Fix race condition scheduling $tempdir deletion
#216
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
The `cargo-zng` script contained:
trap 'rm -rf "$tempdir"' 0 INT
tempdir="$(mktemp -d)"
That releases a resource that may occasionally not have been
acquired.
In the rare case that the script would be interrupted before
`$tempdir` was set, this would attempt to read the previous value
of `$tempdir`. But if the calling environment had an environment
variable of this name, then its value would have been inherited as
the initial `$tempdir` in the script, and wrongly deleted.
The change made here puts the commands in the other order, so we
only arrange for the deletion of `$tempdir` once the directory we
want to delete exists and `$tempdir` will definitely expand to its
name and not that of another directory.
In a sense, this trades one race condition for another, in that
now the directory will not be deleted if the script is interrupted
immediately after it is created. But this is not a problem, because
it does not cause data loss, and the script already does not try to
cover all ways the script can be terminated in the `trap` command.
Byron
approved these changes
Sep 6, 2024
There was a problem hiding this comment.
Thanks so much for the fix, this is a critical one!
I never thought about this, but now once again realize that globals really are a problem.
This wouldn't have been possible if there was a function () {} that declares local tempdir, but it isn't very intuitive just for the 'local variable' feature.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
The
cargo-zngscript contained:That releases a resource that may occasionally not have been acquired.
In the rare case that the script would be interrupted before
$tempdirwas set, this would attempt to read the previous value of$tempdir. But if the calling environment had an environment variable of this name, then its value would have been inherited as the initial$tempdirin the script, and wrongly deleted.The change made here puts the commands in the other order, so we only arrange for the deletion of
$tempdironce the directory we want to delete exists and$tempdirwill definitely expand to its name and not that of another directory.In a sense, this trades one race condition for another, in that now the directory will not be deleted if the script is interrupted immediately after it is created. But this is not a problem, because it does not cause data loss, and the script already does not try to cover all ways the script can be terminated in the
trapcommand.