From 3e5a5d0116af35a065e71b22310c3ea3dda8643c Mon Sep 17 00:00:00 2001
From: paullegranddc <82819397+paullegranddc@users.noreply.github.com>
Date: Mon, 11 May 2026 14:13:56 +0200
Subject: [PATCH] Harden Windows crashtracking trampoline handling

---
 datadog-sidecar/src/windows.rs |  6 +++++-
 spawn_worker/src/win32.rs      | 21 ++++++++++++++-------
 2 files changed, 19 insertions(+), 8 deletions(-)

diff --git a/datadog-sidecar/src/windows.rs b/datadog-sidecar/src/windows.rs
index 9bebe20d1f..ee28b25a2a 100644
--- a/datadog-sidecar/src/windows.rs
+++ b/datadog-sidecar/src/windows.rs
@@ -12,6 +12,7 @@ use libdd_crashtracker_ffi::{ddog_crasht_init_windows, Metadata};
 use manual_future::ManualFuture;
 use spawn_worker::{write_crashtracking_trampoline, SpawnWorker, Stdio, TrampolineData};
 use std::ffi::CStr;
+use std::fs::File;
 use std::io::{self, Error};
 use std::os::windows::io::{FromRawHandle, IntoRawHandle, OwnedHandle};
 use std::ptr::null_mut;
@@ -124,7 +125,8 @@ pub fn ddog_setup_crashtracking(endpoint: Option<&Endpoint>, metadata: Metadata)
         "datadog-crashtracking-{}",
         primary_sidecar_identifier()
     )) {
-        Ok((path, _)) => {
+        Ok((path, file)) => {
+            *CRASHTRACKING_TRAMPOLINE.lock_or_panic() = Some(file);
             if let Ok(path_str) = path.into_os_string().into_string() {
                 return ddog_crasht_init_windows(
                     CharSlice::from(path_str.as_str()),
@@ -143,6 +145,8 @@ pub fn ddog_setup_crashtracking(endpoint: Option<&Endpoint>, metadata: Metadata)
     false
 }
 
+static CRASHTRACKING_TRAMPOLINE: LazyLock<Mutex<Option<File>>> = LazyLock::new(|| Mutex::new(None));
+
 static SIDECAR_IDENTIFIER: LazyLock<String> = LazyLock::new(fetch_sidecar_identifier);
 
 fn fetch_sidecar_identifier() -> String {
diff --git a/spawn_worker/src/win32.rs b/spawn_worker/src/win32.rs
index c1119cfada..ff19d17ea1 100644
--- a/spawn_worker/src/win32.rs
+++ b/spawn_worker/src/win32.rs
@@ -86,13 +86,19 @@ fn write_trampoline(process_name: &Option<String>) -> io::Result<(PathBuf, File)
 }
 
 pub fn write_crashtracking_trampoline(process_name: &String) -> io::Result<(PathBuf, File)> {
-    let mut path = env::temp_dir().join(process_name);
-    path.set_extension("dll");
-
-    // Attempt to move it just in case it already exists
-    let mut old_path = path.clone();
-    old_path.set_extension("old");
-    let _ = fs::rename(&path, old_path);
+    let path = loop {
+        let mut path = env::temp_dir().join(format!(
+            "{}-{}",
+            process_name,
+            std::iter::repeat_with(fastrand::alphanumeric)
+                .take(8)
+                .collect::<String>()
+        ));
+        path.set_extension("dll");
+        if !path.exists() {
+            break path;
+        }
+    };
 
     let mut file = OpenOptions::new()
         .create_new(true)
@@ -109,6 +115,7 @@ pub fn write_crashtracking_trampoline(process_name: &String) -> io::Result<(Path
     let file = OpenOptions::new()
         .read(true)
         .share_mode(FILE_SHARE_READ | FILE_SHARE_DELETE)
+        .custom_flags(FILE_FLAG_DELETE_ON_CLOSE)
         .open(path.clone())?;
 
     Ok((path, file))