Fix .b2z double-open corruption caused by GC-triggered repacking

   Opening a .b2z store in append mode a second time (in a new process) was
   failing with "blosc2_schunk_open_offset returned NULL" because the first
   open had silently overwritten the archive with a near-empty ZIP file.

   Two root causes were identified and fixed:

   1. Probe store in _open_treestore_root_object() called close() on a
      temporary TreeStore used only to read the manifest. This triggered
      to_b2z() and repacked the archive before the real open started.
      Fix: added DictStore.discard() (cleanup without repack) and switched
      the probe store to call discard() instead of close().

   2. CTable.__del__ (GC path) called storage.close() which chained into
      TreeStore.close() → to_b2z(). With nothing modified, the temp dir
      could be partially torn down, producing a corrupt archive.
      Fix: DictStore gains _closed and _modified flags; __del__ now calls
      discard() when _modified is False (no writes via __setitem__/
      __delitem__), and close() otherwise. CTable.__del__ is changed to
      call storage.discard() directly. FileTableStorage.discard() and
      TableStorage.discard() added to complete the delegation chain.

   3. TreeStore subtree views (created via __dict__.update from the parent)
      shared the parent's _temp_dir_obj. GC of a subtree could destroy the
      parent's temp dir. Fix: subtrees now set _closed=True immediately
      after copying the parent's __dict__.

   The contract is:
     - Explicit close() / with block → always repacks (user intent)
     - GC __del__ with no store-level writes → discard() (no repack, safe)
     - GC __del__ with __setitem__/__delitem__ writes → close() (repack)

   Add two regression tests: one at the DictStore layer and one for the
   full indexed-CTable-in-.b2z scenario that triggered the original report.

   Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

Author: FrancescAlted

src/blosc2/ctable.py

@@ -1044,7 +1044,11 @@ def __exit__(self, exc_type, exc_val, exc_tb):
 
     def __del__(self):
         with contextlib.suppress(Exception):
-            self.close()
+            storage = getattr(self, "_storage", None)
+            if storage is not None and hasattr(storage, "discard"):
+                storage.discard()
+            elif storage is not None and hasattr(storage, "close"):
+                storage.close()
 
     def _init_columns(
         self, expected_size: int, default_chunks, default_blocks, storage: TableStorage

src/blosc2/ctable_storage.py

@@ -92,6 +92,10 @@ def rename_column(self, old: str, new: str) -> blosc2.NDArray:
     def close(self) -> None:
         raise NotImplementedError
 
+    def discard(self) -> None:
+        """Clean up resources without persisting changes back to the archive."""
+        self.close()
+
     # -- Index catalog and epoch helpers -------------------------------------
 
     def load_index_catalog(self) -> dict:
@@ -370,6 +374,13 @@ def close(self) -> None:
             self._store = None
         self._meta = None
 
+    def discard(self) -> None:
+        """Clean up without repacking the .b2z archive."""
+        if self._store is not None:
+            self._store.discard()
+            self._store = None
+        self._meta = None
+
     # -- Index catalog and epoch helpers -------------------------------------
 
     def load_index_catalog(self) -> dict:

src/blosc2/dict_store.py

@@ -141,6 +141,8 @@ def __init__(
         self.offsets = {}
         self.map_tree = {}
         self._temp_dir_obj = None
+        self._closed = False
+        self._modified = False
 
         self._setup_paths_and_dirs(tmpdir)
 
@@ -315,6 +317,12 @@ def _init_write_append_mode(
         """Initialize store in write/append mode."""
         if self.mode == "a" and os.path.exists(self.localpath):
             if self.is_zip_store:
+                # When using an explicit tmpdir the directory may already contain
+                # stale files from a previous open that was never closed.  Clear
+                # it before extracting so we always start from a clean slate.
+                if self._temp_dir_obj is None:
+                    shutil.rmtree(self.working_dir, ignore_errors=True)
+                    os.makedirs(self.working_dir, exist_ok=True)
                 with zipfile.ZipFile(self.localpath, "r") as zf:
                     zf.extractall(self.working_dir)
             elif not os.path.isdir(self.working_dir):
@@ -387,6 +395,7 @@ def __setitem__(
         self, key: str, value: blosc2.Array | SChunk | blosc2.VLArray | blosc2.BatchArray
     ) -> None:
         """Add a node to the DictStore."""
+        self._modified = True
         if isinstance(value, np.ndarray):
             value = blosc2.asarray(value, cparams=self.cparams, dparams=self.dparams)
         # C2Array should always go to embed store; let estore handle it directly
@@ -488,6 +497,7 @@ def get(
 
     def __delitem__(self, key: str) -> None:
         """Remove a node from the DictStore."""
+        self._modified = True
         if key in self.map_tree:
             # Remove from map_tree and delete the external file
             filepath = self.map_tree[key]
@@ -672,6 +682,10 @@ def _get_zip_offsets(self) -> dict[str, dict[str, int]]:
 
     def close(self) -> None:
         """Persist changes and cleanup."""
+        if self._closed:
+            return
+        self._closed = True
+
         # Repack estore
         # TODO: for some reason this is not working
         # if self.mode != "r":
@@ -680,13 +694,46 @@ def close(self) -> None:
         #         f.write(cframe)
 
         if self.is_zip_store and self.mode in ("w", "a"):
-            # Serialize to b2z file
+            # Serialize to b2z file.
             self.to_b2z(overwrite=True)
 
