| blob | 4a2c8392fa68f9387557076909b83a7644659d12 |
1 ///////////////////////////////////////////////////////////////////////////////
2 //
3 /// \file file_io.c
4 /// \brief File opening, unlinking, and closing
5 //
6 // Author: Lasse Collin
7 //
8 // This file has been put into the public domain.
9 // You can do whatever you want with this file.
10 //
11 ///////////////////////////////////////////////////////////////////////////////
15 #include <fcntl.h>
17 #ifdef TUKLIB_DOSLIKE
18 # include <io.h>
19 #else
20 # include <poll.h>
22 #endif
24 #if defined(HAVE_FUTIMES) || defined(HAVE_FUTIMESAT) || defined(HAVE_UTIMES)
25 # include <sys/time.h>
26 #elif defined(HAVE__FUTIME)
27 # include <sys/utime.h>
28 #elif defined(HAVE_UTIME)
29 # include <utime.h>
30 #endif
32 #ifdef HAVE_CAP_RIGHTS_LIMIT
33 # include <sys/capsicum.h>
34 #endif
36 #ifdef HAVE_LINUX_LANDLOCK_H
37 # include <linux/landlock.h>
38 # include <sys/syscall.h>
39 #endif
43 #ifdef _MSC_VER
44 # ifdef _WIN64
46 # else
48 # endif
51 # define S_IRUSR _S_IREAD
52 # define S_IWUSR _S_IWRITE
54 # define setmode _setmode
55 # define open _open
56 # define close _close
57 # define lseek _lseeki64
58 # define unlink _unlink
60 // The casts are to silence warnings.
61 // The sizes are known to be small enough.
62 # define read(fd, buf, size) _read(fd, buf, (unsigned int)(size))
63 # define write(fd, buf, size) _write(fd, buf, (unsigned int)(size))
65 # define S_ISDIR(m) (((m) & _S_IFMT) == _S_IFDIR)
66 # define S_ISREG(m) (((m) & _S_IFMT) == _S_IFREG)
67 #endif
69 #ifndef O_BINARY
70 # define O_BINARY 0
71 #endif
73 #ifndef O_NOCTTY
74 # define O_NOCTTY 0
75 #endif
77 // Using this macro to silence a warning from gcc -Wlogical-op.
78 #if EAGAIN == EWOULDBLOCK
79 # define IS_EAGAIN_OR_EWOULDBLOCK(e) ((e) == EAGAIN)
80 #else
81 # define IS_EAGAIN_OR_EWOULDBLOCK(e) \
82 ((e) == EAGAIN || (e) == EWOULDBLOCK)
83 #endif
93 /// If true, try to create sparse files when decompressing.
96 #ifdef ENABLE_SANDBOX
97 /// True if the conditions for sandboxing (described in main()) have been met.
99 #endif
101 #ifndef TUKLIB_DOSLIKE
102 /// File status flags of standard input. This is used by io_open_src()
103 /// and io_close_src().
107 /// Original file status flags of standard output. This is used by
108 /// io_open_dest() and io_close_dest() to save and restore the flags.
112 /// Self-pipe used together with the user_abort variable to avoid
113 /// race conditions with signal handling.
115 #endif
123 {
124 // Make sure that stdin, stdout, and stderr are connected to
125 // a valid file descriptor. Exit immediately with exit code ERROR
126 // if we cannot make the file descriptors valid. Maybe we should
127 // print an error message, but our stderr could be screwed anyway.
130 #ifndef TUKLIB_DOSLIKE
131 // If fchown() fails setting the owner, we warn about it only if
132 // we are root.
135 // Create a pipe for the self-pipe trick.
140 // Make both ends of the pipe non-blocking.
147 }
148 #endif
150 #ifdef __DJGPP__
151 // Avoid doing useless things when statting files.
152 // This isn't important but doesn't hurt.
154 #endif
157 }
160 #ifndef TUKLIB_DOSLIKE
163 {
164 // If the write() fails, it's probably due to the pipe being full.
165 // Failing in that case is fine. If the reason is something else,
166 // there's not much we can do since this is called in a signal
167 // handler. So ignore the errors and try to avoid warnings with
168 // GCC and glibc when _FORTIFY_SOURCE=2 is used.
173 }
174 #endif
179 {
182 }
185 #ifdef ENABLE_SANDBOX
188 {
191 }
194 /// Enables operating-system-specific sandbox if it is possible.
195 /// src_fd is the file descriptor of the input file.
