From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!not-for-mail From: Paul Eggert Newsgroups: gmane.emacs.bugs Subject: bug#20595: 24.4; Data lost when modifying file on filesystem with no space left on device / disc full Date: Fri, 29 May 2015 23:24:56 -0700 Organization: UCLA Computer Science Department Message-ID: <556957B8.8070600@cs.ucla.edu> References: <86h9rbxvxs.fsf@mi.blissett.me.uk> NNTP-Posting-Host: plane.gmane.org Mime-Version: 1.0 Content-Type: multipart/mixed; boundary="------------040206050405050609040805" X-Trace: ger.gmane.org 1432967185 30872 80.91.229.3 (30 May 2015 06:26:25 GMT) X-Complaints-To: usenet@ger.gmane.org NNTP-Posting-Date: Sat, 30 May 2015 06:26:25 +0000 (UTC) Cc: 20595-done@debbugs.gnu.org To: Matthew Blissett Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Sat May 30 08:26:14 2015 Return-path: Envelope-to: geb-bug-gnu-emacs@m.gmane.org Original-Received: from lists.gnu.org ([208.118.235.17]) by plane.gmane.org with esmtp (Exim 4.69) (envelope-from ) id 1YyaDl-0004AM-Sf for geb-bug-gnu-emacs@m.gmane.org; Sat, 30 May 2015 08:26:14 +0200 Original-Received: from localhost ([::1]:38493 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1YyaDk-0007BY-SX for geb-bug-gnu-emacs@m.gmane.org; Sat, 30 May 2015 02:26:12 -0400 Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:42925) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1YyaDh-0007AF-3S for bug-gnu-emacs@gnu.org; Sat, 30 May 2015 02:26:10 -0400 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1YyaDd-0004n7-TC for bug-gnu-emacs@gnu.org; Sat, 30 May 2015 02:26:09 -0400 Original-Received: from debbugs.gnu.org ([140.186.70.43]:51075) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1YyaDd-0004n3-Pg for bug-gnu-emacs@gnu.org; Sat, 30 May 2015 02:26:05 -0400 Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.80) (envelope-from ) id 1YyaDc-0000TM-Rt for bug-gnu-emacs@gnu.org; Sat, 30 May 2015 02:26:05 -0400 In-Reply-To: <86h9rbxvxs.fsf@mi.blissett.me.uk> Resent-From: Paul Eggert Original-Sender: "Debbugs-submit" Resent-To: bug-gnu-emacs@gnu.org Resent-Date: Sat, 30 May 2015 06:26:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: cc-closed 20595 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: confirmed Mail-Followup-To: 20595@debbugs.gnu.org, eggert@cs.ucla.edu, mailgateway@blissett.me.uk Original-Received: via spool by 20595-done@debbugs.gnu.org id=D20595.14329671171747 (code D ref 20595); Sat, 30 May 2015 06:26:02 +0000 Original-Received: (at 20595-done) by debbugs.gnu.org; 30 May 2015 06:25:17 +0000 Original-Received: from localhost ([127.0.0.1]:32815 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1YyaCo-0000S5-C3 for submit@debbugs.gnu.org; Sat, 30 May 2015 02:25:16 -0400 Original-Received: from smtp.cs.ucla.edu ([131.179.128.62]:33153) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1YyaCh-0000Ra-Vf for 20595-done@debbugs.gnu.org; Sat, 30 May 2015 02:25:10 -0400 Original-Received: from localhost (localhost.localdomain [127.0.0.1]) by smtp.cs.ucla.edu (Postfix) with ESMTP id C2803A60006; Fri, 29 May 2015 23:25:01 -0700 (PDT) X-Virus-Scanned: amavisd-new at smtp.cs.ucla.edu Original-Received: from smtp.cs.ucla.edu ([127.0.0.1]) by localhost (smtp.cs.ucla.edu [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bbReSN+XdHDB; Fri, 29 May 2015 23:25:00 -0700 (PDT) Original-Received: from [192.168.1.9] (pool-100-32-155-148.lsanca.fios.verizon.net [100.32.155.148]) by smtp.cs.ucla.edu (Postfix) with ESMTPSA id 63CC6A60002; Fri, 29 May 2015 23:25:00 -0700 (PDT) User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.7.0 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.15 Precedence: list X-detected-operating-system: by eggs.gnu.org: GNU/Linux 3.x X-Received-From: 140.186.70.43 X-BeenThere: bug-gnu-emacs@gnu.org List-Id: "Bug reports for GNU Emacs, the Swiss army knife of text editors" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Original-Sender: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Xref: news.gmane.org gmane.emacs.bugs:103339 