From 4a54abeacd48f5f098946bc402f45ca7120fe16d Mon Sep 17 00:00:00 2001
From: Vedant Kumar <vsk@apple.com>
Date: Wed, 29 Jun 2016 16:22:12 +0000
Subject: [llvm-cov] Do not allow ".." to escape the coverage sub-directory

In -output-dir mode, file reports are placed into a "coverage"
directory. If filenames in the coverage mapping contain "..", they might
escape out of this directory.

Fix the problem by removing ".." from source filenames (expand the path
component).

llvm-svn: 274135
---
 llvm/tools/llvm-cov/SourceCoverageView.cpp | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

(limited to 'llvm/tools/llvm-cov/SourceCoverageView.cpp')

diff --git a/llvm/tools/llvm-cov/SourceCoverageView.cpp b/llvm/tools/llvm-cov/SourceCoverageView.cpp
index b09d7de5016..a4e9c43d066 100644
--- a/llvm/tools/llvm-cov/SourceCoverageView.cpp
+++ b/llvm/tools/llvm-cov/SourceCoverageView.cpp
@@ -35,8 +35,9 @@ std::string CoveragePrinter::getOutputPath(StringRef Path, StringRef Extension,
   if (!InToplevel)
     sys::path::append(FullPath, getCoverageDir());
 
-  auto PathBaseDir = sys::path::relative_path(sys::path::parent_path(Path));
-  sys::path::append(FullPath, PathBaseDir);
+  SmallString<256> ParentPath = sys::path::parent_path(Path);
+  sys::path::remove_dots(ParentPath, /*remove_dot_dots=*/true);
+  sys::path::append(FullPath, sys::path::relative_path(ParentPath));
 
   auto PathFilename = (sys::path::filename(Path) + "." + Extension).str();
   sys::path::append(FullPath, PathFilename);
-- 
cgit v1.2.3