1 /* Temporary directories and temporary files with automatic cleanup.
2 Copyright (C) 2001, 2003, 2006-2007, 2009-2013 Free Software Foundation,
4 Written by Bruno Haible <bruno@clisp.org>, 2006.
6 This program is free software: you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation; either version 3 of the License, or
9 (at your option) any later version.
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
16 You should have received a copy of the GNU General Public License
17 along with this program. If not, see <http://www.gnu.org/licenses/>. */
23 #include "clean-temp.h"
33 #if (defined _WIN32 || defined __WIN32__) && ! defined __CYGWIN__
34 # define WIN32_LEAN_AND_MEAN /* avoid including junk */
39 #include "fatal-signal.h"
45 #include "gl_linkedhash_list.h"
47 #if GNULIB_FWRITEERROR
48 # include "fwriteerror.h"
50 #if GNULIB_CLOSE_STREAM
51 # include "close-stream.h"
53 #if GNULIB_FCNTL_SAFER
56 #if GNULIB_FOPEN_SAFER
60 #define _(str) gettext (str)
62 /* GNU Hurd doesn't have PATH_MAX. Use a fallback.
63 Temporary directory names are usually not that long. */
65 # define PATH_MAX 1024
69 # define uintptr_t unsigned long
72 #if !GNULIB_FCNTL_SAFER
73 /* The results of open() in this file are not used with fchdir,
74 therefore save some unnecessary work in fchdir.c. */
80 /* The use of 'volatile' in the types below (and ISO C 99 section 5.1.2.3.(5))
81 ensure that while constructing or modifying the data structures, the field
82 values are written to memory in the order of the C statements. So the
83 signal handler can rely on these field values to be up to date. */
86 /* Registry for a single temporary directory.
87 'struct temp_dir' from the public header file overlaps with this. */
90 /* The absolute pathname of the directory. */
91 char * volatile dirname;
92 /* Whether errors during explicit cleanup are reported to standard error. */
94 /* Absolute pathnames of subdirectories. */
95 gl_list_t /* <char *> */ volatile subdirs;
96 /* Absolute pathnames of files. */
97 gl_list_t /* <char *> */ volatile files;
100 /* List of all temporary directories. */
103 struct tempdir * volatile * volatile tempdir_list;
104 size_t volatile tempdir_count;
105 size_t tempdir_allocated;
106 } cleanup_list /* = { NULL, 0, 0 } */;
108 /* List of all open file descriptors to temporary files. */
109 static gl_list_t /* <int> */ volatile descriptors;
112 /* For the subdirs and for the files, we use a gl_list_t of type LINKEDHASH.
113 Why? We need a data structure that
115 1) Can contain an arbitrary number of 'char *' values. The strings
116 are compared via strcmp, not pointer comparison.
117 2) Has insertion and deletion operations that are fast: ideally O(1),
118 or possibly O(log n). This is important for GNU sort, which may
119 create a large number of temporary files.
120 3) Allows iteration through all elements from within a signal handler.
121 4) May or may not allow duplicates. It doesn't matter here, since
122 any file or subdir can only be removed once.
124 Criterion 1) would allow any gl_list_t or gl_oset_t implementation.
126 Criterion 2) leaves only GL_LINKEDHASH_LIST, GL_TREEHASH_LIST, or
129 Criterion 3) puts at disadvantage GL_TREEHASH_LIST and GL_TREE_OSET.
130 Namely, iteration through the elements of a binary tree requires access
131 to many ->left, ->right, ->parent pointers. However, the rebalancing
132 code for insertion and deletion in an AVL or red-black tree is so
133 complicated that we cannot assume that >left, ->right, ->parent pointers
134 are in a consistent state throughout these operations. Therefore, to
135 avoid a crash in the signal handler, all destructive operations to the
136 lists would have to be protected by a
137 block_fatal_signals ();
139 unblock_fatal_signals ();
140 pair. Which causes extra system calls.
142 Criterion 3) would also discourage GL_ARRAY_LIST and GL_CARRAY_LIST,
143 if they were not already excluded. Namely, these implementations use
144 xrealloc(), leaving a time window in which in the list->elements pointer
145 points to already deallocated memory. To avoid a crash in the signal
146 handler at such a moment, all destructive operations would have to
147 protected by block/unblock_fatal_signals (), in this case too.
149 A list of type GL_LINKEDHASH_LIST without duplicates fulfills all
151 2) Insertion and deletion are O(1) on average.
