New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Core] Base/FileInfo.cpp: To avoid race conditions we should rather return a file pointer than a file name #6803
Comments
Hi! I'm interested in taking this one (trying hacktoberfest for the first time) In almost all case, it seems this function is called to instantiate an fstream, so it would seem to make sense to return an opened fstream directly. In a few other cases however, it seems only the name is needed, and the file should remain closed. There could either be two functions, one returning the name, to maintain 'legacy' behaviour, and the other returning a fstream. |
@wwmayer could you weigh-in on this? |
Hey @berniev could you take a stab at this? |
@luzpaz Thank you for your thinking of me, but to be honest this question is still outside the realm of my knowledge and experience. |
@nebularnoise this maybe too ambitious. We need @wwmayer to weigh-in. But in the meantime, feel free to choose another issue? |
The function getTempFileName() is supposed to return the name of a tmp. file. Therefore it uses some OS-specific functions that already create a handle of a tmp. file and release it immediately (Windows: GetTempFileName / DeleteFile and other OS mkstemp / unlink) just to get this name. The problem is that when trying to open the file for writing there is no guarantee that in the meantime any other process already has access on this file. The consequence may be that the access will be denied or even worse the file will be (partially) overridden. The better way would be to return a class object (e.g. TemporaryFile) where its constructor creates the file and the destructor releases it. |
I was looking through the codebase to see where this function is used, and it looks like there are a few places where something is appended to the temporary filename. I was wondering what the best way to handle that would be? Here's an example:
|
@CalebHeydon In terms of implementation, |
Adding a suffix argument is a good idea. What would be the benefit of creating a TemporaryFile wrapper over returning an fstream? File deletion? |
Yes, I assume in many cases, the file is ultimately deleted. For that, an fstream is inadequate. The original comment suggests one workaround, using a Lines 140 to 141 in cb1093e
While that does solve both problems of being able to delete the file, and to maintain ownership of it to prevent race conditions, it leaves the function very vulnerable to misuses, because returning a std::FILE* gives too much power to the caller.There's no way to prevent them from copying the filename and closing the file immediately. From their perspective, it would be a very convenient thing to do, it's the same behaviour as the old function, they got a string containing the name of a temporary file. But we'd be back to square one. Wrapping a |
I not a C++ expert. How would you implement the TemporaryFile lifetime management? Why not just have the function return a unique pointer? |
I've been playing with the idea on Compiler Explorer, here's what I've got so far |
FreeCAD/src/Base/FileInfo.cpp
Lines 138 to 141 in cb1093e
The text was updated successfully, but these errors were encountered: