[clang] [llvm] [llvm][clang] Sandbox filesystem reads (PR #165350)
Ben Langmuir via llvm-commits
llvm-commits at lists.llvm.org
Thu Nov 6 15:10:01 PST 2025
================
@@ -347,12 +348,15 @@ llvm::Expected<FileEntryRef> FileManager::getSTDIN() {
if (STDIN)
return *STDIN;
- std::unique_ptr<llvm::MemoryBuffer> Content;
- if (auto ContentOrError = llvm::MemoryBuffer::getSTDIN())
- Content = std::move(*ContentOrError);
- else
+ auto ContentOrError = [] {
+ auto BypassSandbox = llvm::sys::sandbox::scopedDisable();
+ return llvm::MemoryBuffer::getSTDIN();
----------------
benlangmuir wrote:
What's the intent for stdin in general? From a VFS perspective there is no problem with opening stdin, because it's not affected by the VFS anyway. From a caching/cas perspective you need to prevent or capture it somehow, but the VFS won't help you do so.
https://github.com/llvm/llvm-project/pull/165350
More information about the llvm-commits
mailing list