/src/git/tempfile.c

Source
/*
 * State diagram and cleanup
 * -------------------------
 *
 * If the program exits while a temporary file is active, we want to
 * make sure that we remove it. This is done by remembering the active
 * temporary files in a linked list, `tempfile_list`. An `atexit(3)`
 * handler and a signal handler are registered, to clean up any active
 * temporary files.
 *
 * Because the signal handler can run at any time, `tempfile_list` and
 * the `tempfile` objects that comprise it must be kept in
 * self-consistent states at all times.
 *
 * The possible states of a `tempfile` object are as follows:
 *
 * - Inactive/unallocated. The only way to get a tempfile is via a creation
 *   function like create_tempfile(). Once allocated, the tempfile is on the
 *   global tempfile_list and considered active.
 *
 * - Active, file open (after `create_tempfile()` or
 *   `reopen_tempfile()`). In this state:
 *
 *   - the temporary file exists
 *   - `filename` holds the filename of the temporary file
 *   - `fd` holds a file descriptor open for writing to it
 *   - `fp` holds a pointer to an open `FILE` object if and only if
 *     `fdopen_tempfile()` has been called on the object
 *   - `owner` holds the PID of the process that created the file
 *
 * - Active, file closed (after `close_tempfile_gently()`). Same
 *   as the previous state, except that the temporary file is closed,
 *   `fd` is -1, and `fp` is `NULL`.
 *
 * - Inactive (after `delete_tempfile()`, `rename_tempfile()`, or a
 *   failed attempt to create a temporary file). The struct is removed from
 *   the global tempfile_list and deallocated.
 *
 * A temporary file is owned by the process that created it. The
 * `tempfile` has an `owner` field that records the owner's PID. This
 * field is used to prevent a forked process from deleting a temporary
 * file created by its parent.
 */

#define USE_THE_REPOSITORY_VARIABLE

#include "git-compat-util.h"
#include "abspath.h"
#include "path.h"
#include "tempfile.h"
#include "sigchain.h"

static VOLATILE_LIST_HEAD(tempfile_list);

static int remove_template_directory(struct tempfile *tempfile,
              int in_signal_handler)
{
  if (tempfile->directory) {
    if (in_signal_handler)
      return rmdir(tempfile->directory);
    else
      return rmdir_or_warn(tempfile->directory);
  }

  return 0;
}

static void remove_tempfiles(int in_signal_handler)
{
  pid_t me = getpid();
  volatile struct volatile_list_head *pos;

  list_for_each(pos, &tempfile_list) {
    struct tempfile *p = list_entry(pos, struct tempfile, list);

    if (!is_tempfile_active(p) || p->owner != me)
      continue;

    if (p->fd >= 0)
      close(p->fd);

    if (in_signal_handler)
      unlink(p->filename.buf);
    else
      unlink_or_warn(p->filename.buf);
    remove_template_directory(p, in_signal_handler);
  }
}

static void remove_tempfiles_on_exit(void)
{
  remove_tempfiles(0);
}

static void remove_tempfiles_on_signal(int signo)
{
  remove_tempfiles(1);
  sigchain_pop(signo);
  raise(signo);
}

static struct tempfile *new_tempfile(void)
{
  struct tempfile *tempfile = xmalloc(sizeof(*tempfile));
  tempfile->fd = -1;
  tempfile->fp = NULL;
  tempfile->owner = 0;
  INIT_LIST_HEAD(&tempfile->list);
  strbuf_init(&tempfile->filename, 0);
  tempfile->directory = NULL;
  return tempfile;
}

static void activate_tempfile(struct tempfile *tempfile)
{
  static int initialized;

  if (!initialized) {
    sigchain_push_common(remove_tempfiles_on_signal);
    atexit(remove_tempfiles_on_exit);
    initialized = 1;
  }

  volatile_list_add(&tempfile->list, &tempfile_list);
  tempfile->owner = getpid();
}

static void deactivate_tempfile(struct tempfile *tempfile)
{
  volatile_list_del(&tempfile->list);
  strbuf_release(&tempfile->filename);
  free(tempfile->directory);
  free(tempfile);
}

/* Make sure errno contains a meaningful value on error */
struct tempfile *create_tempfile_mode(const char *path, int mode)
{
  struct tempfile *tempfile = new_tempfile();

  strbuf_add_absolute_path(&tempfile->filename, path);
  tempfile->fd = open(tempfile->filename.buf,
          O_RDWR | O_CREAT | O_EXCL | O_CLOEXEC, mode);
  if (O_CLOEXEC && tempfile->fd < 0 && errno == EINVAL)
    /* Try again w/o O_CLOEXEC: the kernel might not support it */
    tempfile->fd = open(tempfile->filename.buf,
            O_RDWR | O_CREAT | O_EXCL, mode);
  if (tempfile->fd < 0) {
    deactivate_tempfile(tempfile);
    return NULL;
  }
  activate_tempfile(tempfile);
  if (adjust_shared_perm(the_repository, tempfile->filename.buf)) {
    int save_errno = errno;
    error("cannot fix permission bits on %s", tempfile->filename.buf);
    delete_tempfile(&tempfile);
    errno = save_errno;
    return NULL;
  }

  return tempfile;
}

struct tempfile *register_tempfile(const char *path)
{
  struct tempfile *tempfile = new_tempfile();
  strbuf_add_absolute_path(&tempfile->filename, path);
  activate_tempfile(tempfile);
  return tempfile;
}

struct tempfile *mks_tempfile_sm(const char *filename_template, int suffixlen, int mode)
{
  struct tempfile *tempfile = new_tempfile();

  strbuf_add_absolute_path(&tempfile->filename, filename_template);
  tempfile->fd = git_mkstemps_mode(tempfile->filename.buf, suffixlen, mode);
  if (tempfile->fd < 0) {
    deactivate_tempfile(tempfile);
    return NULL;
  }
  activate_tempfile(tempfile);
  return tempfile;
}

struct tempfile *mks_tempfile_tsm(const char *filename_template, int suffixlen, int mode)
{
  struct tempfile *tempfile = new_tempfile();
  const char *tmpdir;

  tmpdir = getenv("TMPDIR");
  if (!tmpdir)
    tmpdir = "/tmp";

  strbuf_addf(&tempfile->filename, "%s/%s", tmpdir, filename_template);
  tempfile->fd = git_mkstemps_mode(tempfile->filename.buf, suffixlen, mode);
  if (tempfile->fd < 0) {
    deactivate_tempfile(tempfile);
    return NULL;
  }
  activate_tempfile(tempfile);
  return tempfile;
}

struct tempfile *mks_tempfile_dt(const char *directory_template,
         const char *filename)
{
  struct tempfile *tempfile;
  const char *tmpdir;
  struct strbuf sb = STRBUF_INIT;
  int fd;
  size_t directorylen;

  if (!ends_with(directory_template, "XXXXXX")) {
    errno = EINVAL;
    return NULL;
  }

  tmpdir = getenv("TMPDIR");
  if (!tmpdir)
    tmpdir = "/tmp";

  strbuf_addf(&sb, "%s/%s", tmpdir, directory_template);
  directorylen = sb.len;
  if (!mkdtemp(sb.buf)) {
    int orig_errno = errno;
    strbuf_release(&sb);
    errno = orig_errno;
    return NULL;
  }

  strbuf_addf(&sb, "/%s", filename);
  fd = open(sb.buf, O_CREAT | O_EXCL | O_RDWR, 0600);
  if (fd < 0) {
    int orig_errno = errno;
    strbuf_setlen(&sb, directorylen);
    rmdir(sb.buf);
    strbuf_release(&sb);
    errno = orig_errno;
    return NULL;
  }

  tempfile = new_tempfile();
  strbuf_swap(&tempfile->filename, &sb);
  tempfile->directory = xmemdupz(tempfile->filename.buf, directorylen);
  tempfile->fd = fd;
  activate_tempfile(tempfile);
  return tempfile;
}

struct tempfile *xmks_tempfile_m(const char *filename_template, int mode)
{
  struct tempfile *tempfile;
  struct strbuf full_template = STRBUF_INIT;

  strbuf_add_absolute_path(&full_template, filename_template);
  tempfile = mks_tempfile_m(full_template.buf, mode);
  if (!tempfile)
    die_errno("Unable to create temporary file '%s'",
        full_template.buf);

