| blob | d20befef00987e59f371816964cb7aa77808e47e |
1 /* Temporary directories and temporary files with automatic cleanup.
2 Copyright (C) 2001, 2003, 2006-2007, 2009-2017 Free Software Foundation,
3 Inc.
4 Written by Bruno Haible <bruno@clisp.org>, 2006.
6 This program is free software: you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation; either version 3 of the License, or
9 (at your option) any later version.
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
16 You should have received a copy of the GNU General Public License
17 along with this program. If not, see <http://www.gnu.org/licenses/>. */
20 #include <config.h>
22 /* Specification. */
25 #include <errno.h>
26 #include <fcntl.h>
27 #include <limits.h>
28 #include <stdbool.h>
29 #include <stdlib.h>
30 #include <string.h>
31 #include <unistd.h>
33 #if (defined _WIN32 || defined __WIN32__) && ! defined __CYGWIN__
35 # include <windows.h>
36 #endif
47 #if GNULIB_FWRITEERROR
49 #endif
50 #if GNULIB_CLOSE_STREAM
52 #endif
53 #if GNULIB_FCNTL_SAFER
55 #endif
56 #if GNULIB_FOPEN_SAFER
58 #endif
60 #define _(str) gettext (str)
62 /* GNU Hurd doesn't have PATH_MAX. Use a fallback.
63 Temporary directory names are usually not that long. */
64 #ifndef PATH_MAX
65 # define PATH_MAX 1024
66 #endif
68 #ifndef uintptr_t
69 # define uintptr_t unsigned long
70 #endif
73 /* The use of 'volatile' in the types below (and ISO C 99 section 5.1.2.3.(5))
74 ensure that while constructing or modifying the data structures, the field
75 values are written to memory in the order of the C statements. So the
76 signal handler can rely on these field values to be up to date. */
79 /* Registry for a single temporary directory.
80 'struct temp_dir' from the public header file overlaps with this. */
81 struct tempdir
82 {
83 /* The absolute pathname of the directory. */
85 /* Whether errors during explicit cleanup are reported to standard error. */
87 /* Absolute pathnames of subdirectories. */
89 /* Absolute pathnames of files. */
91 };
93 /* List of all temporary directories. */
94 static struct
95 {
101 /* List of all open file descriptors to temporary files. */
105 /* For the subdirs and for the files, we use a gl_list_t of type LINKEDHASH.
106 Why? We need a data structure that
108 1) Can contain an arbitrary number of 'char *' values. The strings
109 are compared via strcmp, not pointer comparison.
110 2) Has insertion and deletion operations that are fast: ideally O(1),
111 or possibly O(log n). This is important for GNU sort, which may
112 create a large number of temporary files.
113 3) Allows iteration through all elements from within a signal handler.
114 4) May or may not allow duplicates. It doesn't matter here, since
115 any file or subdir can only be removed once.
117 Criterion 1) would allow any gl_list_t or gl_oset_t implementation.
119 Criterion 2) leaves only GL_LINKEDHASH_LIST, GL_TREEHASH_LIST, or
120 GL_TREE_OSET.
122 Criterion 3) puts at disadvantage GL_TREEHASH_LIST and GL_TREE_OSET.
123 Namely, iteration through the elements of a binary tree requires access
124 to many ->left, ->right, ->parent pointers. However, the rebalancing
125 code for insertion and deletion in an AVL or red-black tree is so
126 complicated that we cannot assume that >left, ->right, ->parent pointers
127 are in a consistent state throughout these operations. Therefore, to
128 avoid a crash in the signal handler, all destructive operations to the
129 lists would have to be protected by a
130 block_fatal_signals ();
131 ...
132 unblock_fatal_signals ();
133 pair. Which causes extra system calls.
135 Criterion 3) would also discourage GL_ARRAY_LIST and GL_CARRAY_LIST,
136 if they were not already excluded. Namely, these implementations use
137 xrealloc(), leaving a time window in which in the list->elements pointer
138 points to already deallocated memory. To avoid a crash in the signal
139 handler at such a moment, all destructive operations would have to
140 protected by block/unblock_fatal_signals (), in this case too.
142 A list of type GL_LINKEDHASH_LIST without duplicates fulfills all
143 requirements:
144 2) Insertion and deletion are O(1) on average.
145 3) The gl_list_iterator, gl_list_iterator_next implementations do
146 not trigger memory allocations, nor other system calls, and are
147 therefore safe to be called from a signal handler.
148 Furthermore, since SIGNAL_SAFE_LIST is defined, the implementation
149 of the destructive functions ensures that the list structure is
150 safe to be traversed at any moment, even when interrupted by an
151 asynchronous signal.
