[llvm-cov] Do not allow ".." to escape the coverage sub-directory

In -output-dir mode, file reports are placed into a "coverage"
directory. If filenames in the coverage mapping contain "..", they might
escape out of this directory.

Fix the problem by removing ".." from source filenames (expand the path
component).

llvm-svn: 274135

1 files changed, 3 insertions, 2 deletions

diff --git a/llvm/tools/llvm-cov/SourceCoverageView.cpp b/llvm/tools/llvm-cov/SourceCoverageView.cpp
index b09d7de5016..a4e9c43d066 100644
--- a/llvm/tools/llvm-cov/SourceCoverageView.cpp
+++ b/llvm/tools/llvm-cov/SourceCoverageView.cpp
@@ -35,8 +35,9 @@ std::string CoveragePrinter::getOutputPath(StringRef Path, StringRef Extension,
   if (!InToplevel)
     sys::path::append(FullPath, getCoverageDir());
 
-  auto PathBaseDir = sys::path::relative_path(sys::path::parent_path(Path));
-  sys::path::append(FullPath, PathBaseDir);
+  SmallString<256> ParentPath = sys::path::parent_path(Path);
+  sys::path::remove_dots(ParentPath, /*remove_dot_dots=*/true);
+  sys::path::append(FullPath, sys::path::relative_path(ParentPath));
 
   auto PathFilename = (sys::path::filename(Path) + "." + Extension).str();
   sys::path::append(FullPath, PathFilename);