On Fri, Feb 17, 2017 at 03:54:42PM -0500, Jeff King wrote:
> I guess we are simultaneously assuming that it is OK to munge errno on
> success in our function, but that fclose() will not do so. Which seems a
> bit hypocritical. Maybe the "if" dance is better.
So here's that patch with a justification.
At this point, this snippet of code would be appropriate to pull into
xfclose() if we wanted. But possibly that is the wrong direction, as it
encourages callers to do:
if (xfclose(fp))
err = error_errno("failure writing to ...");
when they could do:
if (ferror(fp))
err = error("failure writing to ...");
if (fclose(fp))
err = error_errno("failure writing to ...");
While longer, it's arguably better for them to distinguish the two
cases. It's only worth doing the errno magic when the close is deep
inside a callstack, and passing out the two cases is awkward.
-- >8 --
Subject: tempfile: set errno to a known value before calling ferror()
In close_tempfile(), we return an error if ferror()
indicated a previous failure, or if fclose() failed. In the
latter case, errno is set and it is useful for callers to
report it.
However, if _only_ ferror() triggers, then the value of
errno is based on whatever syscall happened to last fail,
which may not be related to our filehandle at all. A caller
cannot tell the difference between the two cases, and may
use "die_errno()" or similar to report a nonsense errno value.
One solution would be to actually pass back separate return
values for the two cases, so a caller can write a more
appropriate message for each case. But that makes the
interface clunky.
Instead, let's just set errno to the generic EIO in this case.
That's not as descriptive as we'd like, but at least it's
predictable. So it's better than the status quo in all cases
but one: when the last syscall really did involve a failure
on our filehandle, we'll be wiping that out. But that's a
fragile thing for us to rely on.
In any case, we'll let the errno result from fclose() take
precedence over our value, as we know that's recent and
accurate (and many I/O errors will persist through the
fclose anyway).
Signed-off-by: Jeff King <peff@xxxxxxxx>
---
tempfile.c | 9 +++++++--
1 file changed, 7 insertions(+), 2 deletions(-)
diff --git a/tempfile.c b/tempfile.c
index ffcc27237..684371067 100644
--- a/tempfile.c
+++ b/tempfile.c
@@ -247,8 +247,13 @@ int close_tempfile(struct tempfile *tempfile)
tempfile->fd = -1;
if (fp) {
tempfile->fp = NULL;
- err = ferror(fp);
- err |= fclose(fp);
+ if (ferror(fp)) {
+ err = -1;
+ if (!fclose(fp))
+ errno = EIO;
+ } else {
+ err = fclose(fp);
+ }
} else {
err = close(fd);
}
--
2.12.0.rc1.612.ga5f664feb