+2013-08-12 Paul Eggert <eggert@cs.ucla.edu>
+
+ Fix some fd issues when running subprocesses (Bug#15035).
+ Fix bugs that can leak files or file descriptors on errors.
+ Don't unlink open temp files, as that's hard for users to diagnose
+ when things go awry (e.g., temp disk exhausted).
+ Don't bother to lock temp files. Check for invalid recursion.
+ * callproc.c (synch_process_fd): Remove. All uses removed.
+ (synch_process_tempfile): New var or macro.
+ (CALLPROC_STDOUT, CALLPROC_STDERR, CALLPROC_PIPEREAD, CALLPROC_FDS):
+ New constants.
+ (record_kill_process): New arg, the temp name. All callers changed.
+ (delete_temp_file): Now just a simple wrapper around unlink.
+ (call_process_kill): New arg, the call_process_fd array.
+ Close them all. Clear synch_process_pid. Remove the temp file,
+ or arrange for it to be removed.
+ (call_process_cleanup) [MSDOS]: Arg no longer contains file name;
+ that's been moved to synch_process_tempfile. Caller changed.
+ Do not remove the tempfile; that's now call_process_kill's
+ responsibility.
+ (call_process_cleanup) [!MSDOS]: Do not record unwind-protect for
+ call_process_kill; the caller now does that.
+ (call_process_cleanup): Do not close the process fd; that's now
+ call_process_kill's responsibility.
+ (Fcall_process): Implement via new function call_process, which
+ has most of the old body of Fcall_process, but with a different API.
+ (call_process): New function that does not open or close filefd if
+ it is nonnegative. Record which fds need to be closed, and let
+ call_process_kill close (and remove the tempfile, on MSDOS) on error.
+ Signal an error if invoked recursively (could be done via a hook).
+ Simplify creation of the tempfile in the MSDOS case.
+ Don't create the output file until after checking for the executable.
+ Report any failure to open /dev/null.
+ Don't open /dev/null for writing twice; once is enough.
+ Don't create pipe if all output is being discarded or sent to file.
+ Don't worry about setting up the coding system or reading from the
+ pipe if all output is being discarded.
+ Hoist fd_error local into top level, to lessen block nesting.
+ Don't record deleted pid here; now done by Fcall_process_region.
+ (Fcall_process) [MSDOS]: Report mktemp failure immediately,
+ and note its success in synch_process_tempfile.
+ Do not leak resources when child_setup fails.
+ (Fcall_process) [!MSDOS && !WINDOWSNT]: Remove duplicate assignment
+ to child_errno. Remove unnecessary close of fd0; it's close-on-exec.
+ (create_temp_file): Now returns open fd, with an additional
+ Lisp_Object * argument to return the name. All callers changed.
+ Do not close the file; rewind it instead, and leave it open for
+ the caller. Do not lock the temp file. Unwind-protect the file
+ and the file-descriptor.
+ (Fcall_process_region): If the input is /dev/null, unwind-protect it.
+ If an asynchrounous process, record it here, not in call_process.
+ (syms_of_callproc) [MSDOS]: Initialize synch_process_tempfile.
+ * eval.c (set_unwind_protect): New function.
+ * fileio.c (write_region): New function, generalized from the
+ old Fwrite_region. Do not lock temp files.
+ (Fwrite_region): Use it.
+ * lisp.h (set_unwind_protect, write_region): New decls.
+ * process.c: Include <verify.h>.
+ (make_process): Mark fds as initially closed.
+ (deleted_pid_list): Now a list of pid-filename pairs.
+ All uses changed.
+ (close_process_fd): New function.
+ (SUBPROCESS_STDIN, WRITE_TO_SUBPROCESS, READ_FROM_SUBPROCESS)
+ (SUBPROCESS_STDOUT, READ_FROM_EXEC_MONITOR, EXEC_MONITOR_OUTPUT):
+ New constants. Verify that their number matches PROCESS_OPEN_FDS.
+ (create_process, create_pty, Fmake_serial_process)
+ (server_accept_connection): Record which fds need to be closed,
+ and let deactivate_process close them.
+ (Fmake_network_process): Do not discard the unwind-protect
+ until it's safe to do so.
+ (deactivate_process): Close the fds opened by create_process etc.
+ (Fprocess_send_eof): Adjust to new way of recording open fds.
+ Report an error if /dev/null can't be opened, instead of aborting.
+ * process.h (PROCESS_OPEN_FDS): New constant.
+ (struct Lisp_Process): New member open_fds.
+ (record_kill_process, record_deleted_pid): Adjust signatures.
+ (record_deleted_pid): Move decl here ...
+ * syswait.h (record_deleted_pid): ... from here.
+
2013-08-11 Paul Eggert <eggert@cs.ucla.edu>
* decompress.c: Fix bugs with large buffers and weird inputs.