[PATCH] D69418: [llvm-ar] Add output option for extract operation
Rui Ueyama via Phabricator via llvm-commits
llvm-commits at lists.llvm.org
Tue Nov 5 18:38:16 PST 2019
ruiu added a comment.
In D69418#1734225 <https://reviews.llvm.org/D69418#1734225>, @MaskRay wrote:
> In D69418#1733851 <https://reviews.llvm.org/D69418#1733851>, @ruiu wrote:
>
> > So, I think Nick Clifton's modification to not clobber parent directories is a good safeguard, and we should implement the same thing to protect our users. What do you think?
>
>
> I think disallowing `..` and absolute paths of archive members is sufficient. Both `--output=../dir` and `--output=/abs/path` can be allowed. The rationale is that `--output` is and should be controlled by the developer, while paths of archive members are more or less uncontrollable.
>
> We may have already disallowed `..` and absolute paths of archive members: `error: truncated or malformed archive (string table at long name offset 0not terminated)`, but the pointer arithmetic in `lib/Object/Archive.cpp` is a bit complex and I cannot confirm for now.
Oh OK. Do we have a test for that? I'd make sure that `ar x --output=/foo/bar/ baz.a` report an error instead of creating `/foo/bar.o` if `bar.a` contains `../bar.o`.
CHANGES SINCE LAST ACTION
https://reviews.llvm.org/D69418/new/
https://reviews.llvm.org/D69418
More information about the llvm-commits
mailing list