Defect #35539
closed
Race condition (possible filename collision) in Attachment.disk_filename
0%
Description
When two (or more) files with the same name are uploaded at the same time, it may happen that two or more of the resulting attachment records end up using the same disk file, resulting in data loss if the files actually differ in content. This was already previously mentioned in #34479-2 (but was unrelated to that issue and hence got "lost")
The problem is that Attachment.disk_filename finds a non-existant filename, but fails to "claim" this name in the file system while doing so. So nothing stops a parallel process to end up using the same name if it tries to do so before the first process actually creates the file.
This patch, extracted from Planio , instead tries to create a file directly, with the File::EXCL flag set, catches the error which means 'filename taken already' and retries until the file is created. This way, filenames are guaranteed to be unique by the underlying file system.
Files
Related issues
Updated by Go MAEDA over 3 years ago
- Target version set to Candidate for next major release
Updated by Go MAEDA over 3 years ago
- Target version changed from Candidate for next major release to 5.0.0
Setting the target version to 5.0.0.
Updated by Go MAEDA over 3 years ago
- Status changed from New to Closed
- Assignee set to Go MAEDA
Committed the patch. Thank you.
Updated by Go MAEDA over 3 years ago
- Related to Patch #35720: Defect: Binmode specified twice added
Updated by Go MAEDA over 3 years ago
- Related to Patch #35721: Unlink files after they're closed added