Skip to content

known.met and cancelled.met still save in place and can truncate on failure

Summary

Older main wrote known.met and cancelled.met directly to their final paths from CKnownFileList::Save().

That means a crash, short write, disk-full condition, or close failure in the middle of the save can still leave one of those files truncated or partially rewritten. This is the same general failure class that already justified the landed atomic-save hardening for part.met and ipfilter.dat.

Previous Mainline Evidence

srchybrid/KnownFileList.cpp previously followed the old in-place pattern:

  • open the final known.met path with create/write flags
  • write the payload directly into that target file
  • repeat the same pattern for cancelled.met

There was no temp-file promotion step on that path before the fix.

Comparison Notes

  • analysis\emuleai\srchybrid\KnownFileList.cpp adds known.met.tmp and promotes it with MoveFileEx(..., MOVEFILE_REPLACE_EXISTING) for known.met
  • analysis\stale-v0.72a-experimental-clean and the focused Xtreme mod archive do not carry this hardening

So this looks like a real newer eMuleAI file-integrity improvement rather than a stale historical branch port.

Intended Fix Direction

Keep this low drift:

  1. write known.met.tmp and cancelled.met.tmp in the config directory
  2. flush and close successfully before promotion
  3. promote with the existing atomic replacement helper or an equivalent single-path wrapper
  4. leave the previous live file intact if temp write or promotion fails
  5. log the failure clearly instead of silently destroying the last good metadata file

Mainline Outcome

Landed on main in commit f5433e1 (BUG-036: save known metadata atomically).

Current CKnownFileList::Save() now routes both known.met and cancelled.met through SaveKnownMetadataFileAtomically(), writing to a temporary sibling file and then promoting it with ReplaceFileAtomically(). Failures log an explicit save error and delete the temporary file instead of truncating the last known-good metadata file.

Validation

  • simulate save failure after temp creation and verify the previous live file still loads
  • simulate promotion failure and verify the previous live file is preserved
  • verify successful saves leave valid known.met and cancelled.met
  • verify no stray temp files are left behind on the success path