aboutsummaryrefslogtreecommitdiffhomepage
path: root/src/main/java/com/google/devtools
diff options
context:
space:
mode:
Diffstat (limited to 'src/main/java/com/google/devtools')
-rw-r--r--src/main/java/com/google/devtools/build/lib/actions/ArtifactFactory.java9
1 files changed, 9 insertions, 0 deletions
diff --git a/src/main/java/com/google/devtools/build/lib/actions/ArtifactFactory.java b/src/main/java/com/google/devtools/build/lib/actions/ArtifactFactory.java
index 72e29c9232..f9c0e75fe7 100644
--- a/src/main/java/com/google/devtools/build/lib/actions/ArtifactFactory.java
+++ b/src/main/java/com/google/devtools/build/lib/actions/ArtifactFactory.java
@@ -228,6 +228,10 @@ public class ArtifactFactory implements ArtifactResolver, ArtifactSerializer, Ar
@Override
public synchronized Artifact resolveSourceArtifact(PathFragment execPath) {
execPath = execPath.normalize();
+ if (execPath.containsUplevelReferences()) {
+ // Source exec paths cannot escape the source root.
+ return null;
+ }
// First try a quick map lookup to see if the artifact already exists.
Artifact a = pathToSourceArtifact.get(execPath);
if (a != null) {
@@ -257,6 +261,11 @@ public class ArtifactFactory implements ArtifactResolver, ArtifactSerializer, Ar
for (PathFragment execPath : execPaths) {
PathFragment execPathNormalized = execPath.normalize();
+ if (execPathNormalized.containsUplevelReferences()) {
+ // Source exec paths cannot escape the source root.
+ result.put(execPath, null);
+ continue;
+ }
// First try a quick map lookup to see if the artifact already exists.
Artifact a = pathToSourceArtifact.get(execPathNormalized);
if (a != null) {
generated by cgit v1.2.3 (git 2.39.1) at 2024-10-27 19:31:15 +0000