From eca163cca0721801b8c8de32e2499a6be2d8e38f Mon Sep 17 00:00:00 2001 From: dev747368 <48332326+dev747368@users.noreply.github.com> Date: Fri, 17 Apr 2026 16:05:50 +0000 Subject: [PATCH] GP-6714 fix path creation in SameDirDebugInfoProvider --- .../dwarf/external/SameDirDebugInfoProvider.java | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/Ghidra/Features/Base/src/main/java/ghidra/app/util/bin/format/dwarf/external/SameDirDebugInfoProvider.java b/Ghidra/Features/Base/src/main/java/ghidra/app/util/bin/format/dwarf/external/SameDirDebugInfoProvider.java index d596487ab8..d7eddb8141 100644 --- a/Ghidra/Features/Base/src/main/java/ghidra/app/util/bin/format/dwarf/external/SameDirDebugInfoProvider.java +++ b/Ghidra/Features/Base/src/main/java/ghidra/app/util/bin/format/dwarf/external/SameDirDebugInfoProvider.java @@ -94,7 +94,7 @@ public class SameDirDebugInfoProvider implements DebugFileProvider { if (debugInfo.hasDebugLink()) { // This differs from the LocalDirDebugLinkProvider in that it does NOT recursively search // for the file - File debugFile = new File(progDir, debugInfo.getFilename()); + File debugFile = ensureSafeFilename(debugInfo.getFilename()); if (debugFile.isFile()) { int fileCRC = LocalDirDebugLinkProvider.calcCRC(debugFile); if (fileCRC == debugInfo.getCrc()) { @@ -109,7 +109,7 @@ public class SameDirDebugInfoProvider implements DebugFileProvider { if (debugInfo.hasBuildId()) { // this probe is a w.a.g for what people might do when co-locating a build-id debug // file with the original binary - File debugFile = new File(progDir, debugInfo.getBuildId() + ".debug"); + File debugFile = ensureSafeFilename(debugInfo.getBuildId() + ".debug"); if (debugFile.isFile()) { return debugFile; } @@ -118,4 +118,12 @@ public class SameDirDebugInfoProvider implements DebugFileProvider { return null; } + private File ensureSafeFilename(String filename) throws IOException { + File testFile = new File(progDir, filename); + if (!progDir.equals(testFile.getParentFile())) { + throw new IOException("Unsupported path specified in debug file: " + filename); + } + return testFile; + } + }