196 static void
198 {
200 // This message is more often annoying than useful so
201 // it's commented out. It can be useful when developing
202 // the sandboxing code.
203 //message(V_DEBUG, _("Sandbox is disabled due "
204 // "to incompatible command line arguments"));
206 }
210 // Try to ensure that both libc and xz locale files have been
211 // loaded when NLS is enabled.
214 // Try to ensure that iconv data files needed for handling multibyte
215 // characters have been loaded. This is needed at least with glibc.
218 #ifdef HAVE_CAP_RIGHTS_LIMIT
219 // Capsicum needs FreeBSD 10.2 or later.
220 cap_rights_t rights;
239 CAP_WRITE)))
243 CAP_EVENT)))
247 CAP_WRITE)))
250 #elif defined(HAVE_PLEDGE)
251 // pledge() was introduced in OpenBSD 5.9.
252 //
253 // main() unconditionally calls pledge() with fairly relaxed
254 // promises which work in all situations. Here we make the
255 // sandbox more strict.
261 #elif defined(HAVE_LINUX_LANDLOCK_H)
266 // We support ABI versions 1-3.
270 // We want to set all supported flags in handled_access_fs.
271 // This way the ruleset will initially forbid access to all
272 // actions that the available Landlock ABI version supports.
273 // Exceptions can be added using landlock_add_rule(2) to
274 // allow certain actions on certain files or directories.
275 //
276 // The same flag values are used on all archs. ABI v2 and v3
277 // both add one new flag.
278 //
279 // First in ABI v1: LANDLOCK_ACCESS_FS_EXECUTE = 1ULL << 0
280 // Last in ABI v1: LANDLOCK_ACCESS_FS_MAKE_SYM = 1ULL << 12
281 // Last in ABI v2: LANDLOCK_ACCESS_FS_REFER = 1ULL << 13
282 // Last in ABI v3: LANDLOCK_ACCESS_FS_TRUNCATE = 1ULL << 14
283 //
284 // This makes it simple to set the mask based on the ABI
285 // version and we don't need to care which flags are #defined
286 // in the installed <linux/landlock.h>.
289 };
296 // All files we need should have already been opened. Thus,
297 // we don't need to add any rules using landlock_add_rule(2)
298 // before activating the sandbox.
299 //
300 // NOTE: It's possible that the hack at the beginning of this
301 // function isn't be good enough. It tries to get translations
302 // and libc-specific files loaded but if it's not good enough
303 // then perhaps a Landlock rule to allow reading from /usr
304 // and/or the xz installation prefix would be needed.
305 //
306 // prctl(PR_SET_NO_NEW_PRIVS, ...) was already called in
307 // main() so we don't do it here again.
310 }
314 #else
315 # error ENABLE_SANDBOX is defined but no sandboxing method was found.
316 #endif
318 // This message is annoying in xz -lvv.
319 //message(V_DEBUG, _("Sandbox was successfully enabled"));
322 error:
323 #ifdef HAVE_CAP_RIGHTS_LIMIT
324 // If a kernel is configured without capability mode support or
325 // used in an emulator that does not implement the capability
326 // system calls, then the Capsicum system calls will fail and set
327 // errno to ENOSYS. In that case xz will silently run without
328 // the sandbox.
331 #endif
333 }
337 #ifndef TUKLIB_DOSLIKE
338 /// \brief Waits for input or output to become available or for a signal
339 ///
340 /// This uses the self-pipe trick to avoid a race condition that can occur
341 /// if a signal is caught after user_abort has been checked but before e.g.
342 /// read() has been called. In that situation read() could block unless
343 /// non-blocking I/O is used. With non-blocking I/O something like select()
344 /// or poll() is needed to avoid a busy-wait loop, and the same race condition
345 /// pops up again. There are pselect() (POSIX-1.2001) and ppoll() (not in
346 /// POSIX) but neither is portable enough in 2013. The self-pipe trick is
347 /// old and very portable.
348 static io_wait_ret
350 {
359 }
379 }
386 }
387 }
388 #endif
391 /// \brief Unlink a file
392 ///
393 /// This tries to verify that the file being unlinked really is the file that
394 /// we want to unlink by verifying device and inode numbers. There's still
395 /// a small unavoidable race, but this is much better than nothing (the file
396 /// could have been moved/replaced even hours earlier).
397 static void
399 {
400 #if defined(TUKLIB_DOSLIKE)
401 // On DOS-like systems, st_ino is meaningless, so don't bother
402 // testing it. Just silence a compiler warning.
