From df6c3b64b75da7b278e6671e9b7965885c35b6ac Mon Sep 17 00:00:00 2001
From: Oswald Buddenhagen <ossi@users.sf.net>
Date: Sat, 15 Sep 2012 13:25:50 +0200
Subject: [PATCH] avoid that a system crash can clobber the sync state file

make sure that the new state is committed to disk before overwriting the
old version - by default meta data is committed first, so we may end up
with no valid state at all otherwise.
---
 src/sync.c | 16 ++++++++++------
 1 file changed, 10 insertions(+), 6 deletions(-)

diff --git a/src/sync.c b/src/sync.c
index 5f63501..cf67ae1 100644
--- a/src/sync.c
+++ b/src/sync.c
@@ -33,12 +33,16 @@
 #include <errno.h>
 #include <sys/stat.h>
 
+#ifndef _POSIX_SYNCHRONIZED_IO
+# define fdatasync fsync
+#endif
+
 const char *str_ms[] = { "master", "slave" }, *str_hl[] = { "push", "pull" };
 
 void
-Fclose( FILE *f )
+Fclose( FILE *f, int safe )
 {
-	if (fclose( f ) == EOF) {
+	if ((safe && (fflush( f ) || fdatasync( fileno( f ) ))) || fclose( f ) == EOF) {
 		sys_error( "Error: cannot close file. Disk full?" );
 		exit( 1 );
 	}
@@ -496,8 +500,8 @@ cancel_done( void *aux )
 	svars->state[t] |= ST_CANCELED;
 	if (svars->state[1-t] & ST_CANCELED) {
 		if (svars->lfd) {
-			Fclose( svars->nfp );
-			Fclose( svars->jfp );
+			Fclose( svars->nfp, 0 );
+			Fclose( svars->jfp, 0 );
 			sync_bail( svars );
 		} else {
 			sync_bail2( svars );
@@ -1698,8 +1702,8 @@ box_closed_p2( sync_vars_t *svars, int t )
 		         srec->status & S_EXPIRED ? "X" : "", fbuf );
 	}
 
-	Fclose( svars->nfp );
-	Fclose( svars->jfp );
+	Fclose( svars->nfp, 1 );
+	Fclose( svars->jfp, 0 );
 	if (!(DFlags & KEEPJOURNAL)) {
 		/* order is important! */
 		rename( svars->nname, svars->dname );