From 1fd95fc00519ee44de94fa5b73ca7a3285b92149 Mon Sep 17 00:00:00 2001 From: Andrew Kelley Date: Sun, 8 Oct 2023 11:55:34 -0700 Subject: [PATCH] Package.Fetch: resolve instead of join relative paths This prevents bogus "error: file exists in multiple modules" errors due to file paths looking like: ``` note: root of module foo/freetype/ note: root of module foo/fontconfig/../freetype/ ``` It also enables checking for dependency paths outside the root package. --- src/Package.zig | 8 ++++++++ src/Package/Fetch.zig | 8 +++++++- 2 files changed, 15 insertions(+), 1 deletion(-) diff --git a/src/Package.zig b/src/Package.zig index 84ba10bfa5..32533b2d04 100644 --- a/src/Package.zig +++ b/src/Package.zig @@ -30,6 +30,14 @@ pub const Path = struct { }; } + pub fn resolvePosix(p: Path, arena: Allocator, sub_path: []const u8) Allocator.Error!Path { + if (sub_path.len == 0) return p; + return .{ + .root_dir = p.root_dir, + .sub_path = try fs.path.resolvePosix(arena, &.{ p.sub_path, sub_path }), + }; + } + pub fn joinString(p: Path, allocator: Allocator, sub_path: []const u8) Allocator.Error![]u8 { const parts: []const []const u8 = if (p.sub_path.len == 0) &.{sub_path} else &.{ p.sub_path, sub_path }; diff --git a/src/Package/Fetch.zig b/src/Package/Fetch.zig index aa4601cb25..3d4b58324c 100644 --- a/src/Package/Fetch.zig +++ b/src/Package/Fetch.zig @@ -248,7 +248,13 @@ pub fn run(f: *Fetch) RunError!void { f.hash_tok, try eb.addString("path-based dependencies are not hashed"), ); - f.package_root = try f.parent_package_root.join(arena, sub_path); + f.package_root = try f.parent_package_root.resolvePosix(arena, sub_path); + if (std.mem.startsWith(u8, f.package_root.sub_path, "../")) { + return f.fail( + f.location_tok, + try eb.addString("dependency path outside package"), + ); + } try loadManifest(f, f.package_root); try checkBuildFileExistence(f); if (!f.job_queue.recursive) return;