Archived-At: This is a multi-part message in MIME format. --------------040206050405050609040805 Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit Thank you for reporting this, and for the recipe for reproducing this important bug in Emacs. I installed the attached patches into the GNU Emacs master to fix the problem. The 1st patch doesn't actually fix the bug, but it fixes some related ones. The 2nd patch fixes the bug -- at least, it worked for me on your test case. I generated the 2nd patch with "diff -b" so its indenting won't match the source code; you can pick up the full gory details in savannah git master, around commit ab27722721afca4647a7eec0933ac9209e0eac30. --------------040206050405050609040805 Content-Type: text/x-patch; name="0001-copy-file-now-truncates-output-after-writing.patch" Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename="0001-copy-file-now-truncates-output-after-writing.patch" >From 2b51de993a5444177f537f22a5de926e056b6add Mon Sep 17 00:00:00 2001 From: Paul Eggert Date: Fri, 29 May 2015 22:55:25 -0700 Subject: [PATCH 1/2] copy-file now truncates output after writing * src/fileio.c (Fcopy_file): Truncate output after writing rather than before. This is more likely to work than truncation before writing, if the file system is out of space or the user is over disk quota (Bug#20595). Also, check for read errors. --- src/fileio.c | 30 +++++++++++++++++++++++------- 1 file changed, 23 insertions(+), 7 deletions(-) diff --git a/src/fileio.c b/src/fileio.c index 796f08d..a969d3b 100644 --- a/src/fileio.c +++ b/src/fileio.c @@ -1871,8 +1871,6 @@ permissions. */) bool already_exists = false; mode_t new_mask; int ifd, ofd; - int n; - char buf[16 * 1024]; struct stat st; #endif @@ -1974,6 +1972,8 @@ permissions. */) record_unwind_protect_int (close_file_unwind, ofd); + off_t oldsize = 0, newsize = 0; + if (already_exists) { struct stat out_st; @@ -1982,15 +1982,31 @@ permissions. */) if (st.st_dev == out_st.st_dev && st.st_ino == out_st.st_ino) report_file_errno ("Input and output files are the same", list2 (file, newname), 0); - if (ftruncate (ofd, 0) != 0) - report_file_error ("Truncating output file", newname); + if (S_ISREG (out_st.st_mode)) + oldsize = out_st.st_size; } immediate_quit = 1; QUIT; - while ((n = emacs_read (ifd, buf, sizeof buf)) > 0) - if (emacs_write_sig (ofd, buf, n) != n) - report_file_error ("Write error", newname); + while (true) + { + char buf[MAX_ALLOCA]; + ptrdiff_t n = emacs_read (ifd, buf, sizeof buf); + if (n < 0) + report_file_error ("Read error", file); + if (n == 0) + break; + if (emacs_write_sig (ofd, buf, n) != n) + report_file_error ("Write error", newname); + newsize += n; + } + + /* Truncate any existing output file after writing the data. This + is more likely to work than truncation before writing, if the + file system is out of space or the user is over disk quota. */ + if (newsize < oldsize && ftruncate (ofd, newsize) != 0) + report_file_error ("Truncating output file", newname); + immediate_quit = 0; #ifndef MSDOS -- 2.1.0 --------------040206050405050609040805 Content-Type: text/x-patch; name="bugfix.patch" Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename="bugfix.patch" diff --git a/lisp/files.el b/lisp/files.el index 16ac956..6939f2b 100644 --- a/lisp/files.el +++ b/lisp/files.el @@ -4077,80 +4077,75 @@ on the original file; this means that the caller, after saving the buffer, should change the extended attributes of the new file to agree with the old attributes. BACKUPNAME is the backup file name, which is the old file renamed." - (if (and make-backup-files (not backup-inhibited) - (not buffer-backed-up) - (file-exists-p buffer-file-name) - (memq (aref (elt (file-attributes buffer-file-name) 8) 0) - '(?- ?l))) - (let ((real-file-name buffer-file-name) - backup-info backupname targets setmodes) + (when (and make-backup-files (not backup-inhibited) (not buffer-backed-up)) + (let ((attributes (file-attributes buffer-file-name))) + (when (and attributes (memq (aref (elt attributes 8) 0) '(?