Skip to content

fix(fs): prevent TOCTOU race in InMemoryFs::append_file()#454

Merged
chaliy merged 1 commit intomainfrom
claude/fix-415-Y2nIj
Mar 1, 2026
Merged

fix(fs): prevent TOCTOU race in InMemoryFs::append_file()#454
chaliy merged 1 commit intomainfrom
claude/fix-415-Y2nIj

Conversation

@chaliy
Copy link
Contributor

@chaliy chaliy commented Mar 1, 2026

Summary

  • Use single write lock for entire read-check-write operation in append_file() to prevent TOCTOU race where file size changes between lock acquisitions
  • Inline file creation logic to avoid deadlock when entries lock is already held

Test plan

  • test_append_file_no_toctou_race - concurrent appends respect file size limits
  • test_append_creates_new_file_atomic - append to nonexistent file creates correctly
  • test_append_to_directory_fails - append to directory returns error
  • All existing memory.rs tests pass

Closes #415

@claude
fix(fs): prevent TOCTOU race in InMemoryFs::append_file()
220fa18 
append_file() previously read file state under a read lock, dropped it,
checked size limits with stale data, then acquired a write lock. Another
thread could modify the file between locks, bypassing per-file size limits.

Fix: use a single write lock for the entire read-check-write operation.
File existence check, size limit validation, and the actual append all
happen under the same write lock, eliminating the race window.

Also inline the file-creation path to avoid deadlock from calling
write_file() while already holding the entries lock.

Closes #415
@chaliy chaliy merged commit 6612598 into main Mar 1, 2026
17 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[M-1] TOCTOU race in InMemoryFs::append_file()

2 participants

@chaliy @claude