[PATCH] D76863: Fix SelectionDAG Graph Printing on Windows
Reid Kleckner via Phabricator via llvm-commits
llvm-commits at lists.llvm.org
Wed Apr 15 16:34:12 PDT 2020
rnk added a comment.
In D76863#1985144 <https://reviews.llvm.org/D76863#1985144>, @justice_adams wrote:
> @rnk
>
> > So, if I want clang to overwrite some file, all I have to do is pass clang -mllvm -view-dag-combine1-dags and I can create a file with a name from the input source? That seems dangerous.
>
> Currently, the dag printer will create a file with a name corresponding to the machine-function from the IR that it's representing with the graph, not the source file name. Forgive me if I misinterpreted this comment.
Yes, that was my interpretation. Functions can be named all kinds of evil things. It's pretty common for compiler developers to feed test cases from bug reports to the compiler, and this seems like an easy way for an attacker to write a temp file with a name of their choice. But, that is the existing functionality. I see that path separators are banned, so it's not an arbitrary file, it's a particular file in some temp directory.
>> Can you please move this code from the GraphWriter.h header to here?
>
> Yes that seems to make sense. Does it make sense to move that into a separate patch?
I feel like it should be part of this patch.
Repository:
rG LLVM Github Monorepo
CHANGES SINCE LAST ACTION
https://reviews.llvm.org/D76863/new/
https://reviews.llvm.org/D76863
More information about the llvm-commits
mailing list