wallet: fail migration gracefully on non-writable wallets

furszy · furszy · commit eb5e076b189a · 2026-01-04T18:00:59.000-05:00
Currently, attempting a wallet migration when the database
directory or file is not writable results in a filesystem
exception that abruptly aborts the process, skipping the
post-failure cleanup logic and returning a not particularly
helpful error message.
diff --git a/src/util/fs_helpers.cpp b/src/util/fs_helpers.cpp
@@ -8,6 +8,7 @@
 #include <bitcoin-build-config.h> // IWYU pragma: keep
 
 #include <logging.h>
+#include <random.h>
 #include <sync.h>
 #include <util/fs.h>
 #include <util/syserror.h>
@@ -304,6 +305,28 @@ std::optional<fs::perms> InterpretPermString(const std::string& s)
     }
 }
 
+bool IsFileWritable(const fs::path& file)
+{
+    if (!fs::exists(file)) throw std::runtime_error(strprintf("File %s does not exist", fs::PathToString(file)));
+    if (fs::is_directory(file)) throw std::runtime_error(strprintf("Path %s is not a file", fs::PathToString(file)));
+    std::ofstream ofs(fs::PathToString(file), std::ios::app);
+    return ofs.is_open();
+}
+
+bool IsDirWritable(const fs::path& dir_path) {
+    // Attempt to create a tmp file in the directory
+    if (!fs::is_directory(dir_path)) throw std::runtime_error(strprintf("Path %s is not a directory", fs::PathToString(dir_path)));
+    FastRandomContext rng;
+    const auto tmp = dir_path / fs::PathFromString(strprintf(".tmp_%d", rng.rand64()));
+    if (auto created{fsbridge::fopen(tmp, "a")}) {
+        std::fclose(created);
+        std::error_code ec;
+        fs::remove(tmp, ec); // clean up, ignore errors
+        return true;
+    }
+    return false;
+}
+
 #ifdef __APPLE__
 FSType GetFilesystemType(const fs::path& path)
 {
diff --git a/src/util/fs_helpers.h b/src/util/fs_helpers.h
@@ -93,6 +93,21 @@ std::string PermsToSymbolicString(fs::perms p);
  */
 std::optional<fs::perms> InterpretPermString(const std::string& s);
 
+/** Check if a file is writable by opening in append mode.
+ *
+ * @param[in] file_path path of the file to test
+ * @throw std::runtime_error if file_path does not exist or is a directory.
+ */
+bool IsFileWritable(const fs::path& file_path);
+
+/** Check if a directory is writable by creating a temporary file on it.
+ *
+ * @param[in] dir_path path of the directory to test
+ * @return true if a temporary file could be created and removed, false otherwise.
+ * @throw std::runtime_error if dir_path is not a directory.
+ */
+bool IsDirWritable(const fs::path& dir_path);
+
 #ifdef WIN32
 fs::path GetSpecialFolderPath(int nFolder, bool fCreate = true);
 #endif
diff --git a/src/wallet/wallet.cpp b/src/wallet/wallet.cpp
@@ -3764,6 +3764,15 @@ bool CWallet::MigrateToSQLite(bilingual_str& error)
         return false;
     }
 
+    // Check parent directory and db file are writable
+    if (m_database->Format() != "mock") {
+        const auto file_path = fs::PathFromString(m_database->Filename());
+        if (!IsFileWritable(file_path) || !IsDirWritable(file_path.parent_path())) {
+            error = _("Error: Wallet db cannot be updated. Adjust directory or file permissions to proceed with migration.");
+            return false;
+        }
+    }
+
     // Get all of the records for DB type migration
     std::unique_ptr<DatabaseBatch> batch = m_database->MakeBatch();
     std::unique_ptr<DatabaseCursor> cursor = batch->GetNewCursor();