404 #else
407 // If --force was used, use stat() instead of lstat(). This way
408 // (de)compressing symlinks works correctly. However, it also means
409 // that xz cannot detect if a regular file foo is renamed to bar
410 // and then a symlink foo -> bar is created. Because of stat()
411 // instead of lstat(), xz will think that foo hasn't been replaced
412 // with another file. Thus, xz will remove foo even though it no
413 // longer is the same file that xz used when it started compressing.
414 // Probably it's not too bad though, so this doesn't need a more
415 // complex fix.
420 # ifdef __VMS
421 // st_ino is an array, and we don't want to
422 // compare st_dev at all.
425 # else
426 // Typical POSIX-like system
429 # endif
430 )
431 // TRANSLATORS: When compression or decompression finishes,
432 // and xz is going to remove the source file, xz first checks
433 // if the source file still exists, and if it does, does its
434 // device and inode numbers match what xz saw when it opened
435 // the source file. If these checks fail, this message is
436 // shown, %s being the filename, and the file is not deleted.
437 // The check for device and inode numbers is there, because
438 // it is possible that the user has put a new file in place
439 // of the original file, and in that case it obviously
440 // shouldn't be removed.
443 else
444 #endif
445 // There's a race condition between lstat() and unlink()
446 // but at least we have tried to avoid removing wrong file.
452 }
455 /// \brief Copies owner/group and permissions
456 ///
457 /// \todo ACL and EA support
458 ///
459 static void
461 {
462 // Skip chown and chmod on Windows.
463 #ifndef TUKLIB_DOSLIKE
464 // This function is more tricky than you may think at first.
465 // Blindly copying permissions may permit users to access the
466 // destination file who didn't have permission to access the
467 // source file.
469 // Try changing the owner of the file. If we aren't root or the owner
470 // isn't already us, fchown() probably doesn't succeed. We warn
471 // about failing fchown() only if we are root.
477 mode_t mode;
479 // With BSD semantics the new dest file may have a group that
480 // does not belong to the user. If the src file has the same gid
481 // nothing has to be done. Nevertheless OpenBSD fchown(2) fails
482 // in this case which seems to be POSIX compliant. As there is
483 // nothing to do, skip the system call.
489 // We can still safely copy some additional permissions:
490 // 'group' must be at least as strict as 'other' and
491 // also vice versa.
492 //
493 // NOTE: After this, the owner of the source file may
494 // get additional permissions. This shouldn't be too bad,
495 // because the owner would have had permission to chmod
496 // the original file anyway.
501 // Drop the setuid, setgid, and sticky bits.
503 }
508 #endif
510 // Copy the timestamps. We have several possible ways to do this, of
511 // which some are better in both security and precision.
512 //
513 // First, get the nanosecond part of the timestamps. As of writing,
514 // it's not standardized by POSIX, and there are several names for
515 // the same thing in struct stat.
519 # if defined(HAVE_STRUCT_STAT_ST_ATIM_TV_NSEC)
520 // GNU and Solaris
524 # elif defined(HAVE_STRUCT_STAT_ST_ATIMESPEC_TV_NSEC)
525 // BSD
529 # elif defined(HAVE_STRUCT_STAT_ST_ATIMENSEC)
530 // GNU and BSD without extensions
534 # elif defined(HAVE_STRUCT_STAT_ST_UATIME)
535 // Tru64
539 # elif defined(HAVE_STRUCT_STAT_ST_ATIM_ST__TIM_TV_NSEC)
540 // UnixWare
544 # else
545 // Safe fallback
548 # endif
550 // Construct a structure to hold the timestamps and call appropriate
551 // function to set the timestamps.
552 #if defined(HAVE_FUTIMENS)
553 // Use nanosecond precision.
562 #elif defined(HAVE_FUTIMES) || defined(HAVE_FUTIMESAT) || defined(HAVE_UTIMES)
563 // Use microsecond precision.
570 # if defined(HAVE_FUTIMES)
572 # elif defined(HAVE_FUTIMESAT)
574 # else
575 // Argh, no function to use a file descriptor to set the timestamp.
577 # endif
579 #elif defined(HAVE__FUTIME)
580 // Use one-second precision with Windows-specific _futime().
581 // We could use utime() too except that for some reason the
582 // timestamp will get reset at close(). With _futime() it works.
583 // This struct cannot be const as _futime() takes a non-const pointer.
587 };
589 // Avoid warnings.
595 #elif defined(HAVE_UTIME)
596 // Use one-second precision. utime() doesn't support using file
597 // descriptor either. Some systems have broken utime() prototype
598 // so don't make this const.
