improve Path::makeUnique when mkstemp/mktemp are not available

patch by Lasse Kärkkäinen in PR7404.

git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@108110 91177308-0d34-0410-b5e6-96231b3b80d8

diff --git a/lib/System/Unix/Path.inc b/lib/System/Unix/Path.inc
index 185f7fd66bf39443e5b6f153d5fe729bc7944d2e..bc104a32a3aea32ce6f9e86fe3afb2db73f8a3ae 100644 (file)
--- a/lib/System/Unix/Path.inc
+++ b/lib/System/Unix/Path.inc
@@ -888,14 +888,19 @@ Path::makeUnique(bool reuse_current, std::string* ErrMsg) {
 #else
   // Okay, looks like we have to do it all by our lonesome.
   static unsigned FCounter = 0;
-  unsigned offset = path.size() + 1;
-  while ( FCounter < 999999 && exists()) {
-    sprintf(FNBuffer+offset,"%06u",++FCounter);
+  // Try to initialize with unique value.
+  if (FCounter == 0) FCounter = ((unsigned)getpid() & 0xFFFF) << 8;
+  char* pos = strstr(FNBuffer, "XXXXXX");
+  do {
+    if (++FCounter > 0xFFFFFF) {
+      return MakeErrMsg(ErrMsg,
+        path + ": can't make unique filename: too many files");
+    }
+    sprintf(pos, "%06X", FCounter);
     path = FNBuffer;
-  }
-  if (FCounter > 999999)
-    return MakeErrMsg(ErrMsg,
-      path + ": can't make unique filename: too many files");
+  } while (exists());
+  // POSSIBLE SECURITY BUG: An attacker can easily guess the name and exploit
+  // LLVM.
 #endif
   return false;
 }