152 3) The gl_list_iterator, gl_list_iterator_next implementations do
153 not trigger memory allocations, nor other system calls, and are
154 therefore safe to be called from a signal handler.
155 Furthermore, since SIGNAL_SAFE_LIST is defined, the implementation
156 of the destructive functions ensures that the list structure is
157 safe to be traversed at any moment, even when interrupted by an
161 /* String equality and hash code functions used by the lists. */
164 string_equals (const void *x1, const void *x2)
166 const char *s1 = (const char *) x1;
167 const char *s2 = (const char *) x2;
168 return strcmp (s1, s2) == 0;
171 #define SIZE_BITS (sizeof (size_t) * CHAR_BIT)
173 /* A hash function for NUL-terminated char* strings using
174 the method described by Bruno Haible.
175 See http://www.haible.de/bruno/hashfunc.html. */
177 string_hash (const void *x)
179 const char *s = (const char *) x;
183 h = *s + ((h << 9) | (h >> (SIZE_BITS - 9)));
189 /* The signal handler. It gets called asynchronously. */
195 /* First close all file descriptors to temporary files. */
197 gl_list_t fds = descriptors;
201 gl_list_iterator_t iter;
204 iter = gl_list_iterator (fds);
205 while (gl_list_iterator_next (&iter, &element, NULL))
207 int fd = (int) (uintptr_t) element;
210 gl_list_iterator_free (&iter);
214 for (i = 0; i < cleanup_list.tempdir_count; i++)
216 struct tempdir *dir = cleanup_list.tempdir_list[i];
220 gl_list_iterator_t iter;
223 /* First cleanup the files in the subdirectories. */
224 iter = gl_list_iterator (dir->files);
225 while (gl_list_iterator_next (&iter, &element, NULL))
227 const char *file = (const char *) element;
230 gl_list_iterator_free (&iter);
232 /* Then cleanup the subdirectories. */
233 iter = gl_list_iterator (dir->subdirs);
234 while (gl_list_iterator_next (&iter, &element, NULL))
236 const char *subdir = (const char *) element;
239 gl_list_iterator_free (&iter);
241 /* Then cleanup the temporary directory itself. */
242 rmdir (dir->dirname);
247 /* Create a temporary directory.
248 PREFIX is used as a prefix for the name of the temporary directory. It
249 should be short and still give an indication about the program.
250 PARENTDIR can be used to specify the parent directory; if NULL, a default
251 parent directory is used (either $TMPDIR or /tmp or similar).
252 CLEANUP_VERBOSE determines whether errors during explicit cleanup are
253 reported to standard error.
254 Return a fresh 'struct temp_dir' on success. Upon error, an error message
255 is shown and NULL is returned. */
257 create_temp_dir (const char *prefix, const char *parentdir,
258 bool cleanup_verbose)
260 struct tempdir * volatile *tmpdirp = NULL;
261 struct tempdir *tmpdir;
266 /* See whether it can take the slot of an earlier temporary directory
267 already cleaned up. */
268 for (i = 0; i < cleanup_list.tempdir_count; i++)
269 if (cleanup_list.tempdir_list[i] == NULL)
271 tmpdirp = &cleanup_list.tempdir_list[i];
276 /* See whether the array needs to be extended. */
277 if (cleanup_list.tempdir_count == cleanup_list.tempdir_allocated)
279 /* Note that we cannot use xrealloc(), because then the cleanup()
280 function could access an already deallocated array. */
281 struct tempdir * volatile *old_array = cleanup_list.tempdir_list;
282 size_t old_allocated = cleanup_list.tempdir_allocated;
283 size_t new_allocated = 2 * cleanup_list.tempdir_allocated + 1;
284 struct tempdir * volatile *new_array =
285 XNMALLOC (new_allocated, struct tempdir * volatile);
287 if (old_allocated == 0)
288 /* First use of this facility. Register the cleanup handler. */
289 at_fatal_signal (&cleanup);
292 /* Don't use memcpy() here, because memcpy takes non-volatile
293 arguments and is therefore not guaranteed to complete all
294 memory stores before the next statement. */
297 for (k = 0; k < old_allocated; k++)