602 };
604 // Avoid warnings.
609 #endif
612 }
615 /// Opens the source file. Returns false on success, true on error.
616 static bool
618 {
619 // There's nothing to open when reading from stdin.
622 #ifdef TUKLIB_DOSLIKE
624 #else
625 // Try to set stdin to non-blocking mode. It won't work
626 // e.g. on OpenBSD if stdout is e.g. /dev/null. In such
627 // case we proceed as if stdin were non-blocking anyway
628 // (in case of /dev/null it will be in practice). The
629 // same applies to stdout in io_open_dest_real().
636 }
642 #endif
643 #ifdef HAVE_POSIX_FADVISE
644 // It will fail if stdin is a pipe and that's fine.
646 opt_mode == MODE_LIST
647 ? POSIX_FADV_RANDOM
649 #endif
651 }
653 // Symlinks are not followed unless writing to stdout or --force
654 // or --keep was used.
655 const bool follow_symlinks
658 // We accept only regular files if we are writing the output
659 // to disk too. bzip2 allows overriding this with --force but
660 // gzip and xz don't.
663 // Flags for open()
666 #ifndef TUKLIB_DOSLIKE
667 // Use non-blocking I/O:
668 // - It prevents blocking when opening FIFOs and some other
669 // special files, which is good if we want to accept only
670 // regular files.
671 // - It can help avoiding some race conditions with signal handling.
673 #endif
675 #if defined(O_NOFOLLOW)
678 #elif !defined(TUKLIB_DOSLIKE)
679 // Some POSIX-like systems lack O_NOFOLLOW (it's not required
680 // by POSIX). Check for symlinks with a separate lstat() on
681 // these systems.
693 }
694 }
695 #else
696 // Avoid warnings.
698 #endif
700 // Try to open the file. Signals have been blocked so EINTR shouldn't
701 // be possible.
705 // Signals (that have a signal handler) have been blocked.
708 #ifdef O_NOFOLLOW
709 // Give an understandable error message if the reason
710 // for failing was that the file was a symbolic link.
711 //
712 // Note that at least Linux, OpenBSD, Solaris, and Darwin
713 // use ELOOP to indicate that O_NOFOLLOW was the reason
714 // that open() failed. Because there may be
715 // directories in the pathname, ELOOP may occur also
716 // because of a symlink loop in the directory part.
717 // So ELOOP doesn't tell us what actually went wrong,
718 // and this stupidity went into POSIX-1.2008 too.
719 //
720 // FreeBSD associates EMLINK with O_NOFOLLOW and
721 // Tru64 uses ENOTSUP. We use these directly here
722 // and skip the lstat() call and the associated race.
723 // I want to hear if there are other kernels that
724 // fail with something else than ELOOP with O_NOFOLLOW.
727 # if defined(__FreeBSD__) || defined(__DragonFly__)
731 # elif defined(__digital__) && defined(__unix__)
735 # elif defined(__NetBSD__)
739 # else
748 }
749 # endif
754 else
755 #endif
756 // Something else than O_NOFOLLOW failing
757 // (assuming that the race conditions didn't
758 // confuse us).
763 }
765 // Stat the source file. We need the result also when we copy
766 // the permissions, and when unlinking.
767 //
768 // NOTE: Use stat() instead of fstat() with DJGPP, because
769 // then we have a better chance to get st_ino value that can
770 // be used in io_open_dest_real() to prevent overwriting the
771 // source file.
772 #ifdef __DJGPP__
775 #else
778 #endif
784 }
790 }
792 #ifndef TUKLIB_DOSLIKE
795 // gzip rejects setuid and setgid files even
796 // when --force was used. bzip2 doesn't check
797 // for them, but calls fchown() after fchmod(),
798 // and many systems automatically drop setuid
799 // and setgid bits there.
800 //
801 // We accept setuid and setgid files if
802 // --force or --keep was used. We drop these bits
803 // explicitly in io_copy_attr().
808 }
815 }
819 "than one hard link, "
822 }
823 }
825 // If it is something else than a regular file, wait until
826 // there is input available. This way reading from FIFOs
827 // will work when open() is used with O_NONBLOCK.
835 }
836 #endif
838 #ifdef HAVE_POSIX_FADVISE
839 // It will fail with some special files like FIFOs but that is fine.
841 opt_mode == MODE_LIST
842 ? POSIX_FADV_RANDOM
844 #endif
848 error_msg:
850 error:
853 }
858 {
862 }
864 // Since we have only one file open at a time, we can use
865 // a statically allocated structure.