152 */
154 /* String equality and hash code functions used by the lists. */
156 static bool
158 {
162 }
164 #define SIZE_BITS (sizeof (size_t) * CHAR_BIT)
166 /* A hash function for NUL-terminated char* strings using
167 the method described by Bruno Haible.
168 See http://www.haible.de/bruno/hashfunc.html. */
169 static size_t
171 {
179 }
182 /* The signal handler. It gets called asynchronously. */
183 static void
185 {
188 /* First close all file descriptors to temporary files. */
189 {
193 {
194 gl_list_iterator_t iter;
199 {
202 }
204 }
205 }
208 {
212 {
213 gl_list_iterator_t iter;
216 /* First cleanup the files in the subdirectories. */
219 {
222 }
225 /* Then cleanup the subdirectories. */
228 {
231 }
234 /* Then cleanup the temporary directory itself. */
236 }
237 }
238 }
240 /* Create a temporary directory.
241 PREFIX is used as a prefix for the name of the temporary directory. It
242 should be short and still give an indication about the program.
243 PARENTDIR can be used to specify the parent directory; if NULL, a default
244 parent directory is used (either $TMPDIR or /tmp or similar).
245 CLEANUP_VERBOSE determines whether errors during explicit cleanup are
246 reported to standard error.
247 Return a fresh 'struct temp_dir' on success. Upon error, an error message
248 is shown and NULL is returned. */
252 {
259 /* See whether it can take the slot of an earlier temporary directory
260 already cleaned up. */
263 {
266 }
268 {
269 /* See whether the array needs to be extended. */
271 {
272 /* Note that we cannot use xrealloc(), because then the cleanup()
273 function could access an already deallocated array. */
281 /* First use of this facility. Register the cleanup handler. */
283 else
284 {
285 /* Don't use memcpy() here, because memcpy takes non-volatile
286 arguments and is therefore not guaranteed to complete all
287 memory stores before the next statement. */
292 }
297 /* Now we can free the old array. */
300 }
303 /* Initialize *tmpdirp before incrementing tempdir_count, so that
304 cleanup() will skip this entry before it is fully initialized. */
307 }
309 /* Initialize a 'struct tempdir'. */
320 /* Create the temporary directory. */
323 {
327 }
331 {
334 }
337 {
340 xtemplate);
342 }
343 /* Replace tmpdir->dirname with a copy that has indefinite extent.
344 We cannot do this inside the block_fatal_signals/unblock_fatal_signals
345 block because then the cleanup handler would not remove the directory
346 if xstrdup fails. */
351 quit:
354 }
356 /* Register the given ABSOLUTE_FILE_NAME as being a file inside DIR, that
357 needs to be removed before DIR can be removed.
358 Should be called before the file ABSOLUTE_FILE_NAME is created. */
359 void
362 {
365 /* Add absolute_file_name to tmpdir->files, without duplicates. */
368 }
370 /* Unregister the given ABSOLUTE_FILE_NAME as being a file inside DIR, that
371 needs to be removed before DIR can be removed.
372 Should be called when the file ABSOLUTE_FILE_NAME could not be created. */
373 void
376 {
379 gl_list_node_t node;
383 {
388 }
389 }
391 /* Register the given ABSOLUTE_DIR_NAME as being a subdirectory inside DIR,
392 that needs to be removed before DIR can be removed.
393 Should be called before the subdirectory ABSOLUTE_DIR_NAME is created. */
394 void
397 {
400 /* Add absolute_dir_name to tmpdir->subdirs, without duplicates. */
403 }
405 /* Unregister the given ABSOLUTE_DIR_NAME as being a subdirectory inside DIR,
406 that needs to be removed before DIR can be removed.
407 Should be called when the subdirectory ABSOLUTE_DIR_NAME could not be
408 created. */
409 void
412 {
415 gl_list_node_t node;
419 {
424 }
425 }
427 /* Remove a file, with optional error message.
428 Return 0 upon success, or -1 if there was some problem. */
429 static int
431 {
434 {
437 }
439 }
441 /* Remove a directory, with optional error message.
442 Return 0 upon success, or -1 if there was some problem. */
443 static int
445 {
448 {
452 }
454 }
456 /* Remove the given ABSOLUTE_FILE_NAME and unregister it.
457 Return 0 upon success, or -1 if there was some problem. */
458 int
461 {
468 }
470 /* Remove the given ABSOLUTE_DIR_NAME and unregister it.
471 Return 0 upon success, or -1 if there was some problem. */
472 int
475 {
482 }
484 /* Remove all registered files and subdirectories inside DIR.
