1berry/qtbase
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

QSaveFile: make it so flush() errors imply commit() failed

Browse Source 
QSaveFile records past write errors in writeData(), but often the
QFileDevice::writeData() calls it places will succeed because the data
is only being buffered. Instead, the failures are noticed only by
flush(), whose actions do not affect QSaveFilePrivate::writeError.

[ChangeLog][QtCore][QSaveFile] Fixed a bug that caused commit() to
return true and overwrite its intended target file even though it failed
to flush buffered data to the storage, which could cause data loss. This
issue can be worked around by calling flush() first and only calling
commit() if that returns success.

[ChangeLog][QtCore][QSaveFile] Fixed a bug that caused commit() to
return true even after a cancelWriting() call had been placed, if
writing directly to the target file (that is, only with
setDirectWriteFallback() set to true). Note that the state of the file
does not change under those conditions, only the value returned by the
function.

Drive-by clarify a comment from 6bf1674f1e51fd8b08783035cda7493ecd63b44
(Qt 4.6 "Don't drop errors from flush on QFile::close") which had me
chasing the wrong lead.

Fixes: QTBUG-132332
Pick-to: 6.8 6.5 5.15
Change-Id: I427df6fd02132d02be91fffd175579c35b9c06cc
Reviewed-by: David Faure <david.faure@kdab.com>
Reviewed-by: Oswald Buddenhagen <oswald.buddenhagen@gmx.de>
(cherry picked from commit 92373d353cf090faa03cbc8aca505d1784b10b54)
Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
This commit is contained in:
Thiago Macieira 2024-12-18 12:31:53 -03:00 committed by Qt Cherry-pick Bot
parent e6434a71eb
commit 09d44fdef3
3 changed files with 144 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
src/corelib/io/qfiledevice.cpp
View File

@ -338,7 +338,8 @@ void QFileDevice::close()
// reset cached size
d->cachedSize = 0;
// keep earlier error from flush
// If flush() succeeded but close() failed, copy its error condition;
// otherwise, keep the earlier flush() error.
if (d->fileEngine->close() && flushed)
unsetError();
else if (flushed)

14
src/corelib/io/qsavefile.cpp
View File

@ -302,10 +302,15 @@ bool QSaveFile::commit()
// Sync to disk if possible. Ignore errors (e.g. not supported).
fe->syncToDisk();
// ensure we act on either a close()/flush() failure or a previous write()
// problem
if (d->error == QFileDevice::NoError)
d->error = d->writeError;
d->writeError = QFileDevice::NoError;
if (d->useTemporaryFile) {
if (d->writeError != QFileDevice::NoError) {
if (d->error != QFileDevice::NoError) {
fe->remove();
d->writeError = QFileDevice::NoError;
return false;
}
// atomically replace old file with new file
@ -317,7 +322,10 @@ bool QSaveFile::commit()
return false;
}
}
return true;
// return true if all previous write() calls succeeded and if close() and
// flush() succeeded.
return d->error == QFileDevice::NoError;
}
/*!

