[clang] [llvm] [llvm][clang] Sandbox filesystem reads (PR #165350)
Jan Svoboda via cfe-commits
cfe-commits at lists.llvm.org
Fri Nov 7 14:50:00 PST 2025
================
@@ -347,12 +348,15 @@ llvm::Expected<FileEntryRef> FileManager::getSTDIN() {
if (STDIN)
return *STDIN;
- std::unique_ptr<llvm::MemoryBuffer> Content;
- if (auto ContentOrError = llvm::MemoryBuffer::getSTDIN())
- Content = std::move(*ContentOrError);
- else
+ auto ContentOrError = [] {
+ auto BypassSandbox = llvm::sys::sandbox::scopedDisable();
+ return llvm::MemoryBuffer::getSTDIN();
----------------
jansvoboda11 wrote:
I decided to make `MemoryBuffer::getSTDIN()` a sandbox violation because I'd argue that calling it from within a library is always the wrong thing to do. (Here we have `clangBasic` doing it, but multiple LLVM libraries try to do it too.) For now, I decided to bless this particular spot to be allowed to call it, but I think the ideal solution is that stdin gets read explicitly in the client executable (in `cc1_main` let's say) and the `MemoryBuffer` gets passed down to `FileManager` (or other libraries that want **the** input) explicitly. For CAS caching, we'd capture that buffer to make it part of the compilation key.
https://github.com/llvm/llvm-project/pull/165350
More information about the cfe-commits
mailing list