eliott/ghidra
1
0
Fork 0
mirror of https://github.com/NationalSecurityAgency/ghidra.git synced 2026-04-25 17:25:17 +02:00
Code Issues Packages Projects Releases Wiki Activity

GP-6714 fix path creation in SameDirDebugInfoProvider

Browse Source
This commit is contained in:
dev747368
2026-04-17 16:05:50 +00:00
committed by Ryan Kurtz
parent 7fa4fbfe27
commit bcea8f547f
1 changed files with 10 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
Ghidra/Features/Base/src/main/java/ghidra/app/util/bin/format/dwarf/external/SameDirDebugInfoProvider.java vendored
View File

@@ -94,7 +94,7 @@ public class SameDirDebugInfoProvider implements DebugFileProvider {
if (debugInfo.hasDebugLink()) {
// This differs from the LocalDirDebugLinkProvider in that it does NOT recursively search
// for the file
File debugFile = new File(progDir, debugInfo.getFilename());
File debugFile = ensureSafeFilename(debugInfo.getFilename());
if (debugFile.isFile()) {
int fileCRC = LocalDirDebugLinkProvider.calcCRC(debugFile);
if (fileCRC == debugInfo.getCrc()) {
@@ -109,7 +109,7 @@ public class SameDirDebugInfoProvider implements DebugFileProvider {
if (debugInfo.hasBuildId()) {
// this probe is a w.a.g for what people might do when co-locating a build-id debug
// file with the original binary
File debugFile = new File(progDir, debugInfo.getBuildId() + ".debug");
File debugFile = ensureSafeFilename(debugInfo.getBuildId() + ".debug");
if (debugFile.isFile()) {
return debugFile;
}
@@ -118,4 +118,12 @@ public class SameDirDebugInfoProvider implements DebugFileProvider {
return null;
}
private File ensureSafeFilename(String filename) throws IOException {
File testFile = new File(progDir, filename);
if (!progDir.equals(testFile.getParentFile())) {
throw new IOException("Unsupported path specified in debug file: " + filename);
}
return testFile;
}
}