[gcc r12-7099] libstdc++: Fix filesystem::remove

public inbox for libstdc++-cvs@sourceware.org
help / color / mirror / Atom feed

* [gcc r12-7099] libstdc++: Fix filesystem::remove_all for Windows [PR104161]
@ 2022-02-08 13:40 Jonathan Wakely
  0 siblings, 0 replies; only message in thread
From: Jonathan Wakely @ 2022-02-08 13:40 UTC (permalink / raw)
  To: gcc-cvs, libstdc++-cvs

https://gcc.gnu.org/g:5750952bec1e632d1f804f4a1bed2f74c0f3b189

commit r12-7099-g5750952bec1e632d1f804f4a1bed2f74c0f3b189
Author: Jonathan Wakely <jwakely@redhat.com>
Date:   Mon Feb 7 23:36:47 2022 +0000

    libstdc++: Fix filesystem::remove_all for Windows [PR104161]
    
    The recursive_directory_iterator::__erase member was failing for
    Windows, because the entry._M_type value is always file_type::none
    (because _Dir_base::advance doesn't populate it for Windows) and
    top.unlink uses fs::remove which sets an error using the
    system_category. That meant that ec.value() was a Windows error code and
    not an errno value, so the comparisons to EPERM and EISDIR failed.
    Instead of depending on a specific Windows error code for attempting to
    remove a directory, just use directory_entry::refresh() to query the
    type first. This doesn't avoid the TOCTTOU races with directory
    symlinks, but we can't avoid them on Windows without openat and
    unlinkat, and creating symlinks requires admin privs on Windows anyway.
    
    This also fixes the fs::remove_all(const path&) overload, which was
    supposed to use the same logic as the other overload, but I forgot to
    change it before my previous commit.
    
    libstdc++-v3/ChangeLog:
    
            PR libstdc++/104161
            * src/c++17/fs_dir.cc (fs::recursive_directory_iterator::__erase):
            [i_GLIBCXX_FILESYSTEM_IS_WINDOWS]: Refresh entry._M_type member,
            instead of checking for errno values indicating a directory.
            * src/c++17/fs_ops.cc (fs::remove_all(const path&)): Use similar
            logic to non-throwing overload.
            (fs::remove_all(const path&, error_code&)): Add comments.
            * src/filesystem/ops-common.h: Likewise.

Diff:
---
 libstdc++-v3/src/c++17/fs_dir.cc         | 14 +++++++++++-
 libstdc++-v3/src/c++17/fs_ops.cc         | 38 +++++++++++++++++++++++---------
 libstdc++-v3/src/filesystem/ops-common.h |  1 +
 3 files changed, 42 insertions(+), 11 deletions(-)

diff --git a/libstdc++-v3/src/c++17/fs_dir.cc b/libstdc++-v3/src/c++17/fs_dir.cc
index 01b8c0d5693..54f135d2baf 100644
--- a/libstdc++-v3/src/c++17/fs_dir.cc
+++ b/libstdc++-v3/src/c++17/fs_dir.cc
@@ -476,6 +476,16 @@ fs::recursive_directory_iterator::__erase(error_code* ecptr)
     {
       auto& top = _M_dirs->top();
 
+#if _GLIBCXX_FILESYSTEM_IS_WINDOWS
+      // _Dir::unlink uses fs::remove which uses std::system_category() for
+      // Windows errror codes, so we can't just check for EPERM and EISDIR.
+      // Use directory_entry::refresh() here to check if we have a directory.
+      // This can be a TOCTTOU race, but we don't have openat or unlinkat to
+      // solve that on Windows, and generally don't support symlinks anyway.
+      if (top.entry._M_type == file_type::none)
+	top.entry.refresh();
+#endif
+
       if (top.entry._M_type == file_type::directory)
 	{
 	  _Dir dir = top.open_subdir(skip_permission_denied, nofollow, ec);
@@ -498,12 +508,13 @@ fs::recursive_directory_iterator::__erase(error_code* ecptr)
 	}
       else if (top.unlink(ec))
 	break; // Success
+#if ! _GLIBCXX_FILESYSTEM_IS_WINDOWS
       else if (top.entry._M_type == file_type::none)
 	{
 	  // We did not have a cached type, so it's possible that top.entry
 	  // is actually a directory, and that's why the unlink above failed.
 #ifdef EPERM
-	  // POSIX.1-2017 says unlinking a directory returns EPERM,
+	  // POSIX.1-2017 says unlink on a directory returns EPERM,
 	  // but LSB allows EISDIR too. Some targets don't even define EPERM.
 	  if (ec.value() == EPERM || ec.value() == EISDIR)
 #else
@@ -516,6 +527,7 @@ fs::recursive_directory_iterator::__erase(error_code* ecptr)
 	      continue;
 	    }
 	}
+#endif
     }
 