  strbuf_release(&full_template);
  return tempfile;
}

FILE *fdopen_tempfile(struct tempfile *tempfile, const char *mode)
{
  if (!is_tempfile_active(tempfile))
    BUG("fdopen_tempfile() called for inactive object");
  if (tempfile->fp)
    BUG("fdopen_tempfile() called for open object");

  tempfile->fp = fdopen(tempfile->fd, mode);
  return tempfile->fp;
}

const char *get_tempfile_path(struct tempfile *tempfile)
{
  if (!is_tempfile_active(tempfile))
    BUG("get_tempfile_path() called for inactive object");
  return tempfile->filename.buf;
}

int get_tempfile_fd(struct tempfile *tempfile)
{
  if (!is_tempfile_active(tempfile))
    BUG("get_tempfile_fd() called for inactive object");
  return tempfile->fd;
}

FILE *get_tempfile_fp(struct tempfile *tempfile)
{
  if (!is_tempfile_active(tempfile))
    BUG("get_tempfile_fp() called for inactive object");
  return tempfile->fp;
}

int close_tempfile_gently(struct tempfile *tempfile)
{
  int fd;
  FILE *fp;
  int err;

  if (!is_tempfile_active(tempfile) || tempfile->fd < 0)
    return 0;

  fd = tempfile->fd;
  fp = tempfile->fp;
  tempfile->fd = -1;
  if (fp) {
    tempfile->fp = NULL;
    if (ferror(fp)) {
      err = -1;
      if (!fclose(fp))
        errno = EIO;
    } else {
      err = fclose(fp);
    }
  } else {
    err = close(fd);
  }

  return err ? -1 : 0;
}

int reopen_tempfile(struct tempfile *tempfile)
{
  if (!is_tempfile_active(tempfile))
    BUG("reopen_tempfile called for an inactive object");
  if (0 <= tempfile->fd)
    BUG("reopen_tempfile called for an open object");
  tempfile->fd = open(tempfile->filename.buf, O_WRONLY|O_TRUNC);
  return tempfile->fd;
}

int rename_tempfile(struct tempfile **tempfile_p, const char *path)
{
  struct tempfile *tempfile = *tempfile_p;

  if (!is_tempfile_active(tempfile))
    BUG("rename_tempfile called for inactive object");

  if (close_tempfile_gently(tempfile)) {
    delete_tempfile(tempfile_p);
    return -1;
  }

  if (rename(tempfile->filename.buf, path)) {
    int save_errno = errno;
    delete_tempfile(tempfile_p);
    errno = save_errno;
    return -1;
  }

  deactivate_tempfile(tempfile);
  *tempfile_p = NULL;
  return 0;
}

int delete_tempfile(struct tempfile **tempfile_p)
{
  struct tempfile *tempfile = *tempfile_p;
  int err = 0;

  if (!is_tempfile_active(tempfile))
    return 0;

  err |= close_tempfile_gently(tempfile);
  err |= unlink_or_warn(tempfile->filename.buf);
  err |= remove_template_directory(tempfile, 0);
  deactivate_tempfile(tempfile);
  *tempfile_p = NULL;