         # Clean up temporary directory if we created it
         if self._temp_dir_obj is not None:
             self._temp_dir_obj.cleanup()
 
+    def discard(self) -> None:
+        """Clean up resources *without* repacking the .b2z file.
+
+        Use this instead of :meth:`close` when the store was opened only for
+        inspection and should be thrown away without persisting any changes
+        back to the archive.
+        """
+        if self._closed:
+            return
+        self._closed = True
+        if self._temp_dir_obj is not None:
+            self._temp_dir_obj.cleanup()
+
+    def __del__(self):
+        """Ensure the temporary directory is removed and, if writes were made
+        through this store's own API, the store is flushed back to the .b2z
+        file.
+
+        When no Python-level writes went through ``__setitem__`` / ``__delitem__``
+        (``_modified`` is False), we skip ``to_b2z()`` to avoid repacking a
+        potentially partial temp dir during garbage collection.  Explicit
+        ``close()`` / ``__exit__`` always repacks regardless.
+        """
+        try:
+            if not self._closed and self.is_zip_store and self.mode in ("w", "a") and not self._modified:
+                # Skip repacking — discard is safe and avoids corrupting the
+                # archive when the temp dir is torn down during GC.
+                self.discard()
+            else:
+                self.close()
+        except Exception:
+            pass
+
     def __enter__(self):
         """Context manager enter."""
         return self

src/blosc2/schunk.py

@@ -1705,7 +1705,11 @@ def _open_treestore_root_object(store, urlpath, mode):
     if manifest["kind"] == "ctable":
         if mode not in {"r", "a"}:
             return store
-        store.close()
+        # Discard the probe store without repacking — it was only opened
+        # to peek at the manifest.  A full close() would trigger to_b2z()
+        # even though nothing was modified, and CTable.open() below will
+        # create its own store anyway.
+        store.discard()
         return blosc2.CTable.open(urlpath, mode=mode)
 
     return store

src/blosc2/tree_store.py

@@ -154,8 +154,12 @@ def __init__(self, *args, _from_parent_store=None, **kwargs):
         It supports the same arguments as :class:`blosc2.DictStore`.
         """
         if _from_parent_store is not None:
-            # This is a subtree view, copy state from parent
+            # This is a subtree view, copy state from parent.
+            # Mark it as closed so DictStore.__del__ does not attempt to pack
+            # or clean up the shared backing store when this ephemeral view
+            # is garbage-collected.
             self.__dict__.update(_from_parent_store.__dict__)
+            self._closed = True
         else:
             # Call initialization and mark this storage as a b2tree object
             super().__init__(*args, **kwargs, _storage_meta={"b2tree": {"version": 1}})

tests/ctable/test_ctable_indexing.py

@@ -436,3 +436,32 @@ def test_indexes_multiple_columns():
     assert len(t.indexes) == 2
     col_names = {idx.col_name for idx in t.indexes}
     assert col_names == {"id", "category"}
+
+
+def test_indexed_ctable_b2z_double_open_append_no_corruption(tmp_path):
+    """Opening an indexed CTable .b2z in append mode twice must not corrupt it.
+
+    Regression test: GC of a CTable opened from .b2z was calling close() →
+    to_b2z() even when nothing was modified, overwriting the archive with a
+    near-empty ZIP that broke subsequent opens.
+    """
+    path = str(tmp_path / "indexed.b2z")
+    b2d_path = str(tmp_path / "indexed.b2d")
+
+    t = _make_table(50, persistent_path=b2d_path)
+    t.create_index("id")
+    t._storage._store.to_b2z(filename=path, overwrite=True)
+    t._storage._store.close()
+    shutil.rmtree(b2d_path)
+
+    # First open without explicit close — GC must not corrupt the archive
+    t1 = blosc2.open(path, mode="a")
+    assert t1.nrows == 50
+    assert len(t1.indexes) == 1
+    del t1  # triggers __del__; must NOT repack/corrupt
+
+    # Second open must succeed and see correct data
+    t2 = blosc2.open(path, mode="a")
+    assert t2.nrows == 50
+    assert len(t2.indexes) == 1
+    del t2

tests/test_dict_store.py

@@ -693,3 +693,25 @@ def test_mmap_mode_validation(tmp_path):
 
     with pytest.raises(ValueError, match="mmap_mode='r' requires mode='r'"):
         DictStore(str(path), mode="a", mmap_mode="r")
+
+
+def test_b2z_double_open_append_no_corruption(tmp_path):
+    """Opening a .b2z store twice in append mode must not corrupt the archive.
+
+    Regression test: previously, GC of the first open's DictStore triggered
+    ``to_b2z()`` which overwrote the archive with a near-empty ZIP, causing the
+    second open to fail with ``blosc2_schunk_open_offset`` returning NULL.
+    """
+    path = str(tmp_path / "double_open.b2z")
+
+    with DictStore(path, mode="w") as ds:
+        ds["/arr"] = blosc2.arange(20)
+
+    # First open — no explicit close (simulates the GC-triggered path)
+    ds1 = DictStore(path, mode="a")
+    assert np.array_equal(ds1["/arr"][:], np.arange(20))
+    del ds1  # GC; must NOT corrupt the archive
+
+    # Second open — must succeed and see correct data
+    with DictStore(path, mode="a") as ds2:
+        assert np.array_equal(ds2["/arr"][:], np.arange(20))