. Ilia's comments provide enough to make a good start so this is being reclassified as an open documentation problem.

[2003-03-01 09:19 UTC] ibj at earthlink dot net

I think the mysql code has been fixed. I was getting the same compiler error, but after downloading the source for the latest version of mysql (3.23.55) and pointing the config --with-mysql option at the unpacked mysql source, it compiled without a hitch. The build was for PHP4.3.1 on RedHat Linux 7.2 (2.4.18 kernel). Hope this helps!

[2003-03-15 12:36 UTC] philip@php.net

This is now documented:
http://cvs.php.net/cvs.php/phpdoc/en/faq/build.xml

Thanks for the report :)

[2003-03-16 16:54 UTC] philip@php.net

Reopening until we know the following:

a) When was this warning resolved in the MySQL source?
b) List any differences [for this tempnam warn] between
   bundled and external MySQL libs.

Assigning to self but please feel free to discuss and leave comments :)

[2003-04-01 15:42 UTC] willie at pdfsystems dot com

hi all;
Sorry to clutter the database but I've searched everywhere else and can't find an answer.  I have been trying to install php 4.3.1 I am using Redhat 8 Apache 2.x with MySQL4.0.12. I have gotten the same error with Redhat 7.3 apache 1.3.x and MySQL 3.23.56.  I configure ./configure --with apxs2 --with-mysql --enable-track-vars  I get the my-tempnam error and no binary is made.  i tried make -k(continue) but still nothing. php4.2.x compiles fine with the above systems.

[2003-04-01 17:56 UTC] philip@php.net

Unassigning from self as I don't know this topic at all.  Also, keep in mind that it's a warning and not fatal.

[2003-05-20 05:29 UTC] andrew at euperia dot com

Hi

I was experiencing the problem that gcc would quit after warning about tempnam being unsafe.

To get round it I put the path to mysql in the configure line: --with-mysql=/usr/local/mysql.  I am using mysql 3.22.54.  I expect it will not work with some earlier releases of MySQL.

[2003-07-18 12:03 UTC] philip@php.net

A faq now exists for this. And as of PHP 4.3.2, a gentle reminder that "this is just a warning" shows up during compile time (make).  This bug report is closed.

http://php.net/manual/en/faq.build.php#faq.build.mysql.tempnam

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Mon Oct 27 15:00:01 2025 UTC