[llvm] r274135 - [llvm-cov] Do not allow ".." to escape the coverage sub-directory
Vedant Kumar via llvm-commits
llvm-commits at lists.llvm.org
Wed Jun 29 09:22:12 PDT 2016
Author: vedantk
Date: Wed Jun 29 11:22:12 2016
New Revision: 274135
URL: http://llvm.org/viewvc/llvm-project?rev=274135&view=rev
Log:
[llvm-cov] Do not allow ".." to escape the coverage sub-directory
In -output-dir mode, file reports are placed into a "coverage"
directory. If filenames in the coverage mapping contain "..", they might
escape out of this directory.
Fix the problem by removing ".." from source filenames (expand the path
component).
Added:
llvm/trunk/test/tools/llvm-cov/Inputs/double_dots.covmapping
llvm/trunk/test/tools/llvm-cov/Inputs/double_dots.proftext
llvm/trunk/test/tools/llvm-cov/double_dots.c
Modified:
llvm/trunk/tools/llvm-cov/SourceCoverageView.cpp
Added: llvm/trunk/test/tools/llvm-cov/Inputs/double_dots.covmapping
URL: http://llvm.org/viewvc/llvm-project/llvm/trunk/test/tools/llvm-cov/Inputs/double_dots.covmapping?rev=274135&view=auto
==============================================================================
Binary files llvm/trunk/test/tools/llvm-cov/Inputs/double_dots.covmapping (added) and llvm/trunk/test/tools/llvm-cov/Inputs/double_dots.covmapping Wed Jun 29 11:22:12 2016 differ
Added: llvm/trunk/test/tools/llvm-cov/Inputs/double_dots.proftext
URL: http://llvm.org/viewvc/llvm-project/llvm/trunk/test/tools/llvm-cov/Inputs/double_dots.proftext?rev=274135&view=auto
==============================================================================
--- llvm/trunk/test/tools/llvm-cov/Inputs/double_dots.proftext (added)
+++ llvm/trunk/test/tools/llvm-cov/Inputs/double_dots.proftext Wed Jun 29 11:22:12 2016
@@ -0,0 +1,8 @@
+main
+# Func Hash:
+0
+# Num Counters:
+1
+# Counter Values:
+1
+
Added: llvm/trunk/test/tools/llvm-cov/double_dots.c
URL: http://llvm.org/viewvc/llvm-project/llvm/trunk/test/tools/llvm-cov/double_dots.c?rev=274135&view=auto
==============================================================================
--- llvm/trunk/test/tools/llvm-cov/double_dots.c (added)
+++ llvm/trunk/test/tools/llvm-cov/double_dots.c Wed Jun 29 11:22:12 2016
@@ -0,0 +1,11 @@
+// To create the covmapping for this file, copy this file to /tmp/dots/test.c,
+// cd into /tmp/dots, and pass "../dots/double_dots.c" to the compiler. Use
+// llvm-cov convert-for-testing to extract the covmapping.
+
+// RUN: llvm-profdata merge %S/Inputs/double_dots.proftext -o %t.profdata
+// RUN: llvm-cov show %S/Inputs/double_dots.covmapping -instr-profile=%t.profdata -o %t.dir
+// RUN: FileCheck -input-file=%t.dir/index.txt %s
+
+// CHECK-NOT: coverage{{.*}}dots{{.*}}..{{.*}}dots
+
+int main() {}
Modified: llvm/trunk/tools/llvm-cov/SourceCoverageView.cpp
URL: http://llvm.org/viewvc/llvm-project/llvm/trunk/tools/llvm-cov/SourceCoverageView.cpp?rev=274135&r1=274134&r2=274135&view=diff
==============================================================================
--- llvm/trunk/tools/llvm-cov/SourceCoverageView.cpp (original)
+++ llvm/trunk/tools/llvm-cov/SourceCoverageView.cpp Wed Jun 29 11:22:12 2016
@@ -35,8 +35,9 @@ std::string CoveragePrinter::getOutputPa
if (!InToplevel)
sys::path::append(FullPath, getCoverageDir());
- auto PathBaseDir = sys::path::relative_path(sys::path::parent_path(Path));
- sys::path::append(FullPath, PathBaseDir);
+ SmallString<256> ParentPath = sys::path::parent_path(Path);
+ sys::path::remove_dots(ParentPath, /*remove_dot_dots=*/true);
+ sys::path::append(FullPath, sys::path::relative_path(ParentPath));
auto PathFilename = (sys::path::filename(Path) + "." + Extension).str();
sys::path::append(FullPath, PathFilename);
More information about the llvm-commits
mailing list