#47 opencity: unsafely overwrites opencity.save

0.0.7
open
nobody
None
5
2014-08-15
2014-01-03
Markus Koschany
No

This is Debian bug http://bugs.debian.org/656154

I couldn't reproduce the segmentation fault the user described in his bug report but I'm forwarding the bug report for your information.

"I think it's a really nice game, with a great potential.
I especially like its truly 3D approach to city simulation,
and the fact that it's not a clone of any proprietary game,
even though it clearly belongs to a well-defined game genre.

I hope the upstream developers will continue to develop it,
since it may become a very entertaining game, if some rough edges
get smoothed out!

All that said, I would like to point out a feature that seems
to be implemented in an unsafe manner.
The save button lets the user save the city.
As the documentation [1] on the official web site states:

| Currently, OpenCity handles only one save slot. It will overwrite
| any previously saved city.

[1] http://www.opencity.info/en/TutorialMainMenu.html

OK, this is a limitation (I will file a separate wishlist bug about it),
but that's not the point.
I can live with a single save slot, which corresponds to
~/.opencity/opencity.save

The problem is: it seems to me that, when the save button is pressed,
the program opens the save file ~/.opencity/opencity.save in
write mode and begins writing the current city status to it.

This implies that it exists a short time span, where the previously
saved city is no longer stored, but the current city is not yet written
to the save file. If something goes wrong during this short time span,
the user loses his/her city!

I haven't looked into the source code, hence I am not sure of the
above explanation, but I am sure that something similar may happen,
as I personally experienced the issue!
I was saving my city, when the program segfaulted (yes, I experienced
a good number of segfaults, but I haven't yet found an easily
reproducible one...): after that, I was left without any usable save
file. I therefore lost my city! :-(

I think a safer save strategy should be implemented: maybe the
program should save to a temporary file, and then, only after
a reasonable integrity check, rename the temporary file to
~/.opencity/opencity.save

Or otherwise, the program could first copy ~/.opencity/opencity.save
to ~/.opencity/opencity.save.bak and, after that open
~/.opencity/opencity.save in write mode and write to it."

Discussion