fix(lib/screentracker,cmd/server): add f.Sync, remove duplicate SIGINT, verify PID ownership

mafredri · mafredri · commit b30bb425d475 · 2026-02-26T12:42:22.000Z
Add f.Sync() before close in SaveState() so data is flushed to disk
before the atomic rename, preventing corrupt state files on power
failure.

Remove duplicate syscall.SIGINT from signal.Notify in signals_unix.go
since os.Interrupt is identical to syscall.SIGINT on Unix.

Make cleanupPIDFile read the PID file and verify it contains the
current process PID before deleting, preventing a new instance's PID
file from being removed by an old instance's deferred cleanup.
diff --git a/cmd/server/server.go b/cmd/server/server.go
@@ -291,8 +291,21 @@ func writePIDFile(pidFile string, logger *slog.Logger) error {
 	return nil
 }
 
-// cleanupPIDFile removes the PID file if it exists
+// cleanupPIDFile removes the PID file if it was written by this process.
 func cleanupPIDFile(pidFile string, logger *slog.Logger) {
+	data, err := os.ReadFile(pidFile)
+	if err != nil {
+		if !os.IsNotExist(err) {
+			logger.Error("Failed to read PID file for cleanup", "pidFile", pidFile, "error", err)
+		}
+		return
+	}
+	pidStr := strings.TrimSpace(string(data))
+	filePID, err := strconv.Atoi(pidStr)
+	if err != nil || filePID != os.Getpid() {
+		logger.Info("PID file belongs to another process, skipping cleanup", "pidFile", pidFile, "filePID", pidStr)
+		return
+	}
 	if err := os.Remove(pidFile); err != nil && !os.IsNotExist(err) {
 		logger.Error("Failed to remove PID file", "pidFile", pidFile, "error", err)
 	} else if err == nil {
diff --git a/cmd/server/server_test.go b/cmd/server/server_test.go
@@ -675,8 +675,8 @@ func TestPIDFileOperations(t *testing.T) {
 		tmpDir := t.TempDir()
 		pidFile := tmpDir + "/test.pid"
 
-		// Create PID file
-		err := os.WriteFile(pidFile, []byte("12345\n"), 0o644)
+		// Create PID file with current process PID so ownership check passes
+		err := os.WriteFile(pidFile, []byte(fmt.Sprintf("%d\n", os.Getpid())), 0o644)
 		require.NoError(t, err)
 
 		// Cleanup
diff --git a/cmd/server/signals_unix.go b/cmd/server/signals_unix.go
@@ -18,7 +18,7 @@ import (
 func handleSignals(ctx context.Context, cancel context.CancelFunc, logger *slog.Logger, srv *httpapi.Server) {
 	// Handle shutdown signals (SIGTERM, SIGINT, SIGHUP)
 	shutdownCh := make(chan os.Signal, 1)
-	signal.Notify(shutdownCh, os.Interrupt, syscall.SIGTERM, syscall.SIGHUP, syscall.SIGINT)
+	signal.Notify(shutdownCh, os.Interrupt, syscall.SIGTERM, syscall.SIGHUP)
 	go func() {
 		defer signal.Stop(shutdownCh)
 		sig := <-shutdownCh
diff --git a/lib/screentracker/pty_conversation.go b/lib/screentracker/pty_conversation.go
@@ -610,6 +610,12 @@ func (c *PTYConversation) SaveState() error {
 		return xerrors.Errorf("failed to encode state: %w", err)
 	}
 
+	// Flush to disk before rename for crash safety
+	if err := f.Sync(); err != nil {
+		_ = f.Close()
+		return xerrors.Errorf("failed to sync state file: %w", err)
+	}
+
 	// Close file before rename
 	if err := f.Close(); err != nil {
 		return xerrors.Errorf("failed to close temp state file: %w", err)
