On Wed, May 10, 2006 at 04:43:01PM +1000, Matthew Chapman wrote: > Package: gzip > Version: 1.3.5-13 > Severity: critical > Tags: patch > Justification: causes serious data loss > > gzip must check that closing the output file succeeds before removing > the input file, since on an NFS filesystem write failures may only be > reported at close time (see the close(2) man page). > > Indeed in our environment we are seeing this problem with NFS and disk > quotas. This results in loss of the input file, despite the fact that > gzip reports an error and the output file is truncated. > > I've attached a proposed patch. In the original code, copy_stat() has > the side-effect of removing the input file. Here I have moved the > unlink out of that function and to below the close of the output file. > > Matt
I personnaly disagree with the attached patch.
I'd have proposed more something that does:
if (!to_stdout) {
/* Copy modes, times, ownership, and remove the input file */
copy_stat(&istat);
/* if close fails (e.g. over quota !) destroy output file, and fail
hard */
if (close(ofd)) {
write_error();
xunlink(ofname);
WARN((stderr, "%s: ", progname));
abort();
}
}
of course, I don't have gzip sources under the eye, but that do seem more
robust to me and more in the unix spirit (if anything fails, go in the
previous state back, and fail noisily).
--
·O· Pierre Habouzit
··O [EMAIL PROTECTED]
OOO http://www.madism.org
signature.asc
Description: Digital signature
