transparency-dev · mhutchinson · Jun 25, 2026 · AlCutter · Jun 25, 2026 · AlCutter
@@ -151,10 +151,19 @@ func overwrite(name string, d []byte) error {
 		if err != nil {
 			return fmt.Errorf("failed to create temp file: %w", err)
 		}
+		success := false
+		defer func() {
+			if !success {
+				if err := os.Remove(tmpName); err != nil {
+					slog.WarnContext(context.Background(), "Failed to remove temporary file", slog.String("tmpname", tmpName), slog.Any("error", err))
+				}
+			}
+		}()
 
 		if err := os.Rename(tmpName, name); err != nil {
 			return fmt.Errorf("failed to rename temporary file to target %q: %w", name, err)
 		}
+		success = true
 		return nil
 	})
 }
@@ -186,17 +195,31 @@ func createTemp(prefix string, d []byte) (name string, err error) {
 		}
 	}
 
+	tmpName := name
+	success := false
+	defer func() {
+		if !success {
+			if err := os.Remove(tmpName); err != nil {
+				slog.WarnContext(context.Background(), "Failed to remove temporary file", slog.String("tmpname", tmpName), slog.Any("error", err))
+			}
+			name = ""
+		}
+	}()
 	defer func() {
-		if errC := f.Close(); errC != nil && err == nil {
-			err = errC
+		if errC := f.Close(); errC != nil {
+			if err == nil {
+				err = errC
+			}
+			success = false
 		}
 	}()
 
-	if n, err := f.Write(d); err != nil {
-		return "", fmt.Errorf("failed to write to temporary file %q: %w", name, err)
+	if n, writeErr := f.Write(d); writeErr != nil {
+		return "", fmt.Errorf("failed to write to temporary file %q: %w", name, writeErr)
 	} else if l := len(d); n < l {
 		return "", fmt.Errorf("short write on %q, %d < %d", name, n, l)
 	}
 
+	success = true
 	return name, nil
 }
@@ -655,3 +655,24 @@ func TestFlockLockingCorrectness(t *testing.T) {
 		t.Fatalf("expected output file to contain %q, got %q (serialization failed)", expected, string(content))
 	}
 }
+
+func TestOverwrite_CleanupOnRenameFailure(t *testing.T) {
+	tmpDir := t.TempDir()
+	targetDir := filepath.Join(tmpDir, "target_dir")
+	if err := os.Mkdir(targetDir, 0755); err != nil {
+		t.Fatal(err)
+	}
+	err := overwrite(targetDir, []byte("some data"))
+	if err == nil {
+		t.Fatal("expected overwrite to fail when target is a directory")
+	}
+	entries, err := os.ReadDir(tmpDir)
+	if err != nil {
+		t.Fatal(err)
+	}
+	for _, entry := range entries {
+		if entry.Name() != "target_dir" {
+			t.Errorf("found unexpected file/dir after failure: %s", entry.Name())
+		}
+	}
+}