[cfe-dev] question about mktemp security warning

[Jean-Daniel Dupas]

I see a security warning in the analyzer that saids that using mktemp is always wrong. 
I though using mktemp + open(path, O_CREAT | O_EXCL) was safe.

Did I miss something, or is the analyzer a little too much strict about this function ? 

I known that mkstemp should be preferred, but some API (like SQLite) provide only an "open" like function, and no "fdopen" like function, so mkstemp is useless in these case.

-- Jean-Daniel