build -o can overwrite source files before reading the project

[aspizu]

Repro

tmp=$(mktemp -d /tmp/goboscript-output-stage-XXXXXX)
printf 'costumes "blank.svg";\n\n' > "$tmp/stage.gs"
printf '<svg xmlns="http://www.w3.org/2000/svg" width="1" height="1"></svg>\n' > "$tmp/blank.svg"
cargo run --quiet -- build "$tmp" -o "$tmp/stage.gs"
python3 - <<'PY' "$tmp/stage.gs"
import sys, pathlib
print(pathlib.Path(sys.argv[1]).read_bytes()[:8])
PY

Observed:

panicked at src/diagnostic/sprite_diagnostics.rs:101:58:
called `Result::unwrap()` on an `Err` value: Error { kind: InvalidData, message: "stream did not contain valid UTF-8" }
goboscript is cooked 💀
open an issue at https://github.com/aspizu/goboscript/issues
b'PK\x03\x04\x14\x00\x00\x00'

frontend/build.rs creates the output file before build_impl reads the project. If -o points at stage.gs or another project source file, the source is replaced with a zip stream before parsing starts.

Expected

The build should reject output paths that overlap project input files, or delay/trap output creation so source files cannot be destroyed before they are read.

[linear]

GS-281

[aspizu]

Additional output-overlap repro: writing to an asset path succeeds and replaces the asset with an .sb3 zip.

tmp=$(mktemp -d /tmp/goboscript-output-asset-XXXXXX)
printf 'costumes "blank.svg";\n\n' > "$tmp/stage.gs"
printf '<svg xmlns="http://www.w3.org/2000/svg" width="1" height="1"></svg>\n' > "$tmp/blank.svg"
cargo run --quiet -- build "$tmp" -o "$tmp/blank.svg"
python3 - <<'PY' "$tmp/blank.svg"
import sys, pathlib, zipfile
p=pathlib.Path(sys.argv[1])
print(p.read_bytes()[:8])
with zipfile.ZipFile(p) as z:
    print(sorted(z.namelist()))
PY

Observed:

b'PK\x03\x04\x14\x00\x00\x00'
['288e9e6c28e3e9e6b4ff990d9db7f5fa.svg', 'project.json']

Exit code is 0, but blank.svg is no longer an SVG file.