There were two conditions under which xml_document::save_file could
previously return true even though the saving failed:
- The last write to the file was buffered in stdio buffer, and it's that
last write that would fail due to lack of disk space
- The data has been written correctly but fclose failed to update file
metadata, which can result in truncated size / missing inode updates.
This change fixes both by adjusting save_file to fflush before the check,
and also checking fclose results. Note that while fflush here is
technically redundant, because it's implied by fclose, we must check
ferror explicitly anyway, and so it feels a little cleaner to do most of
the error handling in save_file_impl, so that the changes of fclose()
failing are very slim.
Of course, neither change guarantees that the contents of the file are
going to be safe on disk following a power failure.
444963e269