fix: prevent double-commit in Transaction (apache#427)

shangxinli · wgtmac · web-flow · commit 7b9595256ee9 · 2025-12-23T09:44:43.000+08:00
Prevents Transaction::Commit() from being called multiple times by:
- Adding committed_ flag to track transaction state
- Checking flag at start of Commit() and returning error if already
committed
- Setting flag after successful commit (both empty and non-empty
updates)
- Updating table_ reference after successful catalog update

This ensures transactions can only be committed once, preventing
unintended side effects and maintaining transaction semantics.

---------

Co-authored-by: Gang Wu &lt;ustcwg@gmail.com&gt;
diff --git a/src/iceberg/transaction.cc b/src/iceberg/transaction.cc
@@ -75,13 +75,17 @@ Status Transaction::Apply(std::vector<std::unique_ptr<TableUpdate>> updates) {
 }
 
 Result<std::shared_ptr<Table>> Transaction::Commit() {
+  if (committed_) {
+    return Invalid("Transaction already committed");
+  }
   if (!last_update_committed_) {
     return InvalidArgument(
         "Cannot commit transaction when previous update is not committed");
   }
 
   const auto& updates = metadata_builder_->changes();
   if (updates.empty()) {
+    committed_ = true;
     return table_;
   }
 
@@ -98,7 +102,14 @@ Result<std::shared_ptr<Table>> Transaction::Commit() {
   }
 
   // XXX: we should handle commit failure and retry here.
-  return table_->catalog()->UpdateTable(table_->name(), requirements, updates);
+  ICEBERG_ASSIGN_OR_RAISE(auto updated_table, table_->catalog()->UpdateTable(
+                                                  table_->name(), requirements, updates));
+
+  // Mark as committed and update table reference
+  committed_ = true;
+  table_ = std::move(updated_table);
+
+  return table_;
 }
 
 Result<std::shared_ptr<UpdateProperties>> Transaction::NewUpdateProperties() {
diff --git a/src/iceberg/transaction.h b/src/iceberg/transaction.h
@@ -80,6 +80,8 @@ class ICEBERG_EXPORT Transaction : public std::enable_shared_from_this<Transacti
   const bool auto_commit_;
   // To make the state simple, we require updates are added and committed in order.
   bool last_update_committed_ = true;
+  // Tracks if transaction has been committed to prevent double-commit
+  bool committed_ = false;
   // Keep track of all created pending updates. Use weak_ptr to avoid circular references.
   // This is useful to retry failed updates.
   std::vector<std::weak_ptr<PendingUpdate>> pending_updates_;

Original file line number	Diff line number	Diff line change
`@@ -75,13 +75,17 @@ Status Transaction::Apply(std::vector<std::unique_ptr<TableUpdate>> updates) {`
`75`	`75`	`}`
`76`	`76`
`77`	`77`	`Result<std::shared_ptr<Table>> Transaction::Commit() {`
	`78`	`+ if (committed_) {`
	`79`	`+ return Invalid("Transaction already committed");`
	`80`	`+ }`
`78`	`81`	`if (!last_update_committed_) {`
`79`	`82`	`return InvalidArgument(`
`80`	`83`	`"Cannot commit transaction when previous update is not committed");`
`81`	`84`	`}`
`82`	`85`
`83`	`86`	`const auto& updates = metadata_builder_->changes();`
`84`	`87`	`if (updates.empty()) {`
	`88`	`+ committed_ = true;`
`85`	`89`	`return table_;`
`86`	`90`	`}`
`87`	`91`
`@@ -98,7 +102,14 @@ Result<std::shared_ptr<Table>> Transaction::Commit() {`
`98`	`102`	`}`
`99`	`103`
`100`	`104`	`// XXX: we should handle commit failure and retry here.`
`101`		`- return table_->catalog()->UpdateTable(table_->name(), requirements, updates);`
	`105`	`+ ICEBERG_ASSIGN_OR_RAISE(auto updated_table, table_->catalog()->UpdateTable(`
	`106`	`+ table_->name(), requirements, updates));`
	`107`	`+`
	`108`	`+ // Mark as committed and update table reference`
	`109`	`+ committed_ = true;`
	`110`	`+ table_ = std::move(updated_table);`
	`111`	`+`
	`112`	`+ return table_;`
`102`	`113`	`}`
`103`	`114`
`104`	`115`	`Result<std::shared_ptr<UpdateProperties>> Transaction::NewUpdateProperties() {`