From 4a54abeacd48f5f098946bc402f45ca7120fe16d Mon Sep 17 00:00:00 2001
From: Vedant Kumar <vsk@apple.com>
Date: Wed, 29 Jun 2016 16:22:12 +0000
Subject: [PATCH] [llvm-cov] Do not allow ".." to escape the coverage
 sub-directory

In -output-dir mode, file reports are placed into a "coverage"
directory. If filenames in the coverage mapping contain "..", they might
escape out of this directory.

Fix the problem by removing ".." from source filenames (expand the path
component).

llvm-svn: 274135
---
 .../tools/llvm-cov/Inputs/double_dots.covmapping  | Bin 0 -> 116 bytes
 .../tools/llvm-cov/Inputs/double_dots.proftext    |   8 ++++++++
 llvm/test/tools/llvm-cov/double_dots.c            |  11 +++++++++++
 llvm/tools/llvm-cov/SourceCoverageView.cpp        |   5 +++--
 4 files changed, 22 insertions(+), 2 deletions(-)
 create mode 100644 llvm/test/tools/llvm-cov/Inputs/double_dots.covmapping
 create mode 100644 llvm/test/tools/llvm-cov/Inputs/double_dots.proftext
 create mode 100644 llvm/test/tools/llvm-cov/double_dots.c

diff --git a/llvm/test/tools/llvm-cov/Inputs/double_dots.covmapping b/llvm/test/tools/llvm-cov/Inputs/double_dots.covmapping
new file mode 100644
index 0000000000000000000000000000000000000000..b127ff63701c66906e99a5084bdd319e8ed2782b
GIT binary patch
literal 116
zcmd1FDa%dHFUu`SEiOq(EJ@@$vAD58fQ6^x)@k1}XP6mSq#2hn00AQqO93$-l>O^!
s?{l-1skb?Sd>CMq&@ag?&`-%PDc0B1gU}#z^^$?Q85tRQz`7Y20HJvtL;wH)

literal 0
HcmV?d00001

diff --git a/llvm/test/tools/llvm-cov/Inputs/double_dots.proftext b/llvm/test/tools/llvm-cov/Inputs/double_dots.proftext
new file mode 100644
index 000000000000..5419d233fc08
--- /dev/null
+++ b/llvm/test/tools/llvm-cov/Inputs/double_dots.proftext
@@ -0,0 +1,8 @@
+main
+# Func Hash:
+0
+# Num Counters:
+1
+# Counter Values:
+1
+
diff --git a/llvm/test/tools/llvm-cov/double_dots.c b/llvm/test/tools/llvm-cov/double_dots.c
new file mode 100644
index 000000000000..fe78d91e9dd3
--- /dev/null
+++ b/llvm/test/tools/llvm-cov/double_dots.c
@@ -0,0 +1,11 @@
+// To create the covmapping for this file, copy this file to /tmp/dots/test.c,
+// cd into /tmp/dots, and pass "../dots/double_dots.c" to the compiler. Use
+// llvm-cov convert-for-testing to extract the covmapping.
+
+// RUN: llvm-profdata merge %S/Inputs/double_dots.proftext -o %t.profdata
+// RUN: llvm-cov show %S/Inputs/double_dots.covmapping -instr-profile=%t.profdata -o %t.dir
+// RUN: FileCheck -input-file=%t.dir/index.txt %s
+
+// CHECK-NOT: coverage{{.*}}dots{{.*}}..{{.*}}dots
+
+int main() {}
diff --git a/llvm/tools/llvm-cov/SourceCoverageView.cpp b/llvm/tools/llvm-cov/SourceCoverageView.cpp
index b09d7de5016c..a4e9c43d0660 100644
--- a/llvm/tools/llvm-cov/SourceCoverageView.cpp
+++ b/llvm/tools/llvm-cov/SourceCoverageView.cpp
@@ -35,8 +35,9 @@ std::string CoveragePrinter::getOutputPath(StringRef Path, StringRef Extension,
   if (!InToplevel)
     sys::path::append(FullPath, getCoverageDir());
 
-  auto PathBaseDir = sys::path::relative_path(sys::path::parent_path(Path));
-  sys::path::append(FullPath, PathBaseDir);
+  SmallString<256> ParentPath = sys::path::parent_path(Path);
+  sys::path::remove_dots(ParentPath, /*remove_dot_dots=*/true);
+  sys::path::append(FullPath, sys::path::relative_path(ParentPath));
 
   auto PathFilename = (sys::path::filename(Path) + "." + Extension).str();
   sys::path::append(FullPath, PathFilename);