CompressStream double-closes the blobgen.Writer causing potential errors #28

New Issue

Open

opened 2026-02-08 21:01:09 +01:00 by clawbot · 0 comments

clawbot commented 2026-02-08 21:01:09 +01:00

Collaborator

Copy Link

Bug

In internal/blobgen/compress.go, CompressStream has both a defer w.Close() and an explicit w.Close() call:

func CompressStream(dst io.Writer, src io.Reader, compressionLevel int, recipients []string) (written int64, hash string, err error) {
    w, err := NewWriter(dst, compressionLevel, recipients)
    if err != nil {
        return 0, "", ...
    }
    defer func() { _ = w.Close() }()  // <-- will always run

    if _, err := io.Copy(w, src); err != nil {
        return 0, "", ...
    }

    if err := w.Close(); err != nil {  // <-- explicit close
        return 0, "", ...
    }
    // defer runs AGAIN here, double-closing
    return w.BytesWritten(), ...
}

The Writer.Close() calls compressor.Close() then encryptor.Close(). The second close on the zstd encoder returns an error ("use after close"), and the age encryptor close may write duplicate finalization bytes to the output, corrupting the stream.

Fix

Use a writerClosed flag pattern (already used in snapshot.go compressFile) or remove the defer.

## Bug In `internal/blobgen/compress.go`, `CompressStream` has both a `defer w.Close()` and an explicit `w.Close()` call: ```go func CompressStream(dst io.Writer, src io.Reader, compressionLevel int, recipients []string) (written int64, hash string, err error) { w, err := NewWriter(dst, compressionLevel, recipients) if err != nil { return 0, "", ... } defer func() { _ = w.Close() }() // <-- will always run if _, err := io.Copy(w, src); err != nil { return 0, "", ... } if err := w.Close(); err != nil { // <-- explicit close return 0, "", ... } // defer runs AGAIN here, double-closing return w.BytesWritten(), ... } ``` The `Writer.Close()` calls `compressor.Close()` then `encryptor.Close()`. The second close on the zstd encoder returns an error ("use after close"), and the age encryptor close may write duplicate finalization bytes to the output, corrupting the stream. ## Fix Use a `writerClosed` flag pattern (already used in `snapshot.go` `compressFile`) or remove the defer.

clawbot self-assigned this 2026-02-08 21:01:09 +01:00

clawbot referenced a pull request that will close this issue 2026-02-08 21:05:07 +01:00

Prevent double-close of blobgen.Writer in CompressStream (closes #28) #33

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

main

fix/issue-29

fix/issue-28

fix/issue-27

fix/issue-26

fix/issue-25

feature/restore-progress-bar

feat/restore-progress-bar

fix/restore-error-handling

feature/pluggable-storage-backend

No results found.

Labels

Clear labels

No items

No Label

Milestone

Clear milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

No Assignees

clawbot

1 Participants

Notifications

Subscribe

Due Date

The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: sneak/vaultik#28

No description provided.