- ?l))) ;; If specified name is a symbolic link, chase it to the target. - ;; Thus we make the backups in the directory where the real file is. - (setq real-file-name (file-chase-links real-file-name)) - (setq backup-info (find-backup-file-name real-file-name) - backupname (car backup-info) - targets (cdr backup-info)) - ;; (if (file-directory-p buffer-file-name) - ;; (error "Cannot save buffer in directory %s" buffer-file-name)) - (if backup-info - (condition-case () - (let ((delete-old-versions + ;; This makes backups in the directory where the real file is. + (let* ((real-file-name (file-chase-links buffer-file-name)) + (backup-info (find-backup-file-name real-file-name))) + (when backup-info + (let* ((backupname (car backup-info)) + (targets (cdr backup-info)) + (old-versions ;; If have old versions to maybe delete, ;; ask the user to confirm now, before doing anything. ;; But don't actually delete til later. (and targets - (or (eq delete-old-versions t) (eq delete-old-versions nil)) + (booleanp delete-old-versions) (or delete-old-versions - (y-or-n-p (format "Delete excess backup versions of %s? " - real-file-name))))) + (y-or-n-p + (format "Delete excess backup versions of %s? " + real-file-name))) + targets)) (modes (file-modes buffer-file-name)) (extended-attributes - (file-extended-attributes buffer-file-name))) - ;; Actually write the back up file. - (condition-case () - (if (or file-precious-flag - ; (file-symlink-p buffer-file-name) - backup-by-copying + (file-extended-attributes buffer-file-name)) + (copy-when-priv-mismatch + backup-by-copying-when-privileged-mismatch) + (make-copy + (or file-precious-flag backup-by-copying ;; Don't rename a suid or sgid file. (and modes (< 0 (logand modes #o6000))) - (not (file-writable-p (file-name-directory real-file-name))) + (not (file-writable-p + (file-name-directory real-file-name))) (and backup-by-copying-when-linked - (> (file-nlinks real-file-name) 1)) - (and (or backup-by-copying-when-mismatch - (integerp backup-by-copying-when-privileged-mismatch)) - (let ((attr (file-attributes real-file-name))) + (< 1 (file-nlinks real-file-name))) (and (or backup-by-copying-when-mismatch - (and (integerp (nth 2 attr)) - (integerp backup-by-copying-when-privileged-mismatch) - (<= (nth 2 attr) backup-by-copying-when-privileged-mismatch))) - (not (file-ownership-preserved-p - real-file-name t)))))) - (backup-buffer-copy real-file-name - backupname modes - extended-attributes) + (and (integerp copy-when-priv-mismatch) + (let ((attr (file-attributes + real-file-name + 'integer))) + (<= (nth 2 attr) + copy-when-priv-mismatch)))) + (not (file-ownership-preserved-p real-file-name + t))))) + setmodes) + (condition-case () + (progn + ;; Actually make the backup file. + (if make-copy + (backup-buffer-copy real-file-name backupname + modes extended-attributes) ;; rename-file should delete old backup. (rename-file real-file-name backupname t) (setq setmodes (list modes extended-attributes backupname))) - (file-error - ;; If trouble writing the backup, write it in - ;; .emacs.d/%backup%. + (setq buffer-backed-up t) + ;; Now delete the old versions, if desired. + (dolist (old-version old-versions) + (delete-file old-version))) + (file-error nil)) + ;; If trouble writing the backup, write it in .emacs.d/%backup%. + (when (not buffer-backed-up) (setq backupname (locate-user-emacs-file "%backup%~")) (message "Cannot write backup file; backing up in %s" backupname) (sleep-for 1) (backup-buffer-copy real-file-name backupname - modes extended-attributes))) - (setq buffer-backed-up t) - ;; Now delete the old versions, if desired. - (if delete-old-versions - (while targets - (condition-case () - (delete-file (car targets)) - (file-error nil)) - (setq targets (cdr targets)))) - setmodes) - (file-error nil)))))) + modes extended-attributes) + (setq buffer-backed-up t)) + setmodes))))))) (defun backup-buffer-copy (from-name to-name modes extended-attributes) ;; Create temp files with strict access rights. It's easy to --------------040206050405050609040805--