Patch #35539

Race condition (possible filename collision) in Attachment.disk_filename

Added by Jens Krämer 21 days ago. Updated 9 days ago.

Status:ClosedStart date:
Priority:NormalDue date:
Assignee:Go MAEDA% Done:


Target version:5.0.0


When two (or more) files with the same name are uploaded at the same time, it may happen that two or more of the resulting attachment records end up using the same disk file, resulting in data loss if the files actually differ in content. This was already previously mentioned in #34479-2 (but was unrelated to that issue and hence got "lost")

The problem is that Attachment.disk_filename finds a non-existant filename, but fails to "claim" this name in the file system while doing so. So nothing stops a parallel process to end up using the same name if it tries to do so before the first process actually creates the file.

This patch, extracted from Planio , instead tries to create a file directly, with the File::EXCL flag set, catches the error which means 'filename taken already' and retries until the file is created. This way, filenames are guaranteed to be unique by the underlying file system.

0001-ensure-unique-attachment-filenames.patch Magnifier (4.78 KB) Jens Krämer, 2021-07-07 07:20

Associated revisions

Revision 21071
Added by Go MAEDA 9 days ago

Ensure unique attachment filenames (#35539).

Patch by Jens Krämer.


#1 Updated by Go MAEDA 19 days ago

  • Target version set to Candidate for next major release

#2 Updated by Go MAEDA 17 days ago

  • Target version changed from Candidate for next major release to 5.0.0

Setting the target version to 5.0.0.

#3 Updated by Go MAEDA 9 days ago

  • Status changed from New to Closed
  • Assignee set to Go MAEDA

Committed the patch. Thank you.

Also available in: Atom PDF