Skip to content

expand: remove .is_dir() from path to avoid TOCTOU race#13203

Open
oech3 wants to merge 1 commit into
uutils:mainfrom
oech3:expand-is-dir
Open

expand: remove .is_dir() from path to avoid TOCTOU race#13203
oech3 wants to merge 1 commit into
uutils:mainfrom
oech3:expand-is-dir

Conversation

@oech3

@oech3 oech3 commented Jun 29, 2026

Copy link
Copy Markdown
Contributor

This should appear as read error.

@codspeed-hq

codspeed-hq Bot commented Jun 29, 2026

Copy link
Copy Markdown

Merging this PR will degrade performance by 4.67%

❌ 2 regressed benchmarks
✅ 325 untouched benchmarks
⏩ 46 skipped benchmarks1

Warning

Please fix the performance issues or acknowledge them on CodSpeed.

Performance Changes

Mode Benchmark BASE HEAD Efficiency
Simulation sort_ascii_utf8_locale 15.4 ms 16.1 ms -4.68%
Simulation sort_ascii_c_locale 16 ms 16.7 ms -4.67%

Tip

Investigate this regression by commenting @codspeedbot fix this regression on this PR, or directly use the CodSpeed MCP with your agent.


Comparing oech3:expand-is-dir (d99ddaa) with main (b76d615)

Open in CodSpeed

Footnotes

  1. 46 benchmarks were skipped, so the baseline results were used instead. If they were deleted from the codebase, click here and archive them to remove them from the performance reports.

@sylvestre

Copy link
Copy Markdown
Contributor

sorry but i still don't see why it would be a TOCTOU issue

@oech3

oech3 commented Jun 29, 2026

Copy link
Copy Markdown
Contributor Author

.is_dir() is done for file path instead of fd. So target file can be replaced by directory after .is_dir() returned false.

@sylvestre

Copy link
Copy Markdown
Contributor

sure but it will just fail later

@github-actions

github-actions Bot commented Jun 29, 2026

Copy link
Copy Markdown

GNU testsuite comparison:

Skip an intermittent issue tests/cut/bounded-memory (fails in this run but passes in the 'main' branch)
Skip an intermittent issue tests/tail/inotify-dir-recreate (fails in this run but passes in the 'main' branch)
Skip an intermittent issue tests/tail/retry (fails in this run but passes in the 'main' branch)
Skipping an intermittent issue tests/date/date-locale-hour (passes in this run but fails in the 'main' branch)
Congrats! The gnu test tests/printf/printf-surprise is now passing!
@oech3

oech3 commented Jun 29, 2026

Copy link
Copy Markdown
Contributor Author

fail later means we are checking that target is directory twice with additional stat...

@oech3 oech3 force-pushed the expand-is-dir branch 3 times, most recently from 704243b to d99ddaa Compare June 29, 2026 13:16
@oech3 oech3 marked this pull request as ready for review June 29, 2026 13:17
@sylvestre

Copy link
Copy Markdown
Contributor

if i may, we have more important things to fix than this in the backlog

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

2 participants