[PATCH] D153587: [GlobPattern] Support brace expansions
Ellis Hoag via Phabricator via llvm-commits
llvm-commits at lists.llvm.org
Tue Aug 8 17:03:19 PDT 2023
ellis added a comment.
In D153587#4571266 <https://reviews.llvm.org/D153587#4571266>, @MaskRay wrote:
> `{a,b}{a,b}{a,b}{a,b}...` expands to an exponential number of patterns. This can be a vulnerability. Many `glob(3)` implementations use a similar approach under an opt-in flag `GLOB_BRACE`. I think we need a similar feature flag and perhaps special case `SanitizerSpecialCaseList` (in a separate patch) to set the feature flag.
Would it be reasonable to restrict the number of expanded patterns to say 2^10? This would allow for 10 braces with 2 terms each or 2 braces with 10 terms each, which should be plenty in practice.
Repository:
rG LLVM Github Monorepo
CHANGES SINCE LAST ACTION
https://reviews.llvm.org/D153587/new/
https://reviews.llvm.org/D153587
More information about the llvm-commits
mailing list