  return err ? -1 : 0;
}

Coverage Report

Created: 2025-12-31 07:01

Line	Count	Source
1		/*
2		* State diagram and cleanup
3		* -------------------------
4		*
5		* If the program exits while a temporary file is active, we want to
6		* make sure that we remove it. This is done by remembering the active
7		* temporary files in a linked list, `tempfile_list`. An `atexit(3)`
8		* handler and a signal handler are registered, to clean up any active
9		* temporary files.
10		*
11		* Because the signal handler can run at any time, `tempfile_list` and
12		* the `tempfile` objects that comprise it must be kept in
13		* self-consistent states at all times.
14		*
15		* The possible states of a `tempfile` object are as follows:
16		*
17		* - Inactive/unallocated. The only way to get a tempfile is via a creation
18		* function like create_tempfile(). Once allocated, the tempfile is on the
19		* global tempfile_list and considered active.
20		*
21		* - Active, file open (after `create_tempfile()` or
22		* `reopen_tempfile()`). In this state:
23		*
24		* - the temporary file exists
25		* - `filename` holds the filename of the temporary file
26		* - `fd` holds a file descriptor open for writing to it
27		* - `fp` holds a pointer to an open `FILE` object if and only if
28		* `fdopen_tempfile()` has been called on the object
29		* - `owner` holds the PID of the process that created the file
30		*
31		* - Active, file closed (after `close_tempfile_gently()`). Same
32		* as the previous state, except that the temporary file is closed,
33		* `fd` is -1, and `fp` is `NULL`.
34		*
35		* - Inactive (after `delete_tempfile()`, `rename_tempfile()`, or a
36		* failed attempt to create a temporary file). The struct is removed from
37		* the global tempfile_list and deallocated.
38		*
39		* A temporary file is owned by the process that created it. The
40		* `tempfile` has an `owner` field that records the owner's PID. This
41		* field is used to prevent a forked process from deleting a temporary
42		* file created by its parent.
43		*/
44
45		#define USE_THE_REPOSITORY_VARIABLE
46
47		#include "git-compat-util.h"
48		#include "abspath.h"
49		#include "path.h"
50		#include "tempfile.h"
51		#include "sigchain.h"
52
53		static VOLATILE_LIST_HEAD(tempfile_list);
54
55		static int remove_template_directory(struct tempfile *tempfile,
56		int in_signal_handler)
57	0	{
58	0	if (tempfile->directory) {
59	0	if (in_signal_handler)
60	0	return rmdir(tempfile->directory);
61	0	else
62	0	return rmdir_or_warn(tempfile->directory);
63	0	}
64
65	0	return 0;
66	0	}
67
68		static void remove_tempfiles(int in_signal_handler)
69	0	{
70	0	pid_t me = getpid();
71	0	volatile struct volatile_list_head *pos;
72
73	0	list_for_each(pos, &tempfile_list) {
74	0	struct tempfile *p = list_entry(pos, struct tempfile, list);
75
76	0	if (!is_tempfile_active(p) \|\| p->owner != me)
77	0	continue;
78
79	0	if (p->fd >= 0)
80	0	close(p->fd);
81
82	0	if (in_signal_handler)
83	0	unlink(p->filename.buf);
84	0	else
85	0	unlink_or_warn(p->filename.buf);
86	0	remove_template_directory(p, in_signal_handler);
87	0	}
88	0	}
89
90		static void remove_tempfiles_on_exit(void)
91	0	{
92	0	remove_tempfiles(0);
93	0	}
94
95		static void remove_tempfiles_on_signal(int signo)
96	0	{
97	0	remove_tempfiles(1);
98	0	sigchain_pop(signo);
99	0	raise(signo);
100	0	}
101
102		static struct tempfile *new_tempfile(void)
103	0	{
104	0	struct tempfile tempfile = xmalloc(sizeof(tempfile));
105	0	tempfile->fd = -1;
106	0	tempfile->fp = NULL;
107	0	tempfile->owner = 0;
108	0	INIT_LIST_HEAD(&tempfile->list);
109	0	strbuf_init(&tempfile->filename, 0);
110	0	tempfile->directory = NULL;
111	0	return tempfile;
112	0	}
113
114		static void activate_tempfile(struct tempfile *tempfile)
