Thanks for the detailed diagnosis, Bruno. To try to fix the problems I 
installed the attached patches into Gnulib. If I understand things 
correctly, these patches should fix the 0.1% failure rate you observed 
on 64-bit mingw. They also fix a minor security leak I discovered: in 
rare cases, ASLR entropy was used to generate publicly visible file 
names, which is a no-no as that might help an attacker infer the 
randomized layout of a victim process.

These fixes follow some but not all the suggestions you made. The basic 
problem I saw was that tempname.c was using too much belt-and-suspenders 
code, so much so that the combination of belts and suspenders 
misbehaved. I simplified it a bit and this removed the need for some of 
the suggestions.

These fixes should be merged into glibc upstream since they fix glibc 
bugs; I plan to follow up on that shortly.