868 // This implicitly also initializes src_st.st_size to zero
869 // which is expected to be <= 0 by default. fstat() isn't
870 // called when reading from standard input but src_st.st_size
871 // is still read.
882 };
884 // Block the signals, for which we have a custom signal handler, so
885 // that we don't need to worry about EINTR.
890 #ifdef ENABLE_SANDBOX
893 #endif
896 }
899 /// \brief Closes source file of the file_pair structure
900 ///
901 /// \param pair File whose src_fd should be closed
902 /// \param success If true, the file will be removed from the disk if
903 /// closing succeeds and --keep hasn't been used.
904 static void
906 {
907 #ifndef TUKLIB_DOSLIKE
917 }
918 #endif
921 // Close the file before possibly unlinking it. On DOS-like
922 // systems this is always required since unlinking will fail
923 // if the file is open. On POSIX systems it usually works
924 // to unlink open files, but in some cases it doesn't and
925 // one gets EBUSY in errno.
926 //
927 // xz 5.2.2 and older unlinked the file before closing it
928 // (except on DOS-like systems). The old code didn't handle
929 // EBUSY and could fail e.g. on some CIFS shares. The
930 // advantage of unlinking before closing is negligible
931 // (avoids a race between close() and stat()/lstat() and
932 // unlink()), so let's keep this simple.
937 }
940 }
943 static bool
945 {
947 // We don't modify or free() this.
950 #ifdef TUKLIB_DOSLIKE
952 #else
953 // Try to set O_NONBLOCK if it isn't already set.
954 // If it fails, we assume that stdout is non-blocking
955 // in practice. See the comments in io_open_src_real()
956 // for similar situation with stdin.
957 //
958 // NOTE: O_APPEND may be unset later in this function
959 // and it relies on stdout_flags being set here.
966 }
972 #endif
978 #ifdef __DJGPP__
981 // Check that it isn't a special file like "prn".
988 }
990 // Check that we aren't overwriting the source file.
998 }
999 }
1000 #endif
1002 // If --force was used, unlink the target file first.
1008 }
1010 // Open the file.
1013 #ifndef TUKLIB_DOSLIKE
1015 #endif
1024 }
1025 }
1028 // If fstat() really fails, we have a safe fallback here.
1029 #if defined(__VMS)
1033 #else
1036 #endif
1037 }
1038 #if defined(TUKLIB_DOSLIKE) && !defined(__DJGPP__)
1039 // Check that the output file is a regular file. We open with O_EXCL
1040 // but that doesn't prevent open()/_open() on Windows from opening
1041 // files like "con" or "nul".
1042 //
1043 // With DJGPP this check is done with stat() even before opening
1044 // the output file. That method or a variant of it doesn't work on
1045 // Windows because on Windows stat()/_stat64() sets st.st_mode so
1046 // that S_ISREG(st.st_mode) will be true even for special files.
1047 // With fstat()/_fstat64() it works.
1053 // dest_fd needs to be reset to -1 to keep io_close() working.
1059 }
1060 #elif !defined(TUKLIB_DOSLIKE)
1062 // When writing to standard output, we need to be extra
1063 // careful:
1064 // - It may be connected to something else than
1065 // a regular file.
1066 // - We aren't necessarily writing to a new empty file
1067 // or to the end of an existing file.
1068 // - O_APPEND may be active.
1069 //
1070 // TODO: I'm keeping this disabled for DOS-like systems
1071 // for now. FAT doesn't support sparse files, but NTFS
1072 // does, so maybe this should be enabled on Windows after
1073 // some testing.
1079 // Creating a sparse file is not possible
1080 // when O_APPEND is active (it's used by
1081 // shell's >> redirection). As I understand
1082 // it, it is safe to temporarily disable
1083 // O_APPEND in xz, because if someone
1084 // happened to write to the same file at the
1085 // same time, results would be bad anyway
1086 // (users shouldn't assume that xz uses any
1087 // specific block size when writing data).
1088 //
1089 // The write position may be something else
1090 // than the end of the file, so we must fix
1091 // it to start writing at the end of the file
1092 // to imitate O_APPEND.
1096 // Construct the new file status flags.
1097 // If O_NONBLOCK was set earlier in this
1098 // function, it must be kept here too.
1103 // If this fcntl() fails, we continue but won't
1104 // try to create sparse output. The original
1105 // flags will still be restored if needed (to
1106 // unset O_NONBLOCK) when the file is finished.