   if (!ec)
diff --git a/libstdc++-v3/src/c++17/fs_ops.cc b/libstdc++-v3/src/c++17/fs_ops.cc
index ae35b0535b3..4552a730bf2 100644
--- a/libstdc++-v3/src/c++17/fs_ops.cc
+++ b/libstdc++-v3/src/c++17/fs_ops.cc
@@ -1280,21 +1280,36 @@ fs::remove(const path& p, error_code& ec) noexcept
 std::uintmax_t
 fs::remove_all(const path& p)
 {
+  error_code ec;
   uintmax_t count = 0;
-  auto st = filesystem::status(p);
-  if (!exists(st))
-    return 0;
-  if (is_directory(st))
+  recursive_directory_iterator dir(p, directory_options{64|128}, ec);
+  switch (ec.value()) // N.B. assumes ec.category() == std::generic_category()
+  {
+  case 0:
+    // Iterate over the directory removing everything.
     {
-      recursive_directory_iterator dir(p, directory_options{64|128}), end;
-      path failed;
+      const recursive_directory_iterator end;
       while (dir != end)
 	{
-	  failed = dir->path();
-	  dir.__erase();
+	  dir.__erase(); // throws on error
 	  ++count;
 	}
     }
+    // Directory is empty now, will remove it below.
+    break;
+  case ENOENT:
+    // Our work here is done.
+    return 0;
+  case ENOTDIR:
+  case ELOOP:
+    // Not a directory, will remove below.
+    break;
+  default:
+    // An error occurred.
+    _GLIBCXX_THROW_OR_ABORT(filesystem_error("cannot remove all", p, ec));
+  }
+
+  // Remove p itself, which is either a non-directory or is now empty.
   return count + fs::remove(p);
 }
 
@@ -1303,11 +1318,12 @@ fs::remove_all(const path& p, error_code& ec)
 {
   uintmax_t count = 0;
   recursive_directory_iterator dir(p, directory_options{64|128}, ec);
-  switch (ec.value())
+  switch (ec.value()) // N.B. assumes ec.category() == std::generic_category()
   {
   case 0:
+    // Iterate over the directory removing everything.
     {
-      recursive_directory_iterator end;
+      const recursive_directory_iterator end;
       while (dir != end)
 	{
 	  dir.__erase(&ec);
@@ -1316,6 +1332,7 @@ fs::remove_all(const path& p, error_code& ec)
 	  ++count;
 	}
     }
+    // Directory is empty now, will remove it below.
     break;
   case ENOENT:
     // Our work here is done.
@@ -1329,6 +1346,7 @@ fs::remove_all(const path& p, error_code& ec)
     // An error occurred.
     return -1;
   }
+
   // Remove p itself, which is either a non-directory or is now empty.
   if (int last = fs::remove(p, ec); !ec)
     return count + last;
diff --git a/libstdc++-v3/src/filesystem/ops-common.h b/libstdc++-v3/src/filesystem/ops-common.h
index 2aa9b571230..978e8724154 100644
--- a/libstdc++-v3/src/filesystem/ops-common.h
+++ b/libstdc++-v3/src/filesystem/ops-common.h
@@ -63,6 +63,7 @@ _GLIBCXX_BEGIN_NAMESPACE_VERSION
   __last_system_error() noexcept
   {
 #ifdef _GLIBCXX_FILESYSTEM_IS_WINDOWS
+    // N.B. use error_code::default_error_condition() to convert to generic.
     return {(int)::GetLastError(), std::system_category()};
 #else
     return {errno, std::generic_category()};


^ permalink raw reply	[flat|nested] only message in thread

only message in thread, other threads:[~2022-02-08 13:40 UTC | newest]

Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-02-08 13:40 [gcc r12-7099] libstdc++: Fix filesystem::remove_all for Windows [PR104161] Jonathan Wakely

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).