stdio: implement tmpnam() and tempnam() functions

[julianuziemblo]

Description

Motivation and Context

Types of changes

• Bug fix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)
• Breaking change (fix or feature that would cause existing functionality to change)
• Chore (refactoring, style fixes, git/CI config, submodule management, no code logic changes)

How Has This Been Tested?

• Already covered by automatic testing.
• New test added: libc: add tests for tmpnam() and tempnam() phoenix-rtos-tests#490
• Tested by hand on: (list targets here).

Checklist:

• My change requires a change to the documentation.
• I have updated the documentation accordingly.
• I have added tests to cover my changes.
• All new and existing linter checks and tests passed.
• My changes generate no new compilation warnings for any of the targets.

Special treatment

• This PR needs additional PRs to work (list the PRs, preferably in merge-order).
• I will merge this PR by myself when appropriate.

[gemini-code-assist]

Code Review

This pull request implements the tmpnam and tempnam functions, moving the implementation to stdlib/mktemp.c and updating include/stdio.h with the required macro and prototype. The review identified several critical issues: a buffer overflow in tempnam when the prefix is null, broken retry logic in both functions because the template string is modified in place, a memory leak in tempnam when it fails to generate a name, and a lack of POSIX-compliant checks for the TMPDIR environment variable.

[github-actions]

Unit Test Results

11 020 tests  +160   10 350 ✅ +160   52m 51s ⏱️ -7s
   680 suites + 10      670 💤 ±  0 
     1 files   ±  0        0 ❌ ±  0 

Results for commit c6a8782. ± Comparison against base commit d2db0c2.

♻️ This comment has been updated with latest results.

[julianuziemblo]

Drafting for now as added tests depend on tmpfile() tests, which depend on tmpfile() fixes. Will undraft after phoenix-rtos/phoenix-rtos-posixsrv#32 is merged.

[nalajcie]

if you would use the same branch name for related changes across all submodules, these changes would compile and test succesfully.

PLEASE always use the same branch name on related changes OR use Depends-On: in PR description (as described in https://youtrack.phoenix-rtos.com/articles/CI-A-23070284/Github)

[julianuziemblo]

if you would use the same branch name for related changes across all submodules, these changes would compile and test succesfully.

it's not this here: as I wrote, I'm fixing tmpfile() in another branch and wanted to base tests for this PR on that branch for now as it adds "posixsrv" directory to tests, which I didn't want to duplicate across PRs. I'll undraft, rerun tests and add reviewers once that PR is merged.

[ziemleszcz]

/gemini review

[gemini-code-assist]

Code Review

This pull request implements the tmpnam and tempnam functions in stdlib/mktemp.c, removes the stub for tmpnam in posix/stubs.c, and updates include/stdio.h with the necessary declarations and the P_tmpdir macro. The review feedback highlights several POSIX compliance issues in the tempnam implementation: it needs to check the TMPDIR environment variable first, verify directory write permissions using access(), and limit the prefix pfx to a maximum of 5 characters during length calculation and string formatting.

Important

The consumer version of Gemini Code Assist on GitHub is being sunset. Starting June 18, 2026, new organization installations will be blocked, and all code review activity will officially cease on July 17, 2026.
For more details on the timeline and next steps, please review the Help Documentation.

[julianuziemblo]

/gemini review

[gemini-code-assist]

Code Review

This pull request implements the tmpnam and tempnam functions in stdlib/mktemp.c, removes the tmpnam stub from posix/stubs.c, and updates include/stdio.h with the corresponding declarations and the P_tmpdir macro. The review feedback highlights several critical issues: both functions risk infinite loops during persistent filename collisions and should limit retries to TMP_MAX; tempnam lacks POSIX compliance by omitting TMPDIR environment variable and writability checks; and tempnam is vulnerable to an out-of-bounds read if the directory path is empty.

Important

The consumer version of Gemini Code Assist on GitHub is being sunset. Starting June 18, 2026, new organization installations will be blocked, and all code review activity will officially cease on July 17, 2026.
For more details on the timeline and next steps, please review the Help Documentation.