[PATCH] D153587: [GlobPattern] Support brace expansions
Fangrui Song via Phabricator via llvm-commits
llvm-commits at lists.llvm.org
Tue Aug 8 17:07:21 PDT 2023
MaskRay added a comment.
In D153587#4571336 <https://reviews.llvm.org/D153587#4571336>, @ellis wrote:
> In D153587#4571266 <https://reviews.llvm.org/D153587#4571266>, @MaskRay wrote:
>
>> `{a,b}{a,b}{a,b}{a,b}...` expands to an exponential number of patterns. This can be a vulnerability. Many `glob(3)` implementations use a similar approach under an opt-in flag `GLOB_BRACE`. I think we need a similar feature flag and perhaps special case `SanitizerSpecialCaseList` (in a separate patch) to set the feature flag.
>
> Would it be reasonable to restrict the number of expanded patterns to say 2^10? This would allow for 10 braces with 2 terms each or 2 braces with 10 terms each, which should be plenty in practice.
I think existing GlobPattern users are pretty traditional and brace expansion might be a surprise for some.
Some features like `SanitizerSpecialCaseList` adopting brace expansion is totally fine. They will benefit from a limit (which many `glob(3)` implementations have as well).
10 seems reasonable. A lower number likely works, too.
Repository:
rG LLVM Github Monorepo
CHANGES SINCE LAST ACTION
https://reviews.llvm.org/D153587/new/
https://reviews.llvm.org/D153587
More information about the llvm-commits
mailing list