298 new_array[k] = old_array[k];
301 cleanup_list.tempdir_list = new_array;
302 cleanup_list.tempdir_allocated = new_allocated;
304 /* Now we can free the old array. */
305 if (old_array != NULL)
306 free ((struct tempdir **) old_array);
309 tmpdirp = &cleanup_list.tempdir_list[cleanup_list.tempdir_count];
310 /* Initialize *tmpdirp before incrementing tempdir_count, so that
311 cleanup() will skip this entry before it is fully initialized. */
313 cleanup_list.tempdir_count++;
316 /* Initialize a 'struct tempdir'. */
317 tmpdir = XMALLOC (struct tempdir);
318 tmpdir->dirname = NULL;
319 tmpdir->cleanup_verbose = cleanup_verbose;
320 tmpdir->subdirs = gl_list_create_empty (GL_LINKEDHASH_LIST,
321 string_equals, string_hash, NULL,
323 tmpdir->files = gl_list_create_empty (GL_LINKEDHASH_LIST,
324 string_equals, string_hash, NULL,
327 /* Create the temporary directory. */
328 xtemplate = (char *) xmalloca (PATH_MAX);
329 if (path_search (xtemplate, PATH_MAX, parentdir, prefix, parentdir == NULL))
332 _("cannot find a temporary directory, try setting $TMPDIR"));
335 block_fatal_signals ();
336 tmpdirname = mkdtemp (xtemplate);
337 if (tmpdirname != NULL)
339 tmpdir->dirname = tmpdirname;
342 unblock_fatal_signals ();
343 if (tmpdirname == NULL)
346 _("cannot create a temporary directory using template \"%s\""),
350 /* Replace tmpdir->dirname with a copy that has indefinite extent.
351 We cannot do this inside the block_fatal_signals/unblock_fatal_signals
352 block because then the cleanup handler would not remove the directory
354 tmpdir->dirname = xstrdup (tmpdirname);
356 return (struct temp_dir *) tmpdir;
363 /* Register the given ABSOLUTE_FILE_NAME as being a file inside DIR, that
364 needs to be removed before DIR can be removed.
365 Should be called before the file ABSOLUTE_FILE_NAME is created. */
367 register_temp_file (struct temp_dir *dir,
368 const char *absolute_file_name)
370 struct tempdir *tmpdir = (struct tempdir *)dir;
372 /* Add absolute_file_name to tmpdir->files, without duplicates. */
373 if (gl_list_search (tmpdir->files, absolute_file_name) == NULL)
374 gl_list_add_first (tmpdir->files, xstrdup (absolute_file_name));
377 /* Unregister the given ABSOLUTE_FILE_NAME as being a file inside DIR, that
378 needs to be removed before DIR can be removed.
379 Should be called when the file ABSOLUTE_FILE_NAME could not be created. */
381 unregister_temp_file (struct temp_dir *dir,
382 const char *absolute_file_name)
384 struct tempdir *tmpdir = (struct tempdir *)dir;
385 gl_list_t list = tmpdir->files;
388 node = gl_list_search (list, absolute_file_name);
391 char *old_string = (char *) gl_list_node_value (list, node);
393 gl_list_remove_node (list, node);
398 /* Register the given ABSOLUTE_DIR_NAME as being a subdirectory inside DIR,
399 that needs to be removed before DIR can be removed.
400 Should be called before the subdirectory ABSOLUTE_DIR_NAME is created. */
402 register_temp_subdir (struct temp_dir *dir,
403 const char *absolute_dir_name)
405 struct tempdir *tmpdir = (struct tempdir *)dir;
407 /* Add absolute_dir_name to tmpdir->subdirs, without duplicates. */
408 if (gl_list_search (tmpdir->subdirs, absolute_dir_name) == NULL)
409 gl_list_add_first (tmpdir->subdirs, xstrdup (absolute_dir_name));
412 /* Unregister the given ABSOLUTE_DIR_NAME as being a subdirectory inside DIR,
413 that needs to be removed before DIR can be removed.
414 Should be called when the subdirectory ABSOLUTE_DIR_NAME could not be
417 unregister_temp_subdir (struct temp_dir *dir,
418 const char *absolute_dir_name)
420 struct tempdir *tmpdir = (struct tempdir *)dir;
421 gl_list_t list = tmpdir->subdirs;
424 node = gl_list_search (list, absolute_dir_name);
427 char *old_string = (char *) gl_list_node_value (list, node);
429 gl_list_remove_node (list, node);
434 /* Remove a file, with optional error message.
