Commit 1fd95fc005

Andrew Kelley <andrew@ziglang.org>
2023-10-08 20:55:34
Package.Fetch: resolve instead of join relative paths
This prevents bogus "error: file exists in multiple modules" errors due to file paths looking like: ``` note: root of module foo/freetype/ note: root of module foo/fontconfig/../freetype/ ``` It also enables checking for dependency paths outside the root package.
master
1 parent 29156de
Changed files (2)
src
Package
Fetch.zig
Package.zig
src/Package/Fetch.zig
@@ -248,7 +248,13 @@ pub fn run(f: *Fetch) RunError!void {
                 f.hash_tok,
                 try eb.addString("path-based dependencies are not hashed"),
             );
-            f.package_root = try f.parent_package_root.join(arena, sub_path);
+            f.package_root = try f.parent_package_root.resolvePosix(arena, sub_path);
+            if (std.mem.startsWith(u8, f.package_root.sub_path, "../")) {
+                return f.fail(
+                    f.location_tok,
+                    try eb.addString("dependency path outside package"),
+                );
+            }
             try loadManifest(f, f.package_root);
             try checkBuildFileExistence(f);
             if (!f.job_queue.recursive) return;
src/Package.zig
@@ -30,6 +30,14 @@ pub const Path = struct {
         };
     }
 
+    pub fn resolvePosix(p: Path, arena: Allocator, sub_path: []const u8) Allocator.Error!Path {
+        if (sub_path.len == 0) return p;
+        return .{
+            .root_dir = p.root_dir,
+            .sub_path = try fs.path.resolvePosix(arena, &.{ p.sub_path, sub_path }),
+        };
+    }
+
     pub fn joinString(p: Path, allocator: Allocator, sub_path: []const u8) Allocator.Error![]u8 {
         const parts: []const []const u8 =
             if (p.sub_path.len == 0) &.{sub_path} else &.{ p.sub_path, sub_path };