diff --git a/test/amd_detail/state_mt.cpp b/test/amd_detail/state_mt.cpp index 79974108..9fbdadf2 100644 --- a/test/amd_detail/state_mt.cpp +++ b/test/amd_detail/state_mt.cpp @@ -26,6 +26,7 @@ #include #include #include +#include #include using namespace hipFile; @@ -369,6 +370,15 @@ thread_function(int id) int main() { + // Security analyzers will be sad if you don't set umask 0077 + // before creating temporary files + // + // Doing this here to avoid inadvertently synchronizing files if we + // added a mutex in the temp file function + // + // Ignoring return type since we never switch it back + (void)umask(S_IRWXG | S_IRWXO); + struct rlimit nofile; if (-1 == getrlimit(RLIMIT_NOFILE, &nofile)) { cerr << "getrlimit() failed! " << strerror(errno) << endl; diff --git a/test/common/test-common.h b/test/common/test-common.h index 95debab6..97f042b0 100644 --- a/test/common/test-common.h +++ b/test/common/test-common.h @@ -12,6 +12,7 @@ #include #include #include +#include #include constexpr hipFileError_t @@ -60,15 +61,27 @@ struct Tmpfile { { } + /*! + * \warning The constructor is NOT thread-safe and can result in + * interleaved calls to `umask()` + */ Tmpfile(std::string directory) : path{directory} { + // Security analyzers will be sad if you don't set umask 0077 + // before creating temporary files + mode_t old_umask = umask(S_IRWXG | S_IRWXO); + path += "/hipFile.XXXXXX"; if ((fd = mkstemp(path.data())) == -1) { + umask(old_umask); throw std::runtime_error("Could not create temporary file"); } + umask(old_umask); + #ifdef __HIP_PLATFORM_AMD__ if (unlink(path.c_str()) == -1) { + close(fd); throw std::runtime_error("Could not unlink temporary file"); } #endif