mktemp: fix invalid pointer arithmetic

[jakubsmolaga]

TASK: RTOS-1275

Description

In the modified line of code the variable rand is of type int[6] which decays into int* and the + operator on int* will increment in multiples of sizeof(int), therefore rand + sizeof(rand) was not the same as &rand[6], it was actually &rand[24]. The only reason it ever worked is that pretty much always the read from /dev/urandom would read in one go and on the first call sizeof(rand) and left cancel out.

Motivation and Context

Just noticed it while reading the code and decided to fix it.

Types of changes

• Bug fix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)
• Breaking change (fix or feature that would cause existing functionality to change)
• Chore (refactoring, style fixes, git/CI config, submodule management, no code logic changes)

How Has This Been Tested?

• Already covered by automatic testing.
• New test added: (add PR link here).
• Tested by hand on: armv8m-stm32n6.

Checklist:

• My change requires a change to the documentation.
• I have updated the documentation accordingly.
• I have added tests to cover my changes.
• All new and existing linter checks and tests passed.
• My changes generate no new compilation warnings for any of the targets.

Special treatment

• This PR needs additional PRs to work (list the PRs, preferably in merge-order).
• I will merge this PR by myself when appropriate.

[gemini-code-assist]

Code Review

This pull request updates pointer arithmetic in stdlib/mktemp.c by adding a cast to the buffer argument in a read call. Feedback suggests using char * instead of void * to ensure standard C compliance and improve portability, as arithmetic on void * is a non-standard GCC extension.

[jakubsmolaga]

/gemini review

[gemini-code-assist]

Code Review

This pull request modifies stdlib/mktemp.c to cast the rand buffer to unsigned char * during a read system call. A review comment identifies a critical issue where the signedness of the rand array could lead to out-of-bounds access during subsequent modulo operations, suggesting that the array itself should be declared as unsigned.

[gemini-code-assist]

The use of a signed int array for rand (line 50) causes a bug on line 68. When rand[i] is negative, the modulo operation rand[i] % (sizeof(pfcs) - 1) results in a negative value, leading to an out-of-bounds access into pfcs. It is recommended to change the declaration of rand to unsigned char rand[6] (and update the read size) or unsigned int rand[6]. This would resolve the signedness issue and simplify the pointer arithmetic in this read call.

[jakubsmolaga]

fixed

[jakubsmolaga]

/gemini review

[gemini-code-assist]

Code Review

This pull request updates stdlib/mktemp.c to use an unsigned int array for random data and adds an explicit cast to unsigned char * when calling the read function. These changes improve type safety and ensure correct byte-level pointer arithmetic when populating the buffer. I have no feedback to provide as there were no review comments to evaluate.

[github-actions]

Unit Test Results

9 553 tests  +29   8 961 ✅ +26   52m 12s ⏱️ - 1m 38s
  591 suites ± 0     592 💤 + 4 
    1 files   ± 0       0 ❌  -  1 

Results for commit 69e3cc3. ± Comparison against base commit 321f292.

This pull request removes 1 and adds 30 tests. Note that renamed tests count towards both.

phoenix-rtos-tests/libc/exit ‑ aarch64a53-zynqmp-qemu:phoenix-rtos-tests/libc/exit

phoenix-rtos-tests/libc/exit ‑ aarch64a53-zynqmp-qemu:phoenix-rtos-tests/libc/exit.stdlib_exit.atexit_few_calls
phoenix-rtos-tests/libc/exit ‑ aarch64a53-zynqmp-qemu:phoenix-rtos-tests/libc/exit.stdlib_exit.atexit_register_inside
phoenix-rtos-tests/libc/exit ‑ aarch64a53-zynqmp-qemu:phoenix-rtos-tests/libc/exit.stdlib_exit.atexit_two_nodes
phoenix-rtos-tests/libc/exit ‑ aarch64a53-zynqmp-qemu:phoenix-rtos-tests/libc/exit.stdlib_exit.stream_flush
phoenix-rtos-tests/libc/exit ‑ aarch64a53-zynqmp-qemu:phoenix-rtos-tests/libc/exit.unistd_Exit.SIGCHLD_sent
phoenix-rtos-tests/libc/exit ‑ aarch64a53-zynqmp-qemu:phoenix-rtos-tests/libc/exit.unistd_Exit.chk_if_exits
phoenix-rtos-tests/libc/exit ‑ aarch64a53-zynqmp-qemu:phoenix-rtos-tests/libc/exit.unistd_Exit.close_streams
phoenix-rtos-tests/libc/exit ‑ aarch64a53-zynqmp-qemu:phoenix-rtos-tests/libc/exit.unistd_Exit.exit_status_waitpid
phoenix-rtos-tests/libc/exit ‑ aarch64a53-zynqmp-qemu:phoenix-rtos-tests/libc/exit.unistd_Exit.new_parent_id
phoenix-rtos-tests/libc/exit ‑ aarch64a53-zynqmp-qemu:phoenix-rtos-tests/libc/exit.unistd_Exit.no_atexit
…