1110 // Disabling O_APPEND succeeded. Mark
1111 // that the flags should be restored
1112 // in io_close_dest(). (This may have already
1113 // been set when enabling O_NONBLOCK.)
1118 // Writing won't start exactly at the end
1119 // of the file. We cannot use sparse output,
1120 // because it would probably corrupt the file.
1122 }
1123 }
1126 }
1127 #endif
1130 }
1135 {
1140 }
1143 /// \brief Closes destination file of the file_pair structure
1144 ///
1145 /// \param pair File whose dest_fd should be closed
1146 /// \param success If false, the file will be removed from the disk.
1147 ///
1148 /// \return Zero if closing succeeds. On error, -1 is returned and
1149 /// error message printed.
1150 static bool
1152 {
1153 #ifndef TUKLIB_DOSLIKE
1154 // If io_open_dest() has disabled O_APPEND, restore it here.
1165 }
1166 }
1167 #endif
1176 // Closing destination file failed, so we cannot trust its
1177 // contents. Get rid of junk:
1181 }
1183 // If the operation using this file wasn't successful, we git rid
1184 // of the junk file.
1191 }
1196 {
1197 // Take care of sparseness at the end of the output file.
1200 // Seek forward one byte less than the size of the pending
1201 // hole, then write one zero-byte. This way the file grows
1202 // to its correct size. An alternative would be to use
1203 // ftruncate() but that isn't portable enough (e.g. it
1204 // doesn't work with FAT on Linux; FAT isn't that important
1205 // since it doesn't support sparse files anyway, but we don't
1206 // want to create corrupt files on it).
1217 }
1218 }
1222 // Copy the file attributes. We need to skip this if destination
1223 // file isn't open or it is standard output.
1227 // Close the destination first. If it fails, we must not remove
1228 // the source file!
1232 // Close the source file, and unlink it if the operation using this
1233 // file pair was successful and we haven't requested to keep the
1234 // source file.
1240 }
1245 {
1249 // This doesn't need to work on unseekable file descriptors,
1250 // so just ignore possible errors.
1252 }
1255 }
1260 {
1272 }
1280 }
1282 #ifndef TUKLIB_DOSLIKE
1284 // Disable the flush-timeout if no input has
1285 // been seen since the previous flush and thus
1286 // there would be nothing to flush after the
1287 // timeout expires (avoids busy waiting).
1305 }
1306 }
1307 #endif
1313 }
1320 }
1321 }
1324 }
1329 {
1330 // Caller must not attempt to seek past the end of the input file
1331 // (seeking to 100 in a 100-byte file is seeking to the end of
1332 // the file, not past the end of the file, and thus that is allowed).
1333 //
1334 // This also validates that pos can be safely cast to off_t.
1342 }
1347 }
1352 {
1353 // Using lseek() and read() is more portable than pread() and
1354 // for us it is as good as real pread().
1366 }
1369 }
1372 static bool
1374 {
1382 }
1385 static bool
1387 {
1398 }
1400 #ifndef TUKLIB_DOSLIKE
1406 }
1407 #endif
1409 // Handle broken pipe specially. gzip and bzip2
1410 // don't print anything on SIGPIPE. In addition,
1411 // gzip --quiet uses exit status 2 (warning) on
1412 // broken pipe instead of whatever raise(SIGPIPE)
1413 // would make it return. It is there to hide "Broken
1414 // pipe" message on some old shells (probably old
1415 // GNU bash).
1416 //
1417 // We don't do anything special with --quiet, which
1418 // is what bzip2 does too. If we get SIGPIPE, we
1419 // will handle it like other signals by setting
1420 // user_abort, and get EPIPE here.
1426 }
1430 }
1433 }
1438 {
1442 // Check if the block is sparse (contains only zeros). If it
1443 // sparse, we just store the amount and return. We will take
1444 // care of actually skipping over the hole when we hit the
1445 // next data block or close the file.
1446 //
1447 // Since io_close() requires that dest_pending_sparse > 0
1448 // if the file ends with sparse block, we must also return
1449 // if size == 0 to avoid doing the lseek().
1451 // Even if the block was sparse, treat it as non-sparse
1452 // if the pending sparse amount is large compared to
1453 // the size of off_t. In practice this only matters
1454 // on 32-bit systems where off_t isn't always 64 bits.
1455 const off_t pending_max
1461 }
1464 }
1466 // This is not a sparse block. If we have a pending hole,
1467 // skip it now.
1472 "trying to create a sparse "
1476 }
1479 }
1480 }
1483 }