485 Return 0 upon success, or -1 if there was some problem. */
486 int
488 {
491 gl_list_t list;
492 gl_list_iterator_t iter;
494 gl_list_node_t node;
496 /* First cleanup the files in the subdirectories. */
500 {
505 /* Now only we can free file. */
507 }
510 /* Then cleanup the subdirectories. */
514 {
519 /* Now only we can free subdir. */
521 }
525 }
527 /* Remove all registered files and subdirectories inside DIR and DIR itself.
528 DIR cannot be used any more after this call.
529 Return 0 upon success, or -1 if there was some problem. */
530 int
532 {
542 {
543 /* Remove cleanup_list.tempdir_list[i]. */
545 {
547 i--;
549 }
550 else
552 /* Now only we can free the tmpdir->dirname, tmpdir->subdirs,
553 tmpdir->files, and tmpdir itself. */
559 }
561 /* The user passed an invalid DIR argument. */
563 }
566 #if (defined _WIN32 || defined __WIN32__) && ! defined __CYGWIN__
568 /* On Windows, opening a file with _O_TEMPORARY has the effect of passing
569 the FILE_FLAG_DELETE_ON_CLOSE flag to CreateFile(), which has the effect
570 of deleting the file when it is closed - even when the program crashes.
571 But (according to the Cygwin sources) it works only on Windows NT or newer.
572 So we cache the info whether we are running on Windows NT or newer. */
574 static bool
576 {
579 {
580 OSVERSIONINFO v;
582 /* According to
583 <http://msdn.microsoft.com/en-us/library/windows/desktop/ms724451(v=vs.85).aspx>
584 this structure must be initialized as follows: */
589 else
591 }
593 }
595 #endif
598 /* Register a file descriptor to be closed. */
599 static void
601 {
606 }
608 /* Unregister a file descriptor to be closed. */
609 static void
611 {
613 gl_list_node_t node;
616 /* descriptors should already contain fd. */
620 /* descriptors should already contain fd. */
623 }
625 /* Open a temporary file in a temporary directory.
626 Registers the resulting file descriptor to be closed. */
627 int
629 {
634 /* Note: 'open' here is actually open() or open_safer(). */
635 #if (defined _WIN32 || defined __WIN32__) && ! defined __CYGWIN__
636 /* Use _O_TEMPORARY when possible, to increase the chances that the
637 temporary file is removed when the process crashes. */
640 else
641 #endif
649 }
651 /* Open a temporary file in a temporary directory.
652 Registers the resulting file descriptor to be closed. */
655 {
660 /* Note: 'fopen' here is actually fopen() or fopen_safer(). */
661 #if (defined _WIN32 || defined __WIN32__) && ! defined __CYGWIN__
662 /* Use _O_TEMPORARY when possible, to increase the chances that the
663 temporary file is removed when the process crashes. */
665 {
675 }
676 else
677 #endif
678 {
681 }
683 {
684 /* It is sufficient to register fileno (fp) instead of the entire fp,
685 because at cleanup time there is no need to do an fflush (fp); a
686 close (fileno (fp)) will be enough. */
691 }
695 }
697 /* Close a temporary file in a temporary directory.
698 Unregisters the previously registered file descriptor. */
699 int
701 {
703 {
704 /* No blocking of signals is needed here, since a double close of a
705 file descriptor is harmless. */
709 /* No race condition here: we assume a single-threaded program, hence
710 fd cannot be re-opened here. */
716 }
717 else
719 }
721 /* Close a temporary file in a temporary directory.
722 Unregisters the previously registered file descriptor. */
723 int
725 {
727 /* No blocking of signals is needed here, since a double close of a
728 file descriptor is harmless. */
732 /* No race condition here: we assume a single-threaded program, hence
733 fd cannot be re-opened here. */
739 }
741 #if GNULIB_FWRITEERROR
742 /* Like fwriteerror.
743 Unregisters the previously registered file descriptor. */
744 int
746 {
748 /* No blocking of signals is needed here, since a double close of a
749 file descriptor is harmless. */
753 /* No race condition here: we assume a single-threaded program, hence
754 fd cannot be re-opened here. */
760 }
761 #endif
763 #if GNULIB_CLOSE_STREAM
764 /* Like close_stream.
765 Unregisters the previously registered file descriptor. */
766 int
768 {
770 /* No blocking of signals is needed here, since a double close of a
771 file descriptor is harmless. */
775 /* No race condition here: we assume a single-threaded program, hence
776 fd cannot be re-opened here. */
782 }
783 #endif