Truncating an output file and overwriting its previous content
 

Hi.

I'm reading a book about Linux command line and came across the following section on dd utility:

So I have a simple question: if we don't use this argument or when we use output redirection on the command line to an existing file (bash truncates the file to zero bytes in that case), we can't say for sure that pointers to data blocks in the file's inode structure will still point to the same location as before the truncating?

Regards.

Data blocks are just deallocated - not overwritten.

When an inode is deleted, there is a "deleted" flag set to indicate the file has been deleted, the data blocks ARE deallocated, but the inode will at a minimum retain a few pointers until it is reused. This does allow some "undelete" utilities to work, but reuse of the data pointers will leave the file corrupted... and the larger the time between deletion and "undeletion" the more likely the data will be corrupted. Large files are more subject to corruption as they have more metadata (multiple blocks of pointers to data) that can be reused - and prevent data blocks from being found, even if they haven't been reused yet.

There is also the issue of flash that might be used. In this case, you never really know because the device does write leveling to spread out the use of the storage. This "leveling" always writes to a unallocated block, even in the case of overwriting (it copies the block being written into memory, then does update, followed by a write to a new block).