Fix Windows support for temp files

Author: Semphris

src/dynapi/SDL_dynapi.sym

@@ -1171,6 +1171,9 @@ SDL3_0.0.0 {
     SDL_wcsnstr;
     SDL_wcsstr;
     SDL_wcstol;
+    SDL_CreateSafeTempFile;
+    SDL_CreateUnsafeTempFile;
+    SDL_CreateTempFolder;
     # extra symbols go here (don't modify this line)
   local: *;
 };

src/dynapi/SDL_dynapi_overrides.h

@@ -1196,3 +1196,6 @@
 #define SDL_wcsnstr SDL_wcsnstr_REAL
 #define SDL_wcsstr SDL_wcsstr_REAL
 #define SDL_wcstol SDL_wcstol_REAL
+#define SDL_CreateSafeTempFile SDL_CreateSafeTempFile_REAL
+#define SDL_CreateUnsafeTempFile SDL_CreateUnsafeTempFile_REAL
+#define SDL_CreateTempFolder SDL_CreateTempFolder_REAL

src/dynapi/SDL_dynapi_procs.h

@@ -1202,3 +1202,6 @@ SDL_DYNAPI_PROC(size_t,SDL_wcsnlen,(const wchar_t *a, size_t b),(a,b),return)
 SDL_DYNAPI_PROC(wchar_t*,SDL_wcsnstr,(const wchar_t *a, const wchar_t *b, size_t c),(a,b,c),return)
 SDL_DYNAPI_PROC(wchar_t*,SDL_wcsstr,(const wchar_t *a, const wchar_t *b),(a,b),return)
 SDL_DYNAPI_PROC(long,SDL_wcstol,(const wchar_t *a, wchar_t **b, int c),(a,b,c),return)
+SDL_DYNAPI_PROC(SDL_IOStream*,SDL_CreateSafeTempFile,(void),(),return)
+SDL_DYNAPI_PROC(char*,SDL_CreateUnsafeTempFile,(void),(),return)
+SDL_DYNAPI_PROC(char*,SDL_CreateTempFolder,(void),(),return)

src/filesystem/windows/SDL_sysfilesystem.c

@@ -360,13 +360,22 @@ SDL_IOStream *SDL_SYS_CreateSafeTempFile(void)
         return NULL;
     }
 
+    /* Note: Someone watching the temp folder could create a file with a
+       clashing name before it is re-created (TOCTOU). However, this shouldn't
+       give access to the contents of the file, because it will be created with
+       CREATE_NEW. */
     UINT id = GetTempFileNameW(tmp_folder, L"tmp", 0, tmp_file);
 
     if (id == 0 || tmp_len > MAX_PATH) {
         WIN_SetError("Couldn't get a temporary file");
         return NULL;
     }
 
+    if (!DeleteFileW(tmp_file)) {
+        WIN_SetError("Couldn't delete the file created by GetTempFileNameW");
+        return NULL;
+    }
+
     hFile = CreateFileW(tmp_file, GENERIC_READ | GENERIC_WRITE, 0,  NULL, CREATE_NEW,
                         FILE_ATTRIBUTE_TEMPORARY | FILE_FLAG_DELETE_ON_CLOSE, NULL);
 
@@ -382,7 +391,6 @@ char *SDL_SYS_CreateUnsafeTempFile(void)
 {
     wchar_t tmp_folder[MAX_PATH];
     wchar_t tmp_file[MAX_PATH];
-    HANDLE hFile;
 
     /* There exists GetTempPath2W, which is available only on Windows 11+ */
     DWORD tmp_len = GetTempPathW(MAX_PATH, tmp_folder);
@@ -399,18 +407,6 @@ char *SDL_SYS_CreateUnsafeTempFile(void)
         return NULL;
     }
 