133
tests/auto/corelib/io/qsavefile/tst_qsavefile.cpp
View File

@ -12,6 +12,9 @@
#include <qset.h>
#if defined(Q_OS_UNIX)
#include <errno.h>
#include <signal.h>
#include <sys/resource.h>
#include <unistd.h> // for geteuid
#endif
@ -65,6 +68,15 @@ private slots:
void symlink();
void directory();
#ifdef Q_OS_UNIX
void writeFailToDevFull_data();
void writeFailToDevFull();
#endif
#if defined(RLIMIT_FSIZE) && (defined(Q_OS_LINUX) || defined(Q_OS_MACOS))
void writeFailResourceLimit_data();
void writeFailResourceLimit();
#endif
#ifdef Q_OS_WIN
void alternateDataStream_data();
void alternateDataStream();
@ -288,8 +300,8 @@ void tst_QSaveFile::transactionalWriteNoPermissionsOnDir()
QVERIFY2(file.open(QIODevice::WriteOnly), msgCannotOpen(file).constData());
QCOMPARE((int)file.error(), (int)QFile::NoError);
QCOMPARE(file.write("W"), Q_INT64_C(1));
file.cancelWriting(); // no effect, as per the documentation
QVERIFY(file.commit());
file.cancelWriting();
QVERIFY(!file.commit());
QVERIFY(reader.open(QIODevice::ReadOnly));
QCOMPARE(QString::fromLatin1(reader.readAll()), QString::fromLatin1("W"));
@ -525,6 +537,123 @@ void tst_QSaveFile::directory()
#endif
}
[[maybe_unused]] static void bufferedAndUnbuffered()
{
QTest::addColumn<QIODevice::OpenMode>("mode");
QTest::newRow("unbuffered") << QIODevice::OpenMode(QIODevice::Unbuffered);
QTest::newRow("buffered") << QIODevice::OpenMode();
}
#ifdef Q_OS_UNIX
void tst_QSaveFile::writeFailToDevFull_data()
{
// check if /dev/full exists and is writable
if (access("/dev/full", W_OK) != 0)
QSKIP("/dev/full either does not exist or is not writable");
if (access("/dev", W_OK) == 0)
QSKIP("/dev is writable (running as root?): this test would replace /dev/full");
bufferedAndUnbuffered();
}
void tst_QSaveFile::writeFailToDevFull()
{
QFETCH(QIODevice::OpenMode, mode);
mode |= QIODevice::WriteOnly;
QSaveFile saveFile("/dev/full");
saveFile.setDirectWriteFallback(true);
QVERIFY2(saveFile.open(mode), msgCannotOpen(saveFile).constData());
QByteArray data("abc");
qint64 written = saveFile.write(data);
if (mode & QIODevice::Unbuffered) {
// error reported immediately
QCOMPARE(written, -1);
QCOMPARE(saveFile.error(), QFile::ResourceError);
QCOMPARE(saveFile.errorString(), qt_error_string(ENOSPC));
} else {
// error reported only on .commit()
QCOMPARE(written, data.size());
QCOMPARE(saveFile.error(), QFile::NoError);
}
QVERIFY(!saveFile.commit());
QCOMPARE(saveFile.error(), QFile::ResourceError);
}
#endif // Q_OS_UNIX
#if defined(RLIMIT_FSIZE) && (defined(Q_OS_LINUX) || defined(Q_OS_MACOS))
// This test is only enabled on Linux and on macOS because we can verify that
// those OSes do respect RLIMIT_FSIZE. We can also verify that some other Unix
// OSes do not.
void tst_QSaveFile::writeFailResourceLimit_data()
{
bufferedAndUnbuffered();
}
void tst_QSaveFile::writeFailResourceLimit()
{
// don't make it too small because stdout may be a log file!
static constexpr qint64 FileSizeLimit = 1024 * 1024;
struct RlimitChanger {
struct rlimit old;
RlimitChanger()
{
getrlimit(RLIMIT_FSIZE, &old);
struct rlimit newLimit = {};
newLimit.rlim_cur = FileSizeLimit;
newLimit.rlim_max = old.rlim_max;
if (setrlimit(RLIMIT_FSIZE, &newLimit) != 0)
old.rlim_cur = 0;
// ignore SIGXFSZ so we get EF2BIG when writing the file
signal(SIGXFSZ, SIG_IGN);
}
~RlimitChanger()
{
if (old.rlim_cur)
setrlimit(RLIMIT_FSIZE, &old);
}
};
QFETCH(QIODevice::OpenMode, mode);
mode |= QIODevice::WriteOnly;
QTemporaryDir dir;
QVERIFY2(dir.isValid(), qPrintable(dir.errorString()));
const QString targetFile = dir.path() + QString::fromLatin1("/outfile");
QFile::remove(targetFile);
QSaveFile saveFile(targetFile);
QVERIFY2(saveFile.open(mode), msgCannotOpen(saveFile).constData());
RlimitChanger changer;
if (changer.old.rlim_cur == 0)
QSKIP("Could not set the file size resource limit");
QByteArray data(FileSizeLimit + 16, 'a');
qint64 written = 0, lastWrite;
do {
lastWrite = saveFile.write(data.constData() + written, data.size() - written);
if (lastWrite > 0)
written += lastWrite;
} while (lastWrite > 0 && written < data.size());
if (mode & QIODevice::Unbuffered) {
// error reported immediately
QCOMPARE_LT(written, data.size());
QCOMPARE(lastWrite, -1);
QCOMPARE(saveFile.error(), QFile::WriteError);
QCOMPARE(saveFile.errorString(), qt_error_string(EFBIG));
} else {
// error reported only on .commit()
QCOMPARE(written, data.size());
QCOMPARE(saveFile.error(), QFile::NoError);
}
QVERIFY(!saveFile.commit());
QCOMPARE(saveFile.error(), QFile::WriteError);
}
#endif // RLIMIT_FSIZE && (Linux or macOS)
#ifdef Q_OS_WIN
void tst_QSaveFile::alternateDataStream_data()
{