Conversation
Signed-off-by: Juan Cruz Viotti <jv@jviotti.com>
![cubic-dev-ai[bot]](https://avatars.githubusercontent.com/in/1082092?s=60&v=4){kind=small}
🤖 Augment PR SummarySummary: Updates the vendored Changes:
Technical Notes: 🤖 Was this summary useful? React with 👍 or 👎 |
![augmentcode[bot]](https://avatars.githubusercontent.com/in/1027498?s=60&v=4){kind=small}
|
|
||
| // Atomic swap via renameat2 with RENAME_EXCHANGE | ||
| #if defined(__linux__) | ||
| if (renameat2(AT_FDCWD, replacement.c_str(), AT_FDCWD, original.c_str(), |
There was a problem hiding this comment.
On Linux/macOS, a failure of renameat2(..., RENAME_EXCHANGE) / renameatx_np(..., RENAME_SWAP) throws immediately, even for ENOSYS/EINVAL cases where an atomic swap isn’t available but a non-atomic replace could still work. This seems to conflict with the “atomic swap when possible” contract.
Severity: medium
🤖 Was this useful? React with 👍 or 👎, or 🚀 if it prevented an incident/outage.
| try { | ||
| std::filesystem::rename(replacement, original); | ||
| } catch (...) { | ||
| std::filesystem::rename(backup.path(), original); |
There was a problem hiding this comment.
If std::filesystem::rename(backup.path(), original) throws during rollback, backup’s destructor will still remove_all the backup directory, potentially deleting the last remaining copy of original. Consider guarding cleanup so rollback failures don’t turn into data loss.
Severity: high
🤖 Was this useful? React with 👍 or 👎, or 🚀 if it prevented an incident/outage.
1 participant
Signed-off-by: Juan Cruz Viotti jv@jviotti.com