-    /* TODO: See if there is any advantage to FILE_ATTRIBUTE_TEMPORARY if the
-       file is immediately closed. */
-    hFile = CreateFileW(tmp_file, GENERIC_READ | GENERIC_WRITE, 0, NULL,
-                        CREATE_NEW, FILE_ATTRIBUTE_TEMPORARY, NULL);
-
-    if (hFile == INVALID_HANDLE_VALUE) {
-        WIN_SetError("Couldn't touch the temporary file");
-        return NULL;
-    }
-
-    CloseHandle(hFile);
-
     return WIN_StringToUTF8W(tmp_file);
 }
 
@@ -434,6 +430,11 @@ char *SDL_SYS_CreateTempFolder(void)
         return NULL;
     }
 
+    if (!DeleteFileW(tmp_file)) {
+        WIN_SetError("Couldn't delete the file created by GetTempFileNameW");
+        return NULL;
+    }
+
     if (!CreateDirectory(tmp_file, NULL)) {
         WIN_SetError("Couldn't create temporary subfolder");
         return NULL;

test/CMakeLists.txt

@@ -404,6 +404,7 @@ add_sdl_test_executable(testdialog SOURCES testdialog.c)
 add_sdl_test_executable(testtime SOURCES testtime.c)
 add_sdl_test_executable(testmanymouse SOURCES testmanymouse.c)
 add_sdl_test_executable(testmodal SOURCES testmodal.c)
+add_sdl_test_executable(testtmp SOURCES testtmp.c)
 
 if (HAVE_WAYLAND)
     # Set the GENERATED property on the protocol file, since it is first created at build time

test/testtmp.c

@@ -0,0 +1,80 @@
+#include <SDL3/SDL.h>
+#include <SDL3/SDL_main.h>
+#include <SDL3/SDL_test.h>
+
+int main(int argc, char *argv[])
+{
+    SDLTest_CommonState *state;
+    int i;
+    char *file;
+    char *folder;
+    SDL_IOStream *s;
+    char buf[7];
+
+    /* Initialize test framework */
+    state = SDLTest_CommonCreateState(argv, 0);
+    if (state == NULL) {
+        return 1;
+    }
+
+    /* Parse commandline */
+    for (i = 1; i < argc;) {
+        int consumed;
+
+        consumed = SDLTest_CommonArg(state, i);
+
+        if (consumed <= 0) {
+            static const char *options[] = { NULL };
+            SDLTest_CommonLogUsage(state, argv[0], options);
+            return 1;
+        }
+
+        i += consumed;
+    }
+
+    if (!SDL_Init(SDL_INIT_VIDEO)) {
+        SDL_Log("SDL_Init failed (%s)", SDL_GetError());
+        return 1;
+    }
+
+    file = SDL_CreateUnsafeTempFile();
+
+    if (file) {
+        SDL_Log("FILE: %s\n", file);
+        SDL_RemovePath(file);
+        SDL_free(file);
+    } else {
+        SDL_Log("No temp file: %s\n", SDL_GetError());
+    }
+
+    folder = SDL_CreateTempFolder();
+
+    if (folder) {
+        SDL_Log("FOLDER: %s\n", folder);
+        SDL_RemovePath(folder);
+        SDL_free(folder);
+    } else {
+        SDL_Log("No temp folder: %s\n", SDL_GetError());
+    }
+
+    s = SDL_CreateSafeTempFile();
+
+    if (s) {
+        SDL_WriteIO(s, "Hello!", 6);
+        SDL_SeekIO(s, 0, SDL_IO_SEEK_SET);
+        SDL_ReadIO(s, buf, 6);
+        SDL_CloseIO(s);
+
+        /* The file should be deleted by now. */
+
+        buf[6] = '\0';
+        SDL_Log("SECURE FILE: '%s'\n", buf);
+    } else {
+        SDL_Log("No secure temp file: %s\n", SDL_GetError());
+    }
+
+    SDL_Quit();
+    SDLTest_CommonDestroyState(state);
+
+    return 0;
+}