Skip to content

[POSIX] Clean up temp files in error cases#1020

Merged
mhutchinson merged 3 commits into
transparency-dev:mainfrom
mhutchinson:fix/posix-potential-leaks
Jun 29, 2026
Merged

[POSIX] Clean up temp files in error cases#1020
mhutchinson merged 3 commits into
transparency-dev:mainfrom
mhutchinson:fix/posix-potential-leaks

Conversation

@mhutchinson

@mhutchinson mhutchinson commented Jun 25, 2026

Copy link
Copy Markdown
Contributor

No description provided.

@mhutchinson mhutchinson requested a review from a team as a code owner June 25, 2026 12:06
@mhutchinson mhutchinson requested review from AlCutter and phbnf June 25, 2026 12:06
@mhutchinson mhutchinson force-pushed the fix/posix-potential-leaks branch from 0201c60 to 0dbf118 Compare June 25, 2026 12:07
AlCutter
AlCutter reviewed Jun 25, 2026
View reviewed changes
Comment thread storage/posix/file_ops.go Outdated
Comment on lines 198 to 215
tmpName := name
success := false
defer func() {
if !success {
if err := os.Remove(tmpName); err != nil {
slog.WarnContext(context.Background(), "Failed to remove temporary file", slog.String("tmpname", tmpName), slog.Any("error", err))
}
name = ""
}
}()
defer func() {
if errC := f.Close(); errC != nil && err == nil {
err = errC
if errC := f.Close(); errC != nil {
if err == nil {
err = errC
}
success = false
}
}()

@AlCutter AlCutter Jun 25, 2026

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This sorta looks like it's going to defeat the point of the createTemp function by deleting the file it just created?

Note that the comment on the func says it's on the caller to remove the temporary file once they've finished with it.

Maybe you could have createTemp return a "cleanup" func which the caller can use?

@mhutchinson mhutchinson Jun 26, 2026

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This only deletes files that would otherwise get leaked when we return an error. I agree it's hard to read though. I think dropping the success variable and using a named error would help. But would it completely mitigate your concern?

e.g. before we tried to create a temp file and write to it. The create worked, but the write didn't work (perhaps threw an error, or the len check didn't work out). We don't give the filename to the user, but before this change the created file stays around. Whatever the problem was on disk is probably now getting worse.

@AlCutter AlCutter Jun 26, 2026

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Gotcha, ok - yeah, I think named returns vars would help, I think you could eliminate tmpName too that way?

@mhutchinson mhutchinson Jun 29, 2026

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Latest commits use named error returns, and tmpName has gone. PTAL?

Comment thread storage/posix/file_ops.go Outdated
@mhutchinson mhutchinson force-pushed the fix/posix-potential-leaks branch from 0dbf118 to 7176e61 Compare June 29, 2026 12:00
@mhutchinson mhutchinson merged commit 37e5761 into transparency-dev:main Jun 29, 2026
20 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@AlCutter AlCutter AlCutter approved these changes
@phbnf phbnf Awaiting requested review from phbnf phbnf is a code owner automatically assigned from transparency-dev/core-team

Assignees

@AlCutter AlCutter

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@mhutchinson @AlCutter