115	0	{
116	0	static int initialized;
117
118	0	if (!initialized) {
119	0	sigchain_push_common(remove_tempfiles_on_signal);
120	0	atexit(remove_tempfiles_on_exit);
121	0	initialized = 1;
122	0	}
123
124	0	volatile_list_add(&tempfile->list, &tempfile_list);
125	0	tempfile->owner = getpid();
126	0	}
127
128		static void deactivate_tempfile(struct tempfile *tempfile)
129	0	{
130	0	volatile_list_del(&tempfile->list);
131	0	strbuf_release(&tempfile->filename);
132	0	free(tempfile->directory);
133	0	free(tempfile);
134	0	}
135
136		/* Make sure errno contains a meaningful value on error */
137		struct tempfile create_tempfile_mode(const char path, int mode)
138	0	{
139	0	struct tempfile *tempfile = new_tempfile();
140
141	0	strbuf_add_absolute_path(&tempfile->filename, path);
142	0	tempfile->fd = open(tempfile->filename.buf,
143	0	O_RDWR \| O_CREAT \| O_EXCL \| O_CLOEXEC, mode);
144	0	if (O_CLOEXEC && tempfile->fd < 0 && errno == EINVAL)
145		/* Try again w/o O_CLOEXEC: the kernel might not support it */
146	0	tempfile->fd = open(tempfile->filename.buf,
147	0	O_RDWR \| O_CREAT \| O_EXCL, mode);
148	0	if (tempfile->fd < 0) {
149	0	deactivate_tempfile(tempfile);
150	0	return NULL;
151	0	}
152	0	activate_tempfile(tempfile);
153	0	if (adjust_shared_perm(the_repository, tempfile->filename.buf)) {
154	0	int save_errno = errno;
155	0	error("cannot fix permission bits on %s", tempfile->filename.buf);
156	0	delete_tempfile(&tempfile);
157	0	errno = save_errno;
158	0	return NULL;
159	0	}
160
161	0	return tempfile;
162	0	}
163
164		struct tempfile register_tempfile(const char path)
165	0	{
166	0	struct tempfile *tempfile = new_tempfile();
167	0	strbuf_add_absolute_path(&tempfile->filename, path);
168	0	activate_tempfile(tempfile);
169	0	return tempfile;
170	0	}
171
172		struct tempfile mks_tempfile_sm(const char filename_template, int suffixlen, int mode)
173	0	{
174	0	struct tempfile *tempfile = new_tempfile();
175
176	0	strbuf_add_absolute_path(&tempfile->filename, filename_template);
177	0	tempfile->fd = git_mkstemps_mode(tempfile->filename.buf, suffixlen, mode);
178	0	if (tempfile->fd < 0) {
179	0	deactivate_tempfile(tempfile);
180	0	return NULL;
181	0	}
182	0	activate_tempfile(tempfile);
183	0	return tempfile;
184	0	}
185
186		struct tempfile mks_tempfile_tsm(const char filename_template, int suffixlen, int mode)
187	0	{
188	0	struct tempfile *tempfile = new_tempfile();
189	0	const char *tmpdir;
190
191	0	tmpdir = getenv("TMPDIR");
192	0	if (!tmpdir)
193	0	tmpdir = "/tmp";
194
195	0	strbuf_addf(&tempfile->filename, "%s/%s", tmpdir, filename_template);
196	0	tempfile->fd = git_mkstemps_mode(tempfile->filename.buf, suffixlen, mode);
197	0	if (tempfile->fd < 0) {
198	0	deactivate_tempfile(tempfile);
199	0	return NULL;
200	0	}
201	0	activate_tempfile(tempfile);
202	0	return tempfile;
203	0	}
204
205		struct tempfile mks_tempfile_dt(const char directory_template,
206		const char *filename)
207	0	{
208	0	struct tempfile *tempfile;
209	0	const char *tmpdir;
210	0	struct strbuf sb = STRBUF_INIT;
211	0	int fd;
212	0	size_t directorylen;
213
214	0	if (!ends_with(directory_template, "XXXXXX")) {
215	0	errno = EINVAL;
216	0	return NULL;
217	0	}
218
219	0	tmpdir = getenv("TMPDIR");
220	0	if (!tmpdir)
221	0	tmpdir = "/tmp";
222
223	0	strbuf_addf(&sb, "%s/%s", tmpdir, directory_template);
224	0	directorylen = sb.len;
225	0	if (!mkdtemp(sb.buf)) {
226	0	int orig_errno = errno;
227	0	strbuf_release(&sb);
228	0	errno = orig_errno;
229	0	return NULL;
230	0	}
231
232	0	strbuf_addf(&sb, "/%s", filename);
233	0	fd = open(sb.buf, O_CREAT \| O_EXCL \| O_RDWR, 0600);
234	0	if (fd < 0) {
235	0	int orig_errno = errno;
236	0	strbuf_setlen(&sb, directorylen);
