fix: GC has no grace period (TOCTOU with dedup uploads) #71

Closed
opened 2026-07-02 00:20:16 +10:00 by unkinben · 0 comments
Owner

FindOrphanedBlobs (internal/database/artifacts.go:112) returns any blob not currently referenced. Because CAS dedups (blob row can exist before its artifact/local_files row is written), a concurrent upload reusing an existing hash can have its S3 object deleted mid-flight by internal/gc/gc.go. Add an age filter so only comfortably-old orphans (e.g. created_at < now()-1h) are collected.

`FindOrphanedBlobs` (`internal/database/artifacts.go:112`) returns any blob not currently referenced. Because CAS dedups (blob row can exist before its artifact/local_files row is written), a concurrent upload reusing an existing hash can have its S3 object deleted mid-flight by `internal/gc/gc.go`. Add an age filter so only comfortably-old orphans (e.g. created_at < now()-1h) are collected.
Sign in to join this conversation.
No Label
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: unkin/artifactapi#71