435 Return 0 upon success, or -1 if there was some problem. */
437 do_unlink (struct temp_dir *dir, const char *absolute_file_name)
439 if (unlink (absolute_file_name) < 0 && dir->cleanup_verbose
442 error (0, errno, _("cannot remove temporary file %s"), absolute_file_name);
448 /* Remove a directory, with optional error message.
449 Return 0 upon success, or -1 if there was some problem. */
451 do_rmdir (struct temp_dir *dir, const char *absolute_dir_name)
453 if (rmdir (absolute_dir_name) < 0 && dir->cleanup_verbose
457 _("cannot remove temporary directory %s"), absolute_dir_name);
463 /* Remove the given ABSOLUTE_FILE_NAME and unregister it.
464 Return 0 upon success, or -1 if there was some problem. */
466 cleanup_temp_file (struct temp_dir *dir,
467 const char *absolute_file_name)
471 err = do_unlink (dir, absolute_file_name);
472 unregister_temp_file (dir, absolute_file_name);
477 /* Remove the given ABSOLUTE_DIR_NAME and unregister it.
478 Return 0 upon success, or -1 if there was some problem. */
480 cleanup_temp_subdir (struct temp_dir *dir,
481 const char *absolute_dir_name)
485 err = do_rmdir (dir, absolute_dir_name);
486 unregister_temp_subdir (dir, absolute_dir_name);
491 /* Remove all registered files and subdirectories inside DIR.
492 Return 0 upon success, or -1 if there was some problem. */
494 cleanup_temp_dir_contents (struct temp_dir *dir)
496 struct tempdir *tmpdir = (struct tempdir *)dir;
499 gl_list_iterator_t iter;
503 /* First cleanup the files in the subdirectories. */
504 list = tmpdir->files;
505 iter = gl_list_iterator (list);
506 while (gl_list_iterator_next (&iter, &element, &node))
508 char *file = (char *) element;
510 err |= do_unlink (dir, file);
511 gl_list_remove_node (list, node);
512 /* Now only we can free file. */
515 gl_list_iterator_free (&iter);
517 /* Then cleanup the subdirectories. */
518 list = tmpdir->subdirs;
519 iter = gl_list_iterator (list);
520 while (gl_list_iterator_next (&iter, &element, &node))
522 char *subdir = (char *) element;
524 err |= do_rmdir (dir, subdir);
525 gl_list_remove_node (list, node);
526 /* Now only we can free subdir. */
529 gl_list_iterator_free (&iter);
534 /* Remove all registered files and subdirectories inside DIR and DIR itself.
535 DIR cannot be used any more after this call.
536 Return 0 upon success, or -1 if there was some problem. */
538 cleanup_temp_dir (struct temp_dir *dir)
540 struct tempdir *tmpdir = (struct tempdir *)dir;
544 err |= cleanup_temp_dir_contents (dir);
545 err |= do_rmdir (dir, tmpdir->dirname);
547 for (i = 0; i < cleanup_list.tempdir_count; i++)
548 if (cleanup_list.tempdir_list[i] == tmpdir)
550 /* Remove cleanup_list.tempdir_list[i]. */
551 if (i + 1 == cleanup_list.tempdir_count)
553 while (i > 0 && cleanup_list.tempdir_list[i - 1] == NULL)
555 cleanup_list.tempdir_count = i;
558 cleanup_list.tempdir_list[i] = NULL;
559 /* Now only we can free the tmpdir->dirname, tmpdir->subdirs,
560 tmpdir->files, and tmpdir itself. */
561 gl_list_free (tmpdir->files);
562 gl_list_free (tmpdir->subdirs);
563 free (tmpdir->dirname);
568 /* The user passed an invalid DIR argument. */
573 #if (defined _WIN32 || defined __WIN32__) && ! defined __CYGWIN__
575 /* On Windows, opening a file with _O_TEMPORARY has the effect of passing
576 the FILE_FLAG_DELETE_ON_CLOSE flag to CreateFile(), which has the effect
577 of deleting the file when it is closed - even when the program crashes.