237	0	rmdir(sb.buf);
238	0	strbuf_release(&sb);
239	0	errno = orig_errno;
240	0	return NULL;
241	0	}
242
243	0	tempfile = new_tempfile();
244	0	strbuf_swap(&tempfile->filename, &sb);
245	0	tempfile->directory = xmemdupz(tempfile->filename.buf, directorylen);
246	0	tempfile->fd = fd;
247	0	activate_tempfile(tempfile);
248	0	return tempfile;
249	0	}
250
251		struct tempfile xmks_tempfile_m(const char filename_template, int mode)
252	0	{
253	0	struct tempfile *tempfile;
254	0	struct strbuf full_template = STRBUF_INIT;
255
256	0	strbuf_add_absolute_path(&full_template, filename_template);
257	0	tempfile = mks_tempfile_m(full_template.buf, mode);
258	0	if (!tempfile)
259	0	die_errno("Unable to create temporary file '%s'",
260	0	full_template.buf);
261
262	0	strbuf_release(&full_template);
263	0	return tempfile;
264	0	}
265
266		FILE fdopen_tempfile(struct tempfile tempfile, const char *mode)
267	0	{
268	0	if (!is_tempfile_active(tempfile))
269	0	BUG("fdopen_tempfile() called for inactive object");
270	0	if (tempfile->fp)
271	0	BUG("fdopen_tempfile() called for open object");
272
273	0	tempfile->fp = fdopen(tempfile->fd, mode);
274	0	return tempfile->fp;
275	0	}
276
277		const char get_tempfile_path(struct tempfile tempfile)
278	0	{
279	0	if (!is_tempfile_active(tempfile))
280	0	BUG("get_tempfile_path() called for inactive object");
281	0	return tempfile->filename.buf;
282	0	}
283
284		int get_tempfile_fd(struct tempfile *tempfile)
285	0	{
286	0	if (!is_tempfile_active(tempfile))
287	0	BUG("get_tempfile_fd() called for inactive object");
288	0	return tempfile->fd;
289	0	}
290
291		FILE get_tempfile_fp(struct tempfile tempfile)
292	0	{
293	0	if (!is_tempfile_active(tempfile))
294	0	BUG("get_tempfile_fp() called for inactive object");
295	0	return tempfile->fp;
296	0	}
297
298		int close_tempfile_gently(struct tempfile *tempfile)
299	0	{
300	0	int fd;
301	0	FILE *fp;
302	0	int err;
303
304	0	if (!is_tempfile_active(tempfile) \|\| tempfile->fd < 0)
305	0	return 0;
306
307	0	fd = tempfile->fd;
308	0	fp = tempfile->fp;
309	0	tempfile->fd = -1;
310	0	if (fp) {
311	0	tempfile->fp = NULL;
312	0	if (ferror(fp)) {
313	0	err = -1;
314	0	if (!fclose(fp))
315	0	errno = EIO;
316	0	} else {
317	0	err = fclose(fp);
318	0	}
319	0	} else {
320	0	err = close(fd);
321	0	}
322
323	0	return err ? -1 : 0;
324	0	}
325
326		int reopen_tempfile(struct tempfile *tempfile)
327	0	{
328	0	if (!is_tempfile_active(tempfile))
329	0	BUG("reopen_tempfile called for an inactive object");
330	0	if (0 <= tempfile->fd)
331	0	BUG("reopen_tempfile called for an open object");
332	0	tempfile->fd = open(tempfile->filename.buf, O_WRONLY\|O_TRUNC);
333	0	return tempfile->fd;
334	0	}
335
336		int rename_tempfile(struct tempfile *tempfile_p, const char path)
337	0	{
338	0	struct tempfile tempfile = tempfile_p;
339
340	0	if (!is_tempfile_active(tempfile))
341	0	BUG("rename_tempfile called for inactive object");
342
343	0	if (close_tempfile_gently(tempfile)) {
344	0	delete_tempfile(tempfile_p);
345	0	return -1;
346	0	}
347
348	0	if (rename(tempfile->filename.buf, path)) {
349	0	int save_errno = errno;
350	0	delete_tempfile(tempfile_p);
351	0	errno = save_errno;
352	0	return -1;
353	0	}
354
355	0	deactivate_tempfile(tempfile);
356	0	*tempfile_p = NULL;
357	0	return 0;
358	0	}
359
360		int delete_tempfile(struct tempfile **tempfile_p)
361	0	{
362	0	struct tempfile tempfile = tempfile_p;
363	0	int err = 0;
364
365	0	if (!is_tempfile_active(tempfile))
366	0	return 0;
367
368	0	err \|= close_tempfile_gently(tempfile);
369	0	err \|= unlink_or_warn(tempfile->filename.buf);
370	0	err \|= remove_template_directory(tempfile, 0);
371	0	deactivate_tempfile(tempfile);
372	0	*tempfile_p = NULL;
373
374	0	return err ? -1 : 0;
375	0	}