-
Simon McVittie authored
If we combine the dbus_new0, populating the DBusString members and the actual creation of the file, RAII-style, then we never need to worry about a partially-initialized or uninitialized DBusNonceFile becoming visible to a caller. Similarly, if we combine deletion of the file, freeing of the DBusString members, freeing the structure and clearing the pointer to the structure, then we can never be in an inconsistent situation, except during the actual implementation of _dbus_noncefile_delete(). Note that there are two implementations each of _dbus_noncefile_create() and _dbus_noncefile_delete(). This is because on Unix we must use a subdirectory of _dbus_get_tmpdir() (the nonce filename is not created atomically, so that would not be safe), while on Windows we use the directory directly (the Windows temp directory is private to a user, so this is OK). Signed-off-by: Simon McVittie <smcv@collabora.com> Reviewed-by: Philip Withnall <withnall@endlessm.com> Bug: https://bugs.freedesktop.org/show_bug.cgi?id=103597
010223b6