578 But (according to the Cygwin sources) it works only on Windows NT or newer.
579 So we cache the info whether we are running on Windows NT or newer. */
582 supports_delete_on_close ()
584 static int known; /* 1 = yes, -1 = no, 0 = unknown */
585 /* M4 wants to close and later reopen a temporary file, so
586 delete-on-close must not be used. */
593 <http://msdn.microsoft.com/en-us/library/windows/desktop/ms724451(v=vs.85).aspx>
594 this structure must be initialised as follows: */
595 v.dwOSVersionInfoSize = sizeof (OSVERSIONINFO);
597 if (GetVersionEx (&v))
598 known = (v.dwPlatformId == VER_PLATFORM_WIN32_NT ? 1 : -1);
608 /* Register a file descriptor to be closed. */
612 if (descriptors == NULL)
613 descriptors = gl_list_create_empty (GL_LINKEDHASH_LIST, NULL, NULL, NULL,
615 gl_list_add_first (descriptors, (void *) (uintptr_t) fd);
618 /* Unregister a file descriptor to be closed. */
620 unregister_fd (int fd)
622 gl_list_t fds = descriptors;
626 /* descriptors should already contain fd. */
628 node = gl_list_search (fds, (void *) (uintptr_t) fd);
630 /* descriptors should already contain fd. */
632 gl_list_remove_node (fds, node);
635 /* Open a temporary file in a temporary directory.
636 Registers the resulting file descriptor to be closed. */
638 open_temp (const char *file_name, int flags, mode_t mode)
643 block_fatal_signals ();
644 /* Note: 'open' here is actually open() or open_safer(). */
645 #if (defined _WIN32 || defined __WIN32__) && ! defined __CYGWIN__
646 /* Use _O_TEMPORARY when possible, to increase the chances that the
647 temporary file is removed when the process crashes. */
648 if (supports_delete_on_close ())
649 fd = open (file_name, flags | _O_TEMPORARY, mode);
652 fd = open (file_name, flags, mode);
656 unblock_fatal_signals ();
661 /* Open a temporary file in a temporary directory.
662 Registers the resulting file descriptor to be closed. */
664 fopen_temp (const char *file_name, const char *mode)
669 block_fatal_signals ();
670 /* Note: 'fopen' here is actually fopen() or fopen_safer(). */
671 #if (defined _WIN32 || defined __WIN32__) && ! defined __CYGWIN__
672 /* Use _O_TEMPORARY when possible, to increase the chances that the
673 temporary file is removed when the process crashes. */
674 if (supports_delete_on_close ())
676 size_t mode_len = strlen (mode);
677 char *augmented_mode = (char *) xmalloca (mode_len + 2);
678 memcpy (augmented_mode, mode, mode_len);
679 memcpy (augmented_mode + mode_len, "D", 2);
681 fp = fopen (file_name, augmented_mode);
684 freea (augmented_mode);
689 fp = fopen (file_name, mode);
694 /* It is sufficient to register fileno (fp) instead of the entire fp,
695 because at cleanup time there is no need to do an fflush (fp); a
696 close (fileno (fp)) will be enough. */
697 int fd = fileno (fp);
702 unblock_fatal_signals ();
707 /* Close a temporary file in a temporary directory.
708 Unregisters the previously registered file descriptor. */
714 /* No blocking of signals is needed here, since a double close of a
715 file descriptor is harmless. */
716 int result = close (fd);
717 int saved_errno = errno;
719 /* No race condition here: we assume a single-threaded program, hence
720 fd cannot be re-opened here. */
731 /* Close a temporary file in a temporary directory.
732 Unregisters the previously registered file descriptor. */
734 fclose_temp (FILE *fp)
736 int fd = fileno (fp);
737 /* No blocking of signals is needed here, since a double close of a
738 file descriptor is harmless. */
739 int result = fclose (fp);
740 int saved_errno = errno;
742 /* No race condition here: we assume a single-threaded program, hence
743 fd cannot be re-opened here. */
751 #if GNULIB_FWRITEERROR
753 Unregisters the previously registered file descriptor. */
755 fwriteerror_temp (FILE *fp)
757 int fd = fileno (fp);
758 /* No blocking of signals is needed here, since a double close of a
759 file descriptor is harmless. */
760 int result = fwriteerror (fp);
761 int saved_errno = errno;
763 /* No race condition here: we assume a single-threaded program, hence
764 fd cannot be re-opened here. */
773 #if GNULIB_CLOSE_STREAM
774 /* Like close_stream.
775 Unregisters the previously registered file descriptor. */
777 close_stream_temp (FILE *fp)
779 int fd = fileno (fp);
780 /* No blocking of signals is needed here, since a double close of a
781 file descriptor is harmless. */
782 int result = close_stream (fp);
783 int saved_errno = errno;
785 /* No race condition here: we assume a single-threaded program, hence
786 